diff options
Diffstat (limited to 'syslogd.h')
| -rw-r--r-- | syslogd.h | 134 |
1 files changed, 107 insertions, 27 deletions
@@ -1,19 +1,20 @@ /* common header for syslogd * Copyright 2007 Rainer Gerhards and Adiscon GmbH. * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License - * as published by the Free Software Foundation; either version 2 - * of the License, or (at your option) any later version. + * This file is part of rsyslog. * - * This program is distributed in the hope that it will be useful, + * Rsyslog is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * Rsyslog is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + * along with Rsyslog. If not, see <http://www.gnu.org/licenses/>. * * A copy of the GPL can be found in the file "COPYING" in this distribution. */ @@ -22,6 +23,25 @@ #include "syslogd-types.h" #include "objomsr.h" +#include "modules.h" +#include "template.h" +#include "action.h" +#include "linkedlist.h" +#include "expr.h" + +/* portability: not all platforms have these defines, so we + * define them here if they are missing. -- rgerhards, 2008-03-04 + */ +#ifndef LOG_MAKEPRI +# define LOG_MAKEPRI(fac, pri) (((fac) << 3) | (pri)) +#endif +#ifndef LOG_PRI +# define LOG_PRI(p) ((p) & LOG_PRIMASK) +#endif +#ifndef LOG_FAC +# define LOG_FAC(p) (((p) & LOG_FACMASK) >> 3) +#endif + #ifdef USE_NETZIP /* config param: minimum message size to try compression. The smaller @@ -42,35 +62,81 @@ /* Flags to logmsg(). */ +#define NOFLAG 0x000 /* no flag is set (to be used when a flag must be specified and none is required) */ #define INTERNAL_MSG 0x001 /* msg generated by logmsgInternal() --> special handling */ #define SYNC_FILE 0x002 /* do fsync on file after printing */ #define ADDDATE 0x004 /* add a date to the message */ #define MARK 0x008 /* this message is a mark */ -void dbgprintf(char *, ...); -char *rs_strerror_r(int errnum, char *buf, size_t buflen); -void logerror(char *type); -void logerrorSz(char *type, char *errMsg); -void logerrorInt(char *type, int iErr); +/* This structure represents the files that will have log + * copies printed. + * RGerhards 2004-11-08: Each instance of the filed structure + * describes what I call an "output channel". This is important + * to mention as we now allow database connections to be + * present in the filed structure. If helps immensely, if we + * think of it as the abstraction of an output channel. + * rgerhards, 2005-10-26: The structure below provides ample + * opportunity for non-thread-safety. Each of the variable + * accesses must be carefully evaluated, many of them probably + * be guarded by mutexes. But beware of deadlocks... + * rgerhards, 2007-08-01: as you can see, the structure has shrunk pretty much. I will + * remove some of the comments some time. It's still the structure that controls much + * of the processing that goes on in syslogd, but it now has lots of helpers. + */ +struct filed { + struct filed *f_next; /* next in linked list */ + /* filter properties */ + enum { + FILTER_PRI = 0, /* traditional PRI based filer */ + FILTER_PROP = 1, /* extended filter, property based */ + FILTER_EXPR = 2 /* extended filter, expression based */ + } f_filter_type; + EHostnameCmpMode eHostnameCmpMode; + cstr_t *pCSHostnameComp; /* hostname to check */ + cstr_t *pCSProgNameComp; /* tag to check or NULL, if not to be checked */ + union { + u_char f_pmask[LOG_NFACILITIES+1]; /* priority mask */ + struct { + cstr_t *pCSPropName; + enum { + FIOP_NOP = 0, /* do not use - No Operation */ + FIOP_CONTAINS = 1, /* contains string? */ + FIOP_ISEQUAL = 2, /* is (exactly) equal? */ + FIOP_STARTSWITH = 3, /* starts with a string? */ + FIOP_REGEX = 4 /* matches a regular expression? */ + } operation; + cstr_t *pCSCompValue; /* value to "compare" against */ + char isNegated; /* actually a boolean ;) */ + } prop; + expr_t *f_expr; /* expression object */ + } f_filterData; + + linkedList_t llActList; /* list of configured actions */ +}; +typedef struct filed selector_t; /* new type name */ -void printchopped(char *hname, char *msg, int len, int fd, int iSourceType); -void freeAllSockets(int **socks); -int isAllowedSender(struct AllowedSenders *pAllowRoot, struct sockaddr *pFrom, const char *pszFromHost); -void getCurrTime(struct syslogTime *t); -int formatTimestampToMySQL(struct syslogTime *ts, char* pDst, size_t iLenDst); -int formatTimestampToPgSQL(struct syslogTime *ts, char* pDst, size_t iLenDst); -int formatTimestamp3339(struct syslogTime *ts, char* pBuf, size_t iLenBuf); -int formatTimestamp3164(struct syslogTime *ts, char* pBuf, size_t iLenBuf); + +#define MSG_PARSE_HOSTNAME 1 +#define MSG_DONT_PARSE_HOSTNAME 0 +rsRetVal parseAndSubmitMessage(char *hname, char *msg, int len, int bParseHost, int flags, flowControl_t flowCtlType); +#include "net.h" /* TODO: remove when you remoe isAllowedSender from here! */ void untty(void); +rsRetVal selectorConstruct(selector_t **ppThis); rsRetVal cflineParseTemplateName(uchar** pp, omodStringRequest_t *pOMSR, int iEntry, int iTplOpts, uchar *dfltTplName); -rsRetVal cflineParseFileName(uchar* p, uchar *pFileName, omodStringRequest_t *pOMSR, int iEntry, int iTplOpts); +rsRetVal cflineParseFileName(uchar* p, uchar *pFileName, omodStringRequest_t *pOMSR, int iEntry, int iTplOpts, uchar *pszTpl); int getSubString(uchar **ppSrc, char *pDst, size_t DstSize, char cSep); - +rsRetVal selectorDestruct(void *pVal); +rsRetVal selectorAddList(selector_t *f); +/* the following prototypes should go away once we have an input + * module interface -- rgerhards, 2007-12-12 + */ +rsRetVal logmsgInternal(int pri, char *msg, int flags); +void logmsg(msg_t *pMsg, int flags); +rsRetVal submitMsg(msg_t *pMsg); extern int glblHadMemShortage; /* indicates if we had memory shortage some time during the run */ -extern char LocalHostName[]; +extern uchar *LocalHostName; extern int family; extern int NoHops; -extern int *finet; extern int send_to_all; extern int option_DisallowWarning; extern int Debug; @@ -79,8 +145,22 @@ extern int DisableDNS; extern char **StripDomains; extern char *LocalDomain; extern int bDropMalPTRMsgs; -extern struct AllowedSenders *pAllowedSenders_TCP; -extern struct AllowedSenders *pAllowedSenders_GSS; -extern char ctty[]; +extern char ctty[]; +extern int MarkInterval; +extern int bReduceRepeatMsgs; +extern int bActExecWhenPrevSusp; +extern int iActExecOnceInterval; + +/* Intervals at which we flush out "message repeated" messages, + * in seconds after previous message is logged. After each flush, + * we move to the next interval until we reach the largest. + * TODO: move this to action object! + */ +extern int repeatinterval[2]; +#define MAXREPEAT ((int)((sizeof(repeatinterval) / sizeof(repeatinterval[0])) - 1)) +#define REPEATTIME(f) ((f)->f_time + repeatinterval[(f)->f_repeatcount]) +#define BACKOFF(f) { if (++(f)->f_repeatcount > MAXREPEAT) \ + (f)->f_repeatcount = MAXREPEAT; \ + } #endif /* #ifndef SYSLOGD_H_INCLUDED */ |