[syslog-ng]Re: 1.5.19, pad_size and check_hostname extension
Balazs Scheidler
bazsi@balabit.hu
Wed, 24 Jul 2002 11:28:38 +0200
On Mon, Jul 22, 2002 at 07:20:18PM +0200, Trapp, Michael wrote:
> hi bazsi,
>
> i've experienced a problem with the hostname options.
> we have several network components sending sl-msg without a hostname.
> due to the lack of the hostname syslog.ng interprets the first tag of the message
> as a hostname even if it contains [^a-zA-Z-.]
> to avoid the substitution of the first tag (we don't want to keep the original name anyway,
> chain_hostname = 0, keep_hostname = 0) i extended the config and source with check_hostname.
> maybe you could apply the attached patch. it would be great to find this option in future
> releases.
I've implemented check_hostname differently. It is verified during log
parsing so it behaves consistently in all log paths.
My patch is attached to this message.
> i also tested the pad_size option on my hpux-11.00 and it works !
> well, it took me a few minutes to understand how it should work and how to configure ;-)
Index: ChangeLog
===================================================================
RCS file: /var/cvs/syslog-ng/syslog-ng/ChangeLog,v
retrieving revision 1.57
diff -u -r1.57 ChangeLog
--- ChangeLog 23 Jul 2002 12:08:49 -0000 1.57
+++ ChangeLog 24 Jul 2002 09:27:16 -0000
@@ -1,3 +1,9 @@
+2002-07-24 Balazs Scheidler <bazsi@balabit.balabit>
+
+ * src/log.c: implemented check_hostname by verifying whether a
+ hostname only contains [A-Za-z0-9./@:], the check is triggered if
+ check_hostname is enabled in global config
+
2002-07-23 Balazs Scheidler <bazsi@balabit.balabit>
* updated INSTALL file to reflect latest OS hints
Index: INSTALL
===================================================================
RCS file: /var/cvs/syslog-ng/syslog-ng/INSTALL,v
retrieving revision 1.11
diff -u -r1.11 INSTALL
--- INSTALL 23 Jul 2002 12:08:49 -0000 1.11
+++ INSTALL 24 Jul 2002 09:27:16 -0000
@@ -123,11 +123,12 @@
----------------------
AIX does support STREAMS, but its log transport doesn't use it. As it
- seems /dev/log is a simple unix socket, though I can't find out whether
- it uses SOCK_DGRAM or SOCK_STREAM semantics.
+ seems /dev/log is a simple SOCK_DGRAM type unix socket, so it works using:
+
+ source stdlog { unix-dgram("/dev/log"); };
HP-UX (HP-UX 11.0)
- ------------------------
+ ------------------
HP-UX uses a named pipe called /dev/log for log transport, and you
can use this with the pipe() driver with an additional option. HP-UX pads
Index: src/affile.c
===================================================================
RCS file: /var/cvs/syslog-ng/syslog-ng/src/affile.c,v
retrieving revision 1.51
diff -u -r1.51 affile.c
--- src/affile.c 18 Jul 2002 13:18:01 -0000 1.51
+++ src/affile.c 24 Jul 2002 09:27:16 -0000
@@ -162,7 +162,7 @@
if (do_open_file(self->name, flags, -1, -1, -1, -1, -1, -1, 0, &fd)) {
lseek(fd, 0, SEEK_END);
self->src = io_read(make_io_fd(cfg->backend, fd, ol_string_use(self->name)),
- make_log_reader(0, self->prefix, cfg->log_msg_size, self->pad_size, c),
+ make_log_reader(0, self->prefix, cfg->log_msg_size, self->pad_size, cfg->check_hostname ? LF_CHECK_HOSTNAME : 0, c),
NULL);
self->res = REMEMBER_RESOURCE(cfg->resources, &self->src->super.super);
return ST_OK | ST_GOON;
Index: src/afinet.c
===================================================================
RCS file: /var/cvs/syslog-ng/syslog-ng/src/afinet.c,v
retrieving revision 1.19
diff -u -r1.19 afinet.c
--- src/afinet.c 18 Jul 2002 13:18:01 -0000 1.19
+++ src/afinet.c 24 Jul 2002 09:27:16 -0000
@@ -89,13 +89,13 @@
notice("AF_INET client connected from %S, port %i\n",
