[syslog-ng]Enterasys SSR syslog message date format patch fix
Rule, Ted
syslog-ng@lists.balabit.hu
Thu, 31 Jul 2003 17:32:03 +0100
This is a multi-part message in MIME format.
------_=_NextPart_001_01C35781.45DDA212
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
As previously posted, my old v 1.5 syslog-ng daemon had a little problem wi=
th SSR syslog messages
which incorrectly use "MMM 0D" format instead of "MMM D" format for days 1=
to 9 of each month,
against RFC3164's strictures, and unlike all other hosts and routers I've c=
ome across.
As a fix, I first upgraded to 1.6.0rc3 latest snapshot, manually forced one=
of the SSR's into
"tomorrow", and thereby forced a syslog message of the wrong format to be i=
ssued as per below:
Jul 31 16:54:35 fttv-e7D-ssr-sl1 %CLI-A-COMMAND_EXEC, CLI command (exit ) e=
xecuted
Jul 31 16:55:46 fttv-e7D-ssr-sl1 %CLI-A-COMMAND_EXEC, CLI command (system s=
how date ) executed
Aug 01 01:01:01 fttv-e7D-ssr-sl1 %SYS-I-DATE_CHANGE, The system's date has =
been changed to: 2003-08-01 01:01:01
Aug 01 01:01:07 fttv-e7D-ssr-sl1 %CLI-A-COMMAND_EXEC, CLI command (system s=
how date ) executed
Aug 01 01:01:33 fttv-e7D-ssr-sl1 %CONFIG-W-NOTSAVED, Changes made to the ru=
nning system are not saved to Startup
Aug 01 01:01:36 fttv-e7D-ssr-sl1 %SYS-A-CLI_MODE_CHANGE, CLI mode changed t=
o (guest).
Aug 01 01:01:36 fttv-e7D-ssr-sl1 %CLI-A-COMMAND_EXEC, CLI command (logout )=
executed
Which goes to prove that even v1.6 code still 'fails' to auto-correct the b=
roken date-stamp.
The patch fix below corrects the problem in src/log.c - simply patch log.c =
and touch log.c.x
and remake the syslog-ng binary.
[user@host syslog-ng]$ pwd
/usr/src/patches/syslog-ng
[user@host syslog-ng]$ diff -u log.c-1.6.0rc3.orig log.c-1.6.0rc3.patched=
--- log.c-1.6.0rc3.orig Tue Jul 29 09:36:59 2003
+++ log.c-1.6.0rc3.patched Tue Jul 29 10:05:44 2003
@@ -108,6 +108,22 @@
src[9] =3D=3D ':' && src[12] =3D=3D ':') {
/* Expected buffer format: MMM DD HH:MM:SS ... */
=20
+ /* Catcher for violation of RFC3164 para 4.1.2:
+ "If the day of the month is less than 10, then it M=
UST
+ be represented as a space and then the number.
+ For example, the 7th day of August would be represe=
nted
+ as "Aug 7", with two spaces between the "g" and
+ the "7"."
+
+ Enterasys Expedition Routers are known to violate
+ this clause.
+
+ Ted_Rule@flextech.co.uk: 29/07/2003 */
+ if ( src[4] =3D=3D '0' && isdigit(src[5]) &&
+ isdigit(src[7]) && isdigit(src[8]) ) {
+ src[4] =3D ' ';
+ }
+
/* Just read the buffer data into a textual
datestamp. */
lm->date =3D c_format_cstring("%s", 15, src);
[user@host syslog-ng]$=20
Which resulted in the correct format messages appearing in the actual syslo=
g files,
after which time, I flipped the router back to "today" and re-enabled NTP.
Jul 31 16:54:35 fttv-e7D-ssr-sl1 %SYS-A-CLI_MODE_CHANGE, CLI mode changed t=
o (enabled).
