Browse Source

New upstream version 8.25.0

upstream upstream/8.25.0
Michael Biebl 6 years ago
parent
commit
c6ba7f4de4
  1. 2
      .tarball-version
  2. 85
      ChangeLog
  3. 92
      action.c
  4. 3
      action.h
  5. 20
      configure
  6. 2
      configure.ac
  7. 323
      contrib/mmdblookup/mmdblookup.c
  8. 3
      contrib/omamqp1/omamqp1.c
  9. 6
      contrib/omhttpfs/omhttpfs.c
  10. 6
      contrib/omrabbitmq/omrabbitmq.c
  11. 3
      contrib/omzmq3/omzmq3.c
  12. 15
      contrib/pmaixforwardedfrom/pmaixforwardedfrom.c
  13. 21
      contrib/pmcisconames/pmcisconames.c
  14. 6
      contrib/pmpanngfw/pmpanngfw.c
  15. 21
      contrib/pmsnare/pmsnare.c
  16. 4
      dirty.h
  17. 201
      grammar/rainerscript.c
  18. 4
      grammar/rainerscript.h
  19. 3
      parse.c
  20. 3
      parse.h
  21. 9
      plugins/im3195/im3195.c
  22. 489
      plugins/imfile/imfile.c
  23. 6
      plugins/imgssapi/imgssapi.c
  24. 24
      plugins/imjournal/imjournal.c
  25. 21
      plugins/impstats/impstats.c
  26. 6
      plugins/imptcp/imptcp.c
  27. 1
      plugins/imtcp/imtcp.c
  28. 6
      plugins/imudp/imudp.c
  29. 21
      plugins/imuxsock/imuxsock.c
  30. 1
      plugins/mmrm1stspace/mmrm1stspace.c
  31. 93
      plugins/omelasticsearch/cJSON/cjson.c
  32. 36
      plugins/omelasticsearch/cJSON/cjson.h
  33. 14
      plugins/omelasticsearch/omelasticsearch.c
  34. 12
      plugins/omgssapi/omgssapi.c
  35. 3
      plugins/omhdfs/omhdfs.c
  36. 6
      plugins/omkafka/omkafka.c
  37. 24
      plugins/omlibdbi/omlibdbi.c
  38. 27
      plugins/ommail/ommail.c
  39. 15
      plugins/ommysql/ommysql.c
  40. 9
      plugins/omprog/omprog.c
  41. 6
      plugins/omruleset/omruleset.c
  42. 54
      plugins/omsnmp/omsnmp.c
  43. 3
      plugins/omsnmp/omsnmp.h
  44. 21
      plugins/omudpspoof/omudpspoof.c
  45. 3
      plugins/omuxsock/omuxsock.c
  46. 6
      plugins/pmciscoios/pmciscoios.c
  47. 6
      plugins/pmlastmsg/pmlastmsg.c
  48. 12
      runtime/cfsysline.c
  49. 6
      runtime/cfsysline.h
  50. 3
      runtime/conf.c
  51. 6
      runtime/conf.h
  52. 3
      runtime/datetime.h
  53. 9
      runtime/debug.c
  54. 14
      runtime/debug.h
  55. 3
      runtime/dnscache.h
  56. 18
      runtime/dynstats.c
  57. 4
      runtime/errmsg.c
  58. 9
      runtime/errmsg.h
  59. 54
      runtime/glbl.c
  60. 3
      runtime/glbl.h
  61. 3
      runtime/librsgt.h
  62. 9
      runtime/librsgt_read.c
  63. 3
      runtime/librsksi.c
  64. 12
      runtime/librsksi.h
  65. 214
      runtime/librsksi_read.c
  66. 3
      runtime/linkedlist.c
  67. 34
      runtime/lookup.c
  68. 14
      runtime/module-template.h
  69. 12
      runtime/modules.c
  70. 40
      runtime/msg.c
  71. 36
      runtime/msg.h
  72. 6
      runtime/net.c
  73. 15
      runtime/nsd_gtls.c
  74. 3
      runtime/nsdsel_gtls.c
  75. 2
      runtime/nspoll.c
  76. 3
      runtime/nssel.c
  77. 26
      runtime/obj.c
  78. 7
      runtime/obj.h
  79. 8
      runtime/parser.c
  80. 2
      runtime/queue.c
  81. 4
      runtime/ratelimit.c
  82. 27
      runtime/rsconf.c
  83. 3
      runtime/rsyslog.c
  84. 23
      runtime/rsyslog.h
  85. 3
      runtime/srUtils.h
  86. 10
      runtime/srutils.c
  87. 6
      runtime/statsobj.c
  88. 3
      runtime/statsobj.h
  89. 18
      runtime/stream.c
  90. 3
      runtime/stream.h
  91. 3
      runtime/stringbuf.c
  92. 11
      runtime/tcpsrv.c
  93. 9
      runtime/typedefs.h
  94. 6
      runtime/wti.h
  95. 6
      template.c
  96. 28
      tests/Makefile.am
  97. 114
      tests/Makefile.in
  98. 2
      tests/daqueue-persist.sh
  99. 14
      tests/diag.sh
  100. 34
      tests/diskq-rfc5424.sh

