From a201de795ad630ddf81fea9f7bbb13ad79bdfff4 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Wed, 15 Jun 2011 12:02:39 +0200 Subject: doc: clarified requirements for $WorkDirectory directive --- doc/rsyslog_conf_global.html | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/doc/rsyslog_conf_global.html b/doc/rsyslog_conf_global.html index ce46bac2..9e85ae1e 100644 --- a/doc/rsyslog_conf_global.html +++ b/doc/rsyslog_conf_global.html @@ -249,7 +249,8 @@ default may change as uniprocessor systems become less common. [available since
  • $PreserveFQDN [on/off) - if set to off (legacy default to remain compatible to sysklogd), the domain part from a name that is within the same domain as the receiving system is stripped. If set to on, full names are always used.
    • -
  • $WorkDirectory <name> (directory for spool and other work files)
    • +
  • $WorkDirectory <name> (directory for spool and other work files. +Do not use trailing slashes)
  • $UDPServerAddress <IP> (imudp) -- local IP address (or name) the UDP listens should bind to
  • $UDPServerRun <port> (imudp) -- former -- cgit v1.2.3 From da52cbae520e747568162ad558bf01d40658c745 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Thu, 16 Jun 2011 17:35:45 +0200 Subject: bugfix: timestamp was incorrectly calculated for timezones with minute offset closes: http://bugzilla.adiscon.com/show_bug.cgi?id=271 --- ChangeLog | 3 +++ runtime/datetime.c | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index a50c4ee0..b547f0ea 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,8 @@ --------------------------------------------------------------------------- Version 3.22.4 [v3-stable] (rgerhards), 2010-??-?? +- bugfix: timestamp was incorrectly calculated for timezones with minute + offset + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=271 - improved some code based on clang static analyzer results --------------------------------------------------------------------------- Version 3.22.3 [v3-stable] (rgerhards), 2010-11-24 diff --git a/runtime/datetime.c b/runtime/datetime.c index 20ca6191..bed33127 100644 --- a/runtime/datetime.c +++ b/runtime/datetime.c @@ -112,7 +112,7 @@ static void getCurrTime(struct syslogTime *t) else t->OffsetMode = '+'; t->OffsetHour = lBias / 3600; - t->OffsetMinute = lBias % 3600; + t->OffsetMinute = (lBias % 3600) / 60; } -- cgit v1.2.3 From 53957a73fe670d435781b2dd9a8dc458ee68ff03 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Fri, 24 Jun 2011 08:42:39 +0200 Subject: preparing for 4.6.6 --- ChangeLog | 2 +- configure.ac | 2 +- doc/manual.html | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9e146785..c0b57449 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,5 @@ --------------------------------------------------------------------------- -Version 4.6.6 [v4-stable] (rgerhards), 2010-11-?? +Version 4.6.6 [v4-stable] (rgerhards), 2011-06-24 - bugfix: memory leak in imtcp & subsystems under some circumstances This leak is tied to error conditions which lead to incorrect cleanup of some data structures. [backport from v6, limited testing under v4] diff --git a/configure.ac b/configure.ac index 0e5544b1..0a3a7117 100644 --- a/configure.ac +++ b/configure.ac @@ -2,7 +2,7 @@ # Process this file with autoconf to produce a configure script. AC_PREREQ(2.61) -AC_INIT([rsyslog],[4.6.5],[rsyslog@lists.adiscon.com]) +AC_INIT([rsyslog],[4.6.6],[rsyslog@lists.adiscon.com]) AM_INIT_AUTOMAKE AC_CONFIG_SRCDIR([ChangeLog]) AC_CONFIG_MACRO_DIR([m4]) diff --git a/doc/manual.html b/doc/manual.html index aff23c8b..cca6b023 100644 --- a/doc/manual.html +++ b/doc/manual.html @@ -19,7 +19,7 @@ rsyslog support available directly from the source!

