1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
|
---------------------------------------------------------------------------
Version 0.9.0 (RGer)
- changed the filed structure to be a linked list. Previously, it
was a table - well, for non-SYSV it was defined as linked list,
but from what I see that code did no longer work after my
modifications. I am now using a linked list in general because
that is needed for other upcoming modifications.
- fixed a bug that caused rsyslogd not to listen to anything if
the configuration file could not be read
- pervious versions disabled network logging (send/receive) if
syslog/udp port was not in /etc/services. Now defaulting to
port 514 in this case.
- internal error messages are now supported up to 256 bytes
- error message seen during config file read are now also displayed
to the attached tty and not only the console
- changed some error messages during init to be sent to the console
and/or emergency log. Previously, they were only seen if the
-d (debug) option was present on the command line.
---------------------------------------------------------------------------
Version 0.8.4
- improved -d debug output (removed developer-only content)
- now compiles under FreeBSD and NetBSD (only quick testing done on NetBSD)
---------------------------------------------------------------------------
Version 0.8.3
- security model in "make install" changed
- minor doc updates
---------------------------------------------------------------------------
Version 0.8.2
- added man page for rsyslog.conf and rsyslogd
- gave up on the concept of rsyslog being a "drop in" replacement
for syslogd. Now, the user installs rsyslogd and also needs to
adjust his system settings to this specifically. This also lead
to these changes:
* changed Makefile so that install now installs rsyslogd instead
of dealing with syslogd
* changed the default config file name to rsyslog.conf
---------------------------------------------------------------------------
Version 0.8.1
- fixed a nasty memory leak (probably not the last one with this release)
- some enhancements to Makefile as suggested by Bennett Todd
- syslogd-internal messages (like restart) were missing the hostname
this has been corrected
---------------------------------------------------------------------------
Version 0.8.0
Initial testing release. Based on the sysklogd package. Thanks to the
sysklogd maintainers for all their good work!
---------------------------------------------------------------------------
----------------------------------------------------------------------
The following comments are from the stock syslogd.c source. They provide
some insight into what happened to the source before we forked
rsyslogd. However, much of the code already has been replaced and more
is to be replaced. So over time, these comments become less valuable.
I have moved them out of the syslogd.c file to shrink it, especially
as a lot of them do no longer apply. For historical reasons and
understanding of how the daemon evolved, they are probably still
helpful.
----------------------------------------------------------------------
/*
* syslogd -- log system messages
*
* This program implements a system log. It takes a series of lines.
* Each line may have a priority, signified as "<n>" as
* the first characters of the line. If this is
* not present, a default priority is used.
*
* To kill syslogd, send a signal 15 (terminate). A signal 1 (hup) will
* cause it to reread its configuration file.
*
* Defined Constants:
*
* MAXLINE -- the maximum line length that can be handled.
* DEFUPRI -- the default priority for user messages
* DEFSPRI -- the default priority for kernel messages
*
* Author: Eric Allman
* extensive changes by Ralph Campbell
* more extensive changes by Eric Allman (again)
*
* Steve Lord: Fix UNIX domain socket code, added linux kernel logging
* change defines to
* SYSLOG_INET - listen on a UDP socket
* SYSLOG_UNIXAF - listen on unix domain socket
* SYSLOG_KERNEL - listen to linux kernel
*
* Mon Feb 22 09:55:42 CST 1993: Dr. Wettstein
* Additional modifications to the source. Changed priority scheme
* to increase the level of configurability. In its stock configuration
* syslogd no longer logs all messages of a certain priority and above
* to a log file. The * wildcard is supported to specify all priorities.
* Note that this is a departure from the BSD standard.
*
* Syslogd will now listen to both the inetd and the unixd socket. The
* strategy is to allow all local programs to direct their output to
* syslogd through the unixd socket while the program listens to the
* inetd socket to get messages forwarded from other hosts.
*
* Fri Mar 12 16:55:33 CST 1993: Dr. Wettstein
* Thanks to Stephen Tweedie (dcs.ed.ac.uk!sct) for helpful bug-fixes
* and an enlightened commentary on the prioritization problem.
*
* Changed the priority scheme so that the default behavior mimics the
* standard BSD. In this scenario all messages of a specified priority
* and above are logged.