2
.tarball-version

@ -1 +1 @@
8.24.0
8.25.0

85
ChangeLog

@ -1,4 +1,89 @@
------------------------------------------------------------------------------
Version 8.25.0 [v8-stable] 2017-02-21
- imfile: add support for wildcards in directory names
This now permits to monitor newly created directories without altering
the configuration.
- add new global option "parser.PermitSlashInProgramname"
- mmdblookup: fix build issues, code cleanup
Thanks to Dan Molik for the patch.
- improved debug output for queue corruption cases
- an error message is now displayed when a directory owner cannot be set
This mostly happens with omfile and dynafils. The new messages
facilitates troubleshooting.
- rainerscript:
* add new function ipv42num
* add new function num2ipv4
- bugfix: ratelimiter does not work correctly is time is set back
Thanks to github user hese10 for the patch.
see also https://github.com/rsyslog/rsyslog/issues/1354
- core: fix potential message loss in old-style transactional interface
This was experienced for example by omrelp. Could loose one message per
broken connection, iff that message did not make it to the unacked list.
- bugfix queue subsystem: queue corrupted if certain msg props are used
The core issues was in the msg object deserializer, which had the wrong
deserialization sequence. That in turn lead to queue corruption issues.
Corruption of disk queue (or disk part of DA queue) always happens if
the "json" property (message variables) is present and "structured-data"
property is also present. This causes rsyslog to serialize to the
queue in wrong property sequence, which will lead to error -2308 on
deserialization.
Seems to be a long-standing bug. Depending on version used, some or
all messages in disk queue may be lost.
closes https://github.com/rsyslog/rsyslog/issues/1404
- bugfix imjournal: fixed situation when time goes backwards
This is resolving the situation when system is after reboot and
boot_id doesn't match so cursor pointing into "future".
Usually sd_journal_next jump to head of journal due to journal
aproximation, but when system time goes backwards and cursor is
still invalid, rsyslog stops logging.
We use sd_journal_get_cursor to validate our cursor.
When cursor is invalid we are trying to jump to the head of journal
This problem with time should not affect persistent journal,
but if cursor has been intentionally compromised it could stop
logging even with persistent journal.
- bugfix: bFlushOnTxEnd == 0 not honored when writing w/o async writer
If bFlushOnTXEnd is set, we need to flush on transaction end - in
any case. It is not relevant if this is using background writes
(which then become pretty slow) or not. And, similarly, no flush
happens when it is not set.
see also https://github.com/rsyslog/rsyslog/issues/1297
- bugfix core: str2num mishandling empty strings
If str2num() receives an empty string, misadressing happens.
This theoretically can lead to a segfault if a RainerScript function
is used inside the configuration which calls code that could trigger
this bug.
closes https://github.com/rsyslog/rsyslog/issues/1412
- bugfix rainerscript: set/unset statement do not check variable name validity
Only JSON-based variables can be use with set and unset. Unfortunately,
this restriction is not checked. If an invalid variable is given
(e.g. $invalid), this is not detected upon config processing on
startup. During execution phase, this can lead to a segfault, a
memory leak or other types of problems.
Thanks to github user mostolog for reporting and helping to analyze
this issue.
see also https://github.com/rsyslog/rsyslog/issues/1376
closes https://github.com/rsyslog/rsyslog/issues/1377
- bugfix mmrm1stspace: last character of rawmsg property was doubled
- bugfix: rsyslog loops on freebsd when trying to write /dev/console
Rsyslog 8.23.0 loops on FreeBSD when trying to access a (now revoked)
/dev/console file descriptor, as per Alexandre's original bug report [1].
The original patch fixes the problem when tryTTYRecover() sees errno 6 ENXIO.
Running FreeBSD 10-stable here and getting errno 5 EIO, same as Xavier gets
in his 2016 bug report [2].
New patch [3] includes errno 5 to tryTTYRecover() in runtime/stream.c and
fixes the problem for me, on multiple machines.
[1] https://github.com/rsyslog/rsyslog/issues/371
[2] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211033
[3] https://bz-attachments.freebsd.org/attachment.cgi?id=178452
closes https://github.com/rsyslog/rsyslog/issues/1351
Thanks to Damien Fleuriot for the patch.
- bugfix imtcp: fix very small (cosmetic) memory leak
For each listener, the name of an assigned ruleset is not freed. This
is cosmetic, because it is a very small static leak AND it needs to
be kept until end of run anyways (and at end of run the OS frees it).
However, the leak breaks memleak checks in the testbench.
- fix build issues on some platforms (detected on newer Fedora)
------------------------------------------------------------------------------
Version 8.24.0 [v8-stable] 2017-01-10
- rsyslog now builds on AIX
see also: https://github.com/rsyslog/rsyslog/pull/1247

