diff options
| -rw-r--r-- | ChangeLog | 52 | ||||
| -rw-r--r-- | configure.ac | 4 | ||||
| -rw-r--r-- | doc/imfile.html | 395 | ||||
| -rw-r--r-- | doc/manual.html | 2 | ||||
| -rw-r--r-- | doc/omfile.html | 21 | ||||
| -rw-r--r-- | doc/omrelp.html | 13 | ||||
| -rw-r--r-- | grammar/lexer.l | 2 | ||||
| -rw-r--r-- | grammar/rainerscript.c | 109 | ||||
| -rw-r--r-- | plugins/impstats/impstats.c | 60 | ||||
| -rw-r--r-- | plugins/imptcp/imptcp.c | 2 | ||||
| -rw-r--r-- | plugins/imrelp/imrelp.c | 9 | ||||
| -rw-r--r-- | plugins/omelasticsearch/omelasticsearch.c | 4 | ||||
| -rw-r--r-- | plugins/omlibdbi/omlibdbi.c | 16 | ||||
| -rw-r--r-- | plugins/omrelp/omrelp.c | 17 |
14 files changed, 476 insertions, 230 deletions
@@ -1,8 +1,33 @@ --------------------------------------------------------------------------- -Version 7.5.2 [devel] 2013-0?-?? +Version 7.5.3 [devel] 2013-07-?? +- impstats: add process resource usage counters [via getrusage()] +- librelp 1.2.0 is now required +- make use of new librelp generic error reporting facility + This leads to more error messages being passed to the user and + thus simplified troubleshooting. +- bugfix: very small memory leak in imrelp + more or less cosmetic, a single memory block was not freed, but this + only happens immediately before termination (when the OS automatically + frees all memory). Still an annoyance e.g. in valgrind. +- fix compile problem in debug build +--------------------------------------------------------------------------- +Version 7.5.2 [devel] 2013-07-04 - librelp 1.1.4 is now required We use API extensions for better error reporting and higher performance. - omrelp: use transactional mode to make imrelp emit bulk sends +- omrelp: add "windowSize" parameter to set custom RELP window size +- bugfix: double-free in omelasticsearch + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=461 + a security advisory for this bug is available at: + http://www.lsexperts.de/advisories/lse-2013-07-03.txt + CVE: CVE-2013-4758 + PLEASE NOTE: This issue only existed if omelasticsearch was used + in a non-default configuration, where the "errorfile" parameter + was specified. Without that parameter set, the bug could not + be triggered. + Thanks to Markus Vervier and Marius Ionescu for providing a detailled + bug report. Special thanks to Markus for coordinating his security + advisory with us. - doc: fixed various typos closes: http://bugzilla.adiscon.com/show_bug.cgi?id=391 Thanks to Georgi Georgiev for the patch. @@ -41,11 +66,33 @@ Version 7.5.0 [devel] 2013-06-11 connections Thanks to Axel Rau for the patch. --------------------------------------------------------------------------- -Version 7.4.2 [v7.4-stable] 2013-06-?? +Version 7.4.3 [v7.4-stable] 2013-07-?? +- bugfix: potential segfault during startup on invalid config + could happen if invalid actions were present, which could lead + to improper handling in optimizer. +- bugfix: omlibdbi did not properly close connection on some errors + This happened to errors occuring in Begin/End Transaction entry + points. +- fix build on FreeBSD + Thanks to Christiano Rolim for the patch +--------------------------------------------------------------------------- +Version 7.4.2 [v7.4-stable] 2013-07-04 - bugfix: in RFC5425 TLS, multiple wildcards in auth could cause segfault - bugfix: RainerScript object required parameters were not properly checked - this clould result to segfaults on startup if parameters were missing. +- bugfix: double-free in omelasticsearch + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=461 + a security advisory for this bug is available at: + http://www.lsexperts.de/advisories/lse-2013-07-03.txt + CVE: CVE-2013-4758 + PLEASE NOTE: This issue only existed if omelasticsearch was used + in a non-default configuration, where the "errorfile" parameter + was specified. Without that parameter set, the bug could not + be triggered. + Thanks to Markus Vervier and Marius Ionescu for providing a detailled + bug report. Special thanks to Markus for coordinating his security + advisory with us. - bugfix: omrelp potential segfault at startup on invalid config parameters - bugfix: small memory leak when $uptime property was used - bugfix: potential segfault on rsyslog termination in imudp @@ -59,6 +106,7 @@ Version 7.4.2 [v7.4-stable] 2013-06-?? closes: http://bugzilla.adiscon.com/show_bug.cgi?id=457 closes: http://bugzilla.adiscon.com/show_bug.cgi?id=458 Thanks to Christiano for reproting and suggesting patches +- solved build problems on CENTOS5 --------------------------------------------------------------------------- Version 7.4.1 [v7.4-stable] 2013-06-17 - imjournal: add ratelimiting capability diff --git a/configure.ac b/configure.ac index 04b1fb2e..f5060f73 100644 --- a/configure.ac +++ b/configure.ac @@ -2,7 +2,7 @@ # Process this file with autoconf to produce a configure script. AC_PREREQ(2.61) -AC_INIT([rsyslog],[7.5.1],[rsyslog@lists.adiscon.com]) +AC_INIT([rsyslog],[7.5.2],[rsyslog@lists.adiscon.com]) AM_INIT_AUTOMAKE m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) @@ -999,7 +999,7 @@ AC_ARG_ENABLE(relp, [enable_relp=no] ) if test "x$enable_relp" = "xyes"; then - PKG_CHECK_MODULES(RELP, relp >= 1.1.4) + PKG_CHECK_MODULES(RELP, relp >= 1.2.0) fi AM_CONDITIONAL(ENABLE_RELP, test x$enable_relp = xyes) diff --git a/doc/imfile.html b/doc/imfile.html index 88f0d39f..942fe531 100644 --- a/doc/imfile.html +++ b/doc/imfile.html @@ -1,156 +1,218 @@ <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> -<html> - <head> - <meta content="en" http-equiv="Content-Language" /> - <title>Text File Input Monitor</title> - </head> - <body> - <p> - <a href="rsyslog_conf_modules.html">back</a></p> - <h1> - Text File Input Module</h1> - <p> - <b>Module Name: imfile</b></p> - <p> - <b>Author: </b>Rainer Gerhards <rgerhards@adiscon.com></p> - <p> - <b>Description</b>:</p> - <p> - Provides the ability to convert any standard text file into a syslog message. A standard text file is a file consisting of printable characters with lines being delimited by LF.