From 5442adf8f407594d6197e58db492f31048ac4f85 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Mon, 11 Jul 2011 08:37:11 +0200 Subject: support for :omfile: forward compatibility directive --- doc/log_rotation_fix_size.html | 2 +- doc/rsyslog_conf_output.html | 2 +- tools/omfile.c | 10 +++++++++- 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/doc/log_rotation_fix_size.html b/doc/log_rotation_fix_size.html index 190b24cb..51edf033 100644 --- a/doc/log_rotation_fix_size.html +++ b/doc/log_rotation_fix_size.html @@ -34,7 +34,7 @@ Channels to achieve this. Putting the following directive

# outchannel definiation $outchannel log_rotation,/var/log/log_rotation.log, 52428800,/home/me/./log_rotation_script # activate the channel and log everything to it -*.* $log_rotation +*.* :omfile:$log_rotation # end log rotation via outchannel

diff --git a/doc/rsyslog_conf_output.html b/doc/rsyslog_conf_output.html index c52aaa5e..426f2f27 100644 --- a/doc/rsyslog_conf_output.html +++ b/doc/rsyslog_conf_output.html @@ -49,7 +49,7 @@ does not activate it. To do so, you must use a selector line (see below). That selector line includes the channel name plus an $ sign in front of it. A sample might be:

-*.* $mychannel
+*.* :omfile:$mychannel

In its current form, output channels primarily provide the ability to size-limit an output file. To do so, specify a maximum size. When this diff --git a/tools/omfile.c b/tools/omfile.c index 487cf8a0..a4f010c6 100644 --- a/tools/omfile.c +++ b/tools/omfile.c @@ -16,7 +16,7 @@ * pipes. These have been moved to ompipe, to reduced the entanglement * between the two different functionalities. -- rgerhards * - * Copyright 2007-2009 Rainer Gerhards and Adiscon GmbH. + * Copyright 2007-2011 Rainer Gerhards and Adiscon GmbH. * * This file is part of rsyslog. * @@ -646,6 +646,14 @@ ENDdoAction BEGINparseSelectorAct CODESTARTparseSelectorAct + /* Note: the indicator sequence permits us to use '$' to signify + * outchannel, what otherwise is not possible due to truely + * unresolvable grammar conflicts (*this time no way around*). + * rgerhards, 2011-07-09 + */ + if(!strncmp((char*) p, ":omfile:", sizeof(":omfile:") - 1)) { + p += sizeof(":omfile:") - 1; + } if(!(*p == '$' || *p == '?' || *p == '/' || *p == '.' || *p == '-')) ABORT_FINALIZE(RS_RET_CONFLINE_UNPROCESSED); -- cgit v1.2.3 From dc1dd284c28a863a0b000082aaeb62c39ff0e905 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Mon, 11 Jul 2011 08:55:53 +0200 Subject: preparing for 4.6.7 release --- ChangeLog | 3 ++- configure.ac | 2 +- doc/manual.html | 2 +- tests/diag.sh | 4 ++-- tests/testsuites/samples.parse-nodate | 2 +- tests/testsuites/samples.snare_ccoff_udp | 2 +- tests/testsuites/samples.snare_ccoff_udp2 | 8 ++++---- tests/testsuites/weird.parse1 | 8 ++++---- 8 files changed, 16 insertions(+), 15 deletions(-) diff --git a/ChangeLog b/ChangeLog index be156818..dc3cf03a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,7 @@ --------------------------------------------------------------------------- -Version 4.6.7 [v4-stable] (rgerhards), 2011-06-?? +Version 4.6.7 [v4-stable] (rgerhards), 2011-07-11 - added support for the ":omusrmsg:" syntax in configuring user messages +- added support for the ":omfile:" syntax in configuring user messages --------------------------------------------------------------------------- Version 4.6.6 [v4-stable] (rgerhards), 2011-06-24 - bugfix: memory leak in imtcp & subsystems under some circumstances diff --git a/configure.ac b/configure.ac index e3ef1357..85dd7afe 100644 --- a/configure.ac +++ b/configure.ac @@ -2,7 +2,7 @@ # Process this file with autoconf to produce a configure script. AC_PREREQ(2.61) -AC_INIT([rsyslog],[4.6.6],[rsyslog@lists.adiscon.com]) +AC_INIT([rsyslog],[4.6.7],[rsyslog@lists.adiscon.com]) AM_INIT_AUTOMAKE AC_CONFIG_SRCDIR([ChangeLog]) AC_CONFIG_MACRO_DIR([m4]) diff --git a/doc/manual.html b/doc/manual.html index cca6b023..82c899f7 100644 --- a/doc/manual.html +++ b/doc/manual.html @@ -19,7 +19,7 @@ rsyslog support available directly from the source!

