[PATCH] - $CONTENT macro - syslog-ng

16 Dec 2003

I'm posting a patch against 1.6.0-RC3

This patch get you a new macro, $CONTENT, that match only the content part of a message ( without the program name and the pid )

I extensively used it, and I had no problem at all so I believe it's safe.

Personally I found it really useful to match some message that starts in a certain way.

If Barzi find it useful too, he could merge it in the next release of syslog-ng.

Let me know if you find this patch of any use.



Amodiovalerio [Hypo] Verde

------------------------------------------------------------------------------------------------------------------

diff -aurN syslog-ng-1.6.0rc3.orig/src/macros-gperf.c syslog-ng-1.6.0rc3/src/macros-gperf.c

--- syslog-ng-1.6.0rc3.orig/src/macros-gperf.c  Wed Apr 16 12:03:46 2003
+++ syslog-ng-1.6.0rc3/src/macros-gperf.c       Tue Dec 16 15:49:38 2003
@@ -3,12 +3,12 @@
 #include "macros.h"
 struct macro_def { char *name; int id; int len; };

-#define TOTAL_KEYWORDS 51
+#define TOTAL_KEYWORDS 52
 #define MIN_WORD_LENGTH 2
 #define MAX_WORD_LENGTH 13
 #define MIN_HASH_VALUE 2
-#define MAX_HASH_VALUE 140
-/* maximum key range = 139, duplicates = 0 */
+#define MAX_HASH_VALUE 115
+/* maximum key range = 114, duplicates = 0 */

 #ifdef __GNUC__
 __inline
@@ -22,32 +22,32 @@
 {
   static unsigned char asso_values[] =
     {
-      141, 141, 141, 141, 141, 141, 141, 141, 141, 141,
-      141, 141, 141, 141, 141, 141, 141, 141, 141, 141,
-      141, 141, 141, 141, 141, 141, 141, 141, 141, 141,
-      141, 141, 141, 141, 141, 141, 141, 141, 141, 141,
-      141, 141, 141, 141, 141, 141, 141, 141, 141, 141,
-      141, 141, 141, 141, 141, 141, 141, 141, 141, 141,
-      141, 141, 141, 141, 141,  55, 141,  22,  60,   0,
-        0,  35,  10,  15, 141, 141,   0,  11,  25,   5,
-       25, 141,  50,   0,   0,  10,  15,   0, 141,  25,
-      141, 141, 141, 141, 141,   0, 141, 141, 141, 141,
-      141, 141, 141, 141, 141, 141, 141, 141, 141, 141,
-      141, 141, 141, 141, 141, 141, 141, 141, 141, 141,
-      141, 141, 141, 141, 141, 141, 141, 141, 141, 141,
-      141, 141, 141, 141, 141, 141, 141, 141, 141, 141,
-      141, 141, 141, 141, 141, 141, 141, 141, 141, 141,
-      141, 141, 141, 141, 141, 141, 141, 141, 141, 141,
-      141, 141, 141, 141, 141, 141, 141, 141, 141, 141,
-      141, 141, 141, 141, 141, 141, 141, 141, 141, 141,
-      141, 141, 141, 141, 141, 141, 141, 141, 141, 141,
-      141, 141, 141, 141, 141, 141, 141, 141, 141, 141,
-      141, 141, 141, 141, 141, 141, 141, 141, 141, 141,
-      141, 141, 141, 141, 141, 141, 141, 141, 141, 141,
-      141, 141, 141, 141, 141, 141, 141, 141, 141, 141,
-      141, 141, 141, 141, 141, 141, 141, 141, 141, 141,
-      141, 141, 141, 141, 141, 141, 141, 141, 141, 141,
-      141, 141, 141, 141, 141, 141
+      116, 116, 116, 116, 116, 116, 116, 116, 116, 116,
+      116, 116, 116, 116, 116, 116, 116, 116, 116, 116,
+      116, 116, 116, 116, 116, 116, 116, 116, 116, 116,
+      116, 116, 116, 116, 116, 116, 116, 116, 116, 116,
+      116, 116, 116, 116, 116, 116, 116, 116, 116, 116,
+      116, 116, 116, 116, 116, 116, 116, 116, 116, 116,
+      116, 116, 116, 116, 116,   5, 116,  55,  20,   0,
+        0,  20,  30,  35, 116, 116,   0,  62,   0,   5,
+       25, 116,  35,   0,   0,  10,  15,  10, 116,  55,
+      116, 116, 116, 116, 116,  20, 116, 116, 116, 116,
+      116, 116, 116, 116, 116, 116, 116, 116, 116, 116,
+      116, 116, 116, 116, 116, 116, 116, 116, 116, 116,
+      116, 116, 116, 116, 116, 116, 116, 116, 116, 116,
+      116, 116, 116, 116, 116, 116, 116, 116, 116, 116,
+      116, 116, 116, 116, 116, 116, 116, 116, 116, 116,
+      116, 116, 116, 116, 116, 116, 116, 116, 116, 116,
+      116, 116, 116, 116, 116, 116, 116, 116, 116, 116,
+      116, 116, 116, 116, 116, 116, 116, 116, 116, 116,
+      116, 116, 116, 116, 116, 116, 116, 116, 116, 116,
+      116, 116, 116, 116, 116, 116, 116, 116, 116, 116,
+      116, 116, 116, 116, 116, 116, 116, 116, 116, 116,
+      116, 116, 116, 116, 116, 116, 116, 116, 116, 116,
+      116, 116, 116, 116, 116, 116, 116, 116, 116, 116,
+      116, 116, 116, 116, 116, 116, 116, 116, 116, 116,
+      116, 116, 116, 116, 116, 116, 116, 116, 116, 116,
+      116, 116, 116, 116, 116, 116
     };
   register int hval = len;