    Please visit the rsyslog sponsor's page to honor the project sponsors or become one yourself! We are very grateful for any help towards the project goals.

    -

    This documentation is for version 4.6.4 (v4-stable branch) of rsyslog. +

    This documentation is for version 4.6.6 (v4-stable branch) of rsyslog. Visit the rsyslog status page to obtain current version information and project status.

    If you like rsyslog, you might -- cgit v1.2.3 From 4b29a27782f74cb3a47be639d62e036a8837a6d6 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Wed, 6 Jul 2011 07:23:35 +0200 Subject: doc: ./configure --help invalidly showed imdiag enabled by default MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Thanks to Frédéric L. W. Meunier for bringing this to my attention. --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 0a3a7117..e3ef1357 100644 --- a/configure.ac +++ b/configure.ac @@ -648,7 +648,7 @@ AM_CONDITIONAL(ENABLE_MAIL, test x$enable_mail = xyes) # would complicate things if we first needed to tell them how to enable imdiag. # rgerhards, 2008-07-25 AC_ARG_ENABLE(imdiag, - [AS_HELP_STRING([--enable-imdiag],[Enable imdiag @<:@default=yes@:>@])], + [AS_HELP_STRING([--enable-imdiag],[Enable imdiag @<:@default=no@:>@])], [case "${enableval}" in yes) enable_imdiag="yes" ;; no) enable_imdiag="no" ;; -- cgit v1.2.3 From f09ee69ee1b7f8c098d0720c8e85a6753cc7d342 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Wed, 6 Jul 2011 07:52:50 +0200 Subject: added support for the ":omusrmsg:" syntax in configuring user messages --- ChangeLog | 3 +++ doc/rsyslog_conf_actions.html | 20 +++++++++++++------- tools/omusrmsg.c | 4 +++- 3 files changed, 19 insertions(+), 8 deletions(-) diff --git a/ChangeLog b/ChangeLog index c0b57449..be156818 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,7 @@ --------------------------------------------------------------------------- +Version 4.6.7 [v4-stable] (rgerhards), 2011-06-?? +- added support for the ":omusrmsg:" syntax in configuring user messages +--------------------------------------------------------------------------- Version 4.6.6 [v4-stable] (rgerhards), 2011-06-24 - bugfix: memory leak in imtcp & subsystems under some circumstances This leak is tied to error conditions which lead to incorrect cleanup diff --git a/doc/rsyslog_conf_actions.html b/doc/rsyslog_conf_actions.html index 6020dd88..2e2293ce 100644 --- a/doc/rsyslog_conf_actions.html +++ b/doc/rsyslog_conf_actions.html @@ -23,7 +23,7 @@ definition. If you do this, the action will be ignored.

    more precisely a single filter of such a selector line). Each action must be on its own line and the line must start with an ampersand ('&') character and have no filters. An example would be

    -

    *.=crit rger
    +

    *.=crit :omusrmsg:rger
    & root
    & /var/log/critmsgs

    These three lines send critical messages to the user rger and @@ -32,7 +32,7 @@ actions per selector is convenient and also offers a performance benefit. As the filter needs to be evaluated only once, there is less computation required to process the directive compared to the otherwise-equal config directives below:

    -

    *.=crit rger
    +

    *.=crit :omusrmsg:rger
    *.=crit root
    *.=crit /var/log/critmsgs

     

    @@ -211,13 +211,19 @@ sysklogd,"<%PRI%>%TIMESTAMP% %syslogtag%%msg%\""

    List of Users

    Usually critical messages are also directed to "root'' on that machine. You can specify a list of users that shall get the -message by simply writing the login. You may specify more than one user -by separating them with commas (",''). If they're logged in they get -the message. Don't think a mail would be sent, that might be too late.