Please visit the rsyslog sponsor's page to honor the project sponsors or become one yourself! We are very grateful for any help towards the project goals.

-

This documentation is for version 4.6.6 (v4-stable branch) of rsyslog. +

This documentation is for version 4.6.7 (v4-stable branch) of rsyslog. Visit the rsyslog status page to obtain current version information and project status.

If you like rsyslog, you might diff --git a/tests/diag.sh b/tests/diag.sh index 806edf80..1f05fdd6 100755 --- a/tests/diag.sh +++ b/tests/diag.sh @@ -21,7 +21,7 @@ case $1 in rm -f rsyslogd2.started work-*.conf rm -f work rsyslog.out.log rsyslog.out.log.save # common work files rm -f rsyslog.out.*.log work-presort - rm -rf test-spool + rm -rf test-spool stat-file1 rm -f rsyslog.input rm -f core.* vgcore.* mkdir test-spool @@ -30,7 +30,7 @@ case $1 in rm -f rsyslogd2.started diag-common2.conf rsyslog.action.*.include rm -f work rsyslog.out.log rsyslog.out.log.save # common work files rm -f rsyslog.out.*.log rsyslog.random.data work-presort - rm -rf test-spool + rm -rf test-spool stat-file1 rm -f rsyslog.input ;; 'startup') # start rsyslogd with default params. $2 is the config file name to use diff --git a/tests/testsuites/samples.parse-nodate b/tests/testsuites/samples.parse-nodate index 7f16181c..5432bcac 100644 --- a/tests/testsuites/samples.parse-nodate +++ b/tests/testsuites/samples.parse-nodate @@ -1,5 +1,5 @@ <27>xapi: [error|xen3|15|Guest liveness monitor D:bca30ab3f1c1|master_connection] Connection to master died. I will continue to retry indefinitely (supressing future logging of this message) -27,daemon,err,localhost,xapi,xapi:, [error|xen3|15|Guest liveness monitor D:bca30ab3f1c1|master_connection] Connection to master died. I will continue to retry indefinitely (supressing future logging of this message) +27,daemon,err,localhost.localdomain,xapi,xapi:, [error|xen3|15|Guest liveness monitor D:bca30ab3f1c1|master_connection] Connection to master died. I will continue to retry indefinitely (supressing future logging of this message) # a message with just text (as permitted by rfc 3164) # it is questionable if the current sample result is really correct as of 3164! This is a message! diff --git a/tests/testsuites/samples.snare_ccoff_udp b/tests/testsuites/samples.snare_ccoff_udp index 010e44d5..1ae7e8b4 100644 --- a/tests/testsuites/samples.snare_ccoff_udp +++ b/tests/testsuites/samples.snare_ccoff_udp @@ -3,7 +3,7 @@ # *real* cases (just mangled to anonymize them...) # Sample 1 - note the absence of PRI! windowsserver MSWinEventLog 1 Security 1167 Fri Mar 19 15:33:30 2010 540 Security SYSTEM User Success Audit WINDOWSSERVER Logon/Logoff Successful Network Logon: User Name: WINDOWSSERVER$ Domain: DOMX Logon ID: (0x0,0xF88396) Logon Type: 3 Logon Process: Kerberos Authentication Package: Kerberos Workstation Name: Logon GUID: {79b6eb79-7bcc-8a2e-7dad-953c51dc00fd} Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: - Transited Services: - Source Network Address: 10.11.11.3 Source Port: 3306 733\n -13,user,notice,localhost,windowsserver,windowsserver MSWinEventLog 1 Security 1167 Fri, Mar 19 15:33:30 2010 540 Security SYSTEM User Success Audit WINDOWSSERVER Logon/Logoff Successful Network Logon: User Name: WINDOWSSERVER$ Domain: DOMX Logon ID: (0x0,0xF88396) Logon Type: 3 Logon Process: Kerberos Authentication Package: Kerberos Workstation Name: Logon GUID: {79b6eb79-7bcc-8a2e-7dad-953c51dc00fd} Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: - Transited Services: - Source Network Address: 10.11.11.3 Source Port: 3306 733 +13,user,notice,localhost.localdomain,windowsserver,windowsserver MSWinEventLog 1 Security 1167 Fri, Mar 19 15:33:30 2010 540 Security SYSTEM User Success Audit WINDOWSSERVER Logon/Logoff Successful Network Logon: User Name: WINDOWSSERVER$ Domain: DOMX Logon ID: (0x0,0xF88396) Logon