added first (simple) version of rfc3195 receiver; some bug fixes and

    supporting changes to rsyslogd

4 files changed, 293 insertions, 187 deletions

diff --git a/NEWS b/NEWS
index 3a0faa57..6db5d5ef 100644
--- a/NEWS
+++ b/NEWS
@@ -1,7 +1,13 @@
 ---------------------------------------------------------------------------
-Version 1.11.0 (RGer), 2005-??-??
+Version 1.11.0 (RGer), 2005-10-12
 - support for receiving messages via RFC 3195; added rfc3195d for that
   purpose
+- added an additional guard to prevent rsyslogd from aborting when the
+  2gb file size limit is hit. While a user can configure rsyslogd to
+  handle such situations, it would abort if that was not done AND large
+  file support was not enabled (ok, this is hopefully an unlikely scenario)
+- fixed a bug that caused additional Unix domain sockets to be incorrectly
+  processed - could lead to message loss in extreme cases
 ---------------------------------------------------------------------------
 Version 1.10.2 (RGer), 2005-09-27
 - added comparison operations in property-based filters:
diff --git a/master.make b/master.make
index e5174b39..3b118a17 100644
--- a/master.make
+++ b/master.make
@@ -67,7 +67,7 @@ syslog.o: syslog.c
 	${CC} ${CFLAGS} ${SYSLOG_FLAGS} -c $(VPATH)syslog.c
 
 clean:
-	rm -f *.o *.log *~ *.orig syslogd
+	rm -f *.o *.log *~ *.orig syslogd rfc3195d
 
 clobber: clean
 	rm -f syslogd ksym syslog_tst oops_test TAGS tsyslogd tklogd
diff --git a/rfc3195d.c b/rfc3195d.c
index d9ae4d50..aff32bbd 100644
--- a/rfc3195d.c
+++ b/rfc3195d.c
@@ -1,156 +1,241 @@
-/** 

- * testsrvr.cpp : This is a small sample C++ server app

- * using liblogging. It just demonstrates how things can be 

- * done. It accepts incoming messages and just dumps them

- * to stdout. It is single-threaded.

- *

- * \author  Rainer Gerhards <rgerhards@adiscon.com>

- * \date    2003-08-13

- *          file created.

- *

- * Copyright 2003 

- *     Rainer Gerhards and Adiscon GmbH. All Rights Reserved.

- * 

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions are

- * met:

- * 

- *     * Redistributions of source code must retain the above copyright

- *       notice, this list of conditions and the following disclaimer.

- * 

- *     * Redistributions in binary form must reproduce the above copyright

- *       notice, this list of conditions and the following disclaimer in

- *       the documentation and/or other materials provided with the

- *       distribution.

- * 

- *     * Neither the name of Adiscon GmbH or Rainer Gerhards

- *       nor the names of its contributors may be used to

- *       endorse or promote products derived from this software without

- *       specific prior written permission.

- * 

- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS

- * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED

- * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A

- * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER

- * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,

- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,

- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR

- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF

- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING

- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS

- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

- */

-

-#include <stdio.h>

-#include <unistd.h>

-#include <signal.h>

-#include <sys/socket.h>

-#include "rsyslog.h"

-#include "liblogging.h"

-#include "srAPI.h"

-#include "syslogmessage.h"

-

-/* configurable params! */

-#define	_PATH_LOGNAME	"/dev/log"

-

-/* quick hack, so all can access it. Do NOT do this in your server ;-) */

-static srAPIObj* pAPI;

-

-static int	LogFile = -1;		/* fd for log */

-static int	connected;		/* have done connect */

-static struct sockaddr SyslogAddr;	/* AF_UNIX address of local logger */

-

-/*

- * OPENLOG -- open system log

- */

-static void openlog()

-{

-	if (LogFile == -1) {

-		SyslogAddr.sa_family = AF_UNIX;

-		strncpy(SyslogAddr.sa_data, _PATH_LOGNAME,

-		    sizeof(SyslogAddr.sa_data));

-		LogFile = socket(AF_UNIX, SOCK_DGRAM, 0);

-	}

-	if (LogFile != -1 && !connected &&

-	    connect(LogFile, &SyslogAddr, sizeof(SyslogAddr.sa_family)+

-			strlen(SyslogAddr.sa_data)) != -1)

-		connected = 1;

-}

-

-/* This method is called when a message has been fully received.