Jul 31 16:54:35 fttv-e7D-ssr-sl1 %CLI-A-COMMAND_EXEC, CLI command (exit ) e=
xecuted
Jul 31 16:55:46 fttv-e7D-ssr-sl1 %CLI-A-COMMAND_EXEC, CLI command (system s=
how date ) executed
Aug 01 01:01:01 fttv-e7D-ssr-sl1 %SYS-I-DATE_CHANGE, The system's date has =
been changed to: 2003-08-01 01:01:01
Aug 01 01:01:07 fttv-e7D-ssr-sl1 %CLI-A-COMMAND_EXEC, CLI command (system s=
how date ) executed
Aug 01 01:01:33 fttv-e7D-ssr-sl1 %CONFIG-W-NOTSAVED, Changes made to the ru=
nning system are not saved to Startup
Aug 01 01:01:36 fttv-e7D-ssr-sl1 %SYS-A-CLI_MODE_CHANGE, CLI mode changed t=
o (guest).
Aug 01 01:01:36 fttv-e7D-ssr-sl1 %CLI-A-COMMAND_EXEC, CLI command (logout )=
executed
Aug 1 01:10:22 fttv-e7D-ssr-sl1 %SYS-A-CLI_MODE_CHANGE, CLI mode changed t=
o (guest).
Aug 1 01:10:22 fttv-e7D-ssr-sl1 %TELNETD-A-LOGIN, Telnet user login
Aug 1 01:10:24 fttv-e7D-ssr-sl1 %SYS-A-CLI_MODE_CHANGE, CLI mode changed t=
o (enabled).
Aug 1 01:10:24 fttv-e7D-ssr-sl1 %CLI-A-COMMAND_EXEC, CLI command (en ) exe=
cuted
Jul 31 17:08:00 fttv-e7D-ssr-sl1 %SYS-I-DATE_CHANGE, The system's date has =
been changed to: 2003-07-31 17:08:00
Jul 31 17:08:05 fttv-e7D-ssr-sl1 %CLI-A-COMMAND_EXEC, CLI command (system s=
how date ) executed
Jul 31 17:08:23 fttv-e7D-ssr-sl1 %SYS-A-CLI_MODE_CHANGE, CLI mode changed t=
o (guest).
Jul 31 17:08:23 fttv-e7D-ssr-sl1 %CLI-A-COMMAND_EXEC, CLI command (logout )=
executed
I believe the reason that the date parsing of the original message fails to=
auto-correct the problem
is that the write of msg->date to msg->line in src/affile.c/do_handle_dest_=
_writer() uses the original
15 byte raw date string, rather than rebuild a date string on the fly from =
the tm struct which is parsed
by log.c:
static void do_handle_dest_writer(struct log_handler *c, struct log_info *m=
sg)
{
CAST(affile_dest_writer, self, c);
if (self->dest) {
struct ol_string *msg_line;
if (self->owner->template_output) {
msg_line =3D expand_macros(
self->owner->cfg,
self->owner->template_output,
self->owner->template_escape, ms=
g);
} else {
msg_line =3D c_format("%S %S %S\n",
msg->date,
msg->host, msg->msg);
}
A_WRITE_STRING(&self->dest->buffer->super, msg_line);
if (self->reap)
io_callout_set_timeout(self->reap, self->time_reap);
}
log_info_free(msg);
}
Ted
***************************************************************************=
*********************
This E-mail message, including any attachments, is intended only for the pe=
rson
or entity to which it is addressed, and may contain confidential informatio=
n.
If you are not the intended recipient, any review, retransmission, disclosu=
re,
copying, modification or other use of this E-mail message or attachments is
strictly forbidden.
If you have received this E-mail message in error, please contact the autho=
r and
delete the message and any attachments from your computer.
You are also advised that the views and opinions expressed in this E-mail
message and any attachments are the author's own, and may not reflect the v=
iews
and opinions of FLEXTECH Television Limited.