@@ -68,23 +68,22 @@
 }

 #ifdef __GNUC__
+__inline
 #endif
 struct macro_def *
 find_macro (register const char *str, register unsigned int len)
 {
   static unsigned char lengthtable[] =
     {
-       0,  0,  2,  0,  4,  0,  0,  0,  0,  9, 10,  0,  0,  8,
-       4, 10,  0,  0,  8,  9,  5,  0,  0, 13,  4,  3,  6,  5,
-       0,  9,  8,  0,  0,  8,  0, 10,  0,  0,  3,  3,  8,  5,
-       0,  7,  0,  0,  0,  0,  0,  3,  0,  5,  0,  0,  4,  0,
-       0,  0,  0,  9, 10,  0,  0,  0,  4, 10,  6,  7,  8,  0,
-       0,  0,  0,  7,  0,  0,  6,  5,  0,  9,  0,  0,  7,  0,
-       4, 10,  6,  7,  3,  0,  5,  5,  0,  7,  0,  0,  0,  0,
-       8,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
-       0,  0,  0,  0,  6,  0,  0,  0,  0,  0,  0,  0,  0,  0,
-       0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  6,  0,  0,  0,
-       5
+       0,  0,  2,  0,  4,  0,  0,  0,  0,  0, 10,  0,  0,  8,
+       0, 10,  0,  0,  0,  9,  5,  0,  0,  3,  4,  0,  6,  0,
+       8,  0,  0,  0,  0,  0,  4,  0,  0,  7,  8,  4,  0,  0,
+       0, 13,  4, 10,  6,  0,  0,  9, 10,  0,  7,  8,  9, 10,
+       0,  0,  3,  9,  5,  6,  7,  8,  4,  3,  6,  5,  0,  7,
+       0,  0,  7,  8,  7,  0,  0,  0,  3,  0,  5,  6,  0,  0,
+       9,  3,  0,  0,  0,  0, 10,  0,  0,  0,  0,  5,  0,  5,
+       0,  0,  0,  6,  5,  8,  7,  0,  0,  0,  0,  0,  0,  0,
+       0,  0,  0,  5
     };
   static struct macro_def wordlist[] =
     {
@@ -92,82 +91,79 @@
       {"TZ", M_TZ},
       {""},
       {"S_TZ", M_TZ_STAMP},
-      {""}, {""}, {""}, {""},
-      {"S_WEEKDAY", M_WEEKDAY_STAMP},
+      {""}, {""}, {""}, {""}, {""},
       {"S_FULLDATE", M_FULLDATE_STAMP},
       {""}, {""},
       {"TZOFFSET", M_TZOFFSET},
-      {"HOST", M_HOST},
+      {""},
       {"S_TZOFFSET", M_TZOFFSET_STAMP},
-      {""}, {""},
-      {"FULLHOST", M_FULLHOST},
-      {"HOST_FROM", M_HOST_FROM},
+      {""}, {""}, {""},
+      {"S_WEEKDAY", M_WEEKDAY_STAMP},
       {"LEVEL", M_LEVEL},
       {""}, {""},
+      {"TAG", M_TAG},
+      {"DATE", M_DATE},
+      {""},
+      {"S_DATE", M_DATE_STAMP},
+      {""},
+      {"FULLDATE", M_FULLDATE},
+      {""}, {""}, {""}, {""}, {""},
+      {"HOST", M_HOST},
+      {""}, {""},
+      {"WEEKDAY", M_WEEKDAY},
+      {"FULLHOST", M_FULLHOST},
+      {"R_TZ", M_TZ_RECVD},
+      {""}, {""}, {""},
       {"FULLHOST_FROM", M_FULLHOST_FROM},
       {"HOUR", M_HOUR},
-      {"SEC", M_SEC},
+      {"R_FULLDATE", M_FULLDATE_RECVD},
       {"S_HOUR", M_HOUR_STAMP},
-      {"S_SEC", M_SEC_STAMP},
-      {""},
-      {"S_ISODATE", M_ISODATE_STAMP},
-      {"FACILITY", M_FACILITY},