- * In a real sample, you would do all your enqueuing and/or

- * processing here.

- * 

- * It is highly recommended that no lengthy processing is done in

- * this callback. Please see \ref architecture.c for a suggested

- * threading model.

- */

-void OnReceive(srAPIObj* pAPI, srSLMGObj* pSLMG)

-{

-	unsigned char *pszRawMsg;

-

-	srSLMGGetRawMSG(pSLMG, &pszRawMsg);

-

-	if (LogFile < 0 || !connected)

-		openlog();

-

-	/* output the message to the local logger */

-	write(LogFile, pszRawMsg, strlen(pszRawMsg));

-

-	printf("RAW:%s\n\n", pszRawMsg);

-}

-

-

-/* As we are single-threaded in this example, we need

- * one way to shut down the listener running on this

- * single thread. We use SIG_INT to do so - it effectively

- * provides a short-lived second thread ;-)

- */

-void doSIGINT(int i)

-{

-	printf("SIG_INT - shutting down listener. Be patient, can take up to 30 seconds...\n");

-	srAPIShutdownListener(pAPI);

-}

-

-int main(int argc, char* argv[])

-{

-	srRetVal iRet;

-

-#	ifdef	WIN32

-		_CrtSetDbgFlag(_CRTDBG_CHECK_ALWAYS_DF | _CRTDBG_ALLOC_MEM_DF | _CRTDBG_LEAK_CHECK_DF);

-#	endif

-

-	printf("testsrvr test server - just a quick debuging aid and sample....\n");

-	printf("Compiled with liblogging version %d.%d.%d.\n", LIBLOGGING_VERSION_MAJOR, LIBLOGGING_VERSION_MINOR, LIBLOGGING_VERSION_SUBMINOR);

-	printf("See http://www.monitorware.com/liblogging/ for updates.\n");

-	printf("Listening for incoming requests....\n");

-

-	signal(SIGINT, doSIGINT);

-

-	if((pAPI = srAPIInitLib()) == NULL)

-	{

-		printf("Error initializing lib!\n");

-		exit(1);

-	}

-

-	if((iRet = srAPISetupListener(pAPI, OnReceive)) != SR_RET_OK)

-	{

-		printf("Error %d setting up listener!\n", iRet);

-		exit(100);

-	}

-

-	/* now move the listener to running state. Control will only

-	 * return after SIG_INT.

-	 */

-	if((iRet = srAPIRunListener(pAPI)) != SR_RET_OK)

-	{

-		printf("Error %d running the listener!\n", iRet);

-		exit(100);

-	}

-

-	/** control will reach this point after SIG_INT */

-

-	srAPIExitLib(pAPI);

-	return 0;

