add support for writing to the Linux Journal (omjournal)

9 files changed, 294 insertions, 2 deletions

diff --git a/ChangeLog b/ChangeLog
index 4944987c..67d02d60 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,6 @@
 ---------------------------------------------------------------------------
 Version 7.3.7  [devel] 2013-02-??
+- add support for writing to the Linux Journal (omjournal)
 - field() function now supports a string as field delimiter
 - bugfix: mmjsonparse segfault if new-style config was used
 - bugfix: script == comparison did not work properly on JSON objects
diff --git a/Makefile.am b/Makefile.am
index c4499406..1c044074 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -177,6 +177,10 @@ if ENABLE_OMHDFS
 SUBDIRS += plugins/omhdfs
 endif
 
+if ENABLE_OMJOURNAL
+SUBDIRS += plugins/omjournal
+endif
+
 if ENABLE_ELASTICSEARCH
 SUBDIRS += plugins/omelasticsearch
 endif
diff --git a/configure.ac b/configure.ac
index e9fce3f7..0d5dc11e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1057,6 +1057,21 @@ AC_ARG_ENABLE(omstdout,
 )
 AM_CONDITIONAL(ENABLE_OMSTDOUT, test x$enable_omstdout = xyes)
 
+# settings for omjournal
+AC_ARG_ENABLE(omjournal,
+        [AS_HELP_STRING([--enable-omjournal],[Compiles omjournal @<:@default=no@:>@])],
+        [case "${enableval}" in
+         yes) enable_omjournal="yes" ;;
+          no) enable_omjournal="no" ;;
+           *) AC_MSG_ERROR(bad value ${enableval} for --enable-omjournal) ;;
+         esac],
+        [enable_omjournal=no]
+)
+if test "x$enable_omjournal" = "xyes"; then
+	PKG_CHECK_MODULES([LIBSYSTEMD_JOURNAL], [libsystemd-journal >= 197])
+fi
+AM_CONDITIONAL(ENABLE_OMJOURNAL, test x$enable_omjournal = xyes)
+
 
 # settings for pmlastmsg
 AC_ARG_ENABLE(pmlastmsg,
@@ -1298,6 +1313,7 @@ AC_CONFIG_FILES([Makefile \
 		plugins/omhdfs/Makefile \
 		plugins/omprog/Makefile \
 		plugins/omstdout/Makefile \
+		plugins/omjournal/Makefile \
 		plugins/pmrfc3164sd/Makefile \
 		plugins/pmlastmsg/Makefile \
 		plugins/pmcisconames/Makefile \
@@ -1364,6 +1380,7 @@ echo "---{ output plugins }---"
 echo "    Mail support enabled:                     $enable_mail"
 echo "    omprog module will be compiled:           $enable_omprog"
 echo "    omstdout module will be compiled:         $enable_omstdout"
+echo "    omjournal module will be compiled:        $enable_omjournal"
 echo "    omhdfs module will be compiled:           $enable_omhdfs"
 echo "    omelasticsearch module will be compiled:  $enable_elasticsearch"
 echo "    omruleset module will be compiled:        $enable_omruleset"
diff --git a/doc/Makefile.am b/doc/Makefile.am
index 6501cf6c..b907c5bf 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -34,6 +34,7 @@ html_files = \
 	ompipe.html \
 	omfwd.html \
 	omfile.html \
+	omjournal.html \
 	omusrmsg.html \
 	omstdout.html \
 	omudpspoof.html \
diff --git a/doc/omfile.html b/doc/omfile.html
index 75ac5f49..2c5ab97a 100644
--- a/doc/omfile.html
+++ b/doc/omfile.html
@@ -90,7 +90,7 @@
 <p><b>Caveats/Known Bugs:</b></p><ul><li>None.</li></ul>
 <p><b>Sample:</b></p>
 <p>The following command writes all syslog messages into a file.</p>
-<textarea rows="5" cols="60">Module (path="builtin:omfile")
+<textarea rows="5" cols="60">Module (load="builtin:omfile")
 *.* action(type="omfile" 
 DirCreateMode="0700"
 FileCreateMode="0644"
diff --git a/doc/omjournal.html b/doc/omjournal.html
new file mode 100644
index 00000000..263fd20a
--- /dev/null
+++ b/doc/omjournal.html
@@ -0,0 +1,83 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html><head>
+<meta http-equiv="Content-Language" content="en">
+<title>Linux Journal Output Module (omjournal)</title></head>
+
+<body>
+<a href="rsyslog_conf_modules.html">back</a>
+
+<h1>Linux Journal Output Module (omjournal)</h1>
+<p><b>Module Name:&nbsp;&nbsp;&nbsp; omjournal</b></p>
+<p><b>Author: </b>Rainer Gerhards &lt;rgergards@adiscon.com&gt;</p>
+<p><b>Available since</b>: 7.3.7</p>
+<p><b>Description</b>:</p>
+<p>The omjournal output module provides an interface to the Linux journal.