</p> - <p> - The file is read line-by-line and any line read is passed to rsyslog's rule engine. The rule engine applies filter conditons and selects which actions needs to be carried out. Empty lines are <b>not</b> processed, as they would result in empty syslog records. They are simply ignored.</p> - <p> - As new lines are written they are taken from the file and processed. Please note that this happens based on a polling interval and not immediately. The file monitor support file rotation. To fully work, rsyslogd must run while the file is rotated. Then, any remaining lines from the old file are read and processed and when done with that, the new file is being processed from the beginning. If rsyslogd is stopped during rotation, the new file is read, but any not-yet-reported lines from the previous file can no longer be obtained.</p> - <p> - When rsyslogd is stopped while monitoring a text file, it records the last processed location and continues to work from there upon restart. So no data is lost during a restart (except, as noted above, if the file is rotated just in this very moment).</p> - <p> - Currently, the file must have a fixed name and location (directory). It is planned to add support for dynamically generating file names in the future.</p> - <p> - Multiple files may be monitored by specifying $InputRunFileMonitor multiple times.</p> - <p> - <b>Configuration Directives</b>:</p> - <p> - <b>Module Directives</b></p> - <ul> - <li> - <span style="font-weight: bold;">PollingInterval seconds</span><br /> - This is a global setting. It specifies how often files are to be polled for new data. The time specified is in seconds. The <span style="font-weight: bold;">default value</span> is 10 seconds. Please note that future releases of imfile may support per-file polling intervals, but currently this is not the case. If multiple PollingInterval statements are present in rsyslog.conf, only the last one is used.<br /> - A short poll interval provides more rapid message forwarding, but requires more system ressources. While it is possible, we stongly recommend not to set the polling interval to 0 seconds. That will make rsyslogd become a CPU hog, taking up considerable ressources. It is supported, however, for the few very unusual situations where this level may be needed. Even if you need quick response, 1 seconds should be well enough. Please note that imfile keeps reading files as long as there is any data in them. So a "polling sleep" will only happen when nothing is left to be processed.</li> - </ul> - <p> - <b>Action Directives</b></p> - <ul> - <li> - <strong>(required) File /path/to/file</strong><br /> - The file being monitored. So far, this must be an absolute name (no macros or templates).</li> - <li> - <span style="font-weight: bold;">(required) Tag tag:</span><br /> - The syslog tag to be used for messages that originate from this file. If you would like to see the colon after the tag, you need to specify it here (as shown above).</li> - <li> - <span style="font-weight: bold;">(required) StateFile <name-of-state-file></span><br /> - Rsyslog must keep track of which parts of the to be monitored file it already processed. This is done in the state file. This file always is created in the rsyslog working directory (configurable via $WorkDirectory). So you need to provide a file name here, not a path. Be careful to use unique names for different files being monitored. If there are duplicates, all sorts of "interesting" things may happen. Rsyslog currently does not check if a name is specified multiple times. Note that when $WorkDirectory is not set or set to a non-writable location, the state file will not be generated.</li> - <li> - <span style="font-weight: bold;">Facility facility</span><br /> - The syslog facility to be assigned to lines read. Can be specified in textual form (e.g. "local0", "local1", ...) or as numbers (e.g. 128 for "local0"). Textual form is suggested. <span style="font-weight: bold;">Default</span> is "local0".</li> - <li> - <span style="font-weight: bold;">Severity</span><br /> - The syslog severity to be assigned to lines read. Can be specified in textual form (e.g. "info", "warning", ...) or as numbers (e.g. 4 for "info"). Textual form is suggested. <span style="font-weight: bold;">Default</span> is "notice".</li> - <li> - <b>PersistStateInterval</b> [lines]<br /> - Specifies how often the state file shall be written when processing the input file. The <strong>default</strong> value is 0, which means a new state file is only written when the monitored files is being closed (end of rsyslogd execution). Any other value n means that the state file is written every time n file lines have been processed. This setting can be used to guard against message duplication due to fatal errors (like power fail). Note that this setting affects imfile performance, especially when set to a low value. Frequently writing the state file is very time consuming.</li> - <li> - <b>ReadMode</b> [mode]<br /> - This mode should defined when having multiline messages. The value can range from 0-2 and determines the multiline detection method.