[syslog-ng][PATCH] - $CONTENT macro
Amodiovalerio Verde
syslog-ng@lists.balabit.hu
Tue, 16 Dec 2003 16:07:00 +0100
I'm posting a patch against 1.6.0-RC3
This patch get you a new macro, =
$CONTENT, that match only the content part of a message ( without the pro=
gram name and the pid )
I extensively used it, and I had no problem at=
all so I believe it's safe.
Personally I found it really useful to ma=
tch some message that starts in a certain way.
If Barzi find it useful=
too, he could merge it in the next release of syslog-ng.
Let me know =
if you find this patch of any use.
Amodiovalerio [Hypo] Verde
=0D
=
-------------------------------------------------------------------------=
-----------------------------------------
diff -aurN syslog-ng-1.6.0rc=
3.orig/src/macros-gperf.c syslog-ng-1.6.0rc3/src/macros-gperf.c
--- sysl=
og-ng-1.6.0rc3.orig/src/macros-gperf.c Wed Apr 16 12:03:46 2003
+++ sys=
log-ng-1.6.0rc3/src/macros-gperf.c Tue Dec 16 15:49:38 2003
@@ -3,=
12 +3,12 @@
#include "macros.h"
struct macro_def { char *name; int id=
; int len; };
-#define TOTAL_KEYWORDS 51
+#define TOTAL_KEYWORDS 52=0D
=
#define MIN_WORD_LENGTH 2
#define MAX_WORD_LENGTH 13
#define MIN_HAS=
H_VALUE 2
-#define MAX_HASH_VALUE 140
-/* maximum key range =3D 139, du=
plicates =3D 0 */
+#define MAX_HASH_VALUE 115
+/* maximum key range =3D=
114, duplicates =3D 0 */
#ifdef __GNUC__
__inline
@@ -22,32 +22,3=
2 @@
{
static unsigned char asso_values[] =3D
{
- 141, =
141, 141, 141, 141, 141, 141, 141, 141, 141,
- 141, 141, 141, 141, =
141, 141, 141, 141, 141, 141,
- 141, 141, 141, 141, 141, 141, 141, =
141, 141, 141,
- 141, 141, 141, 141, 141, 141, 141, 141, 141, 141,=0D
=
- 141, 141, 141, 141, 141, 141, 141, 141, 141, 141,
- 141, 141=
, 141, 141, 141, 141, 141, 141, 141, 141,
- 141, 141, 141, 141, 141=
, 55, 141, 22, 60, 0,
- 0, 35, 10, 15, 141, 141, 0, 11=
, 25, 5,
- 25, 141, 50, 0, 0, 10, 15, 0, 141, 25,
- =
141, 141, 141, 141, 141, 0, 141, 141, 141, 141,
- 141, 141, =
141, 141, 141, 141, 141, 141, 141, 141,
- 141, 141, 141, 141, 141, =
141, 141, 141, 141, 141,
- 141, 141, 141, 141, 141, 141, 141, 141, =
141, 141,
- 141, 141, 141, 141, 141, 141, 141, 141, 141, 141,
- =
141, 141, 141, 141, 141, 141, 141, 141, 141, 141,
- 141, 141, 14=
1, 141, 141, 141, 141, 141, 141, 141,
- 141, 141, 141, 141, 141, 14=
1, 141, 141, 141, 141,
- 141, 141, 141, 141, 141, 141, 141, 141, 14=
1, 141,
- 141, 141, 141, 141, 141, 141, 141, 141, 141, 141,
- =
141, 141, 141, 141, 141, 141, 141, 141, 141, 141,
- 141, 141, 141,=
141, 141, 141, 141, 141, 141, 141,
- 141, 141, 141, 141, 141, 141,=