+It is meant to be used in those cases where the Linux journal is being used
+as the sole system log database. With omjournal, messages from various
+sources (e.g. files and remote devices) can also be written to the journal
+and processed by its tools.
+<p>A typical use case we had on our mind is a SOHO environment, where the
+user wants to include syslog data obtained from the local router to be
+part of the journal data.
+<p>&nbsp;</p>
+
+<p><b>Module Configuration Parameters</b>:</p>
+<p>Currently none.
+<p>&nbsp;</p>
+<p><b>Action Confguration Parameters</b>:</p>
+<p>Currently none.
+
+<p><b>Caveats/Known Bugs:</b>
+<ul>
+<li>One needs to be careful that no message routing loop is created. The 
+systemd journal forwards messages it receives to the traditional syslog
+system (if present). That means rsyslog will receive the same message that
+it just wrote as new input on imuxsock. If not handled specially and assuming
+all messages be written to the journal, the message would be emitted to the
+journal again and a deadly loop is started.
+<p>To prevent that, imuxsock by default does not accept messages originating
+from its own process ID, aka it ignores messages from the current instance of
+rsyslogd. However, this setting can be changed, and if so the problem may occur.
+</ul>
+
+<p><b>Sample:</b></p>
+<p>We assume we have a DSL router inside the network and would like to
+receive its syslog message into the journal. Note that this configuration can be
+used without havoing any other syslog functionality at all (most importantly, there
+is no need to write any file to /var/log!). We assume syslog over UDP, as this
+is the most probable choice for the SOHO environment that this use case reflects.
+To log to syslog data to the journal, add the following snippet to rsyslog.conf:
+<textarea rows="20" cols="60">/* first, we make sure all necessary
+ * modules are present:
+ */
+module(load="imudp") # input module for UDP syslog
+module(load="omjournal") # output module for journal
+
+/* then, define the actual server that listens to the
+ * router. Note that 514 is the default port for UDP
+ * syslog and that we use a dedicated ruleset to
+ * avoid mixing messages with the local log stream
+ * (if there is any).
+ */
+input(type="imudp" port="514" ruleset="writeToJournal")
+
+/* inside that ruleset, we just write data to the journal: */
+ruleset(name="writeToJournal") {
+	action(type="mmjournal")
+}
+</textarea>
+<p>Note that this can be your sole rsyslog.conf if you do not use rsyslog
+for anything else than receving the router syslog messages.
+<p>If you do not receive messages, <b>you probably need to enable inbound UDP
+syslog traffic in your firewall</b>.
+
+
+<p>[<a href="rsyslog_conf.html">rsyslog.conf overview</a>] [<a href="manual.html">manual 
+index</a>] [<a href="http://www.rsyslog.com/">rsyslog site</a>]</p>
+<p><font size="2">This documentation is part of the
+<a href="http://www.rsyslog.com/">rsyslog</a> project.<br>
+Copyright &copy; 2008-2013 by <a href="http://www.gerhards.net/rainer">Rainer Gerhards</a> and
+<a href="http://www.adiscon.com/">Adiscon</a>. Released under the GNU GPL 
+version 3 or higher.</font></p>
+
+</body></html>
diff --git a/doc/rsyslog_conf_modules.html b/doc/rsyslog_conf_modules.html
index cb31bd9a..4a688352 100644
--- a/doc/rsyslog_conf_modules.html
+++ b/doc/rsyslog_conf_modules.html
@@ -53,6 +53,7 @@ and messages be transmitted to various different targets.
