blob: ddb93e4adb14a2ee25a3c6787ea87aa4f2b8d783 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
|
OpenLMI Journald Provider documentation
=======================================
OpenLMI Journald is a CIM provider exposing `systemd <http://freedesktop.org/wiki/Software/systemd/>`_
journald log records and basic means of iteration and log writing.
Classes used by the provider were chosen to mimic the sblim-cmpi-syslog provider
set of classes allowing drop-in replacement in production tools. We haven't been
able to find a profile it conforms to though. There's a related DMTF profile
`DSP1010 "Record Log Profile" <http://www.dmtf.org/sites/default/files/standards/documents/DSP1010_2.0.0.pdf>`_
which may be subject to extension of this provider in the future.
As a benefit, by using the parent classes (e.g. :ref:`CIM_LogRecord<CIM-LogRecord>`), one is able
to mix log records from orthodox syslog and journald together.
Provider features
------------------
This is a short list of provider features:
* log records reading
* log record iteration using persistent iterators
* new records indication
* writing new log records
For the moment, global journal is used, all journal files are mixed together.
The provider also comes with a test suite covering most of its functionality.
.. _inst-enum-limit:
Number of LMI_JournalLogRecord instances enumerated limitation
--------------------------------------------------------------
Testing the provider showed up an issue with enumeration of :ref:`LMI_JournalLogRecord<LMI-JournalLogRecord>`
instances. On the testing machine there was 199583 journal records, which is
simply too much for the CIMOM, exceeding memory and the resulting XML reply
limits.
An artificial limit has been set, currently to 1000 most recent records. This
limit is set by the ``JOURNAL_MAX_INSTANCES_NUM`` define in ``Journal.h`` source
file.
The :ref:`LMI_JournalMessageLog<LMI-JournalMessageLog>` class provides several
methods for iterating and seeking in a complete log.
New log records writing security concerns
-----------------------------------------
The provider has an ability to send new messages to the log. This may be percieved
as a security issue in someone's eyes as long as you can specify custom message
format that is sent to the log. The only obstacle preventing anyone in sending
spoof messages is the rather weak CIM authentication model.
However, as long as journald is a structured logging system, further information
is stored along every log record. Messages sent through the OpenLMI Journald
provider may be identified by supplemental fields such as ``_COMM`` and ``_EXE``,
pointing to a CIMOM that had been running the provider code or even the ``CODE_FUNC``
field, pointing to a specific function that invoked the journald library code.
Potential indications endless loop
----------------------------------
Just a note for implementing a system processing the indications. Having no
specific filter for the indication subscription and performing an action
within the indication handler that involves a message being sent to syslog
may result in an endless loop as long such action generates another indication
for the fresh syslog message. Even a CIMOM in certain situations (i.e. debugging
in verbose mode) may generate additional messages while sending an indication
that in turn will generate another one.
Contents
---------
.. toctree::
:maxdepth: 2
usage
.. ifconfig:: includeClasses
OpenLMI Journald CIM Classes:
.. toctree::
:maxdepth: 1
mof/tree
mof/index
|