141, 141, 141, 141,
- 141, 141, 141, 141, 141, 141, 141, 141, 141,=
141,
- 141, 141, 141, 141, 141, 141, 141, 141, 141, 141,
- 1=
41, 141, 141, 141, 141, 141, 141, 141, 141, 141,
- 141, 141, 141, 1=
41, 141, 141
+ 116, 116, 116, 116, 116, 116, 116, 116, 116, 116,=0D
=
+ 116, 116, 116, 116, 116, 116, 116, 116, 116, 116,
+ 116, 116=
, 116, 116, 116, 116, 116, 116, 116, 116,
+ 116, 116, 116, 116, 116=
, 116, 116, 116, 116, 116,
+ 116, 116, 116, 116, 116, 116, 116, 116=
, 116, 116,
+ 116, 116, 116, 116, 116, 116, 116, 116, 116, 116,
+ =
116, 116, 116, 116, 116, 5, 116, 55, 20, 0,
+ 0, 20, =
30, 35, 116, 116, 0, 62, 0, 5,
+ 25, 116, 35, 0, 0, =
10, 15, 10, 116, 55,
+ 116, 116, 116, 116, 116, 20, 116, 116, =
116, 116,
+ 116, 116, 116, 116, 116, 116, 116, 116, 116, 116,
+ =
116, 116, 116, 116, 116, 116, 116, 116, 116, 116,
+ 116, 116, 11=
6, 116, 116, 116, 116, 116, 116, 116,
+ 116, 116, 116, 116, 116, 11=
6, 116, 116, 116, 116,
+ 116, 116, 116, 116, 116, 116, 116, 116, 11=
6, 116,
+ 116, 116, 116, 116, 116, 116, 116, 116, 116, 116,
+ =
116, 116, 116, 116, 116, 116, 116, 116, 116, 116,
+ 116, 116, 116,=
116, 116, 116, 116, 116, 116, 116,
+ 116, 116, 116, 116, 116, 116,=
116, 116, 116, 116,
+ 116, 116, 116, 116, 116, 116, 116, 116, 116,=
116,
+ 116, 116, 116, 116, 116, 116, 116, 116, 116, 116,
+ 1=
16, 116, 116, 116, 116, 116, 116, 116, 116, 116,
+ 116, 116, 116, 1=
16, 116, 116, 116, 116, 116, 116,
+ 116, 116, 116, 116, 116, 116, 1=
16, 116, 116, 116,
+ 116, 116, 116, 116, 116, 116, 116, 116, 116, 1=
16,
+ 116, 116, 116, 116, 116, 116
};
register int hval =3D=
len;
@@ -68,23 +68,22 @@
}
#ifdef __GNUC__
+__inline
#endif=0D
=
struct macro_def *
find_macro (register const char *str, register unsi=
gned int len)
{
static unsigned char lengthtable[] =3D
{
- =
0, 0, 2, 0, 4, 0, 0, 0, 0, 9, 10, 0, 0, 8,
- 4, 1=
0, 0, 0, 8, 9, 5, 0, 0, 13, 4, 3, 6, 5,
- 0, 9, 8, 0=
, 0, 8, 0, 10, 0, 0, 3, 3, 8, 5,
- 0, 7, 0, 0, 0, 0,=
0, 3, 0, 5, 0, 0, 4, 0,
- 0, 0, 0, 9, 10, 0, 0, 0, =
4, 10, 6, 7, 8, 0,
- 0, 0, 0, 7, 0, 0, 6, 5, 0, 9, =
0, 0, 7, 0,
- 4, 10, 6, 7, 3, 0, 5, 5, 0, 7, 0, 0, 0=
, 0,
- 8, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- =
0, 0, 0, 0, 6, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, =
0, 0, 0, 0, 0, 0, 0, 0, 0, 6, 0, 0, 0,
- 5
+ 0=
, 0, 2, 0, 4, 0, 0, 0, 0, 0, 10, 0, 0, 8,
+ 0, 10, 0,=
0, 0, 9, 5, 0, 0, 3, 4, 0, 6, 0,
+ 8, 0, 0, 0, 0, =
0, 4, 0, 0, 7, 8, 4, 0, 0,
+ 0, 13, 4, 10, 6, 0, 0, =
9, 10, 0, 7, 8, 9, 10,
+ 0, 0, 3, 9, 5, 6, 7, 8, 4, 3=
, 6, 5, 0, 7,
+ 0, 0, 7, 8, 7, 0, 0, 0, 3, 0, 5, 6,=
0, 0,
+ 9, 3, 0, 0, 0, 0, 10, 0, 0, 0, 0, 5, 0, 5,=0D
