[syslog-ng][PATCH] netmask-filter
Gert Menke
gert@menke.za.net
Mon, 4 Feb 2002 17:38:23 +0100
--4Ckj6UjgE2iN1+kY
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Hi!
On Mon, Feb 04, 2002 at 05:12:20PM +0100, I wrote:
> > I implemented $SOURCEIP in my CVS tree, available RSN.
> Oops... That's what I just did, too. :-)
>
> I also implemented extra Tokens R_FULLTIME etc. and R_FULLTIME etc.;
> R_* always give you the time the log message was received and S_* always
> gives you the time from the message's timestamp.
>
> I'll be sending you the patches ASAP.
Here is the patch against 1.5.13.
Balazs, feel free to remove my $SOURCEIP stuff, if you like yours better.
Please tell me what you think about my patch.
Greetings
Gert
--4Ckj6UjgE2iN1+kY
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="syslog-ng-1.5.13-sourceip_and_more_time.patch"
diff -r -U3 syslog-ng-1.5.13-orig/src/affile.c syslog-ng-1.5.13-patched/src/affile.c
--- syslog-ng-1.5.13-orig/src/affile.c Wed Oct 24 12:46:06 2001
+++ syslog-ng-1.5.13-patched/src/affile.c Mon Feb 4 16:40:09 2002
@@ -46,6 +46,11 @@
#include "affile.c.x"
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+
struct ol_string *
expand_macros(struct syslog_config *cfg, struct ol_string *template, int template_escape, struct log_info *msg);
@@ -427,11 +432,35 @@
#define M_SEC 11
#define M_WEEKDAY 12
-#define M_FULLHOST 13
-#define M_HOST 14
-#define M_PROGRAM 15
+#define M_DATE_RECVD 13
+#define M_FULLDATE_RECVD 14
+#define M_ISODATE_RECVD 15
+#define M_YEAR_RECVD 16
+#define M_MONTH_RECVD 17
+#define M_DAY_RECVD 18
+#define M_HOUR_RECVD 19
+#define M_MIN_RECVD 20
+#define M_SEC_RECVD 21
+#define M_WEEKDAY_RECVD 22
+
+#define M_DATE_STAMP 23
+#define M_FULLDATE_STAMP 24
+#define M_ISODATE_STAMP 25
+#define M_YEAR_STAMP 26
+#define M_MONTH_STAMP 27
+#define M_DAY_STAMP 28
+#define M_HOUR_STAMP 29
+#define M_MIN_STAMP 30
+#define M_SEC_STAMP 31
+#define M_WEEKDAY_STAMP 32
+
+#define M_FULLHOST 33
+#define M_HOST 34
+#define M_PROGRAM 35
+
+#define M_MESSAGE 36
-#define M_MESSAGE 16
+#define M_SOURCEIP 37
int append_string(char **dest, int *left, char *str, int length, int escape)
{
@@ -527,6 +556,28 @@
}
break;
}
+ case M_FULLDATE_RECVD:
+ case M_ISODATE_RECVD:
+ case M_WEEKDAY_RECVD:
+ case M_DATE_RECVD:
+ case M_YEAR_RECVD:
+ case M_MONTH_RECVD:
+ case M_DAY_RECVD:
+ case M_HOUR_RECVD:
+ case M_MIN_RECVD:
+ case M_SEC_RECVD:
+
+ case M_FULLDATE_STAMP:
+ case M_ISODATE_STAMP:
+ case M_WEEKDAY_STAMP:
+ case M_DATE_STAMP:
+ case M_YEAR_STAMP:
+ case M_MONTH_STAMP:
+ case M_DAY_STAMP:
+ case M_HOUR_STAMP:
+ case M_MIN_STAMP:
+ case M_SEC_STAMP:
+
case M_FULLDATE:
case M_ISODATE:
case M_WEEKDAY:
@@ -540,49 +591,106 @@
/* year, month, day */
struct tm *tm;
- if (cfg->use_time_recvd)
+ switch(id) {
+ case M_FULLDATE_RECVD:
+ case M_ISODATE_RECVD:
+ case M_WEEKDAY_RECVD:
+ case M_DATE_RECVD:
+ case M_YEAR_RECVD:
+ case M_MONTH_RECVD:
+ case M_DAY_RECVD:
+ case M_HOUR_RECVD:
+ case M_MIN_RECVD:
+ case M_SEC_RECVD:
tm = localtime(&msg->recvd);