    +message by simply writing ":omusrmsg: followed by the login name. For example, +the send messages to root, use ":omusrmsg:root". +You may specify more than one user +by separating them with commas (",''). Do not repeat the ":omusrmsg:" prefix in +this case. For example, to send data to users root and rger, use +":omusrmsg:root,rger" (do not use ":omusrmsg:root,:omusrmsg:rger", this is invalid). +If they're logged in they get +the message.

    Everyone logged on

    Emergency messages often go to all users currently online to notify them that something strange is happening with the system. To -specify this wall(1)-feature use an asterisk ("*'').

    +specify this wall(1)-feature use an asterisk as the user message +destination(":omusrmsg:*'').

    Call Plugin

    This is a generic way to call an output plugin. The plugin must support this functionality. Actual parameters depend on the @@ -331,7 +337,7 @@ what you can do with it, see "TEMPLATES" at the top of this document.

    [rsyslog site]

    This documentation is part of the rsyslog project.
    -Copyright © 2008 by Rainer Gerhards and +Copyright © 2008-2011 by Rainer Gerhards and Adiscon. Released under the GNU GPL version 2 or higher.

    diff --git a/tools/omusrmsg.c b/tools/omusrmsg.c index 768baca7..44b85bd9 100644 --- a/tools/omusrmsg.c +++ b/tools/omusrmsg.c @@ -278,7 +278,9 @@ CODE_STD_STRING_REQUESTparseSelectorAct(1) * [a-zA-Z0-9_.] * plus '*' for wall */ - if(!*p || !((*p >= 'a' && *p <= 'z') || (*p >= 'A' && *p <= 'Z') + if(!strncmp((char*) p, ":omusrmsg:", sizeof(":omusrmsg:") - 1)) { + p += sizeof(":omusrmsg:") - 1; /* eat indicator sequence (-1 because of '\0'!) */ + } else if(!*p || !((*p >= 'a' && *p <= 'z') || (*p >= 'A' && *p <= 'Z') || (*p >= '0' && *p <= '9') || *p == '_' || *p == '.' || *p == '*')) ABORT_FINALIZE(RS_RET_CONFLINE_UNPROCESSED); -- cgit v1.2.3 From 5442adf8f407594d6197e58db492f31048ac4f85 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Mon, 11 Jul 2011 08:37:11 +0200 Subject: support for :omfile: forward compatibility directive --- doc/log_rotation_fix_size.html | 2 +- doc/rsyslog_conf_output.html | 2 +- tools/omfile.c | 10 +++++++++- 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/doc/log_rotation_fix_size.html b/doc/log_rotation_fix_size.html index 190b24cb..51edf033 100644 --- a/doc/log_rotation_fix_size.html +++ b/doc/log_rotation_fix_size.html @@ -34,7 +34,7 @@ Channels to achieve this. Putting the following directive

    # outchannel definiation $outchannel log_rotation,/var/log/log_rotation.log, 52428800,/home/me/./log_rotation_script # activate the channel and log everything to it -*.* $log_rotation +*.* :omfile:$log_rotation # end log rotation via outchannel

    diff --git a/doc/rsyslog_conf_output.html b/doc/rsyslog_conf_output.html index c52aaa5e..426f2f27 100644 --- a/doc/rsyslog_conf_output.html +++ b/doc/rsyslog_conf_output.html @@ -49,7 +49,7 @@ does not activate it. To do so, you must use a selector line (see below). That selector line includes the channel name plus an $ sign in front of it. A sample might be:

    -*.* $mychannel
    +*.* :omfile:$mychannel

    In its current form, output channels primarily provide the ability to size-limit an output file. To do so, specify a maximum size. When this diff --git a/tools/omfile.c b/tools/omfile.c index 487cf8a0..a4f010c6 100644 --- a/tools/omfile.c +++ b/tools/omfile.c @@ -16,7 +16,7 @@ * pipes. These have been moved to ompipe, to reduced the entanglement * between the two different functionalities. -- rgerhards * - * Copyright 2007-2009 Rainer Gerhards and Adiscon GmbH. + * Copyright 2007-2011 Rainer Gerhards and Adiscon GmbH. * * This file is part of rsyslog. * @@ -646,6 +646,14 @@ ENDdoAction BEGINparseSelectorAct CODESTARTparseSelectorAct + /* Note: the indicator sequence permits us to use '$' to signify + * outchannel, what otherwise is not possible due to truely + * unresolvable grammar conflicts (*this time no way around*). + * rgerhards, 2011-07-09 + */ + if(!strncmp((char*) p, ":omfile:", sizeof(":omfile:") - 1)) { + p += sizeof(":omfile:") - 1; + } if(!(*p == '$' || *p == '?' || *p == '/' || *p == '.' || *p == '-')) ABORT_FINALIZE(RS_RET_CONFLINE_UNPROCESSED); -- cgit v1.2.3 From dc1dd284c28a863a0b000082aaeb62c39ff0e905 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Mon, 11 Jul 2011 08:55:53 +0200 Subject: preparing for 4.6.7 release --- ChangeLog | 3 ++- configure.ac | 2 +- doc/manual.html | 2 +- tests/diag.sh | 4 ++-- tests/testsuites/samples.parse-nodate | 2 +- tests/testsuites/samples.snare_ccoff_udp | 2 +- tests/testsuites/samples.snare_ccoff_udp2 | 8 ++++---- tests/testsuites/weird.parse1 | 8 ++++---- 8 files changed, 16 insertions(+), 15 deletions(-) diff --git a/ChangeLog b/ChangeLog index be156818..dc3cf03a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,7 @@ --------------------------------------------------------------------------- -Version 4.6.7 [v4-stable] (rgerhards), 2011-06-?? +Version 4.6.7 [v4-stable] (rgerhards), 2011-07-11 - added support for the ":omusrmsg:" syntax in configuring user messages +- added support for the ":omfile:" syntax in configuring user messages --------------------------------------------------------------------------- Version 4.6.6 [v4-stable] (rgerhards), 2011-06-24 - bugfix: memory leak in imtcp & subsystems under some circumstances diff --git a/configure.ac b/configure.ac index e3ef1357..85dd7afe 100644 --- a/configure.ac +++ b/configure.ac @@ -2,7 +2,7 @@ # Process this file with autoconf to produce a configure script. AC_PREREQ(2.61) -AC_INIT([rsyslog],[4.6.6],[rsyslog@lists.adiscon.com]) +AC_INIT([rsyslog],[4.6.7],[rsyslog@lists.adiscon.com]) AM_INIT_AUTOMAKE AC_CONFIG_SRCDIR([ChangeLog]) AC_CONFIG_MACRO_DIR([m4]) diff --git a/doc/manual.html b/doc/manual.html index cca6b023..82c899f7 100644 --- a/doc/manual.html +++ b/doc/manual.html @@ -19,7 +19,7 @@ rsyslog support available directly from the source!

    Please visit the rsyslog sponsor's page to honor the project sponsors or become one yourself! We are very grateful for any help towards the project goals.

    -

    This documentation is for version 4.6.6 (v4-stable branch) of rsyslog. +

    This documentation is for version 4.6.7 (v4-stable branch) of rsyslog. Visit the rsyslog status page to obtain current version information and project status.