*
* Add the ability to specify a wildcard (=) as the first character
* of the priority name. Doing this specifies that ONLY messages with
* this level of priority are to be logged. For example:
*
* *.=debug /usr/adm/debug
*
* Would log only messages with a priority of debug to the /usr/adm/debug
* file.
*
* Providing an * as the priority specifies that all messages are to be
* logged. Note that this case is degenerate with specifying a priority
* level of debug. The wildcard * was retained because I believe that
* this is more intuitive.
*
* Thu Jun 24 11:34:13 CDT 1993: Dr. Wettstein
* Modified sources to incorporate changes in libc4.4. Messages from
* syslog are now null-terminated, syslogd code now parses messages
* based on this termination scheme. Linux as of libc4.4 supports the
* fsync system call. Modified code to fsync after all writes to
* log files.
*
* Sat Dec 11 11:59:43 CST 1993: Dr. Wettstein
* Extensive changes to the source code to allow compilation with no
* complaints with -Wall.
*
* Reorganized the facility and priority name arrays so that they
* compatible with the syslog.h source found in /usr/include/syslog.h.
* NOTE that this should really be changed. The reason I do not
* allow the use of the values defined in syslog.h is on account of
* the extensions made to allow the wildcard character in the
* priority field. To fix this properly one should malloc an array,
* copy the contents of the array defined by syslog.h and then
* make whatever modifications that are desired. Next round.
*
* Thu Jan 6 12:07:36 CST 1994: Dr. Wettstein
* Added support for proper decomposition and re-assembly of
* fragment messages on UNIX domain sockets. Lack of this capability
* was causing 'partial' messages to be output. Since facility and
* priority information is encoded as a leader on the messages this
* was causing lines to be placed in erroneous files.
*
* Also added a patch from Shane Alderton (shane@ion.apana.org.au) to
* correct a problem with syslogd dumping core when an attempt was made
* to write log messages to a logged-on user. Thank you.
*
* Many thanks to Juha Virtanen (jiivee@hut.fi) for a series of
* interchanges which lead to the fixing of problems with messages set
* to priorities of none and emerg. Also thanks to Juha for a patch
* to exclude users with a class of LOGIN from receiving messages.
*
* Shane Alderton provided an additional patch to fix zombies which
* were conceived when messages were written to multiple users.
*
* Mon Feb 6 09:57:10 CST 1995: Dr. Wettstein
* Patch to properly reset the single priority message flag. Thanks
* to Christopher Gori for spotting this bug and forwarding a patch.
*
* Wed Feb 22 15:38:31 CST 1995: Dr. Wettstein
* Added version information to startup messages.
*
* Added defines so that paths to important files are taken from
* the definitions in paths.h. Hopefully this will insure that
* everything follows the FSSTND standards. Thanks to Chris Metcalf
* for a set of patches to provide this functionality. Also thanks
* Elias Levy for prompting me to get these into the sources.
*
* Wed Jul 26 18:57:23 MET DST 1995: Martin Schulze
* Linux' gethostname only returns the hostname and not the fqdn as
* expected in the code. But if you call hostname with an fqdn then
* gethostname will return an fqdn, so we have to mention that. This
* has been changed.
*
* The 'LocalDomain' and the hostname of a remote machine is
* converted to lower case, because the original caused some
* inconsistency, because the (at least my) nameserver did respond an
* fqdn containing of upper- _and_ lowercase letters while
* 'LocalDomain' consisted only of lowercase letters and that didn't
* match.
*
* Sat Aug 5 18:59:15 MET DST 1995: Martin Schulze
* Now no messages that were received from any remote host are sent
* out to another. At my domain this missing feature caused ugly
* syslog-loops, sometimes.
*
* Remember that no message is sent out. I can't figure out any
* scenario where it might be useful to change this behavior and to
* send out messages to other hosts than the one from which we
* received the message, but I might be shortsighted. :-/
*
* Thu Aug 10 19:01:08 MET DST 1995: Martin Schulze
* Added my pidfile.[ch] to it to perform a better handling with
* pidfiles. Now both, syslogd and klogd, can only be started
* once. They check the pidfile.
*
* Sun Aug 13 19:01:41 MET DST 1995: Martin Schulze
* Add an addition to syslog.conf's interpretation. If a priority
* begins with an exclamation mark ('!') the normal interpretation
* of the priority is inverted: ".!*" is the same as ".none", ".!=info"
* don't logs the info priority, ".!crit" won't log any message with
* the priority crit or higher. For example:
*
* mail.*;mail.!=info /usr/adm/mail
*
* Would log all messages of the facility mail except those with
* the priority info to /usr/adm/mail. This makes the syslogd
* much more flexible.