-}

-

+/** 
+ * rfc3195d.c
+ * This is an RFC 3195 listener. All data received is forwarded to
+ * local UNIX domain socket, where it can be picked up by a
+ * syslog daemon (like rsyslogd ;)).
+ *
+ * \author  Rainer Gerhards <rgerhards@adiscon.com>
+ *
+ * Copyright 2003-2005 Rainer Gerhards and Adiscon GmbH.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ *
+ * A copy of the GPL can be found in the file "COPYING" in this distribution.
+ */
+
+#include <stdio.h>
+#include <unistd.h>
+#include <signal.h>
+#include <sys/socket.h>
+#include <sys/errno.h>
+#include "rsyslog.h"
+#include "liblogging.h"
+#include "srAPI.h"
+#include "syslogmessage.h"
+#include "version.h"
+
+/* configurable params! */
+static char* pPathLogname = "/dev/log3195";
+static char *PidFile;
+static int NoFork = 0;
+static int Debug = 0;
+
+/* we use a global API object below, because this listener is
+ * not very complex. As such, this hack should not harm anything.
+ * rgerhards, 2005-10-12
+ */
+static srAPIObj* pAPI;
+
+static int	LogFile = -1;		/* fd for log */
+static int	connected;		/* have done connect */
+static struct sockaddr SyslogAddr;	/* AF_UNIX address of local logger */
+
+/* small usage info */
+static int usage()
+{
+	/* The following usage line is what we intend to have - it
+	 * is commented out as a reminder. The one below is what we
+	 * currently actually do...
+	 fprintf(stderr, "usage: rfc3195d [-dv] [-i pidfile] [-n] [-p path]\n");
+	 */
+	fprintf(stderr, "usage: rfc3195d [-p path]\n");
+	exit(1);
+}
+
+/* CLOSELOG -- close the system log
+ */
+static void closelog(void)
+{
+	close(LogFile);
+	LogFile = -1;
+	connected = 0;
+}
+
+/* OPENLOG -- open system log
+ */
+static void openlog()
+{
+	if (LogFile == -1) {
+		SyslogAddr.sa_family = AF_UNIX;
+		strncpy(SyslogAddr.sa_data, pPathLogname,
+		    sizeof(SyslogAddr.sa_data));
+		LogFile = socket(AF_UNIX, SOCK_DGRAM, 0);
+		if(LogFile < 0)
+			printf("error opening '%s': %s\n", 
+			       pPathLogname, strerror(errno));
+	}
+	if (LogFile != -1 && !connected &&
+	    connect(LogFile, &SyslogAddr, sizeof(SyslogAddr.sa_family)+
+			strlen(SyslogAddr.sa_data)) != -1)
+		connected = 1;
+	else
+		printf("error connecting '%s': %s\n", 
+		       pPathLogname, strerror(errno));
+}
+
+
+/* This method is called when a message has been fully received.
+ * It passes the received message to the specified unix domain
+ * socket. Please note that this callback is synchronous, thus
+ * liblogging will be on hold until it returns. This is important
+ * to note because in an error case we might stay in this code
+ * for an extended amount of time. So far, we think this is the
+ * best solution, but real-world experience might tell us a
+ * different truth ;)
+ * rgerhards 2005-10-12
+ */
+void OnReceive(srAPIObj* pAPI, srSLMGObj* pSLMG)
+{
+	unsigned char *pszRawMsg;
+	int iRetries; /* number of retries connecting to log socket */
+	int iSleep;
+	int iWriteOffset;
+	ssize_t nToWrite;
+	ssize_t nWritten;
+
+	srSLMGGetRawMSG(pSLMG, &pszRawMsg);
+
+	/* we need to loop writing the message. At least in
+	 * theory, a single write might not send all data to the
+	 * syslogd. So we need to continue until everything is written.
+	 * Also, we need to check if there are any socket erros, in 
+	 * which case we reconect. We will re-try indefinitely, if this
+	 * is not acceptable, you need to change the code.
+	 * rgerhards 2005-10-12
+	 */
+	iRetries = 0;
+	nToWrite = strlen(pszRawMsg);
+	iWriteOffset = 0;
+	while(nToWrite != 0) {
+		if(LogFile < 0 || !connected)
+			openlog();
+		if(LogFile < 0 || !connected) {
+			/* still not connected, retry */
+			if(iRetries > 0) {
+				iSleep = (iRetries < 30) ? iRetries : 30;
+				/* we sleep a little to prevent a thight loop */
+				if(Debug)
+					printf("multiple retries connecting to log socket"
+					       " - doing sleep(%d)\n", iSleep);
+				sleep(iSleep);
+			}
+			++iRetries;
+		} else {
+			nWritten = write(LogFile, pszRawMsg, strlen(pszRawMsg));
+			if(nWritten < 0) {
+				/* error, recover! */
+				printf("error writing to domain socket: %s\r\n", strerror(errno));
+				closelog();
+			} else {
+				/* prepare for (potential) next write */
+				nToWrite -= nWritten;
+				iWriteOffset += nWritten;
+			}
+		}
+	}
+
+	if(Debug)
+		printf("Msg:%s\n\n", pszRawMsg);
+}
+
+
+/* As we are single-threaded in this example, we need
+ * one way to shut down the listener running on this
+ * single thread. We use SIG_INT to do so - it effectively
+ * provides a short-lived second thread ;-)
+ */
+void doShutdown(int i)
+{
+	printf("Shutting down rfc3195d. Be patient, this can take up to 30 seconds...\n");
+	srAPIShutdownListener(pAPI);
+}
+
+int main(int argc, char* argv[])
+{
+	srRetVal iRet;
+	int ch;
+
+	while ((ch = getopt(argc, argv, "di:np:v")) != EOF)
+		switch((char)ch) {
+		case 'd':		/* debug */
+			Debug = 1;
+			break;
+		case 'i':		/* pid file name */
+			PidFile = optarg;
+			break;
+		case 'n':		/* don't fork */
+			NoFork = 1;
+			break;
+		case 'p':		/* path to regular log socket */
+			pPathLogname = optarg;
+			break;
+		case 'v':
+			printf("rfc3195d %s.%s (using liblogging version %d.%d.%d).\n",
+			       VERSION, PATCHLEVEL,
+			       LIBLOGGING_VERSION_MAJOR, LIBLOGGING_VERSION_MINOR,
+			       LIBLOGGING_VERSION_SUBMINOR);
+			printf("See http://www.rsyslog.com for more information.\n");
+			exit(0);
+		case '?':
+		default:
+			usage();
+		}
+	if ((argc -= optind))
+		usage();
+
+	if(!Debug)
+		signal(SIGINT, SIG_IGN);
+	signal(SIGUSR1, doShutdown);
+
+	if((pAPI = srAPIInitLib()) == NULL)
+	{
+		printf("Error initializing liblogging - aborting!\n");
+		exit(1);
+	}
+
+	if((iRet = srAPISetupListener(pAPI, OnReceive)) != SR_RET_OK)
+	{
+		printf("Error %d setting up listener - aborting\n", iRet);
+		exit(100);
+	}
+
+	/* now move the listener to running state. Control will only
+	 * return after SIGUSR1.
+	 */
+	if((iRet = srAPIRunListener(pAPI)) != SR_RET_OK)
+	{
+		printf("Error %d running the listener - aborting\n", iRet);
+		exit(101);
+	}
+
+	/** control will reach this point after shutdown */
+
+	srAPIExitLib(pAPI);
+	return 0;
+}
+
+/*
+ * vi:set ai:
+ */
diff --git a/syslogd.c b/syslogd.c
index 27643bbe..f3ac35c1 100644
--- a/syslogd.c
+++ b/syslogd.c
@@ -315,6 +315,7 @@ int nfunix = 1;
 int startIndexUxLocalSockets = 0; /* process funix from that index on (used to 
  				   * suppress local logging. rgerhards 2005-08-01
 				   */
+int funixParseHost[MAXFUNIX] = { 0, }; /* should parser parse host name? */
 char *funixn[MAXFUNIX] = { _PATH_LOG };
 int funix[MAXFUNIX] = { -1, };
 