92
action.c

@ -1214,6 +1214,11 @@ doTransaction(action_t *__restrict__ const pThis, wti_t *__restrict__ const pWti
*/
iRet = actionProcessMessage(pThis,
&actParam(wrkrInfo->p.tx.iparams, pThis->iNumTpls, i, 0), pWti);
if(iRet != RS_RET_DEFER_COMMIT && iRet != RS_RET_PREVIOUS_COMMITTED &&
iRet != RS_RET_OK)
--i; /* we need to re-submit */
DBGPRINTF("doTransaction: action %d, processing msg %d, result %d\n",
pThis->iActionNbr, i,iRet);
}
}
finalize_it:
@ -2019,36 +2024,65 @@ rsRetVal actionClassInit(void)
CHKiRet(objUse(ruleset, CORE_COMPONENT));
CHKiRet(regCfSysLineHdlr((uchar *)"actionname", 0, eCmdHdlrGetWord, NULL, &cs.pszActionName, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"actionqueuefilename", 0, eCmdHdlrGetWord, NULL, &cs.pszActionQFName, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"actionqueuesize", 0, eCmdHdlrInt, NULL, &cs.iActionQueueSize, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"actionwriteallmarkmessages", 0, eCmdHdlrBinary, NULL, &cs.bActionWriteAllMarkMsgs, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"actionqueuedequeuebatchsize", 0, eCmdHdlrInt, NULL, &cs.iActionQueueDeqBatchSize, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"actionqueuemaxdiskspace", 0, eCmdHdlrSize, NULL, &cs.iActionQueMaxDiskSpace, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"actionqueuehighwatermark", 0, eCmdHdlrInt, NULL, &cs.iActionQHighWtrMark, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"actionqueuelowwatermark", 0, eCmdHdlrInt, NULL, &cs.iActionQLowWtrMark, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"actionqueuediscardmark", 0, eCmdHdlrInt, NULL, &cs.iActionQDiscardMark, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"actionqueuediscardseverity", 0, eCmdHdlrInt, NULL, &cs.iActionQDiscardSeverity, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"actionqueuecheckpointinterval", 0, eCmdHdlrInt, NULL, &cs.iActionQPersistUpdCnt, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"actionqueuesyncqueuefiles", 0, eCmdHdlrBinary, NULL, &cs.bActionQSyncQeueFiles, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"actionqueuefilename", 0, eCmdHdlrGetWord, NULL,
&cs.pszActionQFName, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"actionqueuesize", 0, eCmdHdlrInt, NULL, &cs.iActionQueueSize,
NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"actionwriteallmarkmessages", 0, eCmdHdlrBinary, NULL,
&cs.bActionWriteAllMarkMsgs, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"actionqueuedequeuebatchsize", 0, eCmdHdlrInt, NULL,
&cs.iActionQueueDeqBatchSize, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"actionqueuemaxdiskspace", 0, eCmdHdlrSize, NULL,
&cs.iActionQueMaxDiskSpace, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"actionqueuehighwatermark", 0, eCmdHdlrInt, NULL,
&cs.iActionQHighWtrMark, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"actionqueuelowwatermark", 0, eCmdHdlrInt, NULL,
&cs.iActionQLowWtrMark, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"actionqueuediscardmark", 0, eCmdHdlrInt, NULL,
&cs.iActionQDiscardMark, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"actionqueuediscardseverity", 0, eCmdHdlrInt, NULL,
&cs.iActionQDiscardSeverity, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"actionqueuecheckpointinterval", 0, eCmdHdlrInt, NULL,
&cs.iActionQPersistUpdCnt, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"actionqueuesyncqueuefiles", 0, eCmdHdlrBinary, NULL,
&cs.bActionQSyncQeueFiles, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"actionqueuetype", 0, eCmdHdlrGetWord, setActionQueType, NULL, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"actionqueueworkerthreads", 0, eCmdHdlrInt, NULL, &cs.iActionQueueNumWorkers, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"actionqueuetimeoutshutdown", 0, eCmdHdlrInt, NULL, &cs.iActionQtoQShutdown, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"actionqueuetimeoutactioncompletion", 0, eCmdHdlrInt, NULL, &cs.iActionQtoActShutdown, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"actionqueuetimeoutenqueue", 0, eCmdHdlrInt, NULL, &cs.iActionQtoEnq, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"actionqueueworkertimeoutthreadshutdown", 0, eCmdHdlrInt, NULL, &cs.iActionQtoWrkShutdown, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"actionqueueworkerthreadminimummessages", 0, eCmdHdlrInt, NULL, &cs.iActionQWrkMinMsgs, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"actionqueuemaxfilesize", 0, eCmdHdlrSize, NULL, &cs.iActionQueMaxFileSize, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"actionqueuesaveonshutdown", 0, eCmdHdlrBinary, NULL, &cs.bActionQSaveOnShutdown, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"actionqueuedequeueslowdown", 0, eCmdHdlrInt, NULL, &cs.iActionQueueDeqSlowdown, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"actionqueuedequeuetimebegin", 0, eCmdHdlrInt, NULL, &cs.iActionQueueDeqtWinFromHr, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"actionqueuedequeuetimeend", 0, eCmdHdlrInt, NULL, &cs.iActionQueueDeqtWinToHr, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"actionexeconlyeverynthtime", 0, eCmdHdlrInt, NULL, &cs.iActExecEveryNthOccur, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"actionexeconlyeverynthtimetimeout", 0, eCmdHdlrInt, NULL, &cs.iActExecEveryNthOccurTO, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"actionexeconlyonceeveryinterval", 0, eCmdHdlrInt, NULL, &cs.iActExecOnceInterval, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"repeatedmsgcontainsoriginalmsg", 0, eCmdHdlrBinary, NULL, &cs.bActionRepMsgHasMsg, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"actionexeconlywhenpreviousissuspended", 0, eCmdHdlrBinary, NULL, &cs.bActExecWhenPrevSusp, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"actionresumeretrycount", 0, eCmdHdlrInt, NULL, &cs.glbliActionResumeRetryCount, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"resetconfigvariables", 1, eCmdHdlrCustomHandler, resetConfigVariables, NULL, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"actionqueueworkerthreads", 0, eCmdHdlrInt, NULL,
&cs.iActionQueueNumWorkers, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"actionqueuetimeoutshutdown", 0, eCmdHdlrInt, NULL,
&cs.iActionQtoQShutdown, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"actionqueuetimeoutactioncompletion", 0, eCmdHdlrInt, NULL,
&cs.iActionQtoActShutdown, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"actionqueuetimeoutenqueue", 0, eCmdHdlrInt, NULL,
&cs.iActionQtoEnq, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"actionqueueworkertimeoutthreadshutdown", 0, eCmdHdlrInt, NULL,
&cs.iActionQtoWrkShutdown, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"actionqueueworkerthreadminimummessages", 0, eCmdHdlrInt, NULL,
&cs.iActionQWrkMinMsgs, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"actionqueuemaxfilesize", 0, eCmdHdlrSize, NULL,
&cs.iActionQueMaxFileSize, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"actionqueuesaveonshutdown", 0, eCmdHdlrBinary, NULL,
&cs.bActionQSaveOnShutdown, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"actionqueuedequeueslowdown", 0, eCmdHdlrInt, NULL,
&cs.iActionQueueDeqSlowdown, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"actionqueuedequeuetimebegin", 0, eCmdHdlrInt, NULL,
&cs.iActionQueueDeqtWinFromHr, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"actionqueuedequeuetimeend", 0, eCmdHdlrInt, NULL,
&cs.iActionQueueDeqtWinToHr, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"actionexeconlyeverynthtime", 0, eCmdHdlrInt, NULL,
&cs.iActExecEveryNthOccur, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"actionexeconlyeverynthtimetimeout", 0, eCmdHdlrInt, NULL,
&cs.iActExecEveryNthOccurTO, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"actionexeconlyonceeveryinterval", 0, eCmdHdlrInt, NULL,
&cs.iActExecOnceInterval, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"repeatedmsgcontainsoriginalmsg", 0, eCmdHdlrBinary, NULL,
&cs.bActionRepMsgHasMsg, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"actionexeconlywhenpreviousissuspended", 0, eCmdHdlrBinary, NULL,
&cs.bActExecWhenPrevSusp, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"actionresumeretrycount", 0, eCmdHdlrInt, NULL,
&cs.glbliActionResumeRetryCount, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"resetconfigvariables", 1, eCmdHdlrCustomHandler,
resetConfigVariables, NULL, NULL));
initConfigVariables(); /* first-time init of config setings */

3
action.h

@ -99,7 +99,8 @@ rsRetVal actionDoAction(action_t *pAction);
rsRetVal actionWriteToAction(action_t *pAction, smsg_t *pMsg, wti_t*);
rsRetVal actionCallHUPHdlr(action_t *pAction);
rsRetVal actionClassInit(void);
rsRetVal addAction(action_t **ppAction, modInfo_t *pMod, void *pModData, omodStringRequest_t *pOMSR, struct cnfparamvals *actParams, struct nvlst *lst);
rsRetVal addAction(action_t **ppAction, modInfo_t *pMod, void *pModData, omodStringRequest_t *pOMSR,
struct cnfparamvals *actParams, struct nvlst *lst);
rsRetVal activateActions(void);
rsRetVal actionNewInst(struct nvlst *lst, action_t **ppAction);
rsRetVal actionProcessCnf(struct cnfobj *o);