***************************************************************************=
*********************
------_=_NextPart_001_01C35781.45DDA212
Content-Type: application/ms-tnef; name="winmail.dat"
Content-Transfer-Encoding: base64
eJ8+IgQQAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAEIgAcAGAAAAElQTS5NaWNy
b3NvZnQgTWFpbC5Ob3RlADEIAQ2ABAACAAAAAgACAAEEgAEAMwAAAEVudGVyYXN5cyBTU1Igc3lz
bG9nIG1lc3NhZ2UgZGF0ZSBmb3JtYXQgcGF0Y2ggZml4AJoSAQWAAwAOAAAA0wcHAB8AEQAgAAMA
BAA4AQEggAMADgAAANMHBwAfABEAIAADAAQAOAEBCYABACEAAAA3NzcxQkU5QTY0QkJGQjQ5ODAz
RTAwREE1OEU1MUVENABUBwEDkAYA0BEAADEAAAALAAIAAQAAAAMAJgAAAAAAAwA2AAAAAABAADkA
EqLdRYFXwwEeAD0AAQAAAAEAAAAAAAAAAgFHAAEAAAA2AAAAYz11czthPSA7cD1GbGV4dGVjaDts
PUZUVFZHUFNFWENIMi0wMzA3MzExNjMyMDNaLTQ1OTEAAAAeAHAAAQAAADMAAABFbnRlcmFzeXMg
U1NSIHN5c2xvZyBtZXNzYWdlIGRhdGUgZm9ybWF0IHBhdGNoIGZpeAAAAgFxAAEAAAAWAAAAAcNX
gUQTVLTCrcMnEdeB3ACw0HuBvwAAHgAaDAEAAAAKAAAAUnVsZSwgVGVkAAAAHgAdDgEAAAAzAAAA
RW50ZXJhc3lzIFNTUiBzeXNsb2cgbWVzc2FnZSBkYXRlIGZvcm1hdCBwYXRjaCBmaXgAAAIBCRAB
AAAAEAwAAAwMAADzHAAATFpGdYokMlMDAAoAcmNwZzEyNeIyA0N0ZXgFQQEDAff/CoACpAPkBxMC
gA/zAFAEVj8IVQeyESUOUQMBAgBjaOEKwHNldDIGAAbDESX2MwRGE7cwEiwRMwjvCfe2OwlvDjA1
ESIMYGMAUPMLCQFkMzYWUAumEMAEIBJwCXB2aQhgc2x5CR0Qb3MOsGQsIG0DHbAG8GQgdiAxLhA1
IHN5HZBvZy3AbmcgZGFlBGADoEMT4B6gYSBsaQJAbFplHRFvAmAf4CAD8HRyaAYAU1IfFR5AB5Bz
nGFnB5AKogqAd2gN4O8hsAuABaEJcGMgwB2wHYAJIOAiTSTQIDBEIvogAhByAMAFQAuAHfEgQfRv
ZiS0ICUoJVEfsR8wwR7QIHRvIDkmMiYA9yORH/EhoCwjBCLAC3Ed8AEH8EZDMzE2NCf/BCAd8AUQ
JDAIcAeQHjAAcOkeoHVuIJBrIOAHQAMg9m8hoBKBaB3hBCArkgNghnUOsBQAIEkndiDgnwWgB4Ag
YAUAHeBzLiMERyMEHPEgcGZpeB4wSdcwERQABUB1DgByIEAJgAMoEh7gNi4wcmMzDyCAJZAHkAVA
c25hcNpzLOB0HjEAcHUsQR2w/SVRYzFRAiAg4CZBLJEhwu8qoQuAKCAjBCIoIARgJACYb3ciK3Qs
