journald: Expose UID, GID, PID and syslog facility/severity fields

This is useful e.g. for indication filtering.
author: Tomas Bzatek <tbzatek@redhat.com> 2014-05-22 17:35:01 +0200
committer: Tomas Bzatek <tbzatek@redhat.com> 2014-05-26 16:46:30 +0200
commit: 58dcc99707d1a3cb76fa4ec311af10d65d9cdede (patch)
tree: 6b3f8f2f103367a0deecda183440cb2b1044ca21
parent: ea20e9bcdbc943e088006992bd10b8c0b585cd9d (diff)
download: openlmi-providers-58dcc99707d1a3cb76fa4ec311af10d65d9cdede.tar.gz
openlmi-providers-58dcc99707d1a3cb76fa4ec311af10d65d9cdede.tar.xz
openlmi-providers-58dcc99707d1a3cb76fa4ec311af10d65d9cdede.zip
2 files changed, 128 insertions, 34 deletions
diff --git a/mof/60_LMI_Journald.mof b/mof/60_LMI_Journald.mof
index 938b3d2..7caddca 100644
--- a/mof/60_LMI_Journald.mof
+++ b/mof/60_LMI_Journald.mof
@@ -197,7 +197,7 @@ class LMI_JournalMessageLog: CIM_MessageLog
       string IterationIdentifier);
 };
 
-[ Version("0.4.1"), Provider("cmpi:cmpiLMI_Journald") ]
+[ Version("0.4.3"), Provider("cmpi:cmpiLMI_Journald") ]
 class LMI_JournalLogRecord: CIM_LogRecord
 {
     [ Implemented(true), Override("LogCreationClassName"), Key ]
@@ -224,6 +224,51 @@ class LMI_JournalLogRecord: CIM_LogRecord
 
     [ Implemented(true), Override("PerceivedSeverity") ]
     uint16 PerceivedSeverity;
+
+    [ Implemented(true), Description (
+          "Denotes numerical effective user ID of the process that sent the "
+          "message. This ID is system specific and usually maps to a local "
+          "POSIX account." ) ]
+    uint64 UserID;
+
+    [ Implemented(true), Description (
+          "Denotes numerical effective group ID of the process that sent the "
+          "message. This ID is system specific and usually maps to a local "
+          "POSIX account." ) ]
+    uint64 GroupID;
+
+    [ Implemented(true), Description (
+          "Denotes numerical ID of the process that sent the message." ) ]
+    uint64 ProcessID;
+
+    [ Implemented(true), Description (
+          "A syslog facility level specifying what type of program is logging "
+          "the message. Values are defined by RFC 3164." ),
+      ValueMap { "0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "10", "11",
+                 "12", "13", "14", "15", "16", "17", "18", "19", "20", "21",
+                 "22", "23" },
+      Values { "kern", "user", "mail", "daemon", "auth", "syslog", "lpr",
+               "news", "uucp", "clock", "authpriv", "ftp", "ntp", "audit",
+               "alert", "cron", "local0", "local1", "local2", "local3",
+               "local4", "local5", "local6", "local7" } ]
+    uint16 SyslogFacility;
+
+    [ Implemented(true), Description (
+          "A syslog severity level of the message, defined by RFC 5424." ),
+      ValueMap { "0", "1", "2", "3", "4", "5", "6", "7" },
+      Values { "Emergency", "Alert", "Critical", "Error", "Warning", "Notice",
+               "Informational", "Debug" } ]
+    uint16 SyslogSeverity;
+
+    [ Implemented(true), Description (
+          "A syslog identifier string, usually carrying process name that "
+          "logged the message." ) ]
+    String SyslogIdentifier;
+
+    [ Implemented(true), Description (
+          "The systemd unit name, not set when message has not been logged "
+          "natively through journald (i.e. through syslog transport)." ) ]
+    String SystemdUnit;
 };
 
 [ Version("0.4.1"), Provider("cmpi:cmpiLMI_Journald"),
diff --git a/src/journald/instutil.c b/src/journald/instutil.c
index b3987bc..0c716f8 100644
--- a/src/journald/instutil.c
+++ b/src/journald/instutil.c
@@ -92,6 +92,27 @@ static int dup_journal_data(
     return 0;
 }
 
+static int get_journal_data_int(
+    sd_journal *j,
+    const char *key,
+    long int *out)
+{
+    int r;
+    gchar *d;
+
+    *out = -1;
+    r = dup_journal_data(j, key, &d);
+    if (r >= 0 && d != NULL && strlen(d) > 0) {
+        char *conv_err = NULL;
+        long int i = strtol(d, &conv_err, 10);
+        if (conv_err == NULL || *conv_err == '\0')
+            *out = i;
+        g_free(d);
+        return 0;
+    }
+    return -1;
+}
+
 static int get_record_message(sd_journal *j, gboolean full_format, gchar **out)
 {
     int r;
@@ -173,6 +194,7 @@ int create_LMI_JournalLogRecord(sd_journal *j,
     uint64_t usec;
     CMPIDateTime *date;
     gchar *d;
+    long int i;
 
     LMI_JournalLogRecord_Set_CreationClassName(rec, LMI_JournalLogRecord_ClassName);
     LMI_JournalLogRecord_Set_LogCreationClassName(rec, LMI_JournalMessageLog_ClassName);
@@ -200,40 +222,67 @@ int create_LMI_JournalLogRecord(sd_journal *j,
     }
 