Type: 3 Logon Process: Kerberos Authentication Package: Kerberos Workstation Name: Logon GUID: {79b6eb79-7bcc-8a2e-7dad-953c51dc00fd} Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: - Transited Services: - Source Network Address: 10.11.11.3 Source Port: 3306 733 # Sample 2 # the samples below need to be disabled for the "workaround patch" for the message # parser to work. They need to be re-enabled once a final solution has been crafted diff --git a/tests/testsuites/samples.snare_ccoff_udp2 b/tests/testsuites/samples.snare_ccoff_udp2 index 337cd97c..da3a2b14 100644 --- a/tests/testsuites/samples.snare_ccoff_udp2 +++ b/tests/testsuites/samples.snare_ccoff_udp2 @@ -14,13 +14,13 @@ test insert into windows (Message, Facility,FromHost, Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag) values ('', 1, 'test',5, '20100321185328', '20100321185328', 1, '') # and yet another one we have seen in practice UX=Abcd-efg-hij-klmno; XXXXX=1111111111, Z123=192.12.231.245:11111, S1234=123456789, XXXXXX=111111111 -insert into windows (Message, Facility,FromHost, Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag) values (' XXXXX=1111111111, Z123=192.12.231.245:11111, S1234=123456789, XXXXXX=111111111', 1, 'localhost',5, '20100321185328', '20100321185328', 1, 'UX=Abcd-efg-hij-klmno;') +insert into windows (Message, Facility,FromHost, Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag) values (' XXXXX=1111111111, Z123=192.12.231.245:11111, S1234=123456789, XXXXXX=111111111', 1, 'localhost.localdomain',5, '20100321185328', '20100321185328', 1, 'UX=Abcd-efg-hij-klmno;') # Sample 1 - note the absence of PRI! windowsserver MSWinEventLog 1 Security 1167 Fri Mar 19 15:33:30 2010 540 Security SYSTEM User Success Audit WINDOWSSERVER Logon/Logoff Successful Network Logon: User Name: WINDOWSSERVER$ Domain: DOMX Logon ID: (0x0,0xF88396) Logon Type: 3 Logon Process: Kerberos Authentication Package: Kerberos Workstation Name: Logon GUID: {79b6eb79-7bcc-8a2e-7dad-953c51dc00fd} Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: - Transited Services: - Source Network Address: 10.11.11.3 Source Port: 3306 733\n -insert into windows (Message, Facility,FromHost, Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag) values (' Mar 19 15:33:30 2010 540 Security SYSTEM User Success Audit WINDOWSSERVER Logon/Logoff Successful Network Logon: User Name: WINDOWSSERVER$ Domain: DOMX Logon ID: (0x0,0xF88396) Logon Type: 3 Logon Process: Kerberos Authentication Package: Kerberos Workstation Name: Logon GUID: {79b6eb79-7bcc-8a2e-7dad-953c51dc00fd} Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: - Transited Services: - Source Network Address: 10.11.11.3 Source Port: 3306 733', 1, 'localhost',5, '20100321185328', '20100321185328', 1, 'windowsserver MSWinEventLog 1 Security 1167 Fri') +insert into windows (Message, Facility,FromHost, Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag) values (' Mar 19 15:33:30 2010 540 Security SYSTEM User Success Audit WINDOWSSERVER Logon/Logoff Successful Network Logon: User Name: WINDOWSSERVER$ Domain: DOMX Logon ID: (0x0,0xF88396) Logon Type: 3 Logon Process: Kerberos Authentication Package: Kerberos Workstation Name: Logon GUID: {79b6eb79-7bcc-8a2e-7dad-953c51dc00fd} Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: - Transited Services: - Source Network Address: 10.11.11.3 Source Port: 3306 733', 1, 'localhost.localdomain',5, '20100321185328', '20100321185328', 1, 'windowsserver MSWinEventLog 1 Security 1167 Fri') # Sample 2 windowsserver MSWinEventLog 1 Security 1166 Fri Mar 19 15:33:30 2010 576 Security SYSTEM User Success Audit WINDOWSSERVER Logon/Logoff Special privileges assigned to new logon: User Name: WINDOWSSERVER$ Domain: DOMX Logon ID: (0x0,0xF88396) Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege SeEnableDelegationPrivilege 732\n -insert into windows (Message, Facility,FromHost, Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag) values (' Mar 19 15:33:30 2010 576 Security SYSTEM User Success Audit WINDOWSSERVER Logon/Logoff Special privileges assigned to new logon: User Name: WINDOWSSERVER$ Domain: DOMX Logon ID: (0x0,0xF88396) Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege SeEnableDelegationPrivilege 732', 1, 'localhost',5, '20100321185328', '20100321185328', 1, 'windowsserver MSWinEventLog 1 Security 1166 Fri') +insert into windows (Message, Facility,FromHost, Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag) values (' Mar 19 15:33:30 2010 576 Security SYSTEM User Success Audit WINDOWSSERVER Logon/Logoff Special privileges assigned to new logon: User Name: WINDOWSSERVER$ Domain: DOMX Logon ID: (0x0,0xF88396) Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege SeEnableDelegationPrivilege 732', 1, 'localhost.localdomain',5, '20100321185328', '20100321185328', 1, 'windowsserver MSWinEventLog 1 Security 1166 Fri') # Sample 3 windowsserver MSWinEventLog 1 Security 1165 Fri Mar 19 15:33:30 2010 538 Security SYSTEM User Success Audit WINDOWSSERVER Logon/Logoff User Logoff: User Name: WINDOWSSERVER$ Domain: DOMX Logon ID: (0x0,0xF8830B) Logon Type: 3 731\n -insert into windows (Message, Facility,FromHost, Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag) values (' Mar 19 15:33:30 2010 538 Security SYSTEM User Success Audit WINDOWSSERVER Logon/Logoff User Logoff: User Name: WINDOWSSERVER$ Domain: DOMX Logon ID: (0x0,0xF8830B) Logon Type: 3 731', 1, 'localhost',5, '20100321185328', '20100321185328', 1, 'windowsserver MSWinEventLog 1 Security 1165 Fri') +insert into windows (Message, Facility,FromHost, Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag) values (' Mar 19 15:33:30 2010 538 Security SYSTEM User Success Audit WINDOWSSERVER Logon/Logoff User Logoff: User Name: WINDOWSSERVER$ Domain: DOMX Logon ID: (0x0,0xF8830B) Logon Type: 3 731', 1, 'localhost.localdomain',5, '20100321185328', '20100321185328', 1, 'windowsserver MSWinEventLog 1 Security 1165 Fri') diff --git a/tests/testsuites/weird.parse1 b/tests/testsuites/weird.parse1 index e8b90c74..907198a1 100644 --- a/tests/testsuites/weird.parse1 +++ b/tests/testsuites/weird.parse1 @@ -11,10 +11,10 @@ 14,user,info,Aug 30 23:00:05,X4711,,, # there is a SP at the end of the line <14>Aug 30 23:00:05 -14,user,info,Aug 30 23:00:05,localhost,,, +14,user,info,Aug 30 23:00:05,localhost.localdomain,,, # and here is no SP at the end of the line <14>Aug 30 23:00:05 -14,user,info,Aug 30 23:00:05,localhost,,, +14,user,info,Aug 30 23:00:05,localhost.localdomain,,, # unfortunately, I can not test missing dates with this test suite, because # we would have the current date in the response, which we can not check against # @@ -31,7 +31,7 @@ 14,user,info,Aug 30 23:00:05,X4711,,, # there is a SP at the end of the line <14>2010-08-30T23:00:05Z -14,user,info,Aug 30 23:00:05,localhost,,, +14,user,info,Aug 30 23:00:05,localhost.localdomain,,, # and here is no SP at the end of the line <14>2010-08-30T23:00:05Z -14,user,info,Aug 30 23:00:05,localhost,,, +14,user,info,Aug 30 23:00:05,localhost.localdomain,,, -- cgit v1.2.3 From d66d3d6033aae584bfc622f3f9dcddc4f152c308 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Mon, 11 Jul 2011 10:08:16 +0200 Subject: added warning message for old-style outchannel syntax --- doc/v4compatibility.html | 19 +++++++++++++++++++ runtime/rsyslog.h | 1 + tools/omfile.c | 9 ++++++++- 3 files changed, 28 insertions(+), 1 deletion(-) diff --git a/doc/v4compatibility.html b/doc/v4compatibility.html index 5d877af1..72b0f5a9 100644 --- a/doc/v4compatibility.html +++ b/doc/v4compatibility.html @@ -74,4 +74,23 @@ So it is a good idea to become ready for the new version now and also enjoy some benefits of the "real restart", like the better error-reporting capability.