=
+ 0, 0, 0, 6, 5, 8, 7, 0, 0, 0, 0, 0, 0, 0,
+ 0=
, 0, 0, 5
};
static struct macro_def wordlist[] =3D
{=0D
=
@@ -92,82 +91,79 @@
{"TZ", M_TZ},
{""},
{"S_TZ", =
M_TZ_STAMP},
- {""}, {""}, {""}, {""},
- {"S_WEEKDAY", M_WEEK=
DAY_STAMP},
+ {""}, {""}, {""}, {""}, {""},
{"S_FULLDATE", =
M_FULLDATE_STAMP},
{""}, {""},
{"TZOFFSET", M_TZOFFSET},=0D
=
- {"HOST", M_HOST},
+ {""},
{"S_TZOFFSET", M_TZOFFSET_=
STAMP},
- {""}, {""},
- {"FULLHOST", M_FULLHOST},
- {"H=
OST_FROM", M_HOST_FROM},
+ {""}, {""}, {""},
+ {"S_WEEKDAY", =
M_WEEKDAY_STAMP},
{"LEVEL", M_LEVEL},
{""}, {""},
+ =
{"TAG", M_TAG},
+ {"DATE", M_DATE},
+ {""},
+ {"S_DATE=
", M_DATE_STAMP},
+ {""},
+ {"FULLDATE", M_FULLDATE},
+ =
{""}, {""}, {""}, {""}, {""},
+ {"HOST", M_HOST},
+ {""}, {"=
"},
+ {"WEEKDAY", M_WEEKDAY},
+ {"FULLHOST", M_FULLHOST},
+ =
{"R_TZ", M_TZ_RECVD},
+ {""}, {""}, {""},
{"FULLHOST_F=
ROM", M_FULLHOST_FROM},
{"HOUR", M_HOUR},
- {"SEC", M_SEC},=
+ {"R_FULLDATE", M_FULLDATE_RECVD},
{"S_HOUR", M_HOUR_STAM=
P},
- {"S_SEC", M_SEC_STAMP},
- {""},
- {"S_ISODATE", M=
_ISODATE_STAMP},
- {"FACILITY", M_FACILITY},
{""}, {""},=0D
=
- {"UNIXTIME", M_UNIXTIME},
+ {"S_ISODATE", M_ISODATE_STAMP},=0D
=
+ {"R_TZOFFSET", M_TZOFFSET_RECVD},
{""},
+ {"ISODATE"=
, M_ISODATE},
+ {"UNIXTIME", M_UNIXTIME},
+ {"R_WEEKDAY", M_W=
EEKDAY_RECVD},
{"S_UNIXTIME", M_UNIXTIME_STAMP},
{""}, {"=
"},
- {"TAG", M_TAG},
+ {"SEC", M_SEC},
+ {"HOST_FROM",=
M_HOST_FROM},
+ {"S_SEC", M_SEC_STAMP},
+ {"R_DATE", M_DATE_=
RECVD},
+ {"CONTENT", M_CONTENT},
+ {"FACILITY", M_FACILITY},=
+ {"YEAR", M_YEAR},
{"MIN", M_MIN},
- {"SOURCEIP", M=
_SOURCE_IP},
+ {"S_YEAR", M_YEAR_STAMP},
{"S_MIN", M_MIN_ST=
AMP},
{""},
{"S_MONTH", M_MONTH_STAMP},
- {""}, {""=
}, {""}, {""}, {""},
- {"MSG", M_MESSAGE},
- {""},
- {"=
MONTH", M_MONTH},
{""}, {""},
- {"R_TZ", M_TZ_RECVD},
- =
{""}, {""}, {""}, {""},
- {"R_WEEKDAY", M_WEEKDAY_RECVD},
- =
{"R_FULLDATE", M_FULLDATE_RECVD},
- {""}, {""}, {""},
- {"D=
ATE", M_DATE},
- {"R_TZOFFSET", M_TZOFFSET_RECVD},
- {"S_DATE=
", M_DATE_STAMP},
- {"WEEKDAY", M_WEEKDAY},
- {"FULLDATE", M_=
FULLDATE},
- {""}, {""}, {""}, {""},
+ {"PROGRAM", M_PROGRAM}=
,
+ {"SOURCEIP", M_SOURCE_IP},
{"MESSAGE", M_MESSAGE},
- =
{""}, {""},
- {"R_HOUR", M_HOUR_RECVD},
- {"R_SEC", M_SEC=
_RECVD},
+ {""}, {""}, {""},
+ {"DAY", M_DAY},
{""},=0D
=
- {"R_ISODATE", M_ISODATE_RECVD},
+ {"S_DAY", M_DAY_STAMP},=0D
=
+ {"R_HOUR", M_HOUR_RECVD},
{""}, {""},
- {"ISODATE", =
M_ISODATE},
- {""},
- {"YEAR", M_YEAR},
+ {"R_ISODATE",=
M_ISODATE_RECVD},
+ {"MSG", M_MESSAGE},
+ {""}, {""}, {""}, =
{""},
{"R_UNIXTIME", M_UNIXTIME_RECVD},