     /* Optional: PerceivedSeverity */
-    r = dup_journal_data(j, "PRIORITY", &d);
+    if (get_journal_data_int(j, "PRIORITY", &i) >= 0) {
+        switch (i) {
+            case LOG_EMERG:
+                /* 7 - Fatal/NonRecoverable should be used to indicate an error occurred,
+                 *     but it's too late to take remedial action. */
+                LMI_JournalLogRecord_Set_PerceivedSeverity_Fatal_NonRecoverable(rec);
+                break;
+            case LOG_ALERT:
+            case LOG_CRIT:
+                /* 6 - Critical should be used to indicate action is needed NOW and the scope
+                 *     is broad (perhaps an imminent outage to a critical resource will result). */
+                LMI_JournalLogRecord_Set_PerceivedSeverity_Critical(rec);
+                break;
+            case LOG_ERR:
+                /* 4 - Minor should be used to indicate action is needed, but the situation
+                 *     is not serious at this time. */
+                LMI_JournalLogRecord_Set_PerceivedSeverity_Minor(rec);
+                break;
+            case LOG_WARNING:
+                /* 3 - Degraded/Warning should be used when its appropriate to let the user
+                 *     decide if action is needed. */
+                LMI_JournalLogRecord_Set_PerceivedSeverity_Degraded_Warning(rec);
+                break;
+            case LOG_NOTICE:
+            case LOG_INFO:
+            case LOG_DEBUG:
+                /* 2 - Information */
+                LMI_JournalLogRecord_Set_PerceivedSeverity_Information(rec);
+                break;
+        }
+        if (i >= 0 && i <= LOG_DEBUG)
+            LMI_JournalLogRecord_Set_SyslogSeverity(rec, i);
+    }
+
+    /* Optional: UID */
+    if (get_journal_data_int(j, "_UID", &i) >= 0)
+        LMI_JournalLogRecord_Set_UserID(rec, i);
+
+    /* Optional: GID */
+    if (get_journal_data_int(j, "_GID", &i) >= 0)
+        LMI_JournalLogRecord_Set_GroupID(rec, i);
+
+    /* Optional: PID */
+    if (get_journal_data_int(j, "SYSLOG_PID", &i) >= 0 ||  get_journal_data_int(j, "_PID", &i) >= 0)
+        LMI_JournalLogRecord_Set_ProcessID(rec, i);
+
+    /* Optional: Syslog facility */
+    if (get_journal_data_int(j, "SYSLOG_FACILITY", &i) >= 0 && i < LOG_NFACILITIES)
+        LMI_JournalLogRecord_Set_SyslogFacility(rec, i);
+
+    /* Optional: Syslog identifier */
+    r = dup_journal_data(j, "SYSLOG_IDENTIFIER", &d);
     if (r >= 0 && d != NULL && strlen(d) > 0) {
-        char *conv_err = NULL;
-        long int i = strtol(d, &conv_err, 10);
-        if (conv_err == NULL || *conv_err == '\0')
-            switch (i) {
-                case LOG_EMERG:
-                    /* 7 - Fatal/NonRecoverable should be used to indicate an error occurred,
-                     *     but it's too late to take remedial action. */
-                    LMI_JournalLogRecord_Set_PerceivedSeverity_Fatal_NonRecoverable(rec);
-                    break;
-                case LOG_ALERT:
-                case LOG_CRIT:
-                    /* 6 - Critical should be used to indicate action is needed NOW and the scope
-                     *     is broad (perhaps an imminent outage to a critical resource will result). */
-                    LMI_JournalLogRecord_Set_PerceivedSeverity_Critical(rec);
-                    break;
-                case LOG_ERR:
-                    /* 4 - Minor should be used to indicate action is needed, but the situation
-                     *     is not serious at this time. */
-                    LMI_JournalLogRecord_Set_PerceivedSeverity_Minor(rec);
-                    break;
-                case LOG_WARNING:
-                    /* 3 - Degraded/Warning should be used when its appropriate to let the user
-                     *     decide if action is needed. */
-                    LMI_JournalLogRecord_Set_PerceivedSeverity_Degraded_Warning(rec);
-                    break;
-                case LOG_NOTICE:
-                case LOG_INFO:
-                case LOG_DEBUG:
-                    /* 2 - Information */
-                    LMI_JournalLogRecord_Set_PerceivedSeverity_Information(rec);
-                    break;
-            }
+        LMI_JournalLogRecord_Set_SyslogIdentifier(rec, d);
+        g_free(d);
+    }
+
+    /* Optional: Systemd unit */
+    r = dup_journal_data(j, "_SYSTEMD_UNIT", &d);
+    if (r >= 0 && d != NULL && strlen(d) > 0) {
+        LMI_JournalLogRecord_Set_SystemdUnit(rec, d);
         g_free(d);
     }
author	Tomas Bzatek <tbzatek@redhat.com>	2014-05-22 17:35:01 +0200
committer	Tomas Bzatek <tbzatek@redhat.com>	2014-05-26 16:46:30 +0200
commit	58dcc99707d1a3cb76fa4ec311af10d65d9cdede (patch)
tree	6b3f8f2f103367a0deecda183440cb2b1044ca21
parent	ea20e9bcdbc943e088006992bd10b8c0b585cd9d (diff)
download	openlmi-providers-58dcc99707d1a3cb76fa4ec311af10d65d9cdede.tar.gz openlmi-providers-58dcc99707d1a3cb76fa4ec311af10d65d9cdede.tar.xz openlmi-providers-58dcc99707d1a3cb76fa4ec311af10d65d9cdede.zip