20
configure

@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.69 for rsyslog 8.24.0.
# Generated by GNU Autoconf 2.69 for rsyslog 8.25.0.
#
# Report bugs to <rsyslog@lists.adiscon.com>.
#
@ -590,8 +590,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='rsyslog'
PACKAGE_TARNAME='rsyslog'
PACKAGE_VERSION='8.24.0'
PACKAGE_STRING='rsyslog 8.24.0'
PACKAGE_VERSION='8.25.0'
PACKAGE_STRING='rsyslog 8.25.0'
PACKAGE_BUGREPORT='rsyslog@lists.adiscon.com'
PACKAGE_URL=''
@ -1724,7 +1724,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
\`configure' configures rsyslog 8.24.0 to adapt to many kinds of systems.
\`configure' configures rsyslog 8.25.0 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@ -1795,7 +1795,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
short | recursive ) echo "Configuration of rsyslog 8.24.0:";;
short | recursive ) echo "Configuration of rsyslog 8.25.0:";;
esac
cat <<\_ACEOF
@ -2104,7 +2104,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
rsyslog configure 8.24.0
rsyslog configure 8.25.0
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@ -2684,7 +2684,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
It was created by rsyslog $as_me 8.24.0, which was
It was created by rsyslog $as_me 8.25.0, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@ -3582,7 +3582,7 @@ fi
# Define the identity of the package.
PACKAGE='rsyslog'
VERSION='8.24.0'
VERSION='8.25.0'
cat >>confdefs.h <<_ACEOF
@ -25304,7 +25304,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
This file was extended by rsyslog $as_me 8.24.0, which was
This file was extended by rsyslog $as_me 8.25.0, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@ -25370,7 +25370,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
rsyslog config.status 8.24.0
rsyslog config.status 8.25.0
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"

2
configure.ac

@ -2,7 +2,7 @@
# Process this file with autoconf to produce a configure script.
AC_PREREQ(2.61)
AC_INIT([rsyslog],[8.24.0],[rsyslog@lists.adiscon.com])
AC_INIT([rsyslog],[8.25.0],[rsyslog@lists.adiscon.com])
# AIXPORT START: Detect the underlying OS
unamestr=$(uname)