- {"S_YEAR", M_YEAR=
_STAMP},
- {"PROGRAM", M_PROGRAM},
- {"DAY", M_DAY},
+ =
{""}, {""}, {""}, {""},
+ {"R_SEC", M_SEC_RECVD},
{""},
- =
{"S_DAY", M_DAY_STAMP},
+ {"MONTH", M_MONTH},
+ {""}, {"=
"}, {""},
+ {"R_YEAR", M_YEAR_RECVD},
{"R_MIN", M_MIN_RECVD=
},
- {""},
- {"R_MONTH", M_MONTH_RECVD},
- {""}, {""}, =
{""}, {""},
{"PRIORITY", M_LEVEL},
- {""}, {""}, {""}, {""}=
, {""}, {""}, {""}, {""}, {""},
- {""}, {""}, {""}, {""}, {""}, {""=
}, {""}, {""},
- {"R_DATE", M_DATE_RECVD},
- {""}, {""}, {""}=
, {""}, {""}, {""}, {""}, {""}, {""},
+ {"R_MONTH", M_MONTH_RECVD},=
{""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""},
{"=
"},
- {"R_YEAR", M_YEAR_RECVD},
- {""}, {""}, {""},
{=
"R_DAY", M_DAY_RECVD}
};
diff -aurN syslog-ng-1.6.0rc3.orig/src/=
macros.c syslog-ng-1.6.0rc3/src/macros.c
--- syslog-ng-1.6.0rc3.orig/src=
/macros.c Wed Apr 16 12:15:02 2003
+++ syslog-ng-1.6.0rc3/src/mac=
ros.c Tue Dec 16 15:44:12 2003
@@ -351,7 +351,25 @@
=
length =3D append_string(dest, left, msg->msg->data, msg->msg->length, e=
scape);
break;
}
- default:
+ cas=
e M_CONTENT: {
+ /* message without program name and pid *=
/
+ char *test;
+ test =3D malloc(strlen(ms=
g->msg->data));
+ if (msg->program) {
+ =
char *index;
+ index =3D strstr(msg->msg->dat=
a," ");
+ if (index=3D=3DNULL)
+ =
strcpy(test,msg->msg->data);
+ else=0D
=
+ strcpy(test,index+1);
+ }=0D
=
+ else
+ strcpy(test,msg->msg->data)=
;
+ length =3D append_string(dest,left,test,strlen(test),e=
scape);
+ free(test);
+ break;
+ }=0D
=
+ default:
break;
}
if (length =
< 0 || (unsigned int) length > *left)
@@ -427,7 +445,8 @@
{ "PR=
OGRAM", M_PROGRAM },
{ "MSG", M_MESSAGE },
{ "MESSAGE",=
M_MESSAGE },
- { "SOURCEIP", M_SOURCE_IP }
+ { "SOURCEIP",=
M_SOURCE_IP },
+ { "CONTENT", M_CONTENT }
};
static int ma=
cro_cache[sizeof(macros) / sizeof(struct macro_def)];
diff -aurN syslog-=
ng-1.6.0rc3.orig/src/macros.gprf syslog-ng-1.6.0rc3/src/macros.gprf
--- =
syslog-ng-1.6.0rc3.orig/src/macros.gprf Thu Apr 10 12:51:00 2003
+++=
syslog-ng-1.6.0rc3/src/macros.gprf Tue Dec 16 15:44:50 2003
@@ -54,3 +=
54,4 @@
MSG, M_MESSAGE
MESSAGE, M_MESSAGE
SOURCEIP, M_SOURCE_IP
+C=
ONTENT, M_CONTENT
diff -aurN syslog-ng-1.6.0rc3.orig/src/macros.h syslog=
-ng-1.6.0rc3/src/macros.h
--- syslog-ng-1.6.0rc3.orig/src/macros.h =
Thu Apr 10 20:22:54 2003
+++ syslog-ng-1.6.0rc3/src/macros.h Tue D=
ec 16 15:45:32 2003
@@ -81,6 +81,8 @@
#define M_SOURCE_IP 49=0D
=
+#define M_CONTENT 50
+
struct ol_string *
expand_macros(st=
ruct syslog_config *cfg, struct ol_string *template, int template_escape,=
struct log_info *msg);