<br /> - 0 (<strong>default</strong>) - line based (Each line is a new message)<br /> - 1 - paragraph (There is a blank line between log messages)<br /> - 2 - indented (New log messages start at the beginning of a line. If a line starts with a space it is part of the log message before it)</li> - <li> - <b>MaxLinesAtOnce</b> [number]<br /> - This is useful if multiple files need to be monitored. If set to 0, each file will be fully processed and then processing switches to the next file (this was the default in previous versions). If it is set, a maximum of [number] lines is processed in sequence for each file, and then the file is switched. This provides a kind of mutiplexing the load of multiple files and probably leads to a more natural distribution of events when multiple busy files are monitored. The <strong>default</strong> is 1024.</li> - <li> - <b>MaxSubmitAtOnce</b> [number]<br /> - This is an expert option. It can be used to set the maximum input batch size that imfile can generate. The <strong>default</strong> is 1024, which is suitable for a wide range of applications. Be sure to understand rsyslog message batch processing before you modify this option. If you do not know what this doc here talks about, this is a good indication that you should NOT modify the default.</li> - <li> - <b>Ruleset</b> <ruleset> Binds the listener to a specific <a href="multi_ruleset.html">ruleset</a>.</li> - </ul> - <p> - <b>Caveats/Known Bugs:</b></p> - <p> - So far, only 100 files can be monitored. If more are needed, the source needs to be patched. See define MAX_INPUT_FILES in imfile.c</p> - <p> - Powertop users may want to notice that imfile utilizes polling. Thus, it is no good citizen when it comes to conserving system power consumption. We are currently evaluating to move to inotify(). However, there are a number of subtle issues, which needs to be worked out first. We will make the change as soon as we can. If you can afford it, we recommend using a long polling interval in the mean time.</p> - <p> - <b>Sample:</b></p> - <p> - The following sample monitors two files. If you need just one, remove the second one. If you need more, add them according to the sample ;). This code must be placed in /etc/rsyslog.conf (or wherever your distro puts rsyslog's config files). Note that only commands actually needed need to be specified. The second file uses less commands and uses defaults instead.</p> - <p> - <textarea cols="60" rows="15">module(load="imfile" PollingInterval="10") #needs to be done just once +<html><head> +<meta http-equiv="Content-Language" content="en"><title>Text File Input Monitor</title></head> +<body> +<a href="rsyslog_conf_modules.html">back</a> + +<h1>Text File Input Module</h1> +<p><b>Module Name: imfile</b></p> +<p><b>Author: </b>Rainer Gerhards +<rgerhards@adiscon.com></p> +<p><b>Description</b>:</p> +<p>Provides the ability to convert any standard text file into +a syslog message. A standard +text file is a file consisting of printable characters with lines +being delimited by LF.</p> +<p>The file is read line-by-line and any line read is passed to +rsyslog's rule engine. The rule engine applies filter conditions and +selects which actions needs to be carried out. Empty lines are <b>not</b> +processed, as they would result in empty syslog records. They are simply +ignored.</p> +<p>As new lines are written they are taken from the file and +processed. Please note that this happens based on a polling interval +and not immediately. The file monitor support file rotation. To fully +work, rsyslogd must run while the file is rotated. Then, any remaining +lines from the old file are read and processed and when done with that, +the new file is being processed from the beginning. If rsyslogd is +stopped during rotation, the new file is read, but any not-yet-reported +lines from the previous file can no longer be obtained.</p> +<p>When rsyslogd is stopped while monitoring a text file, it +records the last processed location and continues to work from there +upon restart. So no data is lost during a restart (except, as noted +above, if the file is rotated just in this very moment).</p> +<p>Currently, the file must have a fixed name and location +(directory). It is planned to add support for dynamically generating +file names in the future.</p> +<p>Multiple files may be monitored by specifying +$InputRunFileMonitor multiple times. +</p> + +<p><b>Configuration Directives</b>:</p> +<p><b>Module Directives</b></p> +<ul> +<li><span style="font-weight: bold;">PollingInterval +seconds</span><br> +This is a global setting. It specifies how often files are to be polled +for new data. The time specified is in seconds. The <span style="font-weight: bold;">default value</span> is 10 +seconds. Please note that future +releases of imfile may support per-file polling intervals, but +currently this is not the case. If multiple PollingInterval +statements are present in rsyslog.conf, only the last one is used.<br> +A short poll interval provides more rapid message forwarding, but +requires more system resources. While it is possible, we stongly +recommend not to set the polling interval to 0 seconds. That will make +rsyslogd become a CPU hog, taking up considerable resources. It is +supported, however, for the few very unusual situations where this +level may be needed. Even if you need quick response, 1 seconds should +be well enough. Please note that imfile keeps reading files as long as +there is any data in them. So a "polling sleep" will only happen when +nothing is left to be processed.</li> +</ul> + +<p><b>Action Directives</b></p> +<ul> +<li><strong>(required) File /path/to/file</strong><br> +The file being monitored. So far, this must be an absolute name (no +macros or templates)</li> +<li><span style="font-weight: bold;">(required) Tag +tag:</span><br> +The tag to be used for messages that originate from this file. If you +would like to see the colon after the tag, you need to specify it here +(as shown above).