[PATCH] syslog-ng-1.6.5+20041206 fixes missing facility/priority in afinet.c
Hello, Somehow we either forgot this piece or it dropped out of the CVS again ;). The inlined patch fixes a missing facility/priority addition for template expansion over the network in afinet.c The goal is to be able to send the node name in each syslog message in order to distinguish the two systems: unfortunately when using templates in destination files, the facility/priority is lost. This fixes it I hope: --- syslog-ng-1.6.5+20041206/src/afinet.c 2004-08-05 13:35:12.000000000 +0200 +++ syslog-ng-1.6.5+20041206-fixed/src/afinet.c 2004-12-08 20:44:15.000000000 +0100 @@ -595,7 +595,8 @@ struct ol_string *msg_line; if (self->template_output) { - msg_line = c_format("%fS", + msg_line = c_format("<%i>%fS", + msg->pri, expand_macros( self->cfg, self->template_output, I'm under the distinct impression that something like that has already been addressed in the past. Maybe it was a copy'n'paste error or so ... Take care, Roberto Nibali, ratz -- ------------------------------------------------------------- addr://Rathausgasse 31, CH-5001 Aarau tel://++41 62 823 9355 http://www.terreactive.com fax://++41 62 823 9356 ------------------------------------------------------------- terreActive AG Wir sichern Ihren Erfolg -------------------------------------------------------------
On Wed, 2004-12-08 at 20:49, Roberto Nibali wrote:
Hello,
Somehow we either forgot this piece or it dropped out of the CVS again ;). The inlined patch fixes a missing facility/priority addition for template expansion over the network in afinet.c
The goal is to be able to send the node name in each syslog message in order to distinguish the two systems: unfortunately when using templates in destination files, the facility/priority is lost.
This fixes it I hope:
--- syslog-ng-1.6.5+20041206/src/afinet.c 2004-08-05 13:35:12.000000000 +0200 +++ syslog-ng-1.6.5+20041206-fixed/src/afinet.c 2004-12-08 20:44:15.000000000 +0100 @@ -595,7 +595,8 @@ struct ol_string *msg_line;
if (self->template_output) { - msg_line = c_format("%fS", + msg_line = c_format("<%i>%fS", + msg->pri, expand_macros( self->cfg, self->template_output,
I'm under the distinct impression that something like that has already been addressed in the past. Maybe it was a copy'n'paste error or so ...
it was removed by intent, as that code path is processed when template() is specified by the user. if you want to include the pri/level then you need to add it into your template: destination d_udp { udp("1.2.3.4" template("<$TAG>$DATE $HOST $MSG\n"); }; -- Bazsi
Hi Bazsi,
I'm under the distinct impression that something like that has already been addressed in the past. Maybe it was a copy'n'paste error or so ...
it was removed by intent, as that code path is processed when template() is specified by the user. if you want to include the pri/level then you need to add it into your template:
destination d_udp { udp("1.2.3.4" template("<$TAG>$DATE $HOST $MSG\n"); };
Colour me stupid but this does not provide me with the same functionality. If I provide the prio/level (it's translated into hex, when you read the tcpdump output; which I don't recall being valid by the specs) the code fails in log.c: Jan 1 00:00:00 unparseable log message: \"<4e>Dec 13 07:05:01 [snip]\" This is the code snippet that gets hit: if (left && src[0] == '<') { src++; left--; pri = 0; while (left && *src != '>') { if (isdigit(*src)) { ^^^^^^^ my tcpdump shows me 4e for my prio/level combo I send pri = pri * 10 + ((*src) - '0'); } else { lm->msg = c_format_cstring("unparseable log message: \"%s\"", length, data); lm->pri = LOG_SYSLOG | LOG_ERR; return; } src++; left--; } lm->pri = pri; if (left) { src++; left--; } Please consider applying the patch, or tell me what I'm missing. I'll patch my local copy of syslog-ng because I'm honestly unable to configure it they way you think it should be working. Thanks and best regards, Roberto Nibali, ratz -- ------------------------------------------------------------- addr://Rathausgasse 31, CH-5001 Aarau tel://++41 62 823 9355 http://www.terreactive.com fax://++41 62 823 9356 ------------------------------------------------------------- terreActive AG Wir sichern Ihren Erfolg -------------------------------------------------------------
On Mon, 2004-12-13 at 09:44, Roberto Nibali wrote:
Hi Bazsi,
I'm under the distinct impression that something like that has already been addressed in the past. Maybe it was a copy'n'paste error or so ...
