From f3884d52628b4e43425adad3826c9e324cd60291 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Fri, 16 Oct 2009 09:18:51 +0200 Subject: ensure proper imudp shutdown even on a very busy system --- runtime/rsyslog.h | 1 + 1 file changed, 1 insertion(+) (limited to 'runtime/rsyslog.h') diff --git a/runtime/rsyslog.h b/runtime/rsyslog.h index 59e8458b..6cd4df36 100644 --- a/runtime/rsyslog.h +++ b/runtime/rsyslog.h @@ -386,6 +386,7 @@ enum rsRetVal_ /** return value. All methods return this if not specified oth RS_RET_NO_SRCNAME_TPL = -2150, /**< sourcename template was not specified where one was needed (omudpspoof spoof addr) */ RS_RET_HOST_NOT_SPECIFIED = -2151, /**< (target) host was not specified where it was needed */ RS_RET_ERR_LIBNET_INIT = -2152, /**< error initializing libnet */ + RS_RET_FORCE_TERM = -2153, /**< thread was forced to terminate be bShallShutdown, a state, not an error */ /* RainerScript error messages (range 1000.. 1999) */ RS_RET_SYSVAR_NOT_FOUND = 1001, /**< system variable could not be found (maybe misspelled) */ -- cgit v1.2.3 From 6cf7fc7ec2f1b2f69fb69d8b18df8240beed3380 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Tue, 27 Oct 2009 13:53:45 +0100 Subject: action processing optimized for queue shutdown --- runtime/rsyslog.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'runtime/rsyslog.h') diff --git a/runtime/rsyslog.h b/runtime/rsyslog.h index 6cd4df36..bd1c936e 100644 --- a/runtime/rsyslog.h +++ b/runtime/rsyslog.h @@ -386,7 +386,7 @@ enum rsRetVal_ /** return value. All methods return this if not specified oth RS_RET_NO_SRCNAME_TPL = -2150, /**< sourcename template was not specified where one was needed (omudpspoof spoof addr) */ RS_RET_HOST_NOT_SPECIFIED = -2151, /**< (target) host was not specified where it was needed */ RS_RET_ERR_LIBNET_INIT = -2152, /**< error initializing libnet */ - RS_RET_FORCE_TERM = -2153, /**< thread was forced to terminate be bShallShutdown, a state, not an error */ + RS_RET_FORCE_TERM = -2153, /**< thread was forced to terminate by bShallShutdown, a state, not an error */ /* RainerScript error messages (range 1000.. 1999) */ RS_RET_SYSVAR_NOT_FOUND = 1001, /**< system variable could not be found (maybe misspelled) */ -- cgit v1.2.3 From 1ada506e2d90377c2475e103340d8986bf8847f9 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Tue, 27 Oct 2009 17:31:27 +0100 Subject: added the capability to have ruleset-specific main message queues This offers considerable additional flexibility AND superior performance (in cases where multiple inputs now can avoid lock contention) --- runtime/rsyslog.h | 3 +++ 1 file changed, 3 insertions(+) (limited to 'runtime/rsyslog.h') diff --git a/runtime/rsyslog.h b/runtime/rsyslog.h index bd1c936e..7c966276 100644 --- a/runtime/rsyslog.h +++ b/runtime/rsyslog.h @@ -107,6 +107,7 @@ typedef struct wti_s wti_t; typedef obj_t nsd_t; typedef obj_t nsdsel_t; typedef struct msg msg_t; +typedef struct queue_s qqueue_t; typedef struct prop_s prop_t; typedef struct interface_s interface_t; typedef struct objInfo_s objInfo_t; @@ -387,6 +388,8 @@ enum rsRetVal_ /** return value. All methods return this if not specified oth RS_RET_HOST_NOT_SPECIFIED = -2151, /**< (target) host was not specified where it was needed */ RS_RET_ERR_LIBNET_INIT = -2152, /**< error initializing libnet */ RS_RET_FORCE_TERM = -2153, /**< thread was forced to terminate by bShallShutdown, a state, not an error */ + RS_RET_RULES_QUEUE_EXISTS = -2154,/**< we were instructed to create a new ruleset queue, but one already exists */ + RS_RET_NO_CURR_RULESET = -2155,/**< no current ruleset exists (but one is required) */ /* RainerScript error messages (range 1000.. 1999) */ RS_RET_SYSVAR_NOT_FOUND = 1001, /**< system variable could not be found (maybe misspelled) */ -- cgit v1.2.3 From 05d693123b175855174023874ce6f497f3642e61 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Mon, 2 Nov 2009 11:39:38 +0100 Subject: added omruleset output module, which provides great flexibility in action processing. THIS IS A VERY IMPORTANT ADDITION, see its doc for why. --- runtime/rsyslog.h | 3 +++ 1 file changed, 3 insertions(+) (limited to 'runtime/rsyslog.h') diff --git a/runtime/rsyslog.h b/runtime/rsyslog.h index 7c966276..f059a970 100644 --- a/runtime/rsyslog.h +++ b/runtime/rsyslog.h @@ -390,6 +390,9 @@ enum rsRetVal_ /** return value. All methods return this if not specified oth RS_RET_FORCE_TERM = -2153, /**< thread was forced to terminate by bShallShutdown, a state, not an error */ RS_RET_RULES_QUEUE_EXISTS = -2154,/**< we were instructed to create a new ruleset queue, but one already exists */ RS_RET_NO_CURR_RULESET = -2155,/**< no current ruleset exists (but one is required) */ + RS_RET_NO_MSG_PASSING = -2156,/**< output module interface parameter passing mode "MSG" is not available but required */ + RS_RET_RULESET_NOT_FOUND = -2157,/**< a required ruleset could not be found */ + RS_RET_NO_RULESET= -2158,/**< no ruleset name as specified where one was needed */ /* RainerScript error messages (range 1000.. 