323
contrib/mmdblookup/mmdblookup.c

@ -9,11 +9,11 @@
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
*
* http://www.apache.org/licenses/LICENSE-2.0
* -or-
* see COPYING.ASL20 in the source distribution
*
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@ -51,45 +51,53 @@ DEFobjCurrIf(errmsg);
DEF_OMOD_STATIC_DATA
/* config variables */
typedef struct _instanceData {
char *pszKey;
char *pszMmdbFile;
struct {
int nmemb;
uchar **name;
} fieldList;
char *pszKey;
char *pszMmdbFile;
struct {
int nmemb;
uchar **name;
} fieldList;
} instanceData;
typedef struct wrkrInstanceData {
instanceData *pData;
MMDB_s mmdb;
instanceData *pData;
MMDB_s mmdb;
} wrkrInstanceData_t;
struct modConfData_s {
rsconf_t *pConf; /* our overall config object */
/* our overall config object */
rsconf_t *pConf;
};
static modConfData_t *loadModConf = NULL;/* modConf ptr to use for the current load process */
static modConfData_t *runModConf = NULL;/* modConf ptr to use for the current exec process */
/* modConf ptr to use for the current load process */
static modConfData_t *loadModConf = NULL;
/* modConf ptr to use for the current exec process */
static modConfData_t *runModConf = NULL;
/* tables for interfacing with the v6 config system */
/* action (instance) parameters */
/* tables for interfacing with the v6 config system
* action (instance) parameters */
static struct cnfparamdescr actpdescr[] = {
{ "key", eCmdHdlrGetWord, 0 },
{ "mmdbfile", eCmdHdlrGetWord, 0 },
{ "fields", eCmdHdlrArray, 0 },
{ "key", eCmdHdlrGetWord, 0 },
{ "mmdbfile", eCmdHdlrGetWord, 0 },
{ "fields", eCmdHdlrArray, 0 },
};
static struct cnfparamblk actpblk = {
CNFPARAMBLK_VERSION,
sizeof(actpdescr)/sizeof(struct cnfparamdescr),
actpdescr
};
static struct cnfparamblk actpblk =
{ CNFPARAMBLK_VERSION,
sizeof(actpdescr)/sizeof(struct cnfparamdescr),
actpdescr
};
/* protype functions */
void str_split(char **membuf);
BEGINbeginCnfLoad
CODESTARTbeginCnfLoad
loadModConf = pModConf;
pModConf->pConf = pConf;
loadModConf = pModConf;
pModConf->pConf = pConf;
ENDbeginCnfLoad
BEGINendCnfLoad
@ -102,7 +110,7 @@ ENDcheckCnf
BEGINactivateCnf
CODESTARTactivateCnf
runModConf = pModConf;
runModConf = pModConf;
ENDactivateCnf
BEGINfreeCnf
@ -116,15 +124,15 @@ ENDcreateInstance
BEGINcreateWrkrInstance
CODESTARTcreateWrkrInstance
int status = MMDB_open(pData->pszMmdbFile, MMDB_MODE_MMAP, &pWrkrData->mmdb);
if(MMDB_SUCCESS != status) {
dbgprintf("Can't open %s - %s\n", pData->pszMmdbFile, MMDB_strerror(status));
if(MMDB_IO_ERROR == status) {
dbgprintf(" IO error: %s\n", strerror(errno));
}
errmsg.LogError(0, RS_RET_SUSPENDED, "can not initialize maxminddb");
// ABORT_FINALIZE(RS_RET_SUSPENDED);
}
int status = MMDB_open(pData->pszMmdbFile, MMDB_MODE_MMAP, &pWrkrData->mmdb);
if (MMDB_SUCCESS != status) {
dbgprintf("Can't open %s - %s\n", pData->pszMmdbFile, MMDB_strerror(status));
if (MMDB_IO_ERROR == status) {
dbgprintf(" IO error: %s\n", strerror(errno));
}
errmsg.LogError(0, RS_RET_SUSPENDED, "can not initialize maxminddb");
/* ABORT_FINALIZE(RS_RET_SUSPENDED); */
}
ENDcreateWrkrInstance
@ -140,65 +148,64 @@ ENDfreeInstance
BEGINfreeWrkrInstance
CODESTARTfreeWrkrInstance
MMDB_close(&pWrkrData->mmdb);
MMDB_close(&pWrkrData->mmdb);
ENDfreeWrkrInstance
static inline void
setInstParamDefaults(instanceData *pData)
{
pData->pszKey = NULL;
pData->pszMmdbFile = NULL;
pData->fieldList.nmemb = 0;
pData->pszKey = NULL;
pData->pszMmdbFile = NULL;
pData->fieldList.nmemb = 0;
}
BEGINnewActInst
struct cnfparamvals *pvals;
int i;
struct cnfparamvals *pvals;
int i;
CODESTARTnewActInst
dbgprintf("newActInst (mmdblookup)\n");
if((pvals = nvlstGetParams(lst, &actpblk, NULL)) == NULL) {
ABORT_FINALIZE(RS_RET_MISSING_CNFPARAMS);
}
CODE_STD_STRING_REQUESTnewActInst(1)
CHKiRet(OMSRsetEntry(*ppOMSR, 0, NULL, OMSR_TPL_AS_MSG));
CHKiRet(createInstance(&pData));
setInstParamDefaults(pData);
for(i = 0 ; i < actpblk.nParams ; ++i) {
if(!pvals[i].bUsed)
continue;
if(!strcmp(actpblk.descr[i].name, "key")) {
pData->pszKey = es_str2cstr(pvals[i].val.d.estr, NULL);
continue;
}
if(!strcmp(actpblk.descr[i].name, "mmdbfile")) {
pData->pszMmdbFile = es_str2cstr(pvals[i].val.d.estr, NULL);
continue;
}
if(!strcmp(actpblk.descr[i].name, "fields")) {
pData->fieldList.nmemb = pvals[i].val.d.ar->nmemb;
CHKmalloc(pData->fieldList.name = malloc(sizeof(uchar*) * pData->fieldList.nmemb));
for(int j = 0 ; j < pvals[i].val.d.ar->nmemb ; ++j) {
pData->fieldList.name[j] = (uchar*)es_str2cstr(pvals[i].val.d.ar->arr[j], NULL);
}
}
dbgprintf("mmdblookup: program error, non-handled "
"param '%s'\n", actpblk.descr[i].name);
}
if(pData->pszKey == NULL) {
dbgprintf("mmdblookup: action requires a key");
ABORT_FINALIZE(RS_RET_MISSING_CNFPARAMS);
}
if(pData->pszMmdbFile == NULL) {
dbgprintf("mmdblookup: action requires a mmdbfile");
ABORT_FINALIZE(RS_RET_MISSING_CNFPARAMS);
}
dbgprintf("newActInst (mmdblookup)\n");
if ((pvals = nvlstGetParams(lst, &actpblk, NULL)) == NULL) {
ABORT_FINALIZE(RS_RET_MISSING_CNFPARAMS);
}
CODE_STD_STRING_REQUESTnewActInst(1)
CHKiRet(OMSRsetEntry(*ppOMSR, 0, NULL, OMSR_TPL_AS_MSG));
CHKiRet(createInstance(&pData));
setInstParamDefaults(pData);
for (i = 0; i < actpblk.nParams; ++i) {
if (!pvals[i].bUsed)
continue;
if (!strcmp(actpblk.descr[i].name, "key")) {
pData->pszKey = es_str2cstr(pvals[i].val.d.estr, NULL);
continue;
}
if (!strcmp(actpblk.descr[i].name, "mmdbfile")) {
pData->pszMmdbFile = es_str2cstr(pvals[i].val.d.estr, NULL);
continue;
}
if (!strcmp(actpblk.descr[i].name, "fields")) {
pData->fieldList.nmemb = pvals[i].val.d.ar->nmemb;
CHKmalloc(pData->fieldList.name = malloc(sizeof(uchar *) * pData->fieldList.nmemb));
for (int j = 0; j < pvals[i].val.d.ar->nmemb; ++j)
pData->fieldList.name[j] = (uchar*)es_str2cstr(pvals[i].val.d.ar->arr[j], NULL);
}
dbgprintf("mmdblookup: program error, non-handled"
" param '%s'\n", actpblk.descr[i].name);
}
if (pData->pszKey == NULL) {
dbgprintf("mmdblookup: action requires a key");
ABORT_FINALIZE(RS_RET_MISSING_CNFPARAMS);
}
if (pData->pszMmdbFile == NULL) {
dbgprintf("mmdblookup: action requires a mmdbfile");
ABORT_FINALIZE(RS_RET_MISSING_CNFPARAMS);
}
CODE_STD_FINALIZERnewActInst
cnfparamvalsDestruct(pvals, &actpblk);
cnfparamvalsDestruct(pvals, &actpblk);
ENDnewActInst
