From 5005bce38763051b5b12e48ac60c3ff17097a952 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Wed, 4 Mar 2009 18:22:48 +0100 Subject: added ERE support in filter conditions new comparison operation "ereregex" --- tools/syslogd.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'tools/syslogd.h') diff --git a/tools/syslogd.h b/tools/syslogd.h index e866a16b..f1b11a91 100644 --- a/tools/syslogd.h +++ b/tools/syslogd.h @@ -70,7 +70,8 @@ struct filed { FIOP_CONTAINS = 1, /* contains string? */ FIOP_ISEQUAL = 2, /* is (exactly) equal? */ FIOP_STARTSWITH = 3, /* starts with a string? */ - FIOP_REGEX = 4 /* matches a regular expression? */ + FIOP_REGEX = 4, /* matches a (BRE) regular expression? */ + FIOP_EREREGEX = 5 /* matches a ERE regular expression? */ } operation; cstr_t *pCSCompValue; /* value to "compare" against */ char isNegated; /* actually a boolean ;) */ -- cgit v1.2.3 From a86e42028afeba1daca262b590bfd49d9c393b90 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Thu, 2 Apr 2009 16:16:57 +0200 Subject: improved performance of regexp-based filters Thanks to Arnaud Cornet for providing the idea and initial patch. --- tools/syslogd.h | 1 + 1 file changed, 1 insertion(+) (limited to 'tools/syslogd.h') diff --git a/tools/syslogd.h b/tools/syslogd.h index f1b11a91..ecaaec34 100644 --- a/tools/syslogd.h +++ b/tools/syslogd.h @@ -80,6 +80,7 @@ struct filed { } f_filterData; linkedList_t llActList; /* list of configured actions */ +regex_t *regex_cache; }; -- cgit v1.2.3 From 1d16216aa326296673cc8520a8df351c4d492dfe Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Thu, 2 Apr 2009 16:51:53 +0200 Subject: streamlined regex patch - abided to code conventions - fixed a potential segfault when regex library can not be loaded --- tools/syslogd.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tools/syslogd.h') diff --git a/tools/syslogd.h b/tools/syslogd.h index ecaaec34..8b9bd131 100644 --- a/tools/syslogd.h +++ b/tools/syslogd.h @@ -73,6 +73,7 @@ struct filed { FIOP_REGEX = 4, /* matches a (BRE) regular expression? */ FIOP_EREREGEX = 5 /* matches a ERE regular expression? */ } operation; + regex_t *regex_cache; /* cache for compiled REs, if such are used */ cstr_t *pCSCompValue; /* value to "compare" against */ char isNegated; /* actually a boolean ;) */ } prop; @@ -80,7 +81,6 @@ struct filed { } f_filterData; linkedList_t llActList; /* list of configured actions */ -regex_t *regex_cache; }; -- cgit v1.2.3 From 6f4e3c4e4c85acdcf58969970484a54639ecc8f9 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Wed, 10 Jun 2009 16:49:14 +0200 Subject: restructered code in perparation for multiple rule set support ... this was long overdue, and I finlly tackeld it. It turned out to be more complex than I initially thought. The next step now probably is to actually implement multiple rule sets and the beauty that comes with them. --- tools/syslogd.h | 56 +++----------------------------------------------------- 1 file changed, 3 insertions(+), 53 deletions(-) (limited to 'tools/syslogd.h') diff --git a/tools/syslogd.h b/tools/syslogd.h index 8b9bd131..9bcfb2d2 100644 --- a/tools/syslogd.h +++ b/tools/syslogd.h @@ -28,67 +28,17 @@ #include "action.h" #include "linkedlist.h" #include "expr.h" +#include "net.h" /* TODO: remove when you remove isAllowedSender from here! */ #ifndef _PATH_CONSOLE #define _PATH_CONSOLE "/dev/console" #endif - -/* This structure represents the files that will have log - * copies printed. - * RGerhards 2004-11-08: Each