@@ -405,7 +406,13 @@ struct msg {
 	short	iSyslogVers;	/* version of syslog protocol
 				 * 0 - RFC 3164
 				 * 1 - RFC draft-protocol-08 */
-	short	iMsgSource;	/* where did the msg originate from? */
+	short	bParseHOSTNAME;	/* should the hostname be parsed from the message? */
+	   /* background: the hostname is not present on "regular" messages
+	    * received via UNIX domain sockets from the same machine. However,
+	    * it is available when we have a forwarder (e.g. rfc3195d) using local
+	    * sockets. All in all, the parser would need parse templates, that would
+	    * resolve all these issues... rgerhards, 2005-10-06
+	    */
 #define SOURCE_INTERNAL 0
 #define SOURCE_STDIN 1
 #define SOURCE_UNIXAF 2
@@ -722,7 +729,7 @@ static char template_StdDBFmt[] = "\"insert into SystemEvents (Message, Facility
 /* Function prototypes. */
 int main(int argc, char **argv);
 char **crunch_list(char *list);
-int usage(void);
+static int usage(void);
 void untty(void);
 void printchopped(char *hname, char *msg, int len, int fd, int iSourceType);
 void printline(char *hname, char *msg, int iSource);
@@ -2550,7 +2557,14 @@ int main(int argc, char **argv)
 		switch((char)ch) {
 		case 'a':
 			if (nfunix < MAXFUNIX)
-				funixn[nfunix++] = optarg;
+				if(*optarg == ':') {
+					funixParseHost[nfunix] = 1;
+					funixn[nfunix++] = optarg+1;
+				}
+				else {
+					funixParseHost[nfunix] = 0;
+					funixn[nfunix++] = optarg;
+				}
 			else
 				fprintf(stderr, "Out of descriptors, ignoring %s\n", optarg);
 			break;
@@ -2760,6 +2774,7 @@ int main(int argc, char **argv)
 	(void) signal(SIGALRM, domark);
 	(void) signal(SIGUSR1, Debug ? debug_switch : SIG_IGN);
 	(void) signal(SIGPIPE, SIG_IGN);
+	(void) signal(SIGXFSZ, SIG_IGN); /* do not abort if 2gig file limit is hit */
 	(void) alarm(TIMERINTVL);
 
