From c5f99dc22253e5bd1adbfbfa7c3fd842554b9016 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Tue, 19 Feb 2008 11:20:18 +0000 Subject: - moved config file code to its own file - finally made CONT_LINES in config the only standard support (the code contained code for other case, which were never executed by the preprocessor) --- syslogd.h | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) (limited to 'syslogd.h') diff --git a/syslogd.h b/syslogd.h index 74ed6630..7887dc2c 100644 --- a/syslogd.h +++ b/syslogd.h @@ -23,7 +23,10 @@ #include "syslogd-types.h" #include "objomsr.h" +#include "modules.h" #include "template.h" +#include "action.h" +#include "linkedlist.h" #ifdef USE_NETZIP /* config param: minimum message size to try compression. The smaller @@ -49,6 +52,51 @@ #define ADDDATE 0x004 /* add a date to the message */ #define MARK 0x008 /* this message is a mark */ +/* This structure represents the files that will have log + * copies printed. + * RGerhards 2004-11-08: Each instance of the filed structure + * describes what I call an "output channel". This is important + * to mention as we now allow database connections to be + * present in the filed structure. If helps immensely, if we + * think of it as the abstraction of an output channel. + * rgerhards, 2005-10-26: The structure below provides ample + * opportunity for non-thread-safety. Each of the variable + * accesses must be carefully evaluated, many of them probably + * be guarded by mutexes. But beware of deadlocks... + * rgerhards, 2007-08-01: as you can see, the structure has shrunk pretty much. I will + * remove some of the comments some time. It's still the structure that controls much + * of the processing that goes on in syslogd, but it now has lots of helpers. + */ +struct filed { + struct filed *f_next; /* next in linked list */ + /* filter properties */ + enum { + FILTER_PRI = 0, /* traditional PRI based filer */ + FILTER_PROP = 1 /* extended filter, property based */ + } f_filter_type; + EHostnameCmpMode eHostnameCmpMode; + rsCStrObj *pCSHostnameComp; /* hostname to check */ + rsCStrObj *pCSProgNameComp; /* tag to check or NULL, if not to be checked */ + union { + u_char f_pmask[LOG_NFACILITIES+1]; /* priority mask */ + struct { + rsCStrObj *pCSPropName; + enum { + FIOP_NOP = 0, /* do not use - No Operation */ + FIOP_CONTAINS = 1, /* contains string? */ + FIOP_ISEQUAL = 2, /* is (exactly) equal? */ + FIOP_STARTSWITH = 3, /* starts with a string? */ + FIOP_REGEX = 4 /* matches a regular expression? */ + } operation; + rsCStrObj *pCSCompValue; /* value to "compare" against */ + char isNegated; /* actually a boolean ;) */ + } prop; + } f_filterData; + + linkedList_t llActList; /* list of configured actions */ +}; +typedef struct filed selector_t; /* new type name */ + void logerror(char *type); void logerrorVar(char *fmt, ...) __attribute__((format(printf, 1, 2))); /* the following two are legacy and should be replaced over time */ @@ -65,9 +113,13 @@ int formatTimestampToPgSQL(struct syslogTime *ts, char* pDst, size_t iLenDst); int formatTimestamp3339(struct syslogTime *ts, char* pBuf, size_t iLenBuf); int formatTimestamp3164(struct syslogTime *ts, char* pBuf, size_t iLenBuf); void untty(void); +rsRetVal selectorConstruct(selector_t **ppThis); rsRetVal cflineParseTemplateName(uchar** pp, omodStringRequest_t *pOMSR, int iEntry, int iTplOpts, uchar *dfltTplName); rsRetVal cflineParseFileName(uchar* p, uchar *pFileName, omodStringRequest_t *pOMSR, int iEntry, int iTplOpts); int getSubString(uchar **ppSrc, char *pDst, size_t DstSize, char cSep); +rsRetVal addAction(action_t **ppAction, modInfo_t *pMod, void *pModData, omodStringRequest_t *pOMSR, int bSuspended); +rsRetVal selectorDestruct(void *pVal); +rsRetVal selectorAddList(selector_t *f); /* the following prototypes should go away once we have an input * module interface -- rgerhards, 2007-12-12 */ @@ -88,6 +140,7 @@ extern char *LocalDomain; extern int bDropMalPTRMsgs; extern char ctty[]; extern int MarkInterval; +extern int bReduceRepeatMsgs; /* Intervals at which we flush out "message repeated" messages, * in seconds after previous message is logged. After each flush, -- cgit