*
* Defined TABLE_ALLPRI=255 and changed some occurrences.
*
* Sat Aug 19 21:40:13 MET DST 1995: Martin Schulze
* Making the table of facilities and priorities while in debug
* mode more readable.
*
* If debugging is turned on, printing the whole table of
* facilities and priorities every hexadecimal or 'X' entry is
* now 2 characters wide.
*
* The number of the entry is prepended to each line of
* facilities and priorities, and F_UNUSED lines are not shown
* anymore.
*
* Corrected some #ifdef SYSV's.
*
* Mon Aug 21 22:10:35 MET DST 1995: Martin Schulze
* Corrected a strange behavior during parsing of configuration
* file. The original BSD syslogd doesn't understand spaces as
* separators between specifier and action. This syslogd now
* understands them. The old behavior caused some confusion over
* the Linux community.
*
* Thu Oct 19 00:02:07 MET 1995: Martin Schulze
* The default behavior has changed for security reasons. The
* syslogd will not receive any remote message unless you turn
* reception on with the "-r" option.
*
* Not defining SYSLOG_INET will result in not doing any network
* activity, i.e. not sending or receiving messages. I changed
* this because the old idea is implemented with the "-r" option
* and the old thing didn't work anyway.
*
* Thu Oct 26 13:14:06 MET 1995: Martin Schulze
* Added another logfile type F_FORW_UNKN. The problem I ran into
* was a name server that runs on my machine and a forwarder of
* kern.crit to another host. The hosts address can only be
* fetched using the nameserver. But named is started after
* syslogd, so syslogd complained.
*
* This logfile type will retry to get the address of the
* hostname ten times and then complain. This should be enough to
* get the named up and running during boot sequence.
*
* Fri Oct 27 14:08:15 1995: Dr. Wettstein
* Changed static array of logfiles to a dynamic array. This
* can grow during process.
*
* Fri Nov 10 23:08:18 1995: Martin Schulze
* Inserted a new tabular sys_h_errlist that contains plain text
* for error codes that are returned from the net subsystem and
* stored in h_errno. I have also changed some wrong lookups to
* sys_errlist.
*
* Wed Nov 22 22:32:55 1995: Martin Schulze
* Added the fabulous strip-domain feature that allows us to
* strip off (several) domain names from the fqdn and only log
* the simple hostname. This is useful if you're in a LAN that
* has a central log server and also different domains.
*
* I have also also added the -l switch do define hosts as
* local. These will get logged with their simple hostname, too.
*
* Thu Nov 23 19:02:56 MET DST 1995: Martin Schulze
* Added the possibility to omit fsyncing of logfiles after every
* write. This will give some performance back if you have
* programs that log in a very verbose manner (like innd or
* smartlist). Thanks to Stephen R. van den Berg <srb@cuci.nl>
* for the idea.
*
* Thu Jan 18 11:14:36 CST 1996: Dr. Wettstein
* Added patche from beta-testers to stop compile error. Also
* added removal of pid file as part of termination cleanup.
*
* Wed Feb 14 12:42:09 CST 1996: Dr. Wettstein
* Allowed forwarding of messages received from remote hosts to
* be controlled by a command-line switch. Specifying -h allows
* forwarding. The default behavior is to disable forwarding of
* messages which were received from a remote host.
*
* Parent process of syslogd does not exit until child process has
* finished initialization process. This allows rc.* startup to
* pause until syslogd facility is up and operating.
*
* Re-arranged the select code to move UNIX domain socket accepts
* to be processed later. This was a contributed change which
* has been proposed to correct the delays sometimes encountered
* when syslogd starts up.
*
* Minor code cleanups.
*
* Thu May 2 15:15:33 CDT 1996: Dr. Wettstein
* Fixed bug in init function which resulted in file descripters
* being orphaned when syslogd process was re-initialized with SIGHUP
* signal. Thanks to Edvard Tuinder
* (Edvard.Tuinder@praseodymium.cistron.nl) for putting me on the
* trail of this bug. I am amazed that we didn't catch this one
* before now.