 <ul>
 <li><a href="omfile.html">omfile</a> - file output module</li>
 <li><a href="omfwd.html">omfwd</a> - syslog forwarding output module</li>
+<li><a href="omjournal.html">omjournal</a> - Linux journal output module</li>
 <li><a href="ompipe.html">ompipe</a> - named pipe output module</li>
 <li><a href="omusrmsg.html">omusrmsg</a> - user message output module</li>
 <li><a href="omsnmp.html">omsnmp</a> - SNMP trap output module</li>
@@ -182,7 +183,7 @@ filter settings. This graphic above is a high-level message flow diagram.
 [<a href="http://www.rsyslog.com/">rsyslog site</a>]</p>
 <p><font size="2">This documentation is part of the
 <a href="http://www.rsyslog.com/">rsyslog</a> project.<br>
-Copyright &copy; 2008-2010 by <a href="http://www.gerhards.net/rainer">Rainer Gerhards</a> and
+Copyright &copy; 2008-2013 by <a href="http://www.gerhards.net/rainer">Rainer Gerhards</a> and
 <a href="http://www.adiscon.com/">Adiscon</a>. Released under the GNU GPL
 version 3 or higher.</font></p>
 </body>
diff --git a/plugins/omjournal/Makefile.am b/plugins/omjournal/Makefile.am
new file mode 100644
index 00000000..4cfbbd96
--- /dev/null
+++ b/plugins/omjournal/Makefile.am
@@ -0,0 +1,8 @@
+pkglib_LTLIBRARIES = omjournal.la
+
+omjournal_la_SOURCES = omjournal.c
+omjournal_la_CPPFLAGS =  $(RSRT_CFLAGS) $(PTHREADS_CFLAGS) $(LIBSYSTEMD_JOURNAL_CFLAGS)
+omjournal_la_LDFLAGS = -module -avoid-version
+omjournal_la_LIBADD =  $(LIBSYSTEMD_JOURNAL_LIBS)
+
+EXTRA_DIST = 
diff --git a/plugins/omjournal/omjournal.c b/plugins/omjournal/omjournal.c
new file mode 100644
index 00000000..bb095ee2
--- /dev/null
+++ b/plugins/omjournal/omjournal.c
@@ -0,0 +1,177 @@
+/* omjournal.c
+ * send messages to the Linux Journal. This is meant to be used
+ * in cases where journal serves as the whole system log database.
+ * Note that we may get into a loop if journald re-injects messages
+ * into the syslog stream and we read that via imuxsock. Thus there
+ * is an option in imuxsock to ignore messages from ourselves 
+ * (actually from our pid). So there are some module-interdependencies.
+ *
+ * Copyright 2013 Adiscon GmbH.
