From e1437c7aa43df135b93aac1d2d3c7323b91c8ad4 Mon Sep 17 00:00:00 2001 From: Tom Bergfeld Date: Wed, 8 Sep 2010 13:48:37 +0200 Subject: minor doc fix: updated tls doc to match new gnutls toolset Signed-off-by: Rainer Gerhards --- doc/tls_cert_machine.html | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/doc/tls_cert_machine.html b/doc/tls_cert_machine.html index 5ecde0d1..095e15c2 100644 --- a/doc/tls_cert_machine.html +++ b/doc/tls_cert_machine.html @@ -75,7 +75,15 @@ Locality name: Somewhere State or province name: CA Common name: machine.example.net UID: -Enter a challenge password: +Enter a dnsName of the subject of the certificate: +Enter the IP address of the subject of the certificate: +Enter the e-mail of the subject of the certificate: +Enter a challange password: +Does the certificate belong to an authority? (y/N): n +Will the certificate be used for signing (DHE and RSA-EXPORT ciphersuites)? (y/N): +Will the certificate be used for encryption (RSA ciphersuites)? (y/N): +Is this a TLS web client certificate? (y/N): y +Is this also a TLS web server certificate? (y/N): y [root@rgf9dev sample]# certtool --generate-certificate --load-request request.pem --outfile cert.pem --load-ca-certificate ca.pem --load-ca-privkey ca-key.pem Generating a signed certificate... Enter the certificate's serial number (decimal): @@ -86,10 +94,12 @@ The certificate will expire in (days): 1000 Extensions. +Do you want to honour the extensions from the request? (y/N): Does the certificate belong to an authority? (Y/N): n Is this a TLS web client certificate? (Y/N): y Is this also a TLS web server certificate? (Y/N): y Enter the dnsName of the subject of the certificate: machine.example.net {This is the name of the machine that will use the certificate} +Enter the IP address of the subject of certificate: Will the certificate be used for signing (DHE and RSA-EXPORT ciphersuites)? (Y/N): Will the certificate be used for encryption (RSA ciphersuites)? (Y/N): X.509 Certificate Information: -- cgit v1.2.3 From e6b184ad84e055c7272c41706c2fd8f86f6ac056 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Thu, 7 Oct 2010 13:53:07 +0200 Subject: doc: documented way to turn off imuxsock ratelimiting --- doc/imuxsock.html | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/doc/imuxsock.html b/doc/imuxsock.html index 1ab99a76..4dd28f26 100644 --- a/doc/imuxsock.html +++ b/doc/imuxsock.html @@ -39,6 +39,7 @@ config statements just use the prefix $IMUXSockRateLimit... but otherwise works exactly the same. When working with severities, please keep in mind that higher severity numbers mean lower severity and configure things accordingly. +To turn off rate limiting, set the interval to zero.

Unix log sockets can be flow-controlled. That is, if processing queues fill up, the unix socket reader is blocked for a short while. This may be useful to prevent overruning the queues (which may cause exessive disk-io where it actually would not be needed). However, @@ -55,7 +56,7 @@ the implications. Note that for many systems, turning on flow control does not h

  • $InputUnixListenSocketFlowControl [on/off] - specifies if flow control should be applied to the next socket.
  • $IMUXSockRateLimitInterval [number] - specifies the rate-limiting -interval in seconds. Default value is 5 seconds. +interval in seconds. Default value is 5 seconds. Set it to 0 to turn rate limiting off.
  • $IMUXSockRateLimitBurst [number] - specifies the rate-limiting burst in number of messages. Default is 200. @@ -78,7 +79,7 @@ be obtained from the log socket itself. If so, the TAG part of the message is re It is recommended to turn this option on, but the default is "off" to keep compatible with earlier versions of rsyslog. This option was introduced in 5.7.0.
  • $SystemLogRateLimitInterval [number] - specifies the rate-limiting -interval in seconds. Default value is 5 seconds. +interval in seconds. Default value is 5 seconds. Set it to 0 to turn rate limiting off.