       {""}, {""},
-      {"UNIXTIME", M_UNIXTIME},
+      {"S_ISODATE", M_ISODATE_STAMP},
+      {"R_TZOFFSET", M_TZOFFSET_RECVD},
       {""},
+      {"ISODATE", M_ISODATE},
+      {"UNIXTIME", M_UNIXTIME},
+      {"R_WEEKDAY", M_WEEKDAY_RECVD},
       {"S_UNIXTIME", M_UNIXTIME_STAMP},
       {""}, {""},
-      {"TAG", M_TAG},
+      {"SEC", M_SEC},
+      {"HOST_FROM", M_HOST_FROM},
+      {"S_SEC", M_SEC_STAMP},
+      {"R_DATE", M_DATE_RECVD},
+      {"CONTENT", M_CONTENT},
+      {"FACILITY", M_FACILITY},
+      {"YEAR", M_YEAR},
       {"MIN", M_MIN},
-      {"SOURCEIP", M_SOURCE_IP},
+      {"S_YEAR", M_YEAR_STAMP},
       {"S_MIN", M_MIN_STAMP},
       {""},
       {"S_MONTH", M_MONTH_STAMP},
-      {""}, {""}, {""}, {""}, {""},
-      {"MSG", M_MESSAGE},
-      {""},
-      {"MONTH", M_MONTH},
       {""}, {""},
-      {"R_TZ", M_TZ_RECVD},
-      {""}, {""}, {""}, {""},
-      {"R_WEEKDAY", M_WEEKDAY_RECVD},
-      {"R_FULLDATE", M_FULLDATE_RECVD},
-      {""}, {""}, {""},
-      {"DATE", M_DATE},
-      {"R_TZOFFSET", M_TZOFFSET_RECVD},
-      {"S_DATE", M_DATE_STAMP},
-      {"WEEKDAY", M_WEEKDAY},
-      {"FULLDATE", M_FULLDATE},
-      {""}, {""}, {""}, {""},
+      {"PROGRAM", M_PROGRAM},
+      {"SOURCEIP", M_SOURCE_IP},
       {"MESSAGE", M_MESSAGE},
-      {""}, {""},
-      {"R_HOUR", M_HOUR_RECVD},
-      {"R_SEC", M_SEC_RECVD},
+      {""}, {""}, {""},
+      {"DAY", M_DAY},
       {""},
-      {"R_ISODATE", M_ISODATE_RECVD},
+      {"S_DAY", M_DAY_STAMP},
+      {"R_HOUR", M_HOUR_RECVD},
       {""}, {""},
-      {"ISODATE", M_ISODATE},
-      {""},
-      {"YEAR", M_YEAR},
+      {"R_ISODATE", M_ISODATE_RECVD},
+      {"MSG", M_MESSAGE},
+      {""}, {""}, {""}, {""},
       {"R_UNIXTIME", M_UNIXTIME_RECVD},
-      {"S_YEAR", M_YEAR_STAMP},
-      {"PROGRAM", M_PROGRAM},
-      {"DAY", M_DAY},
+      {""}, {""}, {""}, {""},
+      {"R_SEC", M_SEC_RECVD},
       {""},
-      {"S_DAY", M_DAY_STAMP},
+      {"MONTH", M_MONTH},
+      {""}, {""}, {""},
+      {"R_YEAR", M_YEAR_RECVD},
       {"R_MIN", M_MIN_RECVD},
-      {""},
-      {"R_MONTH", M_MONTH_RECVD},
-      {""}, {""}, {""}, {""},
       {"PRIORITY", M_LEVEL},
-      {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""},
-      {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""},
-      {"R_DATE", M_DATE_RECVD},
-      {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""},
+      {"R_MONTH", M_MONTH_RECVD},
       {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""},
       {""},
-      {"R_YEAR", M_YEAR_RECVD},
-      {""}, {""}, {""},
       {"R_DAY", M_DAY_RECVD}
     };