- else
+ break;
+
+ case M_FULLDATE_STAMP:
+ case M_ISODATE_STAMP:
+ case M_WEEKDAY_STAMP:
+ case M_DATE_STAMP:
+ case M_YEAR_STAMP:
+ case M_MONTH_STAMP:
+ case M_DAY_STAMP:
+ case M_HOUR_STAMP:
+ case M_MIN_STAMP:
+ case M_SEC_STAMP:
tm = localtime(&msg->stamp);
+ break;
+
+ default:
+ if (cfg->use_time_recvd)
+ tm = localtime(&msg->recvd);
+ else
+ tm = localtime(&msg->stamp);
+ break;
+ }
switch (id) {
case M_WEEKDAY:
+ case M_WEEKDAY_RECVD:
+ case M_WEEKDAY_STAMP:
length = strftime(*dest, *left - 1, "%a", tm);
break;
case M_YEAR:
+ case M_YEAR_RECVD:
+ case M_YEAR_STAMP:
length = snprintf(*dest, *left, "%04d", tm->tm_year + 1900);
break;
case M_MONTH:
+ case M_MONTH_RECVD:
+ case M_MONTH_STAMP:
length = snprintf(*dest, *left, "%02d", tm->tm_mon + 1);
break;
case M_DAY:
+ case M_DAY_RECVD:
+ case M_DAY_STAMP:
length = snprintf(*dest, *left, "%02d", tm->tm_mday);
break;
case M_HOUR:
+ case M_HOUR_RECVD:
+ case M_HOUR_STAMP:
length = snprintf(*dest, *left, "%02d", tm->tm_hour);
break;
case M_MIN:
+ case M_MIN_RECVD:
+ case M_MIN_STAMP:
length = snprintf(*dest, *left, "%02d", tm->tm_min);
break;
case M_SEC:
+ case M_SEC_RECVD:
+ case M_SEC_STAMP:
length = snprintf(*dest, *left, "%02d", tm->tm_sec);
break;
case M_ISODATE:
+ case M_ISODATE_RECVD:
+ case M_ISODATE_STAMP:
length = strftime(*dest, *left - 1, "%Y-%m-%dT%H:%M:%S%z", tm);
break;
case M_FULLDATE:
+ case M_FULLDATE_RECVD:
+ case M_FULLDATE_STAMP:
length = strftime(*dest, *left - 1, "%Y %h %e %H:%M:%S", tm);
break;
case M_DATE:
+ case M_DATE_RECVD:
+ case M_DATE_STAMP:
length = strftime(*dest, *left - 1, "%h %e %H:%M:%S", tm);
break;
}
break;
+ }
case M_MESSAGE: {
/* message */
length = append_string(dest, left, msg->msg->data, msg->msg->length, escape);
break;
}
+ case M_SOURCEIP: {
+ /* source ip */
+ char sourceip[16];
+ CAST(inet_address_info, adrinf, msg->saddr);
+ strcpy (sourceip, adrinf ? inet_ntoa(adrinf->sa.sin_addr) : "no_ip" );
+ length = append_string(dest, left, sourceip, strlen(sourceip), 0);
}
default:
break;
@@ -610,13 +718,36 @@
{ "MIN", M_MIN },
{ "SEC", M_SEC },
{ "WEEKDAY", M_WEEKDAY },
-
+
+ { "R_DATE", M_DATE_RECVD },
+ { "R_FULLDATE", M_FULLDATE_RECVD },
+ { "R_ISODATE", M_ISODATE_RECVD },
+ { "R_YEAR", M_YEAR_RECVD },
+ { "R_MONTH", M_MONTH_RECVD },
+ { "R_DAY", M_DAY_RECVD },
+ { "R_HOUR", M_HOUR_RECVD },
+ { "R_MIN", M_MIN_RECVD },
+ { "R_SEC", M_SEC_RECVD },
+ { "R_WEEKDAY", M_WEEKDAY_RECVD },
+
+ { "S_DATE", M_DATE_STAMP },
+ { "S_FULLDATE", M_FULLDATE_STAMP },
+ { "S_ISODATE", M_ISODATE_STAMP },
+ { "S_YEAR", M_YEAR_STAMP },
+ { "S_MONTH", M_MONTH_STAMP },
+ { "S_DAY", M_DAY_STAMP },
+ { "S_HOUR", M_HOUR_STAMP },
+ { "S_MIN", M_MIN_STAMP },
+ { "S_SEC", M_SEC_STAMP },
+ { "S_WEEKDAY", M_WEEKDAY_STAMP },
+
{ "HOST", M_HOST },
{ "FULLHOST", M_FULLHOST },
{ "PROGRAM", M_PROGRAM },
{ "MSG", M_MESSAGE },
- { "MESSAGE", M_MESSAGE }
+ { "MESSAGE", M_MESSAGE },
+ { "SOURCEIP", M_SOURCEIP }
};
char format[MAX_EXPANDED_MACRO], *format_ptr = format;
int left = sizeof(format);
--4Ckj6UjgE2iN1+kY--