@ -210,90 +217,85 @@ ENDdbgPrintInstInfo
BEGINtryResume
CODESTARTtryResume
ENDtryResume
void str_split(char **membuf){
char *buf = *membuf;
char tempbuf[strlen(buf)] ;
memset(tempbuf, 0, strlen(buf)) ;
char tempbuf[strlen(buf)];
memset(tempbuf, 0, strlen(buf));
while(*buf++ != '\0'){
if (*buf == '\n' || *buf == '\t' || *buf == ' '){
while (*buf++ != '\0') {
if (*buf == '\n' || *buf == '\t' || *buf == ' ')
continue;
}
else {
if (*buf == '<'){
if (*buf == '<') {
char *p = strchr(buf, '>');
buf = buf + (int)(p - buf);
strcat(tempbuf, ",");
}
else if( *buf == '}'){
} else if (*buf == '}')
strcat(tempbuf, "},");
}
else{
else
strncat(tempbuf, buf, 1);
}
}
}
tempbuf[strlen(tempbuf) +1 ] = '\n';
tempbuf[strlen(tempbuf) + 1] = '\n';
memset(*membuf, 0, strlen(*membuf)) ;
memcpy(*membuf, tempbuf, strlen(tempbuf));
}
BEGINdoAction
msg_t *pMsg;
struct json_object *json = NULL;
struct json_object *keyjson = NULL;
char *pszValue;
instanceData *const pData = pWrkrData->pData;
BEGINdoAction_NoStrings
smsg_t **ppMsg = (smsg_t **) pMsgData;
smsg_t *pMsg = ppMsg[0];
struct json_object *json = NULL;
struct json_object *keyjson = NULL;
char *pszValue;
instanceData *const pData = pWrkrData->pData;
CODESTARTdoAction
pMsg = (msg_t*) ppString[0];
json = json_object_new_object();
json = json_object_new_object();
/* key is given, so get the property json */
msgPropDescr_t pProp;
msgPropDescrFill(&pProp, (uchar*)pData->pszKey, strlen(pData->pszKey));
rsRetVal localRet = msgGetJSONPropJSON(pMsg, &pProp, &keyjson);
msgPropDescrDestruct(&pProp);
if(localRet != RS_RET_OK) {
/* key not found in the message. nothing to do */
ABORT_FINALIZE(RS_RET_OK);
}
/* key found, so get the value */
pszValue = (char*)json_object_get_string(keyjson);
/* key is given, so get the property json */
msgPropDescr_t pProp;
msgPropDescrFill(&pProp, (uchar*)pData->pszKey, strlen(pData->pszKey));
rsRetVal localRet = msgGetJSONPropJSON(pMsg, &pProp, &keyjson);
msgPropDescrDestruct(&pProp);
if (localRet != RS_RET_OK) {
/* key not found in the message. nothing to do */
ABORT_FINALIZE(RS_RET_OK);
}
/* key found, so get the value */
pszValue = (char*)json_object_get_string(keyjson);
int gai_err, mmdb_err;
MMDB_lookup_result_s result = MMDB_lookup_string(&pWrkrData->mmdb, pszValue, &gai_err, &mmdb_err);
int gai_err, mmdb_err;
MMDB_lookup_result_s result = MMDB_lookup_string(&pWrkrData->mmdb, pszValue, &gai_err, &mmdb_err);
if(0 != gai_err) {
if (0 != gai_err) {
dbgprintf("Error from call to getaddrinfo for %s - %s\n", pszValue, gai_strerror(gai_err));
dbgprintf("aaaaa\n");
ABORT_FINALIZE(RS_RET_OK);
}
if(MMDB_SUCCESS != mmdb_err) {
}
if (MMDB_SUCCESS != mmdb_err) {
dbgprintf("Got an error from the maxminddb library: %s\n", MMDB_strerror(mmdb_err));
dbgprintf("bbbbb\n");
ABORT_FINALIZE(RS_RET_OK);
}
}
MMDB_entry_data_list_s *entry_data_list = NULL;
MMDB_entry_data_list_s *entry_data_list = NULL;
int status = MMDB_get_entry_data_list(&result.entry, &entry_data_list);
if (MMDB_SUCCESS != status){
if (MMDB_SUCCESS != status) {
dbgprintf("Got an error looking up the entry data - %s\n", MMDB_strerror(status));
ABORT_FINALIZE(RS_RET_OK);
}
FILE *memstream;
char *membuf;
size_t memlen;
size_t memlen;
char *membuf;
FILE *memstream;
memstream = open_memstream(&membuf, &memlen);
if (entry_data_list != NULL && memstream != NULL){
if (entry_data_list != NULL && memstream != NULL) {
MMDB_dump_entry_data_list(memstream, entry_data_list, 2);
fflush(memstream);
str_split(&membuf);
@ -301,71 +303,69 @@ CODESTARTdoAction
json_object *total_json = json_tokener_parse(membuf);
fclose(memstream);
if (pData->fieldList.nmemb < 1){
if (pData->fieldList.nmemb < 1) {
dbgprintf("fieldList.name is empty!...\n");
ABORT_FINALIZE(RS_RET_OK);
}
for (int i = 0 ; i < pData->fieldList.nmemb ; ++i){
for (int i = 0 ; i < pData->fieldList.nmemb; ++i) {
char buf[(strlen((char *)(pData->fieldList.name[i])))+1];
memset(buf, 0, sizeof(buf));
strcpy(buf, (char *)pData->fieldList.name[i]);
struct json_object *json1[5] = {NULL};
json_object *temp_json = total_json;
json_object *sub_obj = temp_json;
int j = 0;
char *path[10] = {NULL};
char *sep = "!";
char *path[10] = {NULL};
const char *sep = "!";
char *s = strtok(buf, sep);
for (; s != NULL; j++){
for (; s != NULL; j++) {
path[j] = s;
s = strtok(NULL, sep);
json_object *sub_obj = json_object_object_get(temp_json, path[j]);
json_object_object_get_ex(temp_json, path[j], &sub_obj);
temp_json = sub_obj;
}
j--;
for (;j >= 0 ;j--){
if (j > 0){
json1[j] = json_object_new_object();
for (;j >= 0 ;j--) {
if (j > 0) {
json1[j] = json_object_new_object();
json_object_object_add(json1[j], path[j], temp_json);
temp_json = json1[j];
}
else {
} else
json_object_object_add(json, path[j], temp_json);
}
}
}
finalize_it:
if(json) {
msgAddJSON(pMsg, (uchar *)JSON_IPLOOKUP_NAME, json, 0, 0);
}
if (json)
msgAddJSON(pMsg, (uchar *)JSON_IPLOOKUP_NAME, json, 0, 0);
ENDdoAction
BEGINparseSelectorAct
CODESTARTparseSelectorAct
CODE_STD_STRING_REQUESTparseSelectorAct(1)
if(strncmp((char*) p, ":mmdblookup:", sizeof(":mmdblookup:") - 1)) {
errmsg.LogError(0, RS_RET_LEGA_ACT_NOT_SUPPORTED,
"mmdblookup supports only v6+ config format, use: "
"action(type=\"mmdblookup\" ...)");
}
ABORT_FINALIZE(RS_RET_CONFLINE_UNPROCESSED);
if (strncmp((char*) p, ":mmdblookup:", sizeof(":mmdblookup:") - 1)) {
errmsg.LogError(0, RS_RET_LEGA_ACT_NOT_SUPPORTED,
"mmdblookup supports only v6+ config format, use: "
"action(type=\"mmdblookup\" ...)");
}
ABORT_FINALIZE(RS_RET_CONFLINE_UNPROCESSED);
CODE_STD_FINALIZERparseSelectorAct
ENDparseSelectorAct
BEGINmodExit
CODESTARTmodExit
objRelease(errmsg, CORE_COMPONENT);
objRelease(errmsg, CORE_COMPONENT);
ENDmodExit
@ -378,12 +378,11 @@ CODEqueryEtryPt_STD_CONF2_QUERIES
ENDqueryEtryPt
BEGINmodInit()
CODESTARTmodInit
*ipIFVersProvided = CURR_MOD_IF_VERSION; /* we only support the current interface specification */
/* we only support the current interface specification */
*ipIFVersProvided = CURR_MOD_IF_VERSION;
CODEmodInit_QueryRegCFSLineHdlr
dbgprintf("mmdblookup: module compiled with rsyslog version %s.\n", VERSION);
CHKiRet(objUse(errmsg, CORE_COMPONENT));
dbgprintf("mmdblookup: module compiled with rsyslog version %s.\n", VERSION);
CHKiRet(objUse(errmsg, CORE_COMPONENT));
ENDmodInit