diff -aurN syslog-ng-1.6.0rc3.orig/src/macros.c syslog-ng-1.6.0rc3/src/macros.c
--- syslog-ng-1.6.0rc3.orig/src/macros.c        Wed Apr 16 12:15:02 2003
+++ syslog-ng-1.6.0rc3/src/macros.c     Tue Dec 16 15:44:12 2003
@@ -351,7 +351,25 @@
                length = append_string(dest, left, msg->msg->data, msg->msg->length, escape);
                break;
        }
-       default:
+       case M_CONTENT: {
+               /* message without program name and pid */
+               char *test;
+               test = malloc(strlen(msg->msg->data));
+               if (msg->program) {
+                       char *index;
+                       index = strstr(msg->msg->data," ");
+                       if (index==NULL)
+                               strcpy(test,msg->msg->data);
+                       else
+                               strcpy(test,index+1);
+               }
+               else
+                       strcpy(test,msg->msg->data);
+               length = append_string(dest,left,test,strlen(test),escape);
+               free(test);
+               break;
+       }
+        default:
                break;
        }
        if (length < 0 || (unsigned int) length > *left)
@@ -427,7 +445,8 @@
        { "PROGRAM", M_PROGRAM },
        { "MSG", M_MESSAGE },
        { "MESSAGE", M_MESSAGE },
-       { "SOURCEIP", M_SOURCE_IP }
+       { "SOURCEIP", M_SOURCE_IP },
+        { "CONTENT", M_CONTENT }
 };

 static int macro_cache[sizeof(macros) / sizeof(struct macro_def)];
diff -aurN syslog-ng-1.6.0rc3.orig/src/macros.gprf syslog-ng-1.6.0rc3/src/macros.gprf
--- syslog-ng-1.6.0rc3.orig/src/macros.gprf     Thu Apr 10 12:51:00 2003
+++ syslog-ng-1.6.0rc3/src/macros.gprf  Tue Dec 16 15:44:50 2003
@@ -54,3 +54,4 @@
 MSG, M_MESSAGE
 MESSAGE, M_MESSAGE
 SOURCEIP, M_SOURCE_IP
+CONTENT, M_CONTENT
diff -aurN syslog-ng-1.6.0rc3.orig/src/macros.h syslog-ng-1.6.0rc3/src/macros.h
--- syslog-ng-1.6.0rc3.orig/src/macros.h        Thu Apr 10 20:22:54 2003
+++ syslog-ng-1.6.0rc3/src/macros.h     Tue Dec 16 15:45:32 2003
@@ -81,6 +81,8 @@

 #define M_SOURCE_IP      49

+#define M_CONTENT        50
+
 struct ol_string *
 expand_macros(struct syslog_config *cfg, struct ol_string *template, int template_escape, struct log_info *msg);

    

[PATCH] - $CONTENT macro

Amodiovalerio Verde

tags

participants (1)