    If you like rsyslog, you might diff --git a/tests/diag.sh b/tests/diag.sh index 806edf80..1f05fdd6 100755 --- a/tests/diag.sh +++ b/tests/diag.sh @@ -21,7 +21,7 @@ case $1 in rm -f rsyslogd2.started work-*.conf rm -f work rsyslog.out.log rsyslog.out.log.save # common work files rm -f rsyslog.out.*.log work-presort - rm -rf test-spool + rm -rf test-spool stat-file1 rm -f rsyslog.input rm -f core.* vgcore.* mkdir test-spool @@ -30,7 +30,7 @@ case $1 in rm -f rsyslogd2.started diag-common2.conf rsyslog.action.*.include rm -f work rsyslog.out.log rsyslog.out.log.save # common work files rm -f rsyslog.out.*.log rsyslog.random.data work-presort - rm -rf test-spool + rm -rf test-spool stat-file1 rm -f rsyslog.input ;; 'startup') # start rsyslogd with default params. $2 is the config file name to use diff --git a/tests/testsuites/samples.parse-nodate b/tests/testsuites/samples.parse-nodate index 7f16181c..5432bcac 100644 --- a/tests/testsuites/samples.parse-nodate +++ b/tests/testsuites/samples.parse-nodate @@ -1,5 +1,5 @@ <27>xapi: [error|xen3|15|Guest liveness monitor D:bca30ab3f1c1|master_connection] Connection to master died. I will continue to retry indefinitely (supressing future logging of this message) -27,daemon,err,localhost,xapi,xapi:, [error|xen3|15|Guest liveness monitor D:bca30ab3f1c1|master_connection] Connection to master died. I will continue to retry indefinitely (supressing future logging of this message) +27,daemon,err,localhost.localdomain,xapi,xapi:, [error|xen3|15|Guest liveness monitor D:bca30ab3f1c1|master_connection] Connection to master died. I will continue to retry indefinitely (supressing future logging of this message) # a message with just text (as permitted by rfc 3164) # it is questionable if the current sample result is really correct as of 3164! This is a message! diff --git a/tests/testsuites/samples.snare_ccoff_udp b/tests/testsuites/samples.snare_ccoff_udp index 010e44d5..1ae7e8b4 100644 --- a/tests/testsuites/samples.snare_ccoff_udp +++ b/tests/testsuites/samples.snare_ccoff_udp @@ -3,7 +3,7 @@ # *real* cases (just mangled to anonymize them...) # Sample 1 - note the absence of PRI! windowsserver MSWinEventLog 1 Security 1167 Fri Mar 19 15:33:30 2010 540 Security SYSTEM User Success Audit WINDOWSSERVER Logon/Logoff Successful Network Logon: User Name: WINDOWSSERVER$ Domain: DOMX Logon ID: (0x0,0xF88396) Logon Type: 3 Logon Process: Kerberos Authentication Package: Kerberos Workstation Name: Logon GUID: {79b6eb79-7bcc-8a2e-7dad-953c51dc00fd} Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: - Transited Services: - Source Network Address: 10.11.11.3 Source Port: 3306 733\n -13,user,notice,localhost,windowsserver,windowsserver MSWinEventLog 1 Security 1167 Fri, Mar 19 15:33:30 2010 540 Security SYSTEM User Success Audit WINDOWSSERVER Logon/Logoff Successful Network Logon: User Name: WINDOWSSERVER$ Domain: DOMX Logon ID: (0x0,0xF88396) Logon Type: 3 Logon Process: Kerberos Authentication Package: Kerberos Workstation Name: Logon GUID: {79b6eb79-7bcc-8a2e-7dad-953c51dc00fd} Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: - Transited Services: - Source Network Address: 10.11.11.3 Source Port: 3306 733 +13,user,notice,localhost.localdomain,windowsserver,windowsserver MSWinEventLog 1 Security 1167 Fri, Mar 19 15:33:30 2010 540 Security SYSTEM User Success Audit WINDOWSSERVER Logon/Logoff Successful Network Logon: User Name: WINDOWSSERVER$ Domain: DOMX Logon ID: (0x0,0xF88396) Logon Type: 3 Logon Process: Kerberos