kmViM8f3IHAiHDSGdwNgH5ElVSgh/mIg4AQBClAgUR0BEoE6cMkJAHc6LxpKdQMgKmCBHtA2OjU0
OjMfAAEBgHR2LWU3RC0VBBByPiBsKAAlQ0xASS1BLUNPJNBBgE5EX0VYRUMeMG8+wS5CA4EeoCgO
wCCgIHopKJB4BZAtoQsxPG01uDo0Nj2fPq8/vygfIX8OsCFgMvEH4B/ADrBBH0HadR+gMCgASKA6
SNFIoUE9ryVTWVMtPuBEQEFURV9DSD9gR/pFHjBUNNFGVCqhRxMT4H8EIDpwCfAuQBPgH5AxUzqC
IAHQMDMtMDhOYPdIuEgPSOE3PZ8+rz+/Rk87QR9IazMyID2vPrBPTgBGSUctVy1OT8BUU0FWRUQ/
4U1z3wQgAMABACgSNMJyK9ADAG8fkUZVCsAg4G4sgB8QYfsuIDFjUwGQACAw8EgPVqEPQw9KVT8B
PtBfTU9E30sYQAIEYk1ZQLBnClAd8P4pLwVdXz2/Ps8/3h9RLZH7QR8jBFcjc2dQB5EoISEB3y4h
IaAlkR1ATTF2MbEuQU9Z4R3wAxADICdmC3BslHMnKBJhLaBvLSPl/TSzYgNgLBADoEcSPiABkNxt
cC8LS7IKsHQjkTAh/zt0LkEkA2mRb5IhFQuAHxCFMgAvH1EuYyAtHxD/B3ALUB2xb9NyhDbDCGBz
ptwueClVLVIf4GEsETTCbR8oYguACsB5LwsjBFuZJIFyQCziHxhdJB0QyndBtS8dgHIvckJvw98H
kHsAHzZ4b3l6ZAaQJlBULXVzxC0xti4FsGnfH6B+vXtUHqAjBC2BwH6vVX+yVApQIDyiMihQML45
XhE9MChQTiIjBCuFIJ9/74D1JrCGwYNJMTBI8GVC0TSEeUBActCH0DjqLEMAK4lCMhRAiQAjBA+G
xIbEiqpyMls5XSCUPT1r0DpsQCYmjCN3DiCMhkEgXAAAil+Kqi9wKiBFeDtAJDAxUWI+dQEgEoEl
VE4AJNJERFAgSEg6JNA6IdAg4i6S8CAqL4pFhMWKr/2P50N7Y5FTHrAdYDJBHWAfA6AmQSo1b7Ex
ICA0Lp0e4DI71ZQviqUiSTSk/yexNIYo8zqRIIAikWoyA6Afh9AeMCyRA6BA8U1VU/5Uk8+Kqzpx
CXAdIRQQAjD/OuQ38QqwNBA2tgOgNMIzcN8G0ASQLwWUL4qlRgWxDsDnboEg0JzzIDchoZr1SGH7
HYAFQHcIYB6Rn7yTz4qrvTsRIkhipXA2kSGDdKagn6DkTPKq4E0iNMIiZyUwnyuRk8+Kq6wTqlAu
IoTF+5PPiqtFoFExIB8hkGN+MK+W4wgALaRbcmtbsHehwbsoMJaUZZPPrd2cAWMLYC8kgaKGk8+K
q1QJgF9ScTywZUBmINAO0AWQaCFysG8udWtOATkv/VCAL04ikyeUL4qlBpBAsHWMIzSMhDCM8wQA
fjBn5yCgRkCMQTVdQSCNEJPPt4qvvYO/OTe/878bOL/x/44olC+LT740a9Br0Bkwk9/5iqpcfa87
iq+P2DygKgH/CXAgQW1jkRRHESBwNWIgYf8OsjOBik+KrkcSbmSTKIqvYYbEbG0tPkcTjLBjMl8l
VF9jKtIfkCgiZCVzNpExNR4wckEpv8g1eM951GhPddE6wGyQwr9yETTCbOYlVSKGIGBwO0D/CsBa