3
contrib/omamqp1/omamqp1.c

@ -611,7 +611,8 @@ static void dispatcher(pn_handler_t *handler, pn_event_t *event, pn_event_type_t
break;
case PN_RELEASED:
case PN_MODIFIED:
// the message bus cannot accept the message. This may be temporary - retry up to maxRetries before dropping
// the message bus cannot accept the message. This may be temporary - retry
// up to maxRetries before dropping
if (++ps->retries >= cfg->maxRetries) {
dbgprintf("omamqp1: message bus failed to accept message - dropping\n");
result = RS_RET_OK;

6
contrib/omhttpfs/omhttpfs.c

@ -80,7 +80,8 @@ module(load="omhttpfs")
template(name="hdfs_tmp_file" type="string" string="/tmp/%$YEAR%/test.log")
template(name="hdfs_tmp_filecontent" type="string" string="%$YEAR%-%$MONTH%-%$DAY% %MSG% ==\n")
local4.* action(type="omhttpfs" host="10.1.1.161" port="14000" https="off" file="hdfs_tmp_file" isDynFile="on")
local5.* action(type="omhttpfs" host="10.1.1.161" port="14000" https="off" file="hdfs_tmp_file" isDynFile="on" template="hdfs_tmp_filecontent")
local5.* action(type="omhttpfs" host="10.1.1.161" port="14000" https="off" file="hdfs_tmp_file" isDynFile="on"
template="hdfs_tmp_filecontent")
*/
@ -474,7 +475,8 @@ HTTPFS_CURL_VARS_INIT
httpfs_curl_set_put(pWrkrData->curl);
/*
overwrite - if a file with this name already exists, then if true, the file will be overwritten, and if false an error will be thrown.
overwrite - if a file with this name already exists, then if true, the file will be overwritten, and if
false an error will be thrown.
bufferSize - the size of the buffer to be used.
replication - required block replication for the file.
*/

6
contrib/omrabbitmq/omrabbitmq.c

@ -227,7 +227,8 @@ initRabbitMQ(instanceData *pData)
ABORT_FINALIZE(RS_RET_SUSPENDED);
}
if (die_on_amqp_error(amqp_login(pData->conn, (char*) pData->vhost, 0, 131072, 0, AMQP_SASL_METHOD_PLAIN, pData->user, pData->password),
if (die_on_amqp_error(amqp_login(pData->conn, (char*) pData->vhost, 0, 131072, 0, AMQP_SASL_METHOD_PLAIN,
pData->user, pData->password),
"Logging in")) {
pData->conn = NULL;
ABORT_FINALIZE(RS_RET_SUSPENDED);
@ -250,7 +251,8 @@ initRabbitMQ(instanceData *pData)
edReq.nowait = 0;
edReq.arguments = amqp_empty_table;
amqp_simple_rpc_decoded(pData->conn, RABBITMQ_CHANNEL, AMQP_EXCHANGE_DECLARE_METHOD, AMQP_EXCHANGE_DECLARE_OK_METHOD, &edReq);
amqp_simple_rpc_decoded(pData->conn, RABBITMQ_CHANNEL, AMQP_EXCHANGE_DECLARE_METHOD,
AMQP_EXCHANGE_DECLARE_OK_METHOD, &edReq);
if(die_on_amqp_error(amqp_get_rpc_reply(pData->conn), "Declaring exchange")) {
pData->conn = NULL;
ABORT_FINALIZE(RS_RET_SUSPENDED);

3
contrib/omzmq3/omzmq3.c

@ -490,5 +490,6 @@ CODEmodInit_QueryRegCFSLineHdlr
DBGPRINTF("omzmq3: module compiled with rsyslog version %s.\n", VERSION);
INITLegCnfVars
CHKiRet(omsdRegCFSLineHdlr((uchar *)"omzmq3workerthreads", 0, eCmdHdlrInt, NULL, &s_workerThreads, STD_LOADABLE_MODULE_ID));
CHKiRet(omsdRegCFSLineHdlr((uchar *)"omzmq3workerthreads", 0, eCmdHdlrInt, NULL, &s_workerThreads,
STD_LOADABLE_MODULE_ID));
ENDmodInit

15
contrib/pmaixforwardedfrom/pmaixforwardedfrom.c

@ -2,7 +2,8 @@
*
* this cleans up messages forwarded from AIX
*
* instead of actually parsing the message, this modifies the message and then falls through to allow a later parser to handle the now modified message
* instead of actually parsing the message, this modifies the message and then falls through to allow a
* later parser to handle the now modified message
*
* created 2010-12-13 by David Lang based on pmlastmsg
*
@ -75,7 +76,8 @@ CODESTARTparse
dbgprintf("Message will now be parsed by fix AIX Forwarded From parser.\n");
assert(pMsg != NULL);
assert(pMsg->pszRawMsg != NULL);
lenMsg = pMsg->iLenRawMsg - pMsg->offAfterPRI; /* note: offAfterPRI is already the number of PRI chars (do not add one!) */
lenMsg = pMsg->iLenRawMsg - pMsg->offAfterPRI;
/* note: offAfterPRI is already the number of PRI chars (do not add one!) */
p2parse = pMsg->pszRawMsg + pMsg->offAfterPRI; /* point to start of text, after PRI */
/* check if this message is of the type we handle in this (very limited) parser */
@ -105,14 +107,16 @@ CODESTARTparse
DBGPRINTF("not a AIX message forwarded from mangled log!\n");
ABORT_FINALIZE(RS_RET_COULD_NOT_PARSE);
}
/* bump the message portion up by skipLen(23 or 5) characters to overwrite the "Message forwarded from " or "From " with the hostname */
/* bump the message portion up by skipLen(23 or 5) characters to overwrite the "Message forwarded from
" or "From " with the hostname */
lenMsg -=skipLen;
memmove(p2parse, p2parse + skipLen, lenMsg);
*(p2parse + lenMsg) = '\n';
*(p2parse + lenMsg + 1) = '\0';
pMsg->iLenRawMsg -=skipLen;
pMsg->iLenMSG -=skipLen;
/* now look for the : after the hostname to walk past the hostname, also watch for a space in case this isn't really an AIX log, but has a similar preamble */
/* now look for the : after the hostname to walk past the hostname, also watch for a space in case this isn't
really an AIX log, but has a similar preamble */
while(lenMsg && *p2parse != ' ' && *p2parse != ':') {
--lenMsg;
++p2parse;
@ -163,7 +167,8 @@ CODEmodInit_QueryRegCFSLineHdlr
CHKiRet(objUse(datetime, CORE_COMPONENT));
DBGPRINTF("aixforwardedfrom parser init called, compiled with version %s\n", VERSION);
bParseHOSTNAMEandTAG = glbl.GetParseHOSTNAMEandTAG(); /* cache value, is set only during rsyslogd option processing */
bParseHOSTNAMEandTAG = glbl.GetParseHOSTNAMEandTAG();
/* cache value, is set only during rsyslogd option processing */
ENDmodInit

