From 49a5c0c3b9dbb91e3cdd97b2975a3e12c53fe73e Mon Sep 17 00:00:00 2001 From: Marius Tomaschewski Date: Wed, 17 Oct 2012 11:29:45 +0200 Subject: imklog: skip leading spaces in kernel timestamp --- plugins/imklog/bsd.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'plugins/imklog/bsd.c') diff --git a/plugins/imklog/bsd.c b/plugins/imklog/bsd.c index eaf8e5ca..428d3cc2 100644 --- a/plugins/imklog/bsd.c +++ b/plugins/imklog/bsd.c @@ -92,7 +92,9 @@ submitSyslog(int pri, uchar *buf) /* we now try to parse the timestamp. iff it parses, we assume * it is a timestamp. Otherwise we know for sure it is no ts ;) */ - i = 4; /* first digit after '[' */ + i = 4; /* space or first digit after '[' */ + while(buf[i] && isspace(buf[i])) + ++i; /* skip space */ secs = 0; while(buf[i] && isdigit(buf[i])) { secs = secs * 10 + buf[i] - '0'; -- cgit v1.2.3 From 51754401f72376ea5f1c5b74b9c1772ab6f7ae4f Mon Sep 17 00:00:00 2001 From: Marius Tomaschewski Date: Wed, 17 Oct 2012 11:55:34 +0200 Subject: imklog: use memmove to remove kernel timestamp --- plugins/imklog/bsd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins/imklog/bsd.c') diff --git a/plugins/imklog/bsd.c b/plugins/imklog/bsd.c index 428d3cc2..bb45c97a 100644 --- a/plugins/imklog/bsd.c +++ b/plugins/imklog/bsd.c @@ -120,7 +120,7 @@ submitSyslog(int pri, uchar *buf) /* we have a timestamp */ DBGPRINTF("kernel timestamp is %ld %ld\n", secs, nsecs); bufsize= strlen((char*)buf); - memcpy(buf+3, buf+i, bufsize - i + 1); + memmove(buf+3, buf+i, bufsize - i + 1); clock_gettime(CLOCK_MONOTONIC, &monotonic); clock_gettime(CLOCK_REALTIME, &realtime); -- cgit v1.2.3 From fa4119e8747eaec739e38e600cae0308db5367e9 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Wed, 17 Oct 2012 17:17:43 +0200 Subject: imklog: add paramter "keepkerneltimestamp" Thanks to Marius Tomaschweski for the suggestion and a patch (for v5) that this commit bases on. --- plugins/imklog/bsd.c | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) (limited to 'plugins/imklog/bsd.c') diff --git a/plugins/imklog/bsd.c b/plugins/imklog/bsd.c index d4f9f773..ad194b58 100644 --- a/plugins/imklog/bsd.c +++ b/plugins/imklog/bsd.c @@ -58,9 +58,6 @@ static int fklog = -1; /* kernel log fd */ #ifdef OS_LINUX /* submit a message to imklog Syslog() API. In this function, we check if * a kernel timestamp is present and, if so, extract and strip it. - * Note: this is an extra processing step. We should revisit the whole - * idea in v6 and remove all that old stuff that we do not longer need - * (like symbol resolution). <-- TODO * Note that this is heavily Linux specific and thus is not compiled or * used for BSD. * Special thanks to Lennart Poettering for suggesting on how to convert @@ -73,7 +70,7 @@ static int fklog = -1; /* kernel log fd */ * rgerhards, 2011-06-24 */ static void -submitSyslog(int pri, uchar *buf) +submitSyslog(modConfData_t *pModConf, int pri, uchar *buf) { long secs; long nsecs; @@ -119,8 +116,10 @@ submitSyslog(int pri, uchar *buf) /* we have a timestamp */ DBGPRINTF("kernel timestamp is %ld %ld\n", secs, nsecs); - bufsize= strlen((char*)buf); - memmove(buf+3, buf+i, bufsize - i + 1); + if(!pModConf->bKeepKernelStamp) { + bufsize= strlen((char*)buf); + memmove(buf+3, buf+i, bufsize - i + 1); + } clock_gettime(CLOCK_MONOTONIC, &monotonic); clock_gettime(CLOCK_REALTIME, &realtime); @@ -146,7 +145,7 @@ done: } #else /* now comes the BSD "code" (just a shim) */ static void -submitSyslog(int pri, uchar *buf) +submitSyslog(modConfData_t *pModConf, int pri, uchar *buf) { Syslog(pri, buf, NULL); } @@ -196,7 +195,7 @@ finalize_it: /* Read kernel log while data are available, split into lines. */ static void -readklog(void) +readklog(modConfData_t *pModConf) { char *p, *q; int len, i; @@ -238,18 +237,18 @@ readklog(void) for (p = (char*)pRcv; (q = strchr(p, '\n')) != NULL; p = q + 1) { *q = '\0'; - submitSyslog(LOG_INFO, (uchar*) p); + submitSyslog(pModConf, LOG_INFO, (uchar*) p); } len = strlen(p); if (len >= iMaxLine - 1) { - submitSyslog(LOG_INFO, (uchar*)p); + submitSyslog(pModConf, LOG_INFO, (uchar*)p); len = 0; } if(len > 0) memmove(pRcv, p, len + 1); } if (len > 0) - submitSyslog(LOG_INFO, pRcv); + submitSyslog(pModConf, LOG_INFO, pRcv); if(pRcv != NULL && (size_t) iMaxLine >= sizeof(bufRcv) - 1) free(pRcv); @@ -278,10 +277,10 @@ rsRetVal klogAfterRun(modConfData_t *pModConf) * "message pull" mechanism. * rgerhards, 2008-04-09 */ -rsRetVal klogLogKMsg(modConfData_t __attribute__((unused)) *pModConf) +rsRetVal klogLogKMsg(modConfData_t *pModConf) { DEFiRet; - readklog(); + readklog(pModConf); RETiRet; } -- cgit v1.2.3