[syslog-ng] Syslog-NG, log4j, tabs, whitespace, indent
John Skopis
jskopis at backstopsolutions.com
Thu Dec 11 17:37:53 CET 2008
> -----Original Message-----
> From: syslog-ng-bounces at lists.balabit.hu [mailto:syslog-ng-
> bounces at lists.balabit.hu] On Behalf Of Balazs Scheidler
> Sent: Thursday, December 11, 2008 7:21 AM
> To: Syslog-ng users' and developers' mailing list
> Subject: Re: [syslog-ng] Syslog-NG, log4j, tabs, whitespace, indent
>
> On Wed, 2008-12-10 at 16:55 -0600, John Skopis wrote:
> > Bazsi,
> >
> > Strace:
> > recvfrom(5, "<147> at
> org.jgroups.util.TimeScheduler$Loop.run(TimeScheduler.java:141)", 8192,
> 0, {sa_family=AF_INET, sin_port=htons(41277),
> sin_addr=inet_addr("1.2.3.4")}, [16]) = 75
> > write(14, "Dec 10 17:52:04 1.2.3.4 at
> org.jgroups.util.TimeScheduler$Loop.run(TimeScheduler.java:141)\n", 97)
> = 97
> > recvfrom(5, "<147> at
> org.jgroups.util.TimeScheduler$Loop.run(TimeScheduler.java:141)", 8192,
> 0, {sa_family=AF_INET, sin_port=htons(41277),
> sin_addr=inet_addr("1.2.3.4")}, [16]) = 75
> > write(14, "Dec 10 17:52:04 1.2.3.4 at
> org.jgroups.util.TimeScheduler$Loop.run(TimeScheduler.java:141)\n", 97)
> = 97
> >
> > Let me know if you need tcpdump still (I started the cap but would
> like to anonymize it and/or send it to you off-list).
> >
>
> Ah, this means that there's no tab at the beginning of the message, but
> rather it is a space. syslog-ng skips spaces if the syslog header is
> not
> complete.
>
> Try enabling setHeader(true) on your SyslogAppender class. This will
> probably make log4j emit a complete syslog header, in which case
> syslog-ng will not drop the preceding spaces.
>
> Please let me know if this works for you.
Well, I tried setting Header=true but it did nothing. Actually, I think that it *is* setting the header for the first line of output, however as a stack trace is a log message spanning multiple lines it only sets the header for the first line.
Can I request a feature like the one is this patch? I am not sure of the implications in keeping the whitespace. It doesn't appear to break anything for me...but then again I am only using the $HOST macro..
I admit that it is a bit of a hack...perhaps the original logic was meant to replace the first space, which acts a field separator, not trim leading whitespace chars?
Also, scuse' the indentation in the patch -- clearly my vi settings don't match your indentation rules ;]
Thanks
diff -uar syslog-ng-2.0.9.pristine/src/cfg-lex.c syslog-ng-2.0.9/src/cfg-lex.c
--- syslog-ng-2.0.9.pristine/src/cfg-lex.c 2008-03-23 15:42:01.000000000 -0500
+++ syslog-ng-2.0.9/src/cfg-lex.c 2008-12-11 09:59:44.000000000 -0600
@@ -2074,6 +2074,9 @@
return LRO_NOPARSE;
if (strcmp(flag, "kernel") == 0)
return LRO_KERNEL;
+ if (strcmp(flag, "keep-whitespace") == 0 || strcmp(flag, "keep_whitespace") == 0);
+ return LR_KEEP_WHITESPACE;
+
msg_error("Unknown parse flag", evt_tag_str("flag", flag), NULL);
return 0;
}
diff -uar syslog-ng-2.0.9.pristine/src/cfg-lex.l syslog-ng-2.0.9/src/cfg-lex.l