*
* Tue May 14 00:03:35 MET DST 1996: Martin Schulze
* Corrected a mistake that causes the syslogd to stop logging at
* some virtual consoles under Linux. This was caused by checking
* the wrong error code. Thanks to Michael Nonweiler
* <mrn20@hermes.cam.ac.uk> for sending me a patch.
*
* Mon May 20 13:29:32 MET DST 1996: Miquel van Smoorenburg <miquels@cistron.nl>
* Added continuation line supported and fixed a bug in
* the init() code.
*
* Tue May 28 00:58:45 MET DST 1996: Martin Schulze
* Corrected behaviour of blocking pipes - i.e. the whole system
* hung. Michael Nonweiler <mrn20@hermes.cam.ac.uk> has sent us
* a patch to correct this. A new logfile type F_PIPE has been
* introduced.
*
* Mon Feb 3 10:12:15 MET DST 1997: Martin Schulze
* Corrected behaviour of logfiles if the file can't be opened.
* There was a bug that causes syslogd to try to log into non
* existing files which ate cpu power.
*
* Sun Feb 9 03:22:12 MET DST 1997: Martin Schulze
* Modified syslogd.c to not kill itself which confuses bash 2.0.
*
* Mon Feb 10 00:09:11 MET DST 1997: Martin Schulze
* Improved debug code to decode the numeric facility/priority
* pair into textual information.
*
* Tue Jun 10 12:35:10 MET DST 1997: Martin Schulze
* Corrected freeing of logfiles. Thanks to Jos Vos <jos@xos.nl>
* for reporting the bug and sending an idea to fix the problem.
*
* Tue Jun 10 12:51:41 MET DST 1997: Martin Schulze
* Removed sleep(10) from parent process. This has caused a slow
* startup in former times - and I don't see any reason for this.
*
* Sun Jun 15 16:23:29 MET DST 1997: Michael Alan Dorman
* Some more glibc patches made by <mdorman@debian.org>.
*
* Thu Jan 1 16:04:52 CET 1998: Martin Schulze <joey@infodrom.north.de
* Applied patch from Herbert Thielen <Herbert.Thielen@lpr.e-technik.tu-muenchen.de>.
* This included some balance parentheses for emacs and a bug in
* the exclamation mark handling.
*
* Fixed small bug which caused syslogd to write messages to the
* wrong logfile under some very rare conditions. Thanks to
* Herbert Xu <herbert@gondor.apana.org.au> for fiddling this out.
*
* Thu Jan 8 22:46:35 CET 1998: Martin Schulze <joey@infodrom.north.de>
* Reworked one line of the above patch as it prevented syslogd
* from binding the socket with the result that no messages were
* forwarded to other hosts.
*
* Sat Jan 10 01:33:06 CET 1998: Martin Schulze <joey@infodrom.north.de>
* Fixed small bugs in F_FORW_UNKN meachanism. Thanks to Torsten
* Neumann <torsten@londo.rhein-main.de> for pointing me to it.
*
* Mon Jan 12 19:50:58 CET 1998: Martin Schulze <joey@infodrom.north.de>
* Modified debug output concerning remote receiption.
*
* Mon Feb 23 23:32:35 CET 1998: Topi Miettinen <Topi.Miettinen@ml.tele.fi>
* Re-worked handling of Unix and UDP sockets to support closing /
* opening of them in order to have it open only if it is needed
* either for forwarding to a remote host or by receiption from
* the network.
*
* Wed Feb 25 10:54:09 CET 1998: Martin Schulze <joey@infodrom.north.de>
* Fixed little comparison mistake that prevented the MARK
* feature to work properly.
*
* Wed Feb 25 13:21:44 CET 1998: Martin Schulze <joey@infodrom.north.de>
* Corrected Topi's patch as it prevented forwarding during
* startup due to an unknown LogPort.
*
* Sat Oct 10 20:01:48 CEST 1998: Martin Schulze <joey@infodrom.north.de>
* Added support for TESTING define which will turn syslogd into
* stdio-mode used for debugging.
*
* Sun Oct 11 20:16:59 CEST 1998: Martin Schulze <joey@infodrom.north.de>
* Reworked the initialization/fork code. Now the parent
* process activates a signal handler which the daughter process
* will raise if it is initialized. Only after that one the
* parent process may exit. Otherwise klogd might try to flush
* its log cache while syslogd can't receive the messages yet.