 	/* Create a partial message table for all file descriptors. */
@@ -2960,13 +2975,14 @@ int main(int argc, char **argv)
 #ifdef SYSLOG_UNIXAF
 		for (i = 0; i < nfunix; i++) {
 			if ((fd = funix[i]) != -1 && FD_ISSET(fd, &readfds)) {
+				int iRcvd;
 				memset(line, '\0', sizeof(line));
-				i = recv(fd, line, MAXLINE - 2, 0);
+				iRcvd = recv(fd, line, MAXLINE - 2, 0);
 				dprintf("Message from UNIX socket: #%d\n", fd);
-				if (i > 0) {
-					line[i] = line[i+1] = '\0';
-					printchopped(LocalHostName, line, i + 2,  fd, SOURCE_UNIXAF);
-				} else if (i < 0 && errno != EINTR) {
+				if (iRcvd > 0) {
+					line[iRcvd] = line[iRcvd+1] = '\0';
+					printchopped(LocalHostName, line, iRcvd + 2,  fd, funixParseHost[i]);
+				} else if (iRcvd < 0 && errno != EINTR) {
 					dprintf("UNIX socket error: %d = %s.\n", \
 						errno, strerror(errno));
 					logerror("recvfrom UNIX");
@@ -2993,7 +3009,7 @@ int main(int argc, char **argv)
 				 */
 				if(isAllowedSender(pAllowedSenders_UDP, &frominet)) {
 					line[i] = line[i+1] = '\0';
-					printchopped(from, line, i + 2,  finet, SOURCE_INET);
+					printchopped(from, line, i + 2,  finet, 1);
 				} else {
 					if(option_DisallowWarning) {
 						logerrorSz("UDP message from disallowed sender %s discarded",
@@ -3060,7 +3076,7 @@ int main(int argc, char **argv)
 			i = read(fileno(stdin), line, MAXLINE);
 			if (i > 0) {
 				printchopped(LocalHostName, line, i+1,
-					     fileno(stdin), SOURCE_STDIN);
+					     fileno(stdin), 0);
 		  	} else if (i < 0) {
 		    		if (errno != EINTR) {
 		      			logerror("stdin");
@@ -3073,7 +3089,7 @@ int main(int argc, char **argv)
 	}
 }
 
-int usage()
+static int usage(void)
 {
 	fprintf(stderr, "usage: rsyslogd [-dhvw] [-l hostlist] [-m markinterval] [-n] [-p path]\n" \
 		" [-s domainlist] [-r port] [-t port] [-f conffile]\n");
@@ -3256,14 +3272,14 @@ void untty()
  * I added the "iSource" parameter. This is needed to distinguish between
  * messages that have a hostname in them (received from the internet) and
  * those that do not have (most prominently /dev/log).  rgerhards 2004-11-16
+ * And now I removed the "iSource" parameter and changed it to be "bParseHost",
+ * because all that it actually controls is whether the host is parsed or not.
+ * For rfc3195 support, we needed to modify the algo for host parsing, so we can
+ * no longer rely just on the source (rfc3195d forwarded messages arrive via
+ * unix domain sockets but contain the hostname). rgerhards, 2005-10-06
  */
 