</li> +<li><span style="font-weight: bold;">(required) StateFile +<name-of-state-file></span><br> +Rsyslog must keep track of which parts of the to be monitored file it +already processed. This is done in the state file. This file always is +created in the rsyslog working directory (configurable via +$WorkDirectory). Be careful to use unique names for different files +being monitored. If there are duplicates, all sorts of "interesting" +things may happen. Rsyslog currently does not check if a name is +specified multiple times. +Note that when $WorkDirectory is not set or set to a non-writable +location, the state file will not be generated.</li> +<li><span style="font-weight: bold;">Facility +facility</span><br> +The syslog facility to be assigned to lines read. Can be specified in +textual form (e.g. "local0", "local1", ...) or as numbers (e.g. 128 for +"local0"). Textual form is suggested. <span style="font-weight: bold;">Default</span> is +"local0".<span style="font-weight: bold;"></span></li> +<li><span style="font-weight: bold;">Severity</span><br> +The +syslog severity to be assigned to lines read. Can be specified in +textual form (e.g. "info", "warning", ...) or as numbers (e.g. 4 for +"info"). Textual form is suggested. <span style="font-weight: bold;">Default</span> +is "notice".</li> +<li><b>PersistStateInterval</b> [lines]</b><br> +Specifies how often the state file shall be written when processing the input +file. The <strong>default</strong> value is 0, which means a new state file is only written when +the monitored files is being closed (end of rsyslogd execution). Any other +value n means that the state file is written every time n file lines have +been processed. This setting can be used to guard against message duplication due +to fatal errors (like power fail). Note that this setting affects imfile +performance, especially when set to a low value. Frequently writing the state +file is very time consuming. +<li><b>ReadMode</b> [mode]</b><br> +This mode should defined when having multiline messages. The value can range from 0-2 and determines the multiline detection method. +<br>0 (<strong>default</strong>) - line based (Each line is a new message) +<br>1 - paragraph (There is a blank line between log messages) +<br>2 - indented (New log messages start at the beginning of a line. If a line starts with a space it is part of the log message before it) +<li><b>MaxLinesAtOnce</b> [number]</b> +<br> +This is useful if multiple files need to be monitored. If set to 0, each file +will be fully processed and then processing switches to the next file +(this was the default in previous versions). If it is set, a maximum of +[number] lines is processed in sequence for each file, and then the file is +switched. This provides a kind of mutiplexing the load of multiple files and +probably leads to a more natural distribution of events when multiple busy files +are monitored. The <strong>default</strong> is 1024. +<li><b>MaxSubmitAtOnce</b> [number]</b> +<br> +This is an expert option. It can be used to set the maximum input batch size that +imfile can generate. The <strong>default</strong> is 1024, which is suitable for a wide range of +applications. Be sure to understand rsyslog message batch processing before you +modify this option. If you do not know what this doc here talks about, this is a +good indication that you should NOT modify the default. +<li><b>Ruleset</b> <ruleset> +Binds the listener to a specific <a href="multi_ruleset.html">ruleset</a>.</li> +</ul> +<b>Caveats/Known Bugs:</b> +<p>So far, only 100 files can be monitored. If more are needed, +the source needs to be patched. See define MAX_INPUT_FILES in imfile.c</p><p>Powertop +users may want to notice that imfile utilizes polling. Thus, it is no +good citizen when it comes to conserving system power consumption. We +are currently evaluating to move to inotify(). However, there are a +number of subtle issues, which needs to be worked out first. We will +make the change as soon as we can. If you can afford it, we recommend +using a long polling interval in the mean time. +</p> +<p><b>Sample:</b></p> +<p>The following sample monitors two files. If you need just one, +remove the second one. If you need more, add them according to the +sample ;). This code must be placed in /etc/rsyslog.conf (or wherever +your distro puts rsyslog's config files). Note that only commands +actually needed need to be specified. The second file uses less +commands and uses defaults instead.<br> +</p> +<textarea rows="15" cols="60">module(load="imfile" PollingInterval="10") #needs to be done just once # File 1 -input(type="imfile" - File="/path/to/file1" - Tag="tag1" - StateFile="statefile1" - Severity="error" - Facility="local7") +input(type="imfile" File="/path/to/file1" + Tag="tag1" + StateFile="statefile1" + Severity="error" + Facility="local7") # File 2 -input(type="imfile" - File="/path/to/file2" - Tag="tag2" - StateFile="statefile2") -# ... and so on ... #</textarea></p> - <p> - <b>Legacy Configuration Directives</b>:</p> - <ul> - <li> - <strong>$InputFileName /path/to/file</strong><br /> - equivalent to: File</li> - <li> - <span style="font-weight: bold;">$InputFileTag tag:</span><br /> - equivalent to: Tag</li> - <li> - <span style="font-weight: bold;">$InputFileStateFile <name-of-state-file></span><br /> - equivalent to: StateFile</li> - <li> - <span style="font-weight: bold;">$InputFileFacility facility</span><br /> - equivalent to: Facility</li> - <li> - <span style="font-weight: bold;">$InputFileSeverity</span><br /> - equivalent to: Severity</li> - <li> - <span style="font-weight: bold;">$InputRunFileMonitor</span><br /> - This <span style="font-weight: bold;">activates</span> the current monitor. It has no parameters. If you forget this directive, no file monitoring will take place.