  • $SystemLogRateLimitBurst [number] - specifies the rate-limiting burst in number of messages. Default is 200. -- cgit v1.2.3 From ed324a9a610f91f54514eb713ff5593bde1012e6 Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Tue, 5 Oct 2010 17:41:09 +0200 Subject: Enable rsyslog.socket together with rsyslog.service When the rsyslog service is enabled via "systemctl enable rsyslog.service" also enable the socket unit. --- rsyslog.service.in | 1 + 1 file changed, 1 insertion(+) diff --git a/rsyslog.service.in b/rsyslog.service.in index ea966cc3..b3c55515 100644 --- a/rsyslog.service.in +++ b/rsyslog.service.in @@ -6,3 +6,4 @@ ExecStart=@sbindir@/rsyslogd -n -c5 [Install] WantedBy=multi-user.target +Also=rsyslog.socket -- cgit v1.2.3 From 8c3d40b798e3ed68fb03629d87b55140cb6bc044 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Mon, 11 Oct 2010 17:11:00 +0200 Subject: removed need for math library by doing math a little bit more optimal in hash table code. Also reduced memory requirement for imuxsock hash tables (expected number of connections was set too high -- table can be extended dynamically). --- doc/imuxsock.html | 6 ++++++ plugins/imuxsock/imuxsock.c | 4 ++-- runtime/hashtable.c | 16 +++++++++++++--- tools/Makefile.am | 2 +- 4 files changed, 22 insertions(+), 6 deletions(-) diff --git a/doc/imuxsock.html b/doc/imuxsock.html index 4dd28f26..ee5db22d 100644 --- a/doc/imuxsock.html +++ b/doc/imuxsock.html @@ -139,6 +139,12 @@ the $InputUnixListenSocketCreatePath and the $InputUnixListenSocketHostName.

    $InputUnixListenSocketCreatePath on # turn on for *next* socket $InputUnixListenSocketHostName /var/run/sshd/dev/log +

    The following sample is used to turn off input rate limiting on the system log +socket. +

    [rsyslog.conf overview] [manual index] [rsyslog site]

    This documentation is part of the diff --git a/plugins/imuxsock/imuxsock.c b/plugins/imuxsock/imuxsock.c index 566dde1b..0eee1122 100644 --- a/plugins/imuxsock/imuxsock.c +++ b/plugins/imuxsock/imuxsock.c @@ -283,7 +283,7 @@ addLstnSocketName(void __attribute__((unused)) *pVal, uchar *pNewVal) } CHKiRet(prop.ConstructFinalize(listeners[nfd].hostName)); if(ratelimitInterval > 0) { - if((listeners[nfd].ht = create_hashtable(1000, hash_from_key_fn, key_equals_fn, NULL)) == NULL) { + if((listeners[nfd].ht = create_hashtable(100, hash_from_key_fn, key_equals_fn, NULL)) == NULL) { /* in this case, we simply turn of rate-limiting */ dbgprintf("imuxsock: turning off rate limiting because we could not " "create hash table\n"); @@ -761,7 +761,7 @@ CODESTARTwillRun if(pLogSockName != NULL) listeners[0].sockName = pLogSockName; if(ratelimitIntervalSysSock > 0) { - if((listeners[0].ht = create_hashtable(1000, hash_from_key_fn, key_equals_fn, NULL)) == NULL) { + if((listeners[0].ht = create_hashtable(100, hash_from_key_fn, key_equals_fn, NULL)) == NULL) { /* in this case, we simply turn of rate-limiting */ dbgprintf("imuxsock: turning off rate limiting because we could not " "create hash table\n"); diff --git a/runtime/hashtable.c b/runtime/hashtable.c index 41fc60fe..a01fa7d9 100644 --- a/runtime/hashtable.c +++ b/runtime/hashtable.c @@ -23,7 +23,17 @@ static const unsigned int primes[] = { 805306457, 1610612741 }; const unsigned int prime_table_length = sizeof(primes)/sizeof(primes[0]); -const float max_load_factor = 0.65; + +#define MAX_LOAD_FACTOR 65 /* to get real factor, divide by 100! */ + +/* compute max load. We use a constant factor of 0.65, but do + * everything times 100, so that we do not need floats. + */ +static inline unsigned +getLoadLimit(unsigned size) +{ + return (unsigned int) ((unsigned long long) size * MAX_LOAD_FACTOR) / 100; +} /*****************************************************************************/ struct hashtable * @@ -50,7 +60,7 @@ create_hashtable(unsigned int minsize, h->hashfn = hashf; h->eqfn = eqf; h->dest = dest; - h->loadlimit = (unsigned int) ceil(size * max_load_factor); + h->loadlimit = getLoadLimit(size); return h; } @@ -123,7 +133,7 @@ hashtable_expand(struct hashtable *h) } } h->tablelength = newsize; - h->loadlimit = (unsigned int) ceil(newsize * max_load_factor); + h->loadlimit = getLoadLimit(newsize); return -1; } diff --git a/tools/Makefile.am b/tools/Makefile.am index 6541194a..96657ad4 100644 --- a/tools/Makefile.am +++ b/tools/Makefile.am @@ -36,7 +36,7 @@ rsyslogd_SOURCES = \ \ ../dirty.h rsyslogd_CPPFLAGS = $(PTHREADS_CFLAGS) $(RSRT_CFLAGS) -rsyslogd_LDADD = $(ZLIB_LIBS) $(PTHREADS_LIBS) $(RSRT_LIBS) $(SOL_LIBS) -lm +rsyslogd_LDADD = $(ZLIB_LIBS) $(PTHREADS_LIBS) $(RSRT_LIBS) $(SOL_LIBS) rsyslogd_LDFLAGS = -export-dynamic if ENABLE_DIAGTOOLS -- cgit v1.2.3 From ed9fd3541f07929008a64f5b6ea3bcce70e62c25 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Fri, 15 Oct 2010 08:23:29 +0200 Subject: imfile: bug fixes either one or two bugs fixed ;) Definitely a problem where no state file is written when working with relative pathes. Also, some problems with offsets should be fixed for very large files. However, I could not yet experimentally show the issue so it probably needs more verification. --- ChangeLog | 4 ++++ plugins/imfile/imfile.c | 5 ++++- runtime/stream.c | 6 +++--- 3 files changed, 11 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index f552781a..fd0e0487 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,8 @@ --------------------------------------------------------------------------- +Version 5.7.2 [V5-DEVEL] (rgerhards), 2010-10-05 +- bugfix: imfile state file was not written when relative file name + for it was specified +--------------------------------------------------------------------------- Version 5.7.1 [V5-DEVEL] (rgerhards), 2010-10-05 - support for Hadoop's HDFS added (via omhdfs) - imuxsock now optionally use SCM_CREDENTIALS to pull the pid from the log diff --git a/plugins/imfile/imfile.c b/plugins/imfile/imfile.c index 8a10e26f..e067014e 100644 --- a/plugins/imfile/imfile.c +++ b/plugins/imfile/imfile.c @@ -337,12 +337,15 @@ persistStrmState(fileInfo_t *pInfo) { DEFiRet; strm_t *psSF = NULL; /* state file (stream) */ + size_t lenDir; ASSERT(pInfo != NULL); /* TODO: create a function persistObj in obj.c? */ CHKiRet(strm.Construct(&psSF)); - CHKiRet(strm.SetDir(psSF, glbl.GetWorkDir(), strlen((char*)glbl.GetWorkDir()))); + lenDir = ustrlen(glbl.GetWorkDir()); + if(lenDir > 