wto1ANDPAiIGMCCcMf8pRgGAEoEjZGuQB4AwUyCQ39wxzUQthDpgANBrKBI2AX8nsaxzddE94DLA
ITEeoE78VFAvCzyvPb9ff2CPYZj/4rVihjyvPb8+zz/fQO9B//9DDz6fP69GP0dPSF89r0p//0uP
TJ9Nr06/T889zz7fRW//Rn9Hj1YvVz9YT1lfWm9bf/9cj12fSb9fv2DPYd8KnwRP/z6vAC9nLwLp
J/EDwYfRifH/BF8Mzw3fDu8P+RZPBKtLADBMTkVUBMANEExP+EdJTkuRO5A0YDDReOH/c8IIIBWv
FrGIQARfDM8N3//ob+l3IF8EbxKPP99NQEEv1Ty1NwPgOAPgMARPSm/nS39Mj02dNy0rySsvLDG/
PY8SXwAfAS8CPyt8MgQ//wyvDb8Ozw/XOR8EbxKPE5/vFK93vwCQcGFpapEHlM0g/nOXAWpDmrQC
IQMBcwAIMf+bNX+id0EroNuVBEBsAmxf73FZAvScAUZ3d0hQAiFH0fxtc3bg1DQHcU0TRWAfEA9y
Bt7Q3hJysC9kb181BrFkJXBfB0ABYF9f+UyDcigCUB9RcTRIRgL0+9YgMCB5AiGYAAHl1VQAUP9T
AAehH4CcgwjgkQBJcKCB31M6R8ChxLoQc1BmSwABkP0HonQBkVOgdJCmgWkTS8H/R1IC1lKwc8SY
hQL0bmFrkPFywHZvaQEQT41QhVel5xSRT6UfgCpj1kFc6AggN5FwXfBNESlEBY5dQ0G9nbAoTvRc
Cl4hHvBmAFD/1odgHL3CYoJNQQ+yjj+Lt9tXtJawX1XFX0JfTjJjD/+9DmSUs7EfcE1AAXFzMAIR
+l8UwXACsGU/iq9n9sfRVwJwAwABAF8A4GNLAHOeKGV/bO9l7mqaY2ZT4P9lf2zvch9qr2u3dA9s
72Xf92qfa6IG8GPcIKURX1JjBf3JL30CYEmAAjBlX21/bocf1LbVsZLQg2EMwFxcbv+qYGV/bO9t
b00mdA9s72zvf00T13J9w01Afe/Jj2XPQfBfV1JJLiFhEI9wDfD8KCZkmE1AkQRNQNnAfaDfYlFn
9n4fY+9GAXBfhWzv92PmT5B9gGwUkAKwZ2AfIH5f35IUwZQpYmRrMZfBXz+Uk34tjc5etoLQCOBl
KLd96Y3GRA8KuYFEDwpgA/YgRESgsSqhX6FfoV+hX5+hX6FYoHUu0EvBRS0A4N9JcEjGAFAIILbA
dbJgCDH/APBWwAIQCfAO0EjQsZDeUP9YYs5hJTAHQAEQRkBWskhA/0qksxFGQKB1q+GqYUygVsDf
B3FYFQkwS8EHMGTZoVjR/wBQAPIA4FbAALCqcElgMGH/RkBPEAdArWFIoV7ygwKykesP86CxSUfg
eRTACMcHov+q90ph4DBFcKpwr0JWwAjgOnZFcHdT8R8gUwBuc/5tS8BHgEZAAFCpYH1wFJCfkYAI
4HQDoLEAsHB5U8P/DoFkUFgwsZNIMUfAVDMfUf9HxKfvuQKp+VhhoHVTkkqA/aukYltAsLGx7Qaw
RZFKYfxlaQlzp99OYx9wSwBiUf9rgEYR2oKwAUqFSeEBwLth/wEAoHUHQCVwTYIHsUjWAPL/qb1W
1LKRH4AAsWwRH3Cx5v5ZsqVIoEYwrqG1MFjRRmj/tTKukQEBt8AIILGxBwBvEf+u5Nokp+egdcSf