</li> - <li> - <span style="font-weight: bold;">$InputFilePollInterval seconds</span><br /> - equivalent to: PollingInterva</li> - <li> - <b>$InputFilePersistStateInterval</b> [lines]<br /> - Available in 4.7.3+, 5.6.2+<br /> - equivalent to: PersistStateInterval</li> - <li> - <b>$InputFileReadMode</b> [mode]<br /> - Available in 5.7.5+<br /> - equivalent to: ReadMode</li> - <li> - <b>$InputFileMaxLinesAtOnce</b> [number]<br /> - Available in 5.9.0+<br /> - equivalent to: MaxLinesAtOnce</li> - <li> - $InputFileBindRuleset <ruleset><br /> - Available in 5.7.5+, 6.1.5+<br /> - equivalent to: Ruleset</li> - </ul> - <p> - <b>Caveats/Known Bugs:</b></p> - <p> - So far, only 100 files can be monitored. If more are needed, the source needs to be patched. See define MAX_INPUT_FILES in imfile.c</p> - <p> - Powertop users may want to notice that imfile utilizes polling. Thus, it is no good citizen when it comes to conserving system power consumption. We are currently evaluating to move to inotify(). However, there are a number of subtle issues, which needs to be worked out first. We will make the change as soon as we can. If you can afford it, we recommend using a long polling interval in the mean time.</p> - <p> - <b>Sample:</b></p> - <p> - The following sample monitors two files. If you need just one, remove the second one. If you need more, add them according to the sample ;). This code must be placed in /etc/rsyslog.conf (or wherever your distro puts rsyslog's config files). Note that only commands actually needed need to be specified. The second file uses less commands and uses defaults instead.</p> - <p> - <textarea cols="60" rows="15">$ModLoad imfile # needs to be done just once +input(type="imfile" File="/path/to/file2" + Tag="tag2" + StateFile="statefile2") +# ... and so on ... +# +</textarea> + + +<p><b>Legacy Configuration Directives</b>:</p> +<ul> +<li><strong>$InputFileName /path/to/file</strong><br> +equivalent to: File </li> +<li><span style="font-weight: bold;">$InputFileTag +tag:</span><br> +equivalent to: Tag </li> +<li><span style="font-weight: bold;">$InputFileStateFile +<name-of-state-file></span><br> +equivalent to: StateFile </li> +<li><span style="font-weight: bold;">$InputFileFacility +facility</span><br> +equivalent to: Facility </span></li> +<li><span style="font-weight: bold;">$InputFileSeverity</span><br> +equivalent to: Severity</li> +<li><span style="font-weight: bold;">$InputRunFileMonitor</span><br> +This <span style="font-weight: bold;">activates</span> +the current monitor. It has no parameters. If you forget this +directive, no file monitoring will take place.</li> +<li><span style="font-weight: bold;">$InputFilePollInterval +seconds</span><br> +equivalent to: PollingInterva</li> +<li><b>$InputFilePersistStateInterval</b> [lines]</b><br> +Available in 4.7.3+, 5.6.2+<br> +equivalent to: PersistStateInterval +<li><b>$InputFileReadMode</b> [mode]</b><br> +Available in 5.7.5+<br> +equivalent to: ReadMode +<li><b>$InputFileMaxLinesAtOnce</b> [number]</b><br> +Available in 5.9.0+<br> +equivalent to: MaxLinesAtOnce +<li>$InputFileBindRuleset <ruleset><br> +Available in 5.7.5+, 6.1.5+<br> +equivalent to: Ruleset </li> +</ul> +<b>Caveats/Known Bugs:</b> +<p>So far, only 100 files can be monitored. If more are needed, +the source needs to be patched. See define MAX_INPUT_FILES in imfile.c</p><p>Powertop +users may want to notice that imfile utilizes polling. Thus, it is no +good citizen when it comes to conserving system power consumption. We +are currently evaluating to move to inotify(). However, there are a +number of subtle issues, which needs to be worked out first. We will +make the change as soon as we can. If you can afford it, we recommend +using a long polling interval in the mean time. +</p> +<p><b>Sample:</b></p> +<p>The following sample monitors two files. If you need just one, +remove the second one. If you need more, add them according to the +sample ;). This code must be placed in /etc/rsyslog.conf (or wherever +your distro puts rsyslog's config files). Note that only commands +actually needed need to be specified. The second file uses less +commands and uses defaults instead.<br> +</p> +<textarea rows="15" cols="60">$ModLoad imfile # needs to be done just once # File 1 $InputFileName /path/to/file1 $InputFileTag tag1: @@ -158,18 +220,21 @@ $InputFileStateFile stat-file1 $InputFileSeverity error $InputFileFacility local7 $InputRunFileMonitor -# File 2 -$InputFileName /path/to/file2 -$InputFileTag tag2: -$InputFileStateFile stat-file2 -$InputRunFileMonitor -# ... and so on ... # -# check for new lines every 10 seconds -$InputFilePollingInterval 10</textarea></p> - <p> - [<a href="rsyslog_conf.html">rsyslog.conf overview</a>] [<a href="manual.html">manual index</a>] [<a href="http://www.rsyslog.com/">rsyslog site</a>]</p> - <p> - <font size="2">This documentation is part of the <a href="http://www.rsyslog.com/">rsyslog</a> project.<br /> - Copyright © 2008 by <a href="http://www.gerhards.net/rainer">Rainer Gerhards</a> and <a href="http://www.adiscon.com/">Adiscon</a>. Released under the GNU GPL version 3 or higher.</font></p> - </body> -</html> +# File 2 +$InputFileName /path/to/file2 +$InputFileTag tag2: +$InputFileStateFile stat-file2 +$InputRunFileMonitor +# ... and so on ... +# +# check for new lines every 10 seconds +$InputFilePollingInterval 10 +</textarea> +<p>[<a href="rsyslog_conf.html">rsyslog.conf overview</a>] +[<a href="manual.html">manual index</a>] [<a href="http://www.rsyslog.com/">rsyslog site</a>]</p> +<p><font size="2">This documentation is part of the +<a href="http://www.rsyslog.com/">rsyslog</a> project.<br> +Copyright © 2008 by <a href="http://www.gerhards.net/rainer">Rainer +Gerhards</a> and <a href="http://www.adiscon.com/">Adiscon</a>. +Released under the GNU GPL version 3 or higher.