it was removed by intent, as that code path is processed when template() is specified by the user. if you want to include the pri/level then you need to add it into your template:
destination d_udp { udp("1.2.3.4" template("<$TAG>$DATE $HOST $MSG\n"); };
Colour me stupid but this does not provide me with the same functionality. If I provide the prio/level (it's translated into hex, when you read the tcpdump output; which I don't recall being valid by the specs) the code fails in log.c:
Jan 1 00:00:00 unparseable log message: \"<4e>Dec 13 07:05:01 [snip]\"
This is the code snippet that gets hit:
if (left && src[0] == '<') { src++; left--; pri = 0; while (left && *src != '>') { if (isdigit(*src)) { ^^^^^^^ my tcpdump shows me 4e for my prio/level combo I send
pri = pri * 10 + ((*src) - '0'); } else { lm->msg = c_format_cstring("unparseable log message: \"%s\"", length, data); lm->pri = LOG_SYSLOG | LOG_ERR; return; } src++; left--; } lm->pri = pri; if (left) { src++; left--; }
Please consider applying the patch, or tell me what I'm missing. I'll patch my local copy of syslog-ng because I'm honestly unable to configure it they way you think it should be working. Thanks and best regards,
sorry, it is not the TAG macro, but the PRI macro, so it should read: template("<$PRI>$DATE $HOST $MSG\n"); -- Bazsi
Hello, Thanks for the prompt reply. Unfortunately it does not solve the problem.
sorry, it is not the TAG macro, but the PRI macro, so it should read: template("<$PRI>$DATE $HOST $MSG\n");
Sorry I don't want to be a pest and I only did short debugging since I have no time to look through the code. Even with $PRI expansion it does not work. In fact contrary to $TAG it is not even submitted through macros.c. I've sprinkled a few printf()'s into the macros.c to see if we hit the relevant code but we don't: static void expand_macro(struct syslog_config *cfg, int id, int escape, char **dest, unsigned int *left, struct log_info *msg) { int length = 0; printf("DEBUG: this is the id '%d'\n",id); switch (id) { case M_FACILITY: { /* facility */ char *n = syslog_lookup_value(msg->pri & LOG_FACMASK, sl_facilities); if (n) { length = append_string(dest, left, n, strlen(n), 0); } else { length = snprintf(*dest, *left, "%x", (msg->pri & LOG_FACMASK) >> 3); } break; } case M_LEVEL: { /* level */ char *n = syslog_lookup_value(msg->pri & LOG_PRIMASK, sl_levels); if (n) { length = append_string(dest, left, n, strlen(n), 0); } else { /* should never happen */ length = snprintf(*dest, *left, "%d", msg->pri & LOG_PRIMASK); } break; } case M_TAG: { printf("DEBUG: I'm in M_TAG in macros.c\n"); length = snprintf(*dest, *left, "%02x", msg->pri); break; } case M_PRI: { printf("DEBUG: I'm in M_PRI in macros.c\n"); length = snprintf(*dest, *left, "%d", msg->pri); break; } When I start syslog-ng like follows: # /sbin/syslog-ng -F -f /etc/syslog-ng.conf I get the output (regarding the line: tcp("X.Y.W.Z" port(1514) template("<$PRI>$DATE $HOST $TAG $MSG\n")); DEBUG: this is the id '30' DEBUG: this is the id '20' DEBUG: I'm in M_TAG in macros.c DEBUG: this is the id '440' DEBUG: this is the id '480' The real syslog-ng.conf is huge but the line above is the only part where I have macro expansion, so I know that I fall through that destination. As you can see I do not get the id '21' which would be M_PRI. It seems to be lost. If I check with tcpdump -X -s 1500 -n -i eth0 tcp and port 1514 I get something like following line: <>Dec 13 12:57:01 hostname app[1213]: Look, to me it looks like maybe msg-pri is not available at the expansion time. Maybe I also did something extremely stupid but I honestly have no time to debug it any further right now and the patch I've sent earlier solves my problem. I'll check once again though to see if I really missed something obvious :). Best regards, Roberto Nibali, ratz -- ------------------------------------------------------------- addr://Rathausgasse 31, CH-5001 Aarau tel://++41 62 823 9355 http://www.terreactive.com fax://++41 62 823 9356 ------------------------------------------------------------- terreActive AG Wir sichern Ihren Erfolg -------------------------------------------------------------
ADDENDUM:
Look, to me it looks like maybe msg-pri is not available at the expansion time. Maybe I also did something extremely stupid but I honestly have no time to debug it any further right now and the patch I've sent earlier solves my problem.
I'll check once again though to see if I really missed something obvious :).
Ok, now I've found out that something is fishy with find_macro(). It doesn't find the PRI tag. My DEBUG output: DEBUG: beginning of macro: H|O|S|T| DEBUG: Found macro 'HOST' DEBUG: this is the id '440' DEBUG: beginning of macro: M|S|G| DEBUG: Found macro 'MSG' DEBUG: this is the id '480' DEBUG: beginning of macro: D|A|T|E| DEBUG: Found macro 'DATE' DEBUG: this is the id '30' DEBUG: beginning of macro: P|R|I| DEBUG: macro not found DEBUG: beginning of macro: T|A|G| DEBUG: Found macro 'TAG' DEBUG: this is the id '20' DEBUG: I'm in M_TAG in macros.c This is with libol-0.3.14. I'm adding some more debugging to find_macro(). Cheers, Roberto Nibali, ratz -- ------------------------------------------------------------- addr://Rathausgasse 31, CH-5001 Aarau tel://++41 62 823 9355 http://www.terreactive.com fax://++41 62 823 9356 ------------------------------------------------------------- terreActive AG Wir sichern Ihren Erfolg -------------------------------------------------------------
Hi,
This is with libol-0.3.14. I'm adding some more debugging to find_macro().