Authentication Package: Kerberos Workstation Name: Logon GUID: {79b6eb79-7bcc-8a2e-7dad-953c51dc00fd} Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: - Transited Services: - Source Network Address: 10.11.11.3 Source Port: 3306 733 # Sample 2 # the samples below need to be disabled for the "workaround patch" for the message # parser to work. They need to be re-enabled once a final solution has been crafted diff --git a/tests/testsuites/samples.snare_ccoff_udp2 b/tests/testsuites/samples.snare_ccoff_udp2 index 337cd97c..da3a2b14 100644 --- a/tests/testsuites/samples.snare_ccoff_udp2 +++ b/tests/testsuites/samples.snare_ccoff_udp2 @@ -14,13 +14,13 @@ test insert into windows (Message, Facility,FromHost, Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag) values ('', 1, 'test',5, '20100321185328', '20100321185328', 1, '') # and yet another one we have seen in practice UX=Abcd-efg-hij-klmno; XXXXX=1111111111, Z123=192.12.231.245:11111, S1234=123456789, XXXXXX=111111111 -insert into windows (Message, Facility,FromHost, Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag) values (' XXXXX=1111111111, Z123=192.12.231.245:11111, S1234=123456789, XXXXXX=111111111', 1, 'localhost',5, '20100321185328', '20100321185328', 1, 'UX=Abcd-efg-hij-klmno;') +insert into windows (Message, Facility,FromHost, Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag) values (' XXXXX=1111111111, Z123=192.12.231.245:11111, S1234=123456789, XXXXXX=111111111', 1, 'localhost.localdomain',5, '20100321185328', '20100321185328', 1, 'UX=Abcd-efg-hij-klmno;') # Sample 1 - note the absence of PRI! windowsserver MSWinEventLog 1 Security 1167 Fri Mar 19 15:33:30 2010 540 Security SYSTEM User Success Audit WINDOWSSERVER Logon/Logoff Successful Network Logon: User Name: WINDOWSSERVER$ Domain: DOMX Logon ID: (0x0,0xF88396) Logon Type: 3 Logon Process: Kerberos Authentication Package: Kerberos Workstation Name: Logon GUID: {79b6eb79-7bcc-8a2e-7dad-953c51dc00fd} Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: - Transited Services: - Source Network Address: 10.11.11.3 Source Port: 3306 733\n -insert into windows (Message, Facility,FromHost, Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag) values (' Mar 19 15:33:30 2010 540 Security SYSTEM User Success Audit WINDOWSSERVER Logon/Logoff Successful Network Logon: User Name: WINDOWSSERVER$ Domain: DOMX Logon ID: (0x0,0xF88396) Logon Type: 3 Logon Process: Kerberos Authentication Package: Kerberos Workstation Name: Logon GUID: {79b6eb79-7bcc-8a2e-7dad-953c51dc00fd} Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: - Transited Services: - Source Network Address: 10.11.11.3 Source Port: 3306 733', 1, 'localhost',5, '20100321185328', '20100321185328', 1, 'windowsserver MSWinEventLog 1 Security 1167 Fri') +insert into windows (Message, Facility,FromHost, Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag) values (' Mar 19 15:33:30 2010 540 Security SYSTEM User Success Audit WINDOWSSERVER Logon/Logoff Successful Network Logon: User Name: WINDOWSSERVER$ Domain: DOMX Logon ID: (0x0,0xF88396) Logon Type: 3 Logon Process: Kerberos Authentication Package: Kerberos Workstation Name: Logon GUID: {79b6eb79-7bcc-8a2e-7dad-953c51dc00fd} Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: - Transited Services: - Source Network Address: 10.11.11.3 Source Port: 3306 733', 1, 'localhost.localdomain',5, '20100321185328', '20100321185328', 1, 'windowsserver MSWinEventLog 1 Security 1167 Fri') # Sample 2 windowsserver MSWinEventLog 