1999) */ RS_RET_SYSVAR_NOT_FOUND = 1001, /**< system variable could not be found (maybe misspelled) */ -- cgit v1.2.3 From 6f511cecfae3592f271627ebcb41e6a8c4f831e9 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Tue, 3 Nov 2009 12:39:48 +0100 Subject: more cleanup and working towards a parser module calling interface I cleaned up a lot of config variable access along the way. This version compiles and runs, but does not yet offer any enhanced functionality. pmrfc5424 is just a dummy that is not yet being used. --- runtime/rsyslog.h | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'runtime/rsyslog.h') diff --git a/runtime/rsyslog.h b/runtime/rsyslog.h index f059a970..ef323c7d 100644 --- a/runtime/rsyslog.h +++ b/runtime/rsyslog.h @@ -40,6 +40,17 @@ #define CONF_TAG_BUFSIZE 32 #define CONF_HOSTNAME_BUFSIZE 32 #define CONF_PROP_BUFSIZE 16 /* should be close to sizeof(ptr) or lighly above it */ +#define CONF_MIN_SIZE_FOR_COMPRESS 60 /* config param: minimum message size to try compression. The smaller + * the message, the less likely is any compression gain. We check for + * gain before we submit the message. But to do so we still need to + * do the (costly) compress() call. The following setting sets a size + * for which no call to compress() is done at all. This may result in + * a few more bytes being transmited but better overall performance. + * Note: I have not yet checked the minimum UDP packet size. It might be + * that we do not save anything by compressing very small messages, because + * UDP might need to pad ;) + * rgerhards, 2006-11-30 + */ /* ############################################################# * -- cgit v1.2.3 From b1db196953713dd09c499a3edf81347bd903c19e Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Tue, 3 Nov 2009 18:44:02 +0100 Subject: one step closer to dynamically loadable parsers This is a milestone commit, which adds new code that breaks nothing, but also does not add any visible change. Just prep work... --- runtime/rsyslog.h | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'runtime/rsyslog.h') diff --git a/runtime/rsyslog.h b/runtime/rsyslog.h index ef323c7d..4d029c08 100644 --- a/runtime/rsyslog.h +++ b/runtime/rsyslog.h @@ -134,6 +134,9 @@ typedef struct vmstk_s vmstk_t; typedef struct batch_obj_s batch_obj_t; typedef struct batch_s batch_t; typedef struct wtp_s wtp_t; +typedef struct modInfo_s modInfo_t; +typedef struct parser_s parser_t; +typedef struct parserList_s parserList_t; typedef rsRetVal (*prsf_t)(struct vmstk_s*, int); /* pointer to a RainerScript function */ typedef uint64 qDeqID; /* queue Dequeue order ID. 32 bits is considered dangerously few */ @@ -404,6 +407,7 @@ enum rsRetVal_ /** return value. All methods return this if not specified oth RS_RET_NO_MSG_PASSING = -2156,/**< output module interface parameter passing mode "MSG" is not available but required */ RS_RET_RULESET_NOT_FOUND = -2157,/**< a required ruleset could not be found */ RS_RET_NO_RULESET= -2158,/**< no ruleset name as specified where one was needed */ + RS_RET_PARSER_NOT_FOUND = -2159,/**< parser with the specified name was not found */ /* RainerScript error messages (range 1000.. 1999) */ RS_RET_SYSVAR_NOT_FOUND = 1001, /**< system variable could not be found (maybe misspelled) */ -- cgit v1.2.3 From 1b7f5c54684db29c096e09238648a45dce78ebee Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Wed, 4 Nov 2009 10:40:27 +0100 Subject: moved rfc3164/5424 code to new parser modules another milestone commit: the program works, the new interface is used, some more cleanup is needed and the per-ruleset config options are still missing. But we are getting closer... --- runtime/rsyslog.h | 1 + 1 file changed, 1 insertion(+) (limited to 'runtime/rsyslog.h') diff --git a/runtime/rsyslog.h b/runtime/rsyslog.h index 4d029c08..a5e8cf5d 100644 --- a/runtime/rsyslog.h +++ b/runtime/rsyslog.h @@ -408,6 +408,7 @@ enum rsRetVal_ /** return value. All methods return this if not specified oth RS_RET_RULESET_NOT_FOUND = -2157,/**< a required ruleset could not be found */ RS_RET_NO_RULESET= -2158,/**< no ruleset name as specified where one was needed */ RS_RET_PARSER_NOT_FOUND = -2159,/**< parser with the specified name was not found */ + RS_RET_COULD_NOT_PARSE = -2160,/**< (this) parser could not parse the message (no error, means try next one) */ /* RainerScript error messages (range 1000.. 1999) */ RS_RET_SYSVAR_NOT_FOUND = 1001, /**< system variable could not be found (maybe misspelled) */ -- cgit v1.2.3