*
* Mon Oct 12 13:30:35 CEST 1998: Martin Schulze <joey@infodrom.north.de>
* Redirected some error output with regard to argument parsing to
* stderr.
*
* Mon Oct 12 14:02:51 CEST 1998: Martin Schulze <joey@infodrom.north.de>
* Applied patch provided vom Topi Miettinen with regard to the
* people from OpenBSD. This provides the additional '-a'
* argument used for specifying additional UNIX domain sockets to
* listen to. This is been used with chroot()'ed named's for
* example. See for http://www.psionic.com/papers/dns.html
*
* Mon Oct 12 18:29:44 CEST 1998: Martin Schulze <joey@infodrom.north.de>
* Added `ftp' facility which was introduced in glibc version 2.
* It's #ifdef'ed so won't harm with older libraries.
*
* Mon Oct 12 19:59:21 MET DST 1998: Martin Schulze <joey@infodrom.north.de>
* Code cleanups with regard to bsd -> posix transition and
* stronger security (buffer length checking). Thanks to Topi
* Miettinen <tom@medialab.sonera.net>
* . index() --> strchr()
* . sprintf() --> snprintf()
* . bcopy() --> memcpy()
* . bzero() --> memset()
* . UNAMESZ --> UT_NAMESIZE
* . sys_errlist --> strerror()
*
* Mon Oct 12 20:22:59 CEST 1998: Martin Schulze <joey@infodrom.north.de>
* Added support for setutent()/getutent()/endutend() instead of
* binary reading the UTMP file. This is the the most portable
* way. This allows /var/run/utmp format to change, even to a
* real database or utmp daemon. Also if utmp file locking is
* implemented in libc, syslog will use it immediately. Thanks
* to Topi Miettinen <tom@medialab.sonera.net>.
*
* Mon Oct 12 20:49:18 MET DST 1998: Martin Schulze <joey@infodrom.north.de>
* Avoid logging of SIGCHLD when syslogd is in the process of
* exiting and closing its files. Again thanks to Topi.
*
* Mon Oct 12 22:18:34 CEST 1998: Martin Schulze <joey@infodrom.north.de>
* Modified printline() to support 8bit characters - such as
* russion letters. Thanks to Vladas Lapinskas <lapinskas@mail.iae.lt>.
*
* Sat Nov 14 02:29:37 CET 1998: Martin Schulze <joey@infodrom.north.de>
* ``-m 0'' now turns of MARK logging entirely.
*
* Tue Jan 19 01:04:18 MET 1999: Martin Schulze <joey@infodrom.north.de>
* Finally fixed an error with `-a' processing, thanks to Topi
* Miettinen <tom@medialab.sonera.net>.
*
* Sun May 23 10:08:53 CEST 1999: Martin Schulze <joey@infodrom.north.de>
* Removed superflous call to utmpname(). The path to the utmp
* file is defined in the used libc and should not be hardcoded
* into the syslogd binary referring the system it was compiled on.
*
* Sun Sep 17 20:45:33 CEST 2000: Martin Schulze <joey@infodrom.ffis.de>
* Fixed some bugs in printline() code that did not escape
* control characters '\177' through '\237' and contained a
* single-byte buffer overflow. Thanks to Solar Designer
* <solar@false.com>.
*
* Sun Sep 17 21:26:16 CEST 2000: Martin Schulze <joey@infodrom.ffis.de>
* Don't close open sockets upon reload. Thanks to Bill
* Nottingham.
*
* Mon Sep 18 09:10:47 CEST 2000: Martin Schulze <joey@infodrom.ffis.de>
* Fixed bug in printchopped() that caused syslogd to emit
* kern.emerg messages when splitting long lines. Thanks to
* Daniel Jacobowitz <dan@debian.org> for the fix.
*
* Mon Sep 18 15:33:26 CEST 2000: Martin Schulze <joey@infodrom.ffis.de>
* Removed unixm/unix domain sockets and switch to Datagram Unix
* Sockets. This should remove one possibility to play DoS with
* syslogd. Thanks to Olaf Kirch <okir@caldera.de> for the patch.
*
* Sun Mar 11 20:23:44 CET 2001: Martin Schulze <joey@infodrom.ffis.de>
* Don't return a closed fd if `-a' is called with a wrong path.
* Thanks to Bill Nottingham <notting@redhat.com> for providing
* a patch.
*/
|