From 01405d78f4a8c090d5abe37380d60cff252efdc6 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Mon, 23 Jan 2012 18:05:07 +0100 Subject: refactored imklog linux driver, now combined with BSD driver The Linux driver no longer supports outdated kernel symbol resolution, which was disabled by default for very long. Also overall cleanup, resulting in much smaller code. Linux and BSD are now covered by a single small driver. --- plugins/imklog/imklog.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) (limited to 'plugins/imklog/imklog.c') diff --git a/plugins/imklog/imklog.c b/plugins/imklog/imklog.c index cb28e68e..40249273 100644 --- a/plugins/imklog/imklog.c +++ b/plugins/imklog/imklog.c @@ -200,15 +200,14 @@ rsRetVal Syslog(int priority, uchar *pMsg, struct timeval *tp) DEFiRet; /* then check if we have two PRIs. This can happen in case of systemd, - * in which case the second PRI is the rigth one. - * TODO: added kernel timestamp support to this PoC. -- rgerhards, 2011-03-18 + * in which case the second PRI is the right one. */ - if(pMsg[3] == '<') { /* could be a pri... */ - uchar *pMsgTmp = pMsg + 3; + if(pMsg[3] == '<' || (pMsg[3] == ' ' && pMsg[4] == '<')) { /* could be a pri... */ + uchar *pMsgTmp = pMsg + ((pMsg[3] == '<') ? 3 : 4); localRet = parsePRI(&pMsgTmp, &pri); if(localRet == RS_RET_OK && pri >= 8 && pri <= 192) { /* *this* is our PRI */ - DBGPRINTF("imklog detected secondary PRI in klog msg\n"); + DBGPRINTF("imklog detected secondary PRI(%d) in klog msg\n", pri); pMsg = pMsgTmp; priority = pri; } -- cgit v1.2.3