inet->ip, inet->port);
io_read(self->client,
- make_log_reader(0, NULL, cfg->log_msg_size, 0, c),
+ make_log_reader(0, NULL, cfg->log_msg_size, 0, cfg->check_hostname ? LF_CHECK_HOSTNAME : 0, c),
make_afsocket_source_close_callback(self));
}
else {
/* SOCK_DGRAM */
io_read(self->client,
- make_log_reader(1, NULL, cfg->log_msg_size, 0, c),
+ make_log_reader(1, NULL, cfg->log_msg_size, 0, cfg->check_hostname ? LF_CHECK_HOSTNAME : 0, c),
make_afsocket_source_close_callback(self));
}
Index: src/afstreams.c
===================================================================
RCS file: /var/cvs/syslog-ng/syslog-ng/src/afstreams.c,v
retrieving revision 1.13
diff -u -r1.13 afstreams.c
--- src/afstreams.c 26 Apr 2002 09:43:54 -0000 1.13
+++ src/afstreams.c 24 Jul 2002 09:27:16 -0000
@@ -145,7 +145,7 @@
length = eol - bol;
if (length) {
- li = make_log_info(length, bol, NULL);
+ li = make_log_info(length, bol, NULL, 0);
li->pri = pri;
HANDLE_LOG(self->pipe, li);
}
Index: src/afunix.c
===================================================================
RCS file: /var/cvs/syslog-ng/syslog-ng/src/afunix.c,v
retrieving revision 1.22
diff -u -r1.22 afunix.c
--- src/afunix.c 18 Jul 2002 13:18:01 -0000 1.22
+++ src/afunix.c 24 Jul 2002 09:27:16 -0000
@@ -51,7 +51,7 @@
CAST(afsocket_source_connection, self, c);
io_read(self->client,
- make_log_reader(0, NULL, cfg->log_msg_size, 0, c),
+ make_log_reader(0, NULL, cfg->log_msg_size, 0, cfg->check_hostname ? LF_CHECK_HOSTNAME : 0, c),
make_afsocket_source_close_callback(self));
return ST_OK | ST_GOON;
Index: src/cfg-grammar.y
===================================================================
RCS file: /var/cvs/syslog-ng/syslog-ng/src/cfg-grammar.y,v
retrieving revision 1.55
diff -u -r1.55 cfg-grammar.y
--- src/cfg-grammar.y 18 Jul 2002 13:18:01 -0000 1.55
+++ src/cfg-grammar.y 24 Jul 2002 09:27:16 -0000
@@ -75,7 +75,7 @@
/* option items */
%token KW_FLAGS KW_CATCHALL KW_FALLBACK KW_FINAL
-%token KW_FSYNC KW_MARK_FREQ KW_SYNC_FREQ KW_STATS_FREQ KW_CHAIN_HOSTNAMES KW_KEEP_HOSTNAME
+%token KW_FSYNC KW_MARK_FREQ KW_SYNC_FREQ KW_STATS_FREQ KW_CHAIN_HOSTNAMES KW_KEEP_HOSTNAME KW_CHECK_HOSTNAME
%token KW_LOG_FIFO_SIZE KW_LOG_MSG_SIZE
%token KW_TIME_REOPEN KW_TIME_REAP KW_USE_TIME_RECVD
%token KW_USE_DNS KW_USE_FQDN KW_GC_BUSY_THRESHOLD
@@ -574,6 +574,7 @@
| KW_STATS_FREQ '(' NUMBER ')' { configuration->stats_freq = $3; }
| KW_CHAIN_HOSTNAMES '(' yesno ')' { configuration->chain_hostnames = $3; }
| KW_KEEP_HOSTNAME '(' yesno ')' { configuration->keep_hostname = $3; }
+ | KW_CHECK_HOSTNAME '(' yesno ')' { configuration->check_hostname = $3; }
| KW_USE_TIME_RECVD '(' yesno ')' { configuration->use_time_recvd = $3; }
| KW_USE_FQDN '(' yesno ')' { configuration->use_fqdn = $3; };
| KW_USE_DNS '(' yesno ')' { configuration->use_dns = $3; };
Index: src/cfg-lex.l
===================================================================
RCS file: /var/cvs/syslog-ng/syslog-ng/src/cfg-lex.l,v
retrieving revision 1.24
diff -u -r1.24 cfg-lex.l
--- src/cfg-lex.l 18 Jul 2002 13:18:02 -0000 1.24
+++ src/cfg-lex.l 24 Jul 2002 09:27:16 -0000
@@ -60,6 +60,7 @@
{ "use_time_recvd", KW_USE_TIME_RECVD },
{ "use_fqdn", KW_USE_FQDN },
{ "use_dns", KW_USE_DNS },
+ { "check_hostname", KW_CHECK_HOSTNAME },
{ "gc_threshold", KW_GC_BUSY_THRESHOLD },
{ "gc_busy_threshold", KW_GC_BUSY_THRESHOLD },
{ "gc_idle_threshold", KW_GC_IDLE_THRESHOLD },
Index: src/cfgfile.h
===================================================================
RCS file: /var/cvs/syslog-ng/syslog-ng/src/cfgfile.h,v
retrieving revision 1.23
diff -u -r1.23 cfgfile.h
--- src/cfgfile.h 26 Apr 2002 09:43:54 -0000 1.23
