[syslog-ng]Random Directories
Balazs Scheidler
bazsi@balabit.hu
Thu, 25 Apr 2002 10:59:43 +0200
--OgqxwSJOaUobr8KG
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
On Wed, Apr 24, 2002 at 10:47:11AM -0700, Nate Campi wrote:
> On Wed, Apr 24, 2002 at 10:32:20AM -0700, Painter, Jennifer wrote:
> > Directories with names like " Error", " SCSI", ","
> >
> > Are showing up in the directory that holds the syslogs for the different hosts that we monitor.
> >
> > Has anyone seen these random directories. Any suggestions on how to deal with them.
>
> I archive by host, but syslog-ng can only do so much with certain
> messages.
>
> [root@loghost last]# cat /var/log/HOSTS/last/local2/2001/09/14/local220010914
> Sep 14 12:21:58 last message repeated 17 times
> Sep 14 12:21:58 last message repeated 17 times
> Sep 14 12:21:58 last message repeated 17 times
> Sep 14 12:21:58 last message repeated 17 times
>
> Obviously I have no host named "last", syslog-ng can't second guess the
> hostname sent when it could be valid.
>
> I want a macro taken from gethostbyaddr() instead of from the message
> contents that could be used to force a valid hostname no matter what.
>
> Baszi, could this be done please? It would help all of us who use
> syslog-ng for log archiving in the filesystem.
try the attached patch.
ps: if this patches proves to be stable, I'll release 1.5.17
--
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
--OgqxwSJOaUobr8KG
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="syslog-ng-hostfrom.diff"
Index: src/affile.c
===================================================================
RCS file: /var/cvs/syslog-ng/src/affile.c,v
retrieving revision 1.49
diff -u -r1.49 affile.c
--- src/affile.c 2002/04/12 07:42:16 1.49
+++ src/affile.c 2002/04/25 08:54:54
@@ -533,11 +533,13 @@
#define M_FULLHOST 36
#define M_HOST 37
-#define M_PROGRAM 38
+#define M_FULLHOST_FROM 38
+#define M_HOST_FROM 39
+#define M_PROGRAM 40
-#define M_MESSAGE 39
+#define M_MESSAGE 41
-#define M_SOURCE_IP 40
+#define M_SOURCE_IP 42
int append_string(char **dest, int *left, char *str, int length, int escape)
{
@@ -600,11 +602,6 @@
length = snprintf(*dest, *left, "%02x", msg->pri);
break;
}
- case M_FULLHOST: {
- /* full hostname */
- length = append_string(dest, left, msg->host->data, msg->host->length, escape);
- break;
- }
case M_SOURCE_IP: {
char *ip;
@@ -619,23 +616,33 @@
length = append_string(dest, left, ip, strlen(ip), escape);
break;
}
+ case M_FULLHOST_FROM:
+ case M_FULLHOST: {
+ struct ol_string *host = (id == M_FULLHOST ? msg->host : msg->host_from);
+ /* full hostname */
+ length = append_string(dest, left, host->data, host->length, escape);
+ break;
+ }
+ case M_HOST_FROM:
case M_HOST: {
/* host */
- UINT8 *p1 = memchr(msg->host->data, '@', msg->host->length);
+ struct ol_string *host = (id == M_HOST ? msg->host : msg->host_from);
+ UINT8 *p1;
UINT8 *p2;
int remaining;
+ p1 = memchr(host->data, '@', host->length);
if (p1)
p1++;
else
- p1 = msg->host->data;
- remaining = msg->host->length - (p1 - msg->host->data);
+ p1 = host->data;
+ remaining = host->length - (p1 - host->data);
p2 = memchr(p1, '/', remaining);
if (p2) {
length = MIN(p2 - p1, *left);
}
else {
- length = MIN(*left, msg->host->length - (p1 - msg->host->data));
+ length = MIN(*left, host->length - (p1 - host->data));
}
length = append_string(dest, left, p1, length, escape);
break;
@@ -839,6 +846,8 @@
{ "S_WEEKDAY", M_WEEKDAY_STAMP },
{ "S_UNIXTIME", M_UNIXTIME_STAMP },
+ { "HOST_FROM", M_HOST_FROM },
+ { "FULLHOST_FROM", M_FULLHOST_FROM },
{ "HOST", M_HOST },
{ "FULLHOST", M_FULLHOST },
Index: src/log.c
===================================================================
RCS file: /var/cvs/syslog-ng/src/log.c,v
retrieving revision 1.25
diff -u -r1.25 log.c
--- src/log.c 2002/03/19 09:26:16 1.25
+++ src/log.c 2002/04/25 08:54:54
@@ -251,6 +251,7 @@
ol_string_free(msg->program);
ol_string_free(msg->date);
ol_string_free(msg->msg);
+ ol_string_free(msg->host_from);
ol_space_free(msg);
}
}
Index: src/log.h
===================================================================
RCS file: /var/cvs/syslog-ng/src/log.h,v
retrieving revision 1.16
diff -u -r1.16 log.h
--- src/log.h 2002/03/19 09:26:16 1.16
+++ src/log.h 2002/04/25 08:54:54
@@ -46,6 +46,7 @@
struct ol_string *date;
struct ol_string *program;
struct ol_string *host;
+ struct ol_string *host_from;
};
#define CLASS_DECLARE
Index: src/sources.c
===================================================================
RCS file: /var/cvs/syslog-ng/src/sources.c,v
retrieving revision 1.32
diff -u -r1.32 sources.c
--- src/sources.c 2002/04/03 08:37:02 1.32
+++ src/sources.c 2002/04/25 08:54:54
@@ -222,10 +217,12 @@
return;
}
logmsg->source = c;
+ name = get_source_hostname(logmsg->saddr,
+ self->use_dns, self->use_fqdn,
+ self->cache);
+ logmsg->host_from = name;
if (!self->keep_hostname || !logmsg->host) {
- name = get_source_hostname(logmsg->saddr,
- self->use_dns, self->use_fqdn,
- self->cache);
+ ol_string_use(name);
if (self->chain_hostnames) {
if (logmsg->flags & LF_LOCAL) {
/* local */
--OgqxwSJOaUobr8KG--