I found the culprit. We use the gperf'd src/macros-gperf.c which is lacking the PRI in struct macro_def wordlist[] and thus it cannot be found by find_macro(). I think it is fixed as follows (no -p1 diff ;)): --- macros.gprf-orig Mon Dec 13 15:47:46 2004 +++ macros.gprf Mon Dec 13 15:48:09 2004 @@ -7,6 +7,7 @@ PRIORITY, M_LEVEL LEVEL, M_LEVEL TAG, M_TAG +PRI, M_PRI DATE, M_DATE FULLDATE, M_FULLDATE ISODATE, M_ISODATE Best regards, Roberto Nibali, ratz -- ------------------------------------------------------------- addr://Rathausgasse 31, CH-5001 Aarau tel://++41 62 823 9355 http://www.terreactive.com fax://++41 62 823 9356 ------------------------------------------------------------- terreActive AG Wir sichern Ihren Erfolg -------------------------------------------------------------
On Mon, 2004-12-13 at 15:48, Roberto Nibali wrote:
Hi,
This is with libol-0.3.14. I'm adding some more debugging to find_macro().
I found the culprit. We use the gperf'd src/macros-gperf.c which is lacking the PRI in struct macro_def wordlist[] and thus it cannot be found by find_macro().
I think it is fixed as follows (no -p1 diff ;)):
--- macros.gprf-orig Mon Dec 13 15:47:46 2004 +++ macros.gprf Mon Dec 13 15:48:09 2004 @@ -7,6 +7,7 @@ PRIORITY, M_LEVEL LEVEL, M_LEVEL TAG, M_TAG +PRI, M_PRI DATE, M_DATE FULLDATE, M_FULLDATE ISODATE, M_ISODATE
Thanks, I've commited the same fix just a minute ago. Next time I'll read all my messages before trying to find bugs, especially if you post about them ;) So you can find this fix in tomorrow's snapshot. -- Bazsi
Hi,
Thanks, I've commited the same fix just a minute ago. Next time I'll read all my messages before trying to find bugs, especially if you post about them ;)
Excellent, so we've done the peer review already. One bug less and verified ;).
So you can find this fix in tomorrow's snapshot.
Thanks, I've already rolled my own syslog-ng patchset. We maintain two other smallish patches which are probably not suitable for your syslog-ng tree. Take care, Roberto Nibali, ratz -- ------------------------------------------------------------- addr://Rathausgasse 31, CH-5001 Aarau tel://++41 62 823 9355 http://www.terreactive.com fax://++41 62 823 9356 ------------------------------------------------------------- terreActive AG Wir sichern Ihren Erfolg -------------------------------------------------------------
On Mon, 2004-12-13 at 14:51, Roberto Nibali wrote:
When I start syslog-ng like follows:
# /sbin/syslog-ng -F -f /etc/syslog-ng.conf
I get the output (regarding the line: tcp("X.Y.W.Z" port(1514) template("<$PRI>$DATE $HOST $TAG $MSG\n"));
DEBUG: this is the id '30' DEBUG: this is the id '20' DEBUG: I'm in M_TAG in macros.c DEBUG: this is the id '440' DEBUG: this is the id '480'
The real syslog-ng.conf is huge but the line above is the only part where I have macro expansion, so I know that I fall through that destination. As you can see I do not get the id '21' which would be M_PRI. It seems to be lost. If I check with
tcpdump -X -s 1500 -n -i eth0 tcp and port 1514
I get something like following line:
<>Dec 13 12:57:01 hostname app[1213]:
Look, to me it looks like maybe msg-pri is not available at the expansion time. Maybe I also did something extremely stupid but I honestly have no time to debug it any further right now and the patch I've sent earlier solves my problem.
I'll check once again though to see if I really missed something obvious :).
Sorry. You are right, PRI was not added to the gperf lookup table, thus it was never resolved. Index: macros.gprf =================================================================== RCS file: /var/cvs/syslog-ng/syslog-ng/src/macros.gprf,v retrieving revision 1.1.4.1 diff -u -r1.1.4.1 macros.gprf --- macros.gprf 6 May 2004 07:37:10 -0000 1.1.4.1 +++ macros.gprf 13 Dec 2004 18:16:37 -0000 @@ -7,6 +7,7 @@ PRIORITY, M_LEVEL LEVEL, M_LEVEL TAG, M_TAG +PRI, M_PRI DATE, M_DATE FULLDATE, M_FULLDATE ISODATE, M_ISODATE -- Bazsi
participants (2)
-
Balazs Scheidler
-
Roberto Nibali