21
contrib/pmcisconames/pmcisconames.c

@ -1,8 +1,10 @@
/* pmcisconames.c
*
* this detects logs sent by Cisco devices that mangle their syslog output when you tell them to log by name by adding ' :' between the name and the %XXX-X-XXXXXXX: tag
* this detects logs sent by Cisco devices that mangle their syslog output when you tell them to log by name
* by adding ' :' between the name and the %XXX-X-XXXXXXX: tag
*
* instead of actually parsing the message, this modifies the message and then falls through to allow a later parser to handle the now modified message
* instead of actually parsing the message, this modifies the message and then falls through to allow a later
* parser to handle the now modified message
*
* created 2010-12-13 by David Lang based on pmlastmsg
*
@ -73,7 +75,8 @@ CODESTARTparse
dbgprintf("Message will now be parsed by fix Cisco Names parser.\n");
assert(pMsg != NULL);
assert(pMsg->pszRawMsg != NULL);
lenMsg = pMsg->iLenRawMsg - pMsg->offAfterPRI; /* note: offAfterPRI is already the number of PRI chars (do not add one!) */
lenMsg = pMsg->iLenRawMsg - pMsg->offAfterPRI;
/* note: offAfterPRI is already the number of PRI chars (do not add one!) */
p2parse = pMsg->pszRawMsg + pMsg->offAfterPRI; /* point to start of text, after PRI */
/* check if this message is of the type we handle in this (very limited) parser */
@ -94,13 +97,15 @@ CODESTARTparse
this allows the compiler to short circuit the rst of the tests if it is the wrong timestamp
but still check the rest to see if it looks correct
*/
if ( *(p2parse + 9) == ':' && *(p2parse + 12) == ':' && *(p2parse + 3) == ' ' && *(p2parse + 6) == ' ' && *(p2parse + 15) == ' ') {
if ( *(p2parse + 9) == ':' && *(p2parse + 12) == ':' && *(p2parse + 3) == ' ' && *(p2parse + 6) == ' '
&& *(p2parse + 15) == ' ') {
/* skip over timestamp */
dbgprintf("short timestamp found\n");
lenMsg -=16;
p2parse +=16;
} else {
if ( *(p2parse + 14) == ':' && *(p2parse + 17) == ':' && *(p2parse + 3) == ' ' && *(p2parse + 6) == ' ' && *(p2parse + 11) == ' ' && *(p2parse + 20) == ' ') {
if ( *(p2parse + 14) == ':' && *(p2parse + 17) == ':' && *(p2parse + 3) == ' '
&& *(p2parse + 6) == ' ' && *(p2parse + 11) == ' ' && *(p2parse + 20) == ' ') {
/* skip over timestamp */
dbgprintf("long timestamp found\n");
lenMsg -=21;
@ -118,7 +123,8 @@ CODESTARTparse
/* skip the space after the hostname */
lenMsg -=1;
p2parse +=1;
/* if the syslog tag is : and the next thing starts with a % assume that this is a mangled cisco log and fix it */
/* if the syslog tag is : and the next thing starts with a % assume that this is a mangled cisco
log and fix it */
if(strncasecmp((char*) p2parse, OpeningText, sizeof(OpeningText)-1) != 0) {
/* wrong opening text */
DBGPRINTF("not a cisco name mangled log!\n");
@ -166,7 +172,8 @@ CODEmodInit_QueryRegCFSLineHdlr
CHKiRet(objUse(datetime, CORE_COMPONENT));
DBGPRINTF("cisconames parser init called, compiled with version %s\n", VERSION);
bParseHOSTNAMEandTAG = glbl.GetParseHOSTNAMEandTAG(); /* cache value, is set only during rsyslogd option processing */
bParseHOSTNAMEandTAG = glbl.GetParseHOSTNAMEandTAG();
/* cache value, is set only during rsyslogd option processing */
ENDmodInit

6
contrib/pmpanngfw/pmpanngfw.c

@ -104,7 +104,8 @@ CODESTARTparse
assert(pMsg != NULL);
assert(pMsg->pszRawMsg != NULL);
lenMsg = pMsg->iLenRawMsg - pMsg->offAfterPRI; /* note: offAfterPRI is already the number of PRI chars (do not add one!) */
lenMsg = pMsg->iLenRawMsg - pMsg->offAfterPRI;
/* note: offAfterPRI is already the number of PRI chars (do not add one!) */
p2parse = pMsg->pszRawMsg + pMsg->offAfterPRI; /* point to start of text, after PRI */
msgend = p2parse+lenMsg;
@ -288,7 +289,8 @@ CODEmodInit_QueryRegCFSLineHdlr
CHKiRet(objUse(datetime, CORE_COMPONENT));
DBGPRINTF("panngfw parser init called, compiled with version %s\n", VERSION);
bParseHOSTNAMEandTAG = glbl.GetParseHOSTNAMEandTAG(); /* cache value, is set only during rsyslogd option processing */
bParseHOSTNAMEandTAG = glbl.GetParseHOSTNAMEandTAG();
/* cache value, is set only during rsyslogd option processing */
ENDmodInit

21
contrib/pmsnare/pmsnare.c

@ -109,7 +109,8 @@ CODESTARTparse
*/
snaremessage=0;
lenMsg = pMsg->iLenRawMsg - pMsg->offAfterPRI; /* note: offAfterPRI is already the number of PRI chars (do not add one!) */
lenMsg = pMsg->iLenRawMsg - pMsg->offAfterPRI;
/* note: offAfterPRI is already the number of PRI chars (do not add one!) */
p2parse = pMsg->pszRawMsg + pMsg->offAfterPRI; /* point to start of text, after PRI */
dbgprintf("pmsnare: msg to look at: [%d]'%s'\n", lenMsg, p2parse);
if((unsigned) lenMsg < 30) {
@ -122,8 +123,10 @@ CODESTARTparse
--lenMsg;
++p2parse;
}
dbgprintf("pmsnare: separator [%d]'%s' msg after the first separator: [%d]'%s'\n", tablength,TabRepresentation,lenMsg, p2parse);
if ((lenMsg > tablength) && (*p2parse == '\t' || strncasecmp((char*) p2parse, TabRepresentation , tablength-1) == 0)) {
dbgprintf("pmsnare: separator [%d]'%s' msg after the first separator: [%d]'%s'\n", tablength,
TabRepresentation,lenMsg, p2parse);
if ((lenMsg > tablength) && (*p2parse == '\t' || strncasecmp((char*) p2parse, TabRepresentation ,
tablength-1) == 0)) {
//if ((lenMsg > tablength) && (*p2parse == '\t' || *p2parse == '#')) {
dbgprintf("pmsnare: tab separated message\n");
if(strncasecmp((char*) (p2parse + tablength - 1), "MSWinEventLog", 13) == 0) {
@ -133,7 +136,8 @@ CODESTARTparse
snaremessage=11; /* 0 means not a snare message, a number is how long the tag is */
}
if(snaremessage) {
/* replace the tab with a space and if needed move the message portion up by the length of TabRepresentation -2 characters to overwrite the extra : */
/* replace the tab with a space and if needed move the message portion up by the length of
TabRepresentation -2 characters to overwrite the extra : */
*p2parse = ' ';
lenMsg -=(tablength-2);
p2parse++;
@ -158,7 +162,8 @@ CODESTARTparse
}
} else {
/* go back to the beginning of the message */
lenMsg = pMsg->iLenRawMsg - pMsg->offAfterPRI; /