1 Security 1166 Fri Mar 19 15:33:30 2010 576 Security SYSTEM User Success Audit WINDOWSSERVER Logon/Logoff Special privileges assigned to new logon: User Name: WINDOWSSERVER$ Domain: DOMX Logon ID: (0x0,0xF88396) Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege SeEnableDelegationPrivilege 732\n -insert into windows (Message, Facility,FromHost, Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag) values (' Mar 19 15:33:30 2010 576 Security SYSTEM User Success Audit WINDOWSSERVER Logon/Logoff Special privileges assigned to new logon: User Name: WINDOWSSERVER$ Domain: DOMX Logon ID: (0x0,0xF88396) Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege SeEnableDelegationPrivilege 732', 1, 'localhost',5, '20100321185328', '20100321185328', 1, 'windowsserver MSWinEventLog 1 Security 1166 Fri') +insert into windows (Message, Facility,FromHost, Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag) values (' Mar 19 15:33:30 2010 576 Security SYSTEM User Success Audit WINDOWSSERVER Logon/Logoff Special privileges assigned to new logon: User Name: WINDOWSSERVER$ Domain: DOMX Logon ID: (0x0,0xF88396) Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege SeEnableDelegationPrivilege 732', 1, 'localhost.localdomain',5, '20100321185328', '20100321185328', 1, 'windowsserver MSWinEventLog 1 Security 1166 Fri') # Sample 3 windowsserver MSWinEventLog 1 Security 1165 Fri Mar 19 15:33:30 2010 538 Security SYSTEM User Success Audit WINDOWSSERVER Logon/Logoff User Logoff: User Name: WINDOWSSERVER$ Domain: DOMX Logon ID: (0x0,0xF8830B) Logon Type: 3 731\n -insert into windows (Message, Facility,FromHost, Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag) values (' Mar 19 15:33:30 2010 538 Security SYSTEM User Success Audit WINDOWSSERVER Logon/Logoff User Logoff: User Name: WINDOWSSERVER$ Domain: DOMX Logon ID: (0x0,0xF8830B) Logon Type: 3 731', 1, 'localhost',5, '20100321185328', '20100321185328', 1, 'windowsserver MSWinEventLog 1 Security 1165 Fri') +insert into windows (Message, Facility,FromHost, Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag) values (' Mar 19 15:33:30 2010 538 Security SYSTEM User Success Audit WINDOWSSERVER Logon/Logoff User Logoff: User Name: WINDOWSSERVER$ Domain: DOMX Logon ID: (0x0,0xF8830B) Logon Type: 3 731', 1, 'localhost.localdomain',5, '20100321185328', '20100321185328', 1, 'windowsserver MSWinEventLog 1 Security 1165 Fri') diff --git a/tests/testsuites/weird.parse1 b/tests/testsuites/weird.parse1 index e8b90c74..907198a1 100644 --- a/tests/testsuites/weird.parse1 +++ b/tests/testsuites/weird.parse1 @@ -11,10 +11,10 @@ 14,user,info,Aug 30 23:00:05,X4711,,, # there is a SP at the end of the line <14>Aug 30 23:00:05 -14,user,info,Aug 30 23:00:05,localhost,,, +14,user,info,Aug 30 23:00:05,localhost.localdomain,,, # and here is no SP at the end of the line <14>Aug 30 23:00:05 -14,user,info,Aug 30 23:00:05,localhost,,, +14,user,info,Aug 30 23:00:05,localhost.localdomain,,, # unfortunately, I can not test missing dates with this test suite, because # we would have the current date in the response, which we can not check against # @@ -31,7 +31,7 @@ 14,user,info,Aug 30 23:00:05,X4711,,, # there is a SP at the end of the line <14>2010-08-30T23:00:05Z -14,user,info,Aug 30 23:00:05,localhost,,, +14,user,info,Aug 30 23:00:05,localhost.localdomain,,, # and here is no SP at the end of the line <14>2010-08-30T23:00:05Z -14,user,info,Aug 30 23:00:05,localhost,,, +14,user,info,Aug 30 23:00:05,localhost.localdomain,,, -- cgit v1.2.3