</font></p> +</body></html> diff --git a/doc/manual.html b/doc/manual.html index d72e8e71..8d5eb733 100644 --- a/doc/manual.html +++ b/doc/manual.html @@ -19,7 +19,7 @@ professional services</a> available directly from the source!</p> <p><b>Please visit the <a href="http://www.rsyslog.com/sponsors">rsyslog sponsor's page</a> to honor the project sponsors or become one yourself!</b> We are very grateful for any help towards the project goals.</p> -<p><b>This documentation is for version 7.5.1 (devel branch) of rsyslog.</b> +<p><b>This documentation is for version 7.5.2 (devel branch) of rsyslog.</b> Visit the <i><a href="http://www.rsyslog.com/status">rsyslog status page</a></i></b> to obtain current version information and project status. </p><p><b>If you like rsyslog, you might diff --git a/doc/omfile.html b/doc/omfile.html index cd53fd1d..72320921 100644 --- a/doc/omfile.html +++ b/doc/omfile.html @@ -97,7 +97,26 @@ sets a new default template for file actions.<br></li><br> </ul> -<p><b>Caveats/Known Bugs:</b></p><ul><li>None.</li></ul> +<p><b>Caveats/Known Bugs:</b></p> +<ul> +<li>One needs to be careful with log rotation if signatures and/or encryption +are being used. These create side-files, which form a set and must be kept +together. +<br> +For signatures, the ".sigstate" file must NOT be rotated away if +signature chains are to be build across multiple files. This is because +.sigstate contains just global information for the whole file set. However, +all other files need to be rotated together. The proper sequence is to + <ol> + <li> move all files inside the file set + <li> only AFTER this is completely done, HUP rsyslog + </ol> +This sequence will ensure that all files inside the set are atomically +closed and in sync. HUPing only after a subset of files have been moved +results in inconsistencies and will most probably render the file set +unusable. +</li> +</ul> <p><b>Sample:</b></p> <p>The following command writes all syslog messages into a file.</p> <textarea rows="5" cols="60">Module (load="builtin:omfile") diff --git a/doc/omrelp.html b/doc/omrelp.html index 30ac3daa..8049ebaf 100644 --- a/doc/omrelp.html +++ b/doc/omrelp.html @@ -34,6 +34,19 @@ must be used. Timeout for relp sessions. If set too low, valid sessions may be considered dead and tried to recover. </li> + <li><b>windowSize</b> (not mandatory, default 0)<br> + This is an <b>expert parameter</b>. It permits to override the + RELP window size being used by the client. Changing the window + size has both an effect on performance as well as potential + message duplication in failure case. A larger window size means + more performance, but also potentially more duplicated + messages - and vice versa. The default 0 means that librelp's + default window size is being used, which is considered a + compromise between goals reached. For your information: + at the time of this writing, the librelp default window size + is 128 messages, but this may change at any time. + <br>Note that there is no equivalent server parameter, as the + client proposes and manages the window size in RELP protocol. <li><b>tls</b> (not mandatory, values "on","off", default "off")<br> If set to "on", the RELP connection will be encrypted by TLS, so that the data is protected against observers. Please note that both the client and the server must have set TLS to either "on" or "off". Other combinations lead to unpredictable results. </li> diff --git a/grammar/lexer.l b/grammar/lexer.l index 237eb2a6..ed5d8a80 100644 --- a/grammar/lexer.l +++ b/grammar/lexer.l @@ -88,7 +88,9 @@ extern int yydebug; /* somehow, I need these prototype even though the headers are * included. I guess that's some autotools magic I don't understand... */ +#if !defined(__FreeBSD__) int fileno(FILE *stream); +#endif %} diff --git a/grammar/rainerscript.c b/grammar/rainerscript.c index 95972fbe..e3e7cb32 100644 --- a/grammar/rainerscript.c +++ b/grammar/rainerscript.c @@ -2278,7 +2278,8 @@ cnfstmtPrintOnly(struct cnfstmt *stmt, int indent, sbool subtree) free(cstr); break; case S_ACT: - doIndent(indent); dbgprintf("ACTION %p [%s]\n", stmt->d.act, stmt->printable); + doIndent(indent); dbgprintf("ACTION %p [%s:%s]\n", stmt->d.act, + modGetName(stmt->d.act->pMod), stmt->printable); break; case S_IF: doIndent(indent); dbgprintf("IF\n"); @@ -2446,59 +2447,69 @@ cnfstmtNew(unsigned s_type) return cnfstmt; } +void cnfstmtDestructLst(struct cnfstmt *root); + +/* delete a single stmt */ +void +cnfstmtDestruct(struct cnfstmt *stmt) +{ + switch(stmt->nodetype) { + case S_NOP: + case S_STOP: + break; + case S_CALL: + es_deleteStr(stmt->d.s_call.name); + break; + case S_ACT: + actionDestruct(stmt->d.act); + break; + case S_IF: + cnfexprDestruct(stmt->d.s_if.expr); + if(stmt->d.s_if.t_then != NULL) { + cnfstmtDestructLst(stmt->d.s_if.t_then); + } + if(stmt->d.s_if.t_else != NULL) { + cnfstmtDestructLst(stmt->d.s_if.t_else); + } + break; + case S_SET: + free(stmt->d.s_set.varname); + cnfexprDestruct(stmt->d.s_set.expr); + break; + case S_UNSET: + free(stmt->d.s_set.varname); + break; + case S_PRIFILT: + cnfstmtDestructLst(stmt->d.s_prifilt.t_then); + cnfstmtDestructLst(stmt->d.s_prifilt.t_else); + break; + case S_PROPFILT: + if(stmt->d.s_propfilt.propName != NULL) + es_deleteStr(stmt->d.s_propfilt.propName); + if(stmt->d.s_propfilt.regex_cache != NULL) + rsCStrRegexDestruct(&stmt->d.s_propfilt.regex_cache); + if(stmt->d.s_propfilt.pCSCompValue != NULL) + cstrDestruct(&stmt->d.s_propfilt.pCSCompValue); + cnfstmtDestructLst(stmt->d.s_propfilt.t_then); + break; + default: + dbgprintf("error: unknown stmt type during destruct %u\n", + (unsigned) stmt->nodetype); + break; + } + free(stmt->printable); + free(stmt); +} + +/* delete a stmt and all others following it */ void -cnfstmtDestruct(struct cnfstmt *root) +cnfstmtDestructLst(struct cnfstmt *root) { struct cnfstmt *stmt, *todel; for(stmt = root ; stmt != NULL ; ) { - switch(stmt->nodetype) { - case S_NOP: - case S_STOP: - break; - case S_CALL: - es_deleteStr(stmt->d.s_call.name); - break; - case S_ACT: - actionDestruct(stmt->d.act); - break; - case S_IF: - cnfexprDestruct(stmt->d.s_if.expr); - if(stmt->d.s_if.t_then != NULL) { - cnfstmtDestruct(stmt->d.s_if.t_then); - } - if(stmt->d.s_if.t_else != NULL) { - cnfstmtDestruct(stmt->d.s_if.t_else); - } - break; - case S_SET: - free(stmt->d.s_set.varname); - cnfexprDestruct(stmt->d.s_set.expr); - break; - case S_UNSET: - free(stmt->d.s_set.varname); - break; - case S_PRIFILT: - cnfstmtDestruct(stmt->d.s_prifilt.t_then); - cnfstmtDestruct(stmt->d.s_prifilt.t_else); - break; - case S_PROPFILT: - if(stmt->d.s_propfilt.propName != NULL) - es_deleteStr(stmt->d.s_propfilt.propName); - if(stmt->d.s_propfilt.regex_cache != NULL) - rsCStrRegexDestruct(&stmt->d.s_propfilt.regex_cache); - if(stmt->d.s_propfilt.pCSCompValue != NULL) - cstrDestruct(&stmt->d.s_propfilt.pCSCompValue); - cnfstmtDestruct(stmt->d.s_propfilt.t_then); - break; - default: - dbgprintf("error: unknown stmt type during destruct %u\n", - (unsigned) stmt->nodetype); - break; - } - free(stmt->printable); todel = stmt; stmt = stmt->next; - free(todel); + cnfstmtDestruct(todel); } } @@ -3049,7 +3060,7 @@ cnfstmtOptimizePRIFilt(struct cnfstmt *stmt) DBGPRINTF("optimizer: removing always-true PRIFILT %p\n", stmt); if(stmt->d.s_prifilt.t_else != NULL) { parser_errmsg("error: always-true PRI filter has else part!\n"); - cnfstmtDestruct(stmt->d.s_prifilt.t_else); + cnfstmtDestructLst(stmt->d.s_prifilt.t_else); } free(stmt->printable); stmt->printable = NULL; diff --git a/plugins/impstats/impstats.c b/plugins/impstats/impstats.c index 79749e21..c288381d 100644 --- a/plugins/impstats/impstats.c +++ b/plugins/impstats/impstats.c @@ -1,7 +1,7 @@ /* impstats.c * A module to periodically output statistics gathered by rsyslog. * - * Copyright 2010-2012 Adiscon GmbH. + * Copyright 2010-2013 Adiscon GmbH. * * This file is part of rsyslog. * @@ -32,6 +32,9 @@ #if defined(__FreeBSD__) #include <sys/stat.h> #endif +#include <errno.h> +#include <sys/time.h> +#include <sys/resource.h> #include "dirty.h" #include "cfsysline.h" @@ -101,6 +104,19 @@ static struct cnfparamblk modpblk = modpdescr }; + +/* resource use stats counters */ +static intctr_t st_ru_utime; +static intctr_t st_ru_stime; +static int st_ru_maxrss; +static int st_ru_minflt; +static int st_ru_majflt; +static int st_ru_inblock; +static int st_ru_oublock; +static int st_ru_nvcsw; +static int st_ru_nivcsw; +static statsobj_t *statsobj_resources; + BEGINmodExit CODESTARTmodExit prop.Destruct(&pInputName); @@ -222,6 +238,22 @@ doStatsLine(void __attribute__((unused)) *usrptr, cstr_t *cstr) static inline void generateStatsMsgs(void) { + struct rusage ru; + int r; + r = getrusage(RUSAGE_SELF, &ru); + if(r != 0) { + dbgprintf("impstats: getrusage() failed with error %d, zeroing out\n", errno); + memset(&ru, 0, sizeof(ru)); + } + st_ru_utime = ru.ru_utime.tv_sec * 1000000 + ru.ru_utime.tv_usec; + st_ru_stime = ru.ru_stime.tv_sec * 1000000 + ru.ru_stime.tv_usec; + st_ru_maxrss = ru.ru_maxrss; + st_ru_minflt = ru.ru_minflt; + st_ru_majflt = ru.ru_majflt; + st_ru_inblock = ru.ru_inblock; + st_ru_oublock = ru.ru_oublock; + st_ru_nvcsw = ru.ru_nvcsw; + st_ru_nivcsw = ru.ru_nivcsw; statsobj.GetAllStatsLines(doStatsLine, NULL, runModConf->statsFmt); } @@ -343,7 +375,33 @@ CODESTARTactivateCnf errmsg.LogError(0, localRet, "impstats: error enabling statistics gathering"); ABORT_FINALIZE(RS_RET_NO_RUN); } + /* initialize our own counters */ + CHKiRet(statsobj.Construct(&statsobj_resources)); + CHKiRet(statsobj.SetName(statsobj_resources, (uchar*)"resource-usage")); + CHKiRet(statsobj.AddCounter(statsobj_resources, UCHAR_CONSTANT("utime"), + ctrType_IntCtr, &st_ru_utime)); + CHKiRet(statsobj.AddCounter(statsobj_resources, UCHAR_CONSTANT("stime"), + ctrType_IntCtr, &st_ru_stime)); + CHKiRet(statsobj.AddCounter(statsobj_resources, UCHAR_CONSTANT("maxrss"), + ctrType_Int, &st_ru_maxrss)); + CHKiRet(statsobj.AddCounter(statsobj_resources, UCHAR_CONSTANT("minflt"), + ctrType_Int, &st_ru_minflt)); + CHKiRet(statsobj.AddCounter(statsobj_resources, UCHAR_CONSTANT("majflt"), + ctrType_Int, &st_ru_majflt)); + CHKiRet(statsobj.AddCounter(statsobj_resources, UCHAR_CONSTANT("inblock"), + ctrType_Int, &st_ru_inblock)); + CHKiRet(statsobj.AddCounter(statsobj_resources, UCHAR_CONSTANT("oublock"), + ctrType_Int, &st_ru_oublock)); + CHKiRet(statsobj.AddCounter(statsobj_resources, UCHAR_CONSTANT("nvcsw"), + ctrType_Int, &st_ru_nvcsw)); + CHKiRet(statsobj.AddCounter(statsobj_resources, UCHAR_CONSTANT("nivcsw"), + ctrType_Int, &st_ru_nivcsw)); + CHKiRet(statsobj.ConstructFinalize(statsobj_resources)); finalize_it: + if(iRet != RS_RET_OK) { + errmsg.LogError(0, iRet, "impstats: error activating module"); + iRet = RS_RET_NO_RUN; + } ENDactivateCnf diff --git a/plugins/imptcp/imptcp.c b/plugins/imptcp/imptcp.c index d3a29470..a8910a07 100644 --- a/plugins/imptcp/imptcp.c +++ b/plugins/imptcp/imptcp.c @@ -863,8 +863,6 @@ DataRcvdCompressed(ptcpsess_t *pThis, char *buf, size_t len) // by simply updating the input and output sizes? uint64_t outtotal; - assert(iLen > 0); - datetime.getCurrTime(&stTime, &ttGenTime); outtotal = 0; diff --git a/plugins/imrelp/imrelp.c b/plugins/imrelp/imrelp.c index 74cfeb72..d04e41e1 100644 --- a/plugins/imrelp/imrelp.c +++ b/plugins/imrelp/imrelp.c @@ -157,6 +157,13 @@ onErr(void *pUsr, char *objinfo, char* errmesg, __attribute__((unused)) relpRetV } static void +onGenericErr(char *objinfo, char* errmesg, __attribute__((unused)) relpRetVal errcode) +{ + errmsg.LogError(0, RS_RET_RELP_ERR, "imrelp: librelp error '%s', object " + " '%s' - input