From fa4119e8747eaec739e38e600cae0308db5367e9 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Wed, 17 Oct 2012 17:17:43 +0200 Subject: imklog: add paramter "keepkerneltimestamp" Thanks to Marius Tomaschweski for the suggestion and a patch (for v5) that this commit bases on. --- plugins/imklog/bsd.c | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) (limited to 'plugins/imklog/bsd.c') diff --git a/plugins/imklog/bsd.c b/plugins/imklog/bsd.c index d4f9f773..ad194b58 100644 --- a/plugins/imklog/bsd.c +++ b/plugins/imklog/bsd.c @@ -58,9 +58,6 @@ static int fklog = -1; /* kernel log fd */ #ifdef OS_LINUX /* submit a message to imklog Syslog() API. In this function, we check if * a kernel timestamp is present and, if so, extract and strip it. - * Note: this is an extra processing step. We should revisit the whole - * idea in v6 and remove all that old stuff that we do not longer need - * (like symbol resolution). <-- TODO * Note that this is heavily Linux specific and thus is not compiled or * used for BSD. * Special thanks to Lennart Poettering for suggesting on how to convert @@ -73,7 +70,7 @@ static int fklog = -1; /* kernel log fd */ * rgerhards, 2011-06-24 */ static void -submitSyslog(int pri, uchar *buf) +submitSyslog(modConfData_t *pModConf, int pri, uchar *buf) { long secs; long nsecs; @@ -119,8 +116,10 @@ submitSyslog(int pri, uchar *buf) /* we have a timestamp */ DBGPRINTF("kernel timestamp is %ld %ld\n", secs, nsecs); - bufsize= strlen((char*)buf); - memmove(buf+3, buf+i, bufsize - i + 1); + if(!pModConf->bKeepKernelStamp) { + bufsize= strlen((char*)buf); + memmove(buf+3, buf+i, bufsize - i + 1); + } clock_gettime(CLOCK_MONOTONIC, &monotonic); clock_gettime(CLOCK_REALTIME, &realtime); @@ -146,7 +145,7 @@ done: } #else /* now comes the BSD "code" (just a shim) */ static void -submitSyslog(int pri, uchar *buf) +submitSyslog(modConfData_t *pModConf, int pri, uchar *buf) { Syslog(pri, buf, NULL); } @@ -196,7 +195,7 @@ finalize_it: /* Read kernel log while data are available, split into lines. */ static void -readklog(void) +readklog(modConfData_t *pModConf) { char *p, *q; int len, i; @@ -238,18 +237,18 @@ readklog(void) for (p = (char*)pRcv; (q = strchr(p, '\n')) != NULL; p = q + 1) { *q = '\0'; - submitSyslog(LOG_INFO, (uchar*) p); + submitSyslog(pModConf, LOG_INFO, (uchar*) p); } len = strlen(p); if (len >= iMaxLine - 1) { - submitSyslog(LOG_INFO, (uchar*)p); + submitSyslog(pModConf, LOG_INFO, (uchar*)p); len = 0; } if(len > 0) memmove(pRcv, p, len + 1); } if (len > 0) - submitSyslog(LOG_INFO, pRcv); + submitSyslog(pModConf, LOG_INFO, pRcv); if(pRcv != NULL && (size_t) iMaxLine >= sizeof(bufRcv) - 1) free(pRcv); @@ -278,10 +277,10 @@ rsRetVal klogAfterRun(modConfData_t *pModConf) * "message pull" mechanism. * rgerhards, 2008-04-09 */ -rsRetVal klogLogKMsg(modConfData_t __attribute__((unused)) *pModConf) +rsRetVal klogLogKMsg(modConfData_t *pModConf) { DEFiRet; - readklog(); + readklog(pModConf); RETiRet; } -- cgit v1.2.3 From 1afd79df5f1da6ce6da8dd594bc4fb32796acb9b Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Tue, 15 Jan 2013 14:27:33 +0100 Subject: bugfix: imklog issued wrong facility in error messages ...what could lead to problems in other parts of the code --- plugins/imklog/bsd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins/imklog/bsd.c') diff --git a/plugins/imklog/bsd.c b/plugins/imklog/bsd.c index 0fbee491..9c2eebb2 100644 --- a/plugins/imklog/bsd.c +++ b/plugins/imklog/bsd.c @@ -172,7 +172,7 @@ klogWillRun(modConfData_t *pModConf) fklog = open((char*)GetPath(pModConf), O_RDONLY, 0); if (fklog < 0) { - imklogLogIntMsg(RS_RET_ERR_OPEN_KLOG, "imklog: cannot open kernel log(%s): %s.", + imklogLogIntMsg(LOG_ERR, "imklog: cannot open kernel log(%s): %s.", GetPath(pModConf), rs_strerror_r(errno, errmsg, sizeof(errmsg))); ABORT_FINALIZE(RS_RET_ERR_OPEN_KLOG); } -- cgit v1.2.3