--- syslog-ng-2.0.9.pristine/src/cfg-lex.l 2007-12-18 09:25:14.000000000 -0600
+++ syslog-ng-2.0.9/src/cfg-lex.l 2008-12-11 09:56:06.000000000 -0600
@@ -285,6 +285,8 @@
return LRO_NOPARSE;
if (strcmp(flag, "kernel") == 0)
return LRO_KERNEL;
+ if (strcmp(flag, "keep-whitespace") == 0 || strcmp(flag, "keep_whitespace") == 0);
+ return LR_KEEP_WHITESPACE;
msg_error("Unknown parse flag", evt_tag_str("flag", flag), NULL);
return 0;
}
diff -uar syslog-ng-2.0.9.pristine/src/logmsg.c syslog-ng-2.0.9/src/logmsg.c
--- syslog-ng-2.0.9.pristine/src/logmsg.c 2007-12-29 11:39:33.000000000 -0600
+++ syslog-ng-2.0.9/src/logmsg.c 2008-12-11 10:01:35.000000000 -0600
@@ -190,11 +190,13 @@
}
- while (left && *src == ' ')
- { /* Move past whitespace */
- src++;
- left--;
- }
+ if ( ! (flags & LP_KEEP_WHITESPACE) ) {
+ while (left && *src == ' ')
+ { /* Move past whitespace */
+ src++;
+ left--;
+ }
+ };
/* If the next chars look like a date, then read them as a date. */
if (left >= 19 && src[4] == '-' && src[7] == '-' && src[10] == 'T' && src[13] == ':' && src[16] == ':')
diff -uar syslog-ng-2.0.9.pristine/src/logmsg.h syslog-ng-2.0.9/src/logmsg.h
--- syslog-ng-2.0.9.pristine/src/logmsg.h 2008-02-13 13:07:00.000000000 -0600
+++ syslog-ng-2.0.9/src/logmsg.h 2008-12-11 09:54:09.000000000 -0600
@@ -39,6 +39,8 @@
#define LP_CHECK_HOSTNAME 0x0008
#define LP_STRICT 0x0010
#define LP_KERNEL 0x0020
+#define LP_KEEP_WHITESPACE 0x0030
+
#define LF_UNPARSED 0x0001
#define LF_INTERNAL 0x0002
diff -uar syslog-ng-2.0.9.pristine/src/logreader.c syslog-ng-2.0.9/src/logreader.c
--- syslog-ng-2.0.9.pristine/src/logreader.c 2008-03-23 15:35:25.000000000 -0500
+++ syslog-ng-2.0.9/src/logreader.c 2008-12-11 10:06:22.000000000 -0600
@@ -246,6 +246,8 @@
parse_flags |= LP_INTERNAL;
if (self->flags & LR_LOCAL)
parse_flags |= LF_LOCAL;
+ if (self->options->options & LR_KEEP_WHITESPACE)
+ parse_flags |= LP_KEEP_WHITESPACE;
if ((self->flags & LR_PKTTERM) ||
(!eol && (self->ofs == self->options->msg_size)) ||
diff -uar syslog-ng-2.0.9.pristine/src/logreader.h syslog-ng-2.0.9/src/logreader.h
--- syslog-ng-2.0.9.pristine/src/logreader.h 2008-01-26 09:15:14.000000000 -0600
+++ syslog-ng-2.0.9/src/logreader.h 2008-12-11 09:55:52.000000000 -0600
@@ -36,6 +36,7 @@
#define LR_NOMREAD 0x0008
#define LR_FOLLOW 0x0010
#define LR_STRICT 0x0020
+#define LR_KEEP_WHITESPACE 0x0030
#define LR_COMPLETE_LINE 0x0100
diff -uar syslog-ng-2.0.9.pristine/syslog-ng.spec.bb syslog-ng-2.0.9/syslog-ng.spec.bb
--- syslog-ng-2.0.9.pristine/syslog-ng.spec.bb 2008-03-23 15:41:57.000000000 -0500
+++ syslog-ng-2.0.9/syslog-ng.spec.bb 2008-12-11 10:05:09.000000000 -0600
@@ -14,6 +14,9 @@
BuildRoot: %{_tmppath}/%{name}-root
BuildRequires: bison, flex, gcc-c++, pkgconfig, glib2-devel, libevtlog-devel
Provides: syslog
+
+Patch1: keep_ws.patch
+
#BuildConflicts:
#Exclusivearch: i386
@@ -30,6 +33,7 @@
%prep
%setup -q -n syslog-ng-%{version}
+%patch1 -p1
%build
More information about the syslog-ng
mailing list