-void printchopped(hname, msg, len, fd, iSource)
-	char *hname;
-	char *msg;
-	int len;
-	int fd;
-	int iSource;
+void printchopped(char *hname, char *msg, int len, int fd, int bParseHost)
 {
 	auto int ptlngth;
 
@@ -3283,7 +3299,7 @@ void printchopped(hname, msg, len, fd, iSource)
 		if ( (strlen(msg) + strlen(tmpline)) > MAXLINE )
 		{
 			logerror("Cannot glue message parts together");
-			printline(hname, tmpline, iSource);
+			printline(hname, tmpline, bParseHost);
 			start = msg;
 		}
 		else
@@ -3291,7 +3307,7 @@ void printchopped(hname, msg, len, fd, iSource)
 			dprintf("Previous: %s\n", tmpline);
 			dprintf("Next: %s\n", msg);
 			strcat(tmpline, msg);	/* length checked above */
-			printline(hname, tmpline, iSource);
+			printline(hname, tmpline, bParseHost);
 			if ( (strlen(msg) + 1) == len )
 				return;
 			else
@@ -3318,7 +3334,7 @@ void printchopped(hname, msg, len, fd, iSource)
 
 	do {
 		end = strchr(start + 1, '\0');
-		printline(hname, start, iSource);
+		printline(hname, start, bParseHost);
 		start = end + 1;
 	} while ( *start != '\0' );
 
@@ -3337,11 +3353,10 @@ void printchopped(hname, msg, len, fd, iSource)
  * message here.
  * Added the iSource parameter so that we know if we have to parse
  * HOSTNAME or not. rgerhards 2004-11-16.
+ * changed parameter iSource to bParseHost. For details, see comment in
+ * printchopped(). rgerhards 2005-10-06
  */
-void printline(hname, msg, iSource)
-	char *hname;
-	char *msg;
-	int iSource;
+void printline(char *hname, char *msg, int bParseHost)
 {
 	register char *p;
 	int pri;
@@ -3359,7 +3374,7 @@ void printline(hname, msg, iSource)
 	}
 	if(MsgSetRawMsg(pMsg, msg) != 0) return;
 	
-	pMsg->iMsgSource = iSource;
+	pMsg->bParseHOSTNAME  = bParseHost;
 	/* test for special codes */
 	pri = DEFUPRI;
 	p = msg;
@@ -3412,7 +3427,7 @@ void printline(hname, msg, iSource)
 	 * the message was received from (that, for obvious reasons,
 	 * being the local host).  rgerhards 2004-11-16
 	 */
-	if(iSource != SOURCE_INET)
+	if(bParseHost == 0)
 		if(MsgSetHOSTNAME(pMsg, hname) != 0) return;
 	if(MsgSetRcvFrom(pMsg, hname) != 0) return;
 
@@ -3429,7 +3444,7 @@ void printline(hname, msg, iSource)
 	 * we are done with the message object. If it still is
 	 * stored somewhere, we can call discard anyhow. This
 	 * is handled via the reference count - see description
-	 * for struct msg for details.
+	 * of struct msg for details.
 	 */
 	MsgDestruct(pMsg);
 	return;
@@ -3486,7 +3501,7 @@ void logmsgInternal(pri, msg, from, flags)
 	if(MsgSetHOSTNAME(pMsg, LocalHostName) != 0) return;
 	pMsg->iFacility = LOG_FAC(pri);
 	pMsg->iSeverity = LOG_PRI(pri);
-	pMsg->iMsgSource = SOURCE_INTERNAL;
+	pMsg->bParseHOSTNAME = 0;
 	getCurrTime(&(pMsg->tTIMESTAMP)); /* use the current time! */
 
 	logmsg(pri, pMsg, flags);
@@ -3649,7 +3664,7 @@ void logmsg(int pri, struct msg *pMsg, int flags)
 	}
 
 	/* parse HOSTNAME - but only if this is network-received! */
-	if(pMsg->iMsgSource == SOURCE_INET) {
+	if(pMsg->bParseHOSTNAME) {
 		if(bContParse) {
 			/* TODO: quick and dirty memory allocation */
 			if((pBuf = malloc(sizeof(char)* strlen(p2parse) +1)) == NULL)