may not work as intended", errmesg, objinfo); +} + +static void onAuthErr(void *pUsr, char *authinfo, char* errmesg, __attribute__((unused)) relpRetVal errcode) { instanceConf_t *inst = (instanceConf_t*) pUsr; @@ -288,6 +295,7 @@ addListner(modConfData_t __attribute__((unused)) *modConf, instanceConf_t *inst) CHKiRet(relpEngineSetEnableCmd(pRelpEngine, (uchar*) "syslog", eRelpCmdState_Required)); CHKiRet(relpEngineSetSyslogRcv2(pRelpEngine, onSyslogRcv)); CHKiRet(relpEngineSetOnErr(pRelpEngine, onErr)); + CHKiRet(relpEngineSetOnGenericErr(pRelpEngine, onGenericErr)); CHKiRet(relpEngineSetOnAuthErr(pRelpEngine, onAuthErr)); if (!glbl.GetDisableDNS()) { CHKiRet(relpEngineSetDnsLookupMode(pRelpEngine, 1)); @@ -516,6 +524,7 @@ CODESTARTfreeCnf inst = inst->next; free(del); } + free(pModConf->pszBindRuleset); ENDfreeCnf /* This is used to terminate the plugin. Note that the signal handler blocks diff --git a/plugins/omelasticsearch/omelasticsearch.c b/plugins/omelasticsearch/omelasticsearch.c index 33e58c1a..cb96fb6b 100644 --- a/plugins/omelasticsearch/omelasticsearch.c +++ b/plugins/omelasticsearch/omelasticsearch.c @@ -483,13 +483,11 @@ writeDataError(instanceData *pData, cJSON **pReplyRoot, uchar *reqmsg) DBGPRINTF("omelasticsearch: error %d writing error file, write returns %lld\n", errno, (long long) wrRet); } - free(rendered); cJSON_Delete(errRoot); *pReplyRoot = NULL; /* tell caller not to delete once again! */ finalize_it: - if(rendered != NULL) - free(rendered); + free(rendered); RETiRet; } diff --git a/plugins/omlibdbi/omlibdbi.c b/plugins/omlibdbi/omlibdbi.c index 6e27ad22..3beba4f0 100644 --- a/plugins/omlibdbi/omlibdbi.c +++ b/plugins/omlibdbi/omlibdbi.c @@ -10,7 +10,7 @@ * * File begun on 2008-02-14 by RGerhards (extracted from syslogd.c) * - * Copyright 2008-2012 Adiscon GmbH. + * Copyright 2008-2013 Adiscon GmbH. * * This file is part of rsyslog. * @@ -340,8 +340,12 @@ CODESTARTbeginTransaction # if HAVE_DBI_TXSUPP if (pData->txSupport == 1) { if (dbi_conn_transaction_begin(pData->conn) != 0) { - dbgprintf("libdbi server error: begin transaction not successful\n"); - iRet = RS_RET_SUSPENDED; + const char *emsg; + dbi_conn_error(pData->conn, &emsg); + dbgprintf("libdbi server error: begin transaction " + "not successful: %s\n", emsg); + closeConn(pData); + ABORT_FINALIZE(RS_RET_SUSPENDED); } } # endif @@ -365,7 +369,11 @@ BEGINendTransaction CODESTARTendTransaction # if HAVE_DBI_TXSUPP if (dbi_conn_transaction_commit(pData->conn) != 0) { - dbgprintf("libdbi server error: transaction not committed\n"); + const char *emsg; + dbi_conn_error(pData->conn, &emsg); + dbgprintf("libdbi server error: transaction not committed: %s\n", + emsg); + closeConn(pData); iRet = RS_RET_SUSPENDED; } # endif diff --git a/plugins/omrelp/omrelp.c b/plugins/omrelp/omrelp.c index d41b46a6..34511e46 100644 --- a/plugins/omrelp/omrelp.c +++ b/plugins/omrelp/omrelp.c @@ -65,6 +65,7 @@ typedef struct _instanceData { uchar *port; int bInitialConnect; /* is this the initial connection request of our module? (0-no, 1-yes) */ int bIsConnected; /* currently connected to server? 0 - no, 1 - yes */ + int sizeWindow; /**< the RELP window size - 0=use default */ unsigned timeout; unsigned rebindInterval; unsigned nSent; @@ -104,6 +105,7 @@ static struct cnfparamdescr actpdescr[] = { { "tls.permittedpeer", eCmdHdlrArray, 0 }, { "port", eCmdHdlrGetWord, 0 }, { "rebindinterval", eCmdHdlrInt, 0 }, + { "windowsize", eCmdHdlrInt, 0 }, { "timeout", eCmdHdlrInt, 0 }, { "template", eCmdHdlrGetWord, 0 } }; @@ -140,6 +142,14 @@ onErr(void *pUsr, char *objinfo, char* errmesg, __attribute__((unused)) relpRetV } static void +onGenericErr(char *objinfo, char* errmesg, __attribute__((unused)) relpRetVal errcode) +{ + errmsg.LogError(0, RS_RET_RELP_ERR, "omrelp: librelp error '%s', object " + "'%s' - action may not work as intended", + errmesg, objinfo); +} + +static void onAuthErr(void *pUsr, char *authinfo, char* errmesg, __attribute__((unused)) relpRetVal errcode) { instanceData *pData = (instanceData*) pUsr; @@ -157,6 +167,8 @@ doCreateRelpClient(instanceData *pData) ABORT_FINALIZE(RS_RET_RELP_ERR); if(relpCltSetTimeout(pData->pRelpClt, pData->timeout) != RELP_RET_OK) ABORT_FINALIZE(RS_RET_RELP_ERR); + if(relpCltSetWindowSize(pData->pRelpClt, pData->sizeWindow) != RELP_RET_OK) + ABORT_FINALIZE(RS_RET_RELP_ERR); if(relpCltSetUsrPtr(pData->pRelpClt, pData) != RELP_RET_OK) ABORT_FINALIZE(RS_RET_RELP_ERR); if(pData->bEnableTLS) { @@ -195,6 +207,7 @@ finalize_it: BEGINcreateInstance CODESTARTcreateInstance + pData->sizeWindow = 0; pData->timeout = 90; pData->rebindInterval = 0; pData->bEnableTLS = DFLT_ENABLE_TLS; @@ -233,6 +246,7 @@ setInstParamDefaults(instanceData *pData) pData->port = NULL; pData->tplName = NULL; pData->timeout = 90; + pData->sizeWindow = 0; pData->rebindInterval = 0; pData->bEnableTLS = DFLT_ENABLE_TLS; pData->bEnableTLSZip = DFLT_ENABLE_TLSZIP; @@ -269,6 +283,8 @@ CODESTARTnewActInst pData->timeout = (unsigned) pvals[i].val.d.n; } else if(!strcmp(actpblk.descr[i].name, "rebindinterval")) { pData->rebindInterval = (unsigned) pvals[i].val.d.n; + } else if(!strcmp(actpblk.descr[i].name, "windowsize")) { + pData->sizeWindow = (int) pvals[i].val.d.n; } else if(!strcmp(actpblk.descr[i].name, "tls")) { pData->bEnableTLS = (unsigned) pvals[i].val.d.n; } else if(!strcmp(actpblk.descr[i].name, "tls.compression")) { @@ -546,6 +562,7 @@ CODEmodInit_QueryRegCFSLineHdlr CHKiRet(relpEngineConstruct(&pRelpEngine)); CHKiRet(relpEngineSetDbgprint(pRelpEngine, dbgprintf)); CHKiRet(relpEngineSetOnAuthErr(pRelpEngine, onAuthErr)); + CHKiRet(relpEngineSetOnGenericErr(pRelpEngine, onGenericErr)); CHKiRet(relpEngineSetOnErr(pRelpEngine, onErr)); CHKiRet(relpEngineSetEnableCmd(pRelpEngine, (uchar*) "syslog", eRelpCmdState_Required)); |