instance of the filed structure - * describes what I call an "output channel". This is important - * to mention as we now allow database connections to be - * present in the filed structure. If helps immensely, if we - * think of it as the abstraction of an output channel. - * rgerhards, 2005-10-26: The structure below provides ample - * opportunity for non-thread-safety. Each of the variable - * accesses must be carefully evaluated, many of them probably - * be guarded by mutexes. But beware of deadlocks... - * rgerhards, 2007-08-01: as you can see, the structure has shrunk pretty much. I will - * remove some of the comments some time. It's still the structure that controls much - * of the processing that goes on in syslogd, but it now has lots of helpers. - */ -struct filed { - struct filed *f_next; /* next in linked list */ - /* filter properties */ - enum { - FILTER_PRI = 0, /* traditional PRI based filer */ - FILTER_PROP = 1, /* extended filter, property based */ - FILTER_EXPR = 2 /* extended filter, expression based */ - } f_filter_type; - EHostnameCmpMode eHostnameCmpMode; - cstr_t *pCSHostnameComp; /* hostname to check */ - cstr_t *pCSProgNameComp; /* tag to check or NULL, if not to be checked */ - union { - u_char f_pmask[LOG_NFACILITIES+1]; /* priority mask */ - struct { - cstr_t *pCSPropName; - enum { - FIOP_NOP = 0, /* do not use - No Operation */ - FIOP_CONTAINS = 1, /* contains string? */ - FIOP_ISEQUAL = 2, /* is (exactly) equal? */ - FIOP_STARTSWITH = 3, /* starts with a string? */ - FIOP_REGEX = 4, /* matches a (BRE) regular expression? */ - FIOP_EREREGEX = 5 /* matches a ERE regular expression? */ - } operation; - regex_t *regex_cache; /* cache for compiled REs, if such are used */ - cstr_t *pCSCompValue; /* value to "compare" against */ - char isNegated; /* actually a boolean ;) */ - } prop; - expr_t *f_expr; /* expression object */ - } f_filterData; - - linkedList_t llActList; /* list of configured actions */ -}; - - -#include "net.h" /* TODO: remove when you remoe isAllowedSender from here! */ void untty(void); -rsRetVal selectorConstruct(selector_t **ppThis); +rsRetVal selectorConstruct(ruleset_t **ppThis); rsRetVal selectorDestruct(void *pVal); -rsRetVal selectorAddList(selector_t *f); +rsRetVal selectorAddList(rule_t *f); /* the following prototypes should go away once we have an input * module interface -- rgerhards, 2007-12-12 */ -- cgit v1.2.3 From e3d9843c85b1dfddabc937ac6ccb4057d626bf03 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Fri, 12 Jun 2009 11:47:00 +0200 Subject: re-enabled pipe, tty and console in omfile ... by moving code to stream.c. Thanks to the new design, new cases are not really needed, resulting in cleaner code. I also did a cleanup of header file usage as a side-activity. --- tools/syslogd.h | 10 ---------- 1 file changed, 10 deletions(-) (limited to 'tools/syslogd.h') diff --git a/tools/syslogd.h b/tools/syslogd.h index 9bcfb2d2..3dfdbe2b 100644 --- a/tools/syslogd.h +++ b/tools/syslogd.h @@ -28,17 +28,7 @@ #include "action.h" #include "linkedlist.h" #include "expr.h" -#include "net.h" /* TODO: remove when you remove isAllowedSender from here! */ - -#ifndef _PATH_CONSOLE -#define _PATH_CONSOLE "/dev/console" -#endif - -void untty(void); -rsRetVal selectorConstruct(ruleset_t **ppThis); -rsRetVal selectorDestruct(void *pVal); -rsRetVal selectorAddList(rule_t *f); /* the following prototypes should go away once we have an input * module interface -- rgerhards, 2007-12-12 */ -- cgit v1.2.3