0) + CHKiRet(strm.SetDir(psSF, glbl.GetWorkDir(), lenDir)); CHKiRet(strm.SettOperationsMode(psSF, STREAMMODE_WRITE_TRUNC)); CHKiRet(strm.SetsType(psSF, STREAMTYPE_FILE_SINGLE)); CHKiRet(strm.SetFName(psSF, pInfo->pszStateFile, strlen((char*) pInfo->pszStateFile))); diff --git a/runtime/stream.c b/runtime/stream.c index b4295762..7f965029 100644 --- a/runtime/stream.c +++ b/runtime/stream.c @@ -1473,7 +1473,7 @@ static rsRetVal strmSerialize(strm_t *pThis, strm_t *pStrm) { DEFiRet; int i; - long l; + int64 ll; ISOBJ_TYPE_assert(pThis, strm); ISOBJ_TYPE_assert(pStrm, strm); @@ -1495,8 +1495,8 @@ static rsRetVal strmSerialize(strm_t *pThis, strm_t *pStrm) i = pThis->tOpenMode; objSerializeSCALAR_VAR(pStrm, tOpenMode, INT, i); - l = (long) pThis->iCurrOffs; - objSerializeSCALAR_VAR(pStrm, iCurrOffs, LONG, l); + ll = pThis->iCurrOffs; + objSerializeSCALAR_VAR(pStrm, iCurrOffs, INT64, ll); CHKiRet(obj.EndSerialize(pStrm)); -- cgit v1.2.3 From 90933057bc2f014fd2124ba7d830652e9b1ead96 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Fri, 15 Oct 2010 16:39:10 +0200 Subject: imfile: bugfixes in regard to large files (> 2GB) - bugfix: a couple of problems that imfile had on some platforms, namely Ubuntu (not their fault, but occured there) - bugfix: imfile utilizes 32 bit to track offset. Most importantly, this problem can not experienced on Fedora 64 bit OS (which has 64 bit long's!) --- ChangeLog | 9 ++++++++- plugins/imfile/imfile.c | 4 +++- runtime/stream.c | 16 ++++++++-------- 3 files changed, 19 insertions(+), 10 deletions(-) diff --git a/ChangeLog b/ChangeLog index df29694c..05137f28 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,12 @@ --------------------------------------------------------------------------- -Version 4.6.4 [v4-stable] (rgerhards), 2010-08.05 +Version 4.6.5 [v4-stable] (rgerhards), 2010-??-?? +- bugfix: a couple of problems that imfile had on some platforms, namely + Ubuntu (not their fault, but occured there) +- bugfix: imfile utilizes 32 bit to track offset. Most importantly, + this problem can not experienced on Fedora 64 bit OS (which has + 64 bit long's!) +--------------------------------------------------------------------------- +Version 4.6.4 [v4-stable] (rgerhards), 2010-08-05 - bugfix: zero-sized (empty) messages were processed by imtcp they are now dropped as they always should have been - bugfix: programname filter in ! configuration can not be reset diff --git a/plugins/imfile/imfile.c b/plugins/imfile/imfile.c index 7c588f90..e16f26f8 100644 --- a/plugins/imfile/imfile.c +++ b/plugins/imfile/imfile.c @@ -359,12 +359,14 @@ persistStrmState(fileInfo_t *pInfo) { DEFiRet; strm_t *psSF = NULL; /* state file (stream) */ + size_t lenDir; ASSERT(pInfo != NULL); /* TODO: create a function persistObj in obj.c? */ CHKiRet(strm.Construct(&psSF)); - CHKiRet(strm.SetDir(psSF, glbl.GetWorkDir(), strlen((char*)glbl.GetWorkDir()))); + lenDir = strlen((char*)glbl.GetWorkDir()); + CHKiRet(strm.SetDir(psSF, glbl.GetWorkDir(), lenDir)); CHKiRet(strm.SettOperationsMode(psSF, STREAMMODE_WRITE_TRUNC)); CHKiRet(strm.SetsType(psSF, STREAMTYPE_FILE_SINGLE)); CHKiRet(strm.SetFName(psSF, pInfo->pszStateFile, strlen((char*) pInfo->pszStateFile))); diff --git a/runtime/stream.c b/runtime/stream.c index e8805a40..696986c7 100644 --- a/runtime/stream.c +++ b/runtime/stream.c @@ -214,7 +214,7 @@ doPhysOpen(strm_t *pThis) iFlags |= O_NONBLOCK; } - pThis->fd = open((char*)pThis->pszCurrFName, iFlags, pThis->tOpenMode); + pThis->fd = open((char*)pThis->pszCurrFName, iFlags | O_LARGEFILE, pThis->tOpenMode); DBGPRINTF("file '%s' opened as #%d with mode %d\n", pThis->pszCurrFName, pThis->fd, pThis->tOpenMode); if(pThis->fd == -1) { char errStr[1024]; @@ -1188,7 +1188,7 @@ finalize_it: * is invalidated. * rgerhards, 2008-01-12 */ -static rsRetVal strmSeek(strm_t *pThis, off_t offs) +static rsRetVal strmSeek(strm_t *pThis, off64_t offs) { DEFiRet; @@ -1198,9 +1198,9 @@ static rsRetVal strmSeek(strm_t *pThis, off_t offs) strmOpenFile(pThis); else strmFlushInternal(pThis); - int i; - DBGOPRINT((obj_t*) pThis, "file %d seek, pos %ld\n", pThis->fd, (long) offs); - i = lseek(pThis->fd, offs, SEEK_SET); // TODO: check error! + long long i; + DBGOPRINT((obj_t*) pThis, "file %d seek, pos %llu\n", pThis->fd, (long long unsigned) offs); + i = lseek64(pThis->fd, offs, SEEK_SET); // TODO: check error! pThis->iCurrOffs = offs; /* we are now at *this* offset */ pThis->iBufPtr = 0; /* buffer invalidated */ @@ -1477,7 +1477,7 @@ static rsRetVal strmSerialize(strm_t *pThis, strm_t *pStrm) { DEFiRet; int i; - long l; + int64 l; ISOBJ_TYPE_assert(pThis, strm); ISOBJ_TYPE_assert(pStrm, strm); @@ -1499,8 +1499,8 @@ static rsRetVal strmSerialize(strm_t *pThis, strm_t *pStrm) i = pThis->tOpenMode; objSerializeSCALAR_VAR(pStrm, tOpenMode, INT, i); - l = (long) pThis->iCurrOffs; - objSerializeSCALAR_VAR(pStrm, iCurrOffs, LONG, l); + l = pThis->iCurrOffs; + objSerializeSCALAR_VAR(pStrm, iCurrOffs, INT64, l); CHKiRet(obj.EndSerialize(pStrm)); -- cgit v1.2.3 From c27a2ab6867897ec379ec1e9afb216c99070b33e Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Fri, 15 Oct 2010 07:47:31 -0700 Subject: fixed incomplete merge --- plugins/imfile/imfile.c | 1 + 1 file changed, 1 insertion(+) diff --git a/plugins/imfile/imfile.c b/plugins/imfile/imfile.c index e16f26f8..3981f9f7 100644 --- a/plugins/imfile/imfile.c +++ b/plugins/imfile/imfile.c @@ -366,6 +366,7 @@ persistStrmState(fileInfo_t *pInfo) /* TODO: create a function persistObj in obj.c? */ CHKiRet(strm.Construct(&psSF)); lenDir = strlen((char*)glbl.GetWorkDir()); + if(lenDir > 0) CHKiRet(strm.SetDir(psSF, glbl.GetWorkDir(), lenDir)); CHKiRet(strm.SettOperationsMode(psSF, STREAMMODE_WRITE_TRUNC)); CHKiRet(strm.SetsType(psSF, STREAMTYPE_FILE_SINGLE)); -- cgit v1.2.3 From f76b826989cea5fdfbb7b313557775cf082a398e Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Fri, 15 Oct 2010 17:21:03 +0200 Subject: solved minor compile problem (caused by merge) --- plugins/imptcp/imptcp.c | 1 - 1 file changed, 1 deletion(-) diff --git a/plugins/imptcp/imptcp.c b/plugins/imptcp/imptcp.c index 93906ba0..9b24dbc2 100644 --- a/plugins/imptcp/imptcp.c +++ b/plugins/imptcp/imptcp.c @@ -498,7 +498,6 @@ doSubmitMsg(ptcpsess_t *pThis, struct syslogTime *stTime, time_t ttGenTime, mult MsgSetInputName(pMsg, pThis->pSrv->pInputName); MsgSetFlowControlType(pMsg, eFLOWCTL_LIGHT_DELAY); pMsg->msgFlags = NEEDS_PARSING | PARSE_HOSTNAME; - pMsg->bParseHOSTNAME = 1; MsgSetRcvFrom(pMsg, pThis->peerName); CHKiRet(MsgSetRcvFromIP(pMsg, pThis->peerIP)); MsgSetRuleset(pMsg, pThis->pSrv->pRuleset); -- cgit v1.2.3