Note that code complexity reduction (and thus performance improvement) needs the restart-type HUP code to be removed, so these changes can (and will) only happen in version 5. +

outchannels

+Note: as always documented, outchannels are an experimental feature that may be +removed and/or changed in the future. +There is one concrete change done starting with 4.6.7: let's assume an +outchannel "mychannel" was defined. Then, this channel could be used inside an + +*.* $mychannel + +This is still supported and will remain to be supported in v4. However, there is +a new variant which explicitely tells this is to be handled by omfile. This new +syntax is as follows: + +*.* :omfile:$mychannel + +Note that future versions, specifically starting with v6, the older syntax is no +longer supported. So users are strongly advised to switch to the new syntax. As an +aid to the conversion process, rsyslog 4.7.4 and above issue a warning message +if the old-style directive is seen -- but still accept the old syntax without +any problems. diff --git a/runtime/rsyslog.h b/runtime/rsyslog.h index 52b29ac4..f14e0724 100644 --- a/runtime/rsyslog.h +++ b/runtime/rsyslog.h @@ -343,6 +343,7 @@ enum rsRetVal_ /** return value. All methods return this if not specified oth RS_RET_FILE_NOT_SPECIFIED = -2180, /**< file name not configured where this was required */ RS_RET_ERR_WRKDIR = -2181, /**< problems with the rsyslog working directory */ RS_RET_WRN_WRKDIR = -2182, /**< correctable problems with the rsyslog working directory */ + RS_RET_OUTDATED_STMT = -2184, /**< some outdated statement/functionality is being used in conf file */ /* RainerScript error messages (range 1000.. 1999) */ RS_RET_SYSVAR_NOT_FOUND = 1001, /**< system variable could not be found (maybe misspelled) */ diff --git a/tools/omfile.c b/tools/omfile.c index f32da124..150848eb 100644 --- a/tools/omfile.c +++ b/tools/omfile.c @@ -720,7 +720,14 @@ CODESTARTparseSelectorAct */ if(!strncmp((char*) p, ":omfile:", sizeof(":omfile:") - 1)) { p += sizeof(":omfile:") - 1; - } + } else { + if(*p == '$') { + errmsg.LogError(0, RS_RET_OUTDATED_STMT, + "action '%s' treated as ':omfile:%s' - please " + "change syntax, '%s' will not be supported in " + "rsyslog v6 and above.", p, p, p); + } + } if(!(*p == '$' || *p == '?' || *p == '/' || *p == '.' || *p == '-')) ABORT_FINALIZE(RS_RET_CONFLINE_UNPROCESSED); -- cgit v1.2.3 From a9933094b20d70da1641d80bb723e2570b937c36 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Mon, 11 Jul 2011 10:43:58 +0200 Subject: preparing for 5.8.3 --- ChangeLog | 5 ++++- configure.ac | 2 +- doc/manual.html | 2 +- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index f4b4da93..f3617590 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,8 +1,11 @@ --------------------------------------------------------------------------- -Version 5.8.3 [V5-stable] (rgerhards), 2011-06-?? +Version 5.8.3 [V5-stable] (rgerhards), 2011-07-11 - systemd support: set stdout/stderr to null - thx to Lennart for the patch - added support for the ":omusrmsg:" syntax in configuring user messages - added support for the ":omfile:" syntax in configuring user messages + Note: previous outchannel syntax will generate a warning message. This + may be surprising to some users, but it is quite urgent to alert them + of the new syntax as v6 can no longer support the previous one. --------------------------------------------------------------------------- Version 5.8.2 [V5-stable] (rgerhards), 2011-06-21 - bugfix: problems in failover action handling diff --git a/configure.ac b/configure.ac index 43382c9f..427c0b05 100644 --- a/configure.ac +++ b/configure.ac @@ -2,7 +2,7 @@ # Process this file with autoconf to produce a configure script. AC_PREREQ(2.61) -AC_INIT([rsyslog],[5.8.2],[rsyslog@lists.adiscon.com]) +AC_INIT([rsyslog],[5.8.3],[rsyslog@lists.adiscon.com]) AM_INIT_AUTOMAKE m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) diff --git a/doc/manual.html b/doc/manual.html index a5a26e75..2c13e275 100644 --- a/doc/manual.html +++ b/doc/manual.html @@ -19,7 +19,7 @@ rsyslog support available directly from the source!

Please visit the rsyslog sponsor's page to honor the project sponsors or become one yourself! We are very grateful for any help towards the project goals.

-

This documentation is for version 5.8.2 (v5-stable branch) of rsyslog. +

This documentation is for version 5.8.3 (v5-stable branch) of rsyslog. Visit the rsyslog status page to obtain current version information and project status.

If you like rsyslog, you might -- cgit v1.2.3