+++ src/cfgfile.h 24 Jul 2002 09:27:16 -0000
@@ -56,6 +56,7 @@
(use_time_recvd simple UINT32)
(use_fqdn simple UINT32)
(use_dns simple UINT32)
+ (check_hostname simple UINT32)
(create_dirs simple UINT32)
(uid simple int)
(gid simple int)
Index: src/log.c
===================================================================
RCS file: /var/cvs/syslog-ng/syslog-ng/src/log.c,v
retrieving revision 1.26
diff -u -r1.26 log.c
--- src/log.c 26 Apr 2002 09:43:54 -0000 1.26
+++ src/log.c 24 Jul 2002 09:27:16 -0000
@@ -161,6 +161,15 @@
while (left && *src != ' ' && *src != ':'
&& *src != '[') {
+ if (lm->flags & LF_CHECK_HOSTNAME &&
+ !((*src >= 'A' && *src <= 'Z') ||
+ (*src >= 'a' && *src <= 'z') ||
+ (*src >= '0' && *src <= '9') ||
+ *src == '-' || *src == '_' ||
+ *src == '.' || *src == ':' ||
+ *src == '@' || *src == '/')) {
+ break;
+ }
src++;
left--;
}
@@ -256,11 +265,12 @@
}
}
-struct log_info *make_log_info(UINT32 length, UINT8 *msg, UINT8 *prefix)
+struct log_info *make_log_info(UINT32 length, UINT8 *msg, UINT8 *prefix, UINT32 flags)
{
struct log_info *self;
NEW_SPACE(self);
+ self->flags = flags & LF_USER_FLAGS;
parse_log_msg(self, length, msg, prefix);
self->use_cnt = 1;
self->recvd = time(NULL);
Index: src/log.h
===================================================================
RCS file: /var/cvs/syslog-ng/syslog-ng/src/log.h,v
retrieving revision 1.17
diff -u -r1.17 log.h
--- src/log.h 26 Apr 2002 09:43:54 -0000 1.17
+++ src/log.h 24 Jul 2002 09:27:16 -0000
@@ -56,6 +56,9 @@
#define LF_INTERNAL 0x0001
#define LF_MARK 0x0002
#define LF_LOCAL 0x0004
+#define LF_CHECK_HOSTNAME 0x0100
+
+#define LF_USER_FLAGS 0xff00
/* CLASS:
(class
@@ -86,7 +89,7 @@
struct log_info *log_info_use(struct log_info *msg);
void log_info_free(struct log_info *msg);
-struct log_info *make_log_info(UINT32 length, UINT8 *data, UINT8 *prefix);
+struct log_info *make_log_info(UINT32 length, UINT8 *data, UINT8 *prefix, UINT32 flags);
struct log_info *make_internal_message(UINT32 pri, UINT32 length, UINT8 *data);
struct log_info *make_mark_message(void);
Index: src/sources.c
===================================================================
RCS file: /var/cvs/syslog-ng/syslog-ng/src/sources.c,v
retrieving revision 1.34
diff -u -r1.34 sources.c
--- src/sources.c 18 Jul 2002 13:18:02 -0000 1.34
+++ src/sources.c 24 Jul 2002 09:27:16 -0000
@@ -53,6 +53,7 @@
(buffer space UINT8)
(max_log_line simple UINT32)
(pad_size simple UINT32)
+ (msg_flags simple UINT32)
(next object log_handler)))
*/
@@ -64,7 +65,7 @@
{
struct log_info *logmsg;
- logmsg = make_log_info(length, data, self->prefix);
+ logmsg = make_log_info(length, data, self->prefix, self->msg_flags);
if (addrlen) {
logmsg->saddr = sockaddr2address_info(addrlen, addr);
}
@@ -150,6 +151,7 @@
UINT8 *prefix,
UINT32 max_log_line,
UINT32 pad_size,
+ UINT32 msg_flags,
struct log_handler *next)
{
NEW(log_reader, self);
@@ -160,6 +162,7 @@
self->prefix = prefix;
self->max_log_line = MAX(max_log_line, pad_size) + 1;
self->pad_size = pad_size;
+ self->msg_flags = msg_flags;
self->buffer = ol_space_alloc(max_log_line);
return &self->super;
Index: src/sources.h
===================================================================
RCS file: /var/cvs/syslog-ng/syslog-ng/src/sources.h,v
retrieving revision 1.15
diff -u -r1.15 sources.h
--- src/sources.h 18 Jul 2002 13:18:02 -0000 1.15
+++ src/sources.h 24 Jul 2002 09:27:16 -0000
@@ -65,6 +65,7 @@
UINT8 *prefix,
UINT32 max_log_line,
UINT32 pad_size,
+ UINT32 msg_flags,
struct log_handler *next);
struct log_source_group *make_source_group(const char *name, struct log_source_driver *drvs);
--
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1