u5kI0sKY/y9xauGvSAkSCOBWoEp2ydPnoHXKO0fRRkwAEB3QDcBnHtK1IbYyIEyXwEyhZH+x5qFf
oV+hX6FfoV+mrwoIfX0A3CAeADUQAQAAAEkAAAA8N0VFNDAxQ0I3QkRENjU0MUJFMkVCNjhDQzkx
NzU5NkQyNjZBOEFAZnR0dmdwc2V4Y2gyLW5hcy5mbGV4dGVjaC5jby51az4AAAAAAwCAEP////8L
APIQAQAAAB8A8xABAAAAbgAAAEUAbgB0AGUAcgBhAHMAeQBzACAAUwBTAFIAIABzAHkAcwBsAG8A
ZwAgAG0AZQBzAHMAYQBnAGUAIABkAGEAdABlACAAZgBvAHIAbQBhAHQAIABwAGEAdABjAGgAIABm
AGkAeAAuAEUATQBMAAAAAAALAPYQAAAAAEAABzC4P9tFgVfDAUAACDBsBOBFgVfDAQMA3j+vbwAA
AwDxPwkEAAAeAPg/AQAAAAoAAABSdWxlLCBUZWQAAAACAfk/AQAAAF0AAAAAAAAA3KdAyMBCEBq0
uQgAKy/hggEAAAAAAAAAL089RkxFWFRFQ0gvT1U9RklSU1QgQURNSU5JU1RSQVRJVkUgR1JPVVAv
Q049UkVDSVBJRU5UUy9DTj1UUlVMRQAAAAAeAPo/AQAAABUAAABTeXN0ZW0gQWRtaW5pc3RyYXRv
cgAAAAACAfs/AQAAAB4AAAAAAAAA3KdAyMBCEBq0uQgAKy/hggEAAAAAAAAALgAAAAMA/T/kBAAA
AwAZQAAAAAADABpAAAAAAB4AMEABAAAABgAAAFRSVUxFAAAAHgAxQAEAAAAGAAAAVFJVTEUAAAAe
ADhAAQAAAAYAAABUUlVMRQAAAB4AOUABAAAAAgAAAC4AAAADAAlZAQAAAAsAWIEIIAYAAAAAAMAA
AAAAAABGAAAAAA6FAAAAAAAAAwBwgQggBgAAAAAAwAAAAAAAAEYAAAAAUoUAABuXAQAeAHGBCCAG
AAAAAADAAAAAAAAARgAAAABUhQAAAQAAAAUAAAAxMC4wAAAAAAMAuIEIIAYAAAAAAMAAAAAAAABG
AAAAAAGFAAAAAAAACwC9gQggBgAAAAAAwAAAAAAAAEYAAAAAA4UAAAAAAAADAMeBCCAGAAAAAADA
AAAAAAAARgAAAAAQhQAAAAAAAAMAzoEIIAYAAAAAAMAAAAAAAABGAAAAABiFAAAAAAAACwDjgQgg
BgAAAAAAwAAAAAAAAEYAAAAAgoUAAAAAAAALAOSBCCAGAAAAAADAAAAAAAAARgAAAAAGhQAAAAAA
AAsAKQAAAAAACwAjAAAAAAADAAYQzDQO/wMABxBgDwAAAwAQEAAAAAADABEQAAAAAB4ACBABAAAA
ZQAAAEFTUFJFVklPVVNMWVBPU1RFRCxNWU9MRFYxNVNZU0xPRy1OR0RBRU1PTkhBREFMSVRUTEVQ
Uk9CTEVNV0lUSFNTUlNZU0xPR01FU1NBR0VTV0hJQ0hJTkNPUlJFQ1RMWVVTRSIAAAAAAgF/AAEA
AABJAAAAPDdFRTQwMUNCN0JERDY1NDFCRTJFQjY4Q0M5MTc1OTZEMjY2QThBQGZ0dHZncHNleGNo
Mi1uYXMuZmxleHRlY2guY28udWs+AAAAAE6+
------_=_NextPart_001_01C35781.45DDA212--