+ *
+ * This file is part of rsyslog.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *       -or-
+ *       see COPYING.ASL20 in the source distribution
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include "config.h"
+#include "rsyslog.h"
+#include <stdio.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+#include <signal.h>
+#include <errno.h>
+#include <unistd.h>
+#include "conf.h"
+#include "syslogd-types.h"
+#include "srUtils.h"
+#include "template.h"
+#include "module-template.h"
+#include "errmsg.h"
+#include <systemd/sd-journal.h>
+
+MODULE_TYPE_OUTPUT
+MODULE_TYPE_NOKEEP
+MODULE_CNFNAME("omjournal")
+
+
+DEFobjCurrIf(errmsg);
+DEF_OMOD_STATIC_DATA
+
+/* config variables */
+
+
+typedef struct _instanceData {
+} instanceData;
+
+struct modConfData_s {
+	rsconf_t *pConf;	/* our overall config object */
+};
+static modConfData_t *loadModConf = NULL;/* modConf ptr to use for the current load process */
+static modConfData_t *runModConf = NULL;/* modConf ptr to use for the current exec process */
+
+BEGINbeginCnfLoad
+CODESTARTbeginCnfLoad
+	loadModConf = pModConf;
+	pModConf->pConf = pConf;
+ENDbeginCnfLoad
+
+BEGINendCnfLoad
+CODESTARTendCnfLoad
+ENDendCnfLoad
+
+BEGINcheckCnf
+CODESTARTcheckCnf
+ENDcheckCnf
+
+BEGINactivateCnf
+CODESTARTactivateCnf
+	runModConf = pModConf;
+ENDactivateCnf
+
+BEGINfreeCnf
+CODESTARTfreeCnf
+ENDfreeCnf
+
+
+BEGINcreateInstance
+CODESTARTcreateInstance
+ENDcreateInstance
+
+
+BEGINisCompatibleWithFeature
+CODESTARTisCompatibleWithFeature
+ENDisCompatibleWithFeature
+
+
+BEGINfreeInstance
+CODESTARTfreeInstance
+ENDfreeInstance
+
+
+BEGINnewActInst
+CODESTARTnewActInst
+	/* Note: we currently do not have any parameters, so we do not need
+	 * the lst ptr. However, we will most probably need params in the 
+	 * future.
+	 */
+	DBGPRINTF("newActInst (mmjournal)\n");
+	CODE_STD_STRING_REQUESTnewActInst(1)
+	CHKiRet(OMSRsetEntry(*ppOMSR, 0, NULL, OMSR_TPL_AS_MSG));
+	CHKiRet(createInstance(&pData));
+	/*setInstParamDefaults(pData);*/
+CODE_STD_FINALIZERnewActInst
+/*	cnfparamvalsDestruct(pvals, &actpblk);*/
+ENDnewActInst
+
+
+BEGINdbgPrintInstInfo
+CODESTARTdbgPrintInstInfo
+ENDdbgPrintInstInfo
+
+
+BEGINtryResume
+CODESTARTtryResume
+ENDtryResume
+
+BEGINdoAction
+	msg_t *pMsg;
+	int sev;
+	int r;
+CODESTARTdoAction
+	pMsg = (msg_t*) ppString[0];
+	MsgGetSeverity(pMsg, &sev);
+	r = sd_journal_send("MESSAGE=%s", getMSG(pMsg),
+                "PRIORITY=%d", sev,
+                NULL);
+	/* FIXME: think about what to do with errors ;) */
+ENDdoAction
+
+
+BEGINparseSelectorAct
+CODESTARTparseSelectorAct
+CODE_STD_STRING_REQUESTparseSelectorAct(1)
+	if(strncmp((char*) p, ":omjournal:", sizeof(":omjournal:") - 1)) {
+		errmsg.LogError(0, RS_RET_LEGA_ACT_NOT_SUPPORTED,
+			"omjournal supports only v6+ config format, use: "
+			"action(type=\"omjournal\" ...)");
+	}
+	ABORT_FINALIZE(RS_RET_CONFLINE_UNPROCESSED);
+CODE_STD_FINALIZERparseSelectorAct
+ENDparseSelectorAct
+
+
+BEGINmodExit
+CODESTARTmodExit
+	objRelease(errmsg, CORE_COMPONENT);
+ENDmodExit
+
+
+BEGINqueryEtryPt
+CODESTARTqueryEtryPt
+CODEqueryEtryPt_STD_OMOD_QUERIES
+CODEqueryEtryPt_STD_CONF2_OMOD_QUERIES
+CODEqueryEtryPt_STD_CONF2_QUERIES
+ENDqueryEtryPt
+
+
+
+BEGINmodInit()
+CODESTARTmodInit
+	*ipIFVersProvided = CURR_MOD_IF_VERSION; /* we only support the current interface specification */
+CODEmodInit_QueryRegCFSLineHdlr
+	DBGPRINTF("omjournal: module compiled with rsyslog version %s.\n", VERSION);
+	CHKiRet(objUse(errmsg, CORE_COMPONENT));
+ENDmodInit