[syslog-ng] setting facility/level of source log messages ?

Xavier Lapie bana at docisland.org
Wed Mar 4 14:26:27 CET 2009 

On Wed, Mar 04, 2009 at 10:19:55AM +0100, Balazs Scheidler wrote:
> Hi,
> 
> Thanks for your contribution, it is really appreciated. However as I
> said the 3.0 branch already has a less general solution to the same
> problem. Could you update your patch against 3.0, making the file
> specific options LogReader specific?

Hi,

I hope this version is ok for your 3.0 branch.


-- 
Xavier
-------------- next part --------------
diff -ubr syslog-ng-3.0.1/aclocal.m4 syslog-ng-3.0.1-fakepri/aclocal.m4
--- syslog-ng-3.0.1/aclocal.m4	2008-12-24 12:39:11.000000000 +0100
+++ syslog-ng-3.0.1-fakepri/aclocal.m4	2009-03-04 11:10:31.000000000 +0100
@@ -913,6 +913,7 @@
 AC_REQUIRE([AC_PROG_LEX])dnl
 if test "$LEX" = :; then
   LEX=${am_missing_run}flex
+  AC_SUBST([LEX_OUTPUT_ROOT], [lex.yy])
 fi])
 
 # Check to see how 'make' treats includes.	            -*- Autoconf -*-
diff -ubr syslog-ng-3.0.1/src/cfg-grammar.y syslog-ng-3.0.1-fakepri/src/cfg-grammar.y
--- syslog-ng-3.0.1/src/cfg-grammar.y	2008-12-14 12:50:25.000000000 +0100
+++ syslog-ng-3.0.1-fakepri/src/cfg-grammar.y	2009-03-04 14:17:00.000000000 +0100
@@ -151,6 +151,8 @@
 %token KW_TEMPLATE KW_TEMPLATE_ESCAPE
 %token KW_FOLLOW_FREQ
 %token KW_OVERWRITE_IF_OLDER
+%token KW_FAKE_LEVEL
+%token FW_FAKE_FACILITY
 
 /* socket related options */
 %token KW_KEEP_ALIVE KW_MAX_CONNECTIONS
@@ -711,6 +713,30 @@
 	| KW_FOLLOW_FREQ '(' NUMBER ')'		{ last_reader_options->follow_freq = $3; }
 	| KW_KEEP_TIMESTAMP '(' yesno ')'	{ last_reader_options->super.keep_timestamp = $3; }
         | KW_ENCODING '(' string ')'		{ last_reader_options->text_encoding = g_strdup($3); free($3); }
+	| KW_FAKE_LEVEL '(' string ')'
+	  {
+	    int level = -1;
+	    level = syslog_name_lookup_level_by_name($3);
+	    if (level == -1)
+	      msg_error("Warning: Unknown priority level",
+			evt_tag_str("fake_priority", $3),
+			NULL);
+	    else
+	      last_reader_options->fake_level = level;
+	    free($3);
+	  }
+	| KW_FAKE_FACILITY '(' string ')'
+	  {
+	    int facility = -1;
+	    facility = syslog_name_lookup_facility_by_name($3);
+	    if (facility == -1)
+	      msg_error("Warning: Unknown facility level",
+			evt_tag_str("fake_facility", $3),
+			NULL);
+	    else
+	      last_reader_options->fake_facility = facility;
+	    free($3);
+	  }
 	;
 
 source_reader_option_flags
diff -ubr syslog-ng-3.0.1/src/cfg-lex.l syslog-ng-3.0.1-fakepri/src/cfg-lex.l
--- syslog-ng-3.0.1/src/cfg-lex.l	2008-12-14 12:50:25.000000000 +0100
+++ syslog-ng-3.0.1-fakepri/src/cfg-lex.l	2009-03-04 11:14:24.000000000 +0100
@@ -152,6 +152,8 @@
 	{ "log_msg_size",	KW_LOG_MSG_SIZE },
 	{ "log_prefix",		KW_LOG_PREFIX, KWS_OBSOLETE, "program_override" },
 	{ "program_override",   KW_PROGRAM_OVERRIDE },
+	{ "fake_facility",      KW_FAKE_FACILITY },
+	{ "fake_level",         KW_FAKE_LEVEL },
 	{ "host_override",      KW_HOST_OVERRIDE },
 	{ "throttle",           KW_THROTTLE },
 	
diff -ubr syslog-ng-3.0.1/src/logreader.c syslog-ng-3.0.1-fakepri/src/logreader.c
--- syslog-ng-3.0.1/src/logreader.c	2008-09-08 17:57:47.000000000 +0200
+++ syslog-ng-3.0.1-fakepri/src/logreader.c	2009-03-04 14:18:54.000000000 +0100
@@ -240,6 +240,11 @@
   /* use the current time to get the time zone offset */
   m = log_msg_new((gchar *) line, length, saddr, parse_flags, self->options->bad_hostname, time_zone_info_get_offset(self->options->time_zone_info, time(NULL)));
   
+  /* setting fake_{facility,level} for this msg ? */
+  if (self->options->options & LRO_NOPARSE)
+    {
+      m->pri = self->options->fake_facility * 8 + self->options->fake_level;
+    }
       
   if (!m->saddr && self->peer_addr)
     {
@@ -736,6 +741,23 @@
     options->time_zone_string = g_strdup(cfg->recv_time_zone_string);
   if (options->time_zone_info == NULL)
     options->time_zone_info = time_zone_info_new(options->time_zone_string);
+  /* Do not change msg facility or level unless no-parse is defined */
+  if (!(options->options & LRO_NOPARSE)) 
+    {
+      if (options->fake_facility != 0) 
+	{
+	  msg_warning("Can not set fake facility unless no-parse is defined",
+		      evt_tag_int("facility", options->fake_facility * 8),
+		      NULL);
+	}
+      if (options->fake_level != 0)
+	{
+	  msg_warning("Can not set fake level unless no-parse is defined",
+		      evt_tag_int("level", options->fake_level),
+		      NULL); 
+	}
+      options->fake_facility = options->fake_level = 0;
+    }
 }
 
 void
diff -ubr syslog-ng-3.0.1/src/logreader.h syslog-ng-3.0.1-fakepri/src/logreader.h
--- syslog-ng-3.0.1/src/logreader.h	2008-09-08 17:57:47.000000000 +0200
+++ syslog-ng-3.0.1-fakepri/src/logreader.h	2009-03-04 11:47:30.000000000 +0100
@@ -57,6 +57,9 @@
   gchar *text_encoding;
   const gchar *group_name;
 
+  gint fake_facility;
+  gint fake_level;
+
   /* source time zone if one is not specified in the message */
   gboolean check_hostname;
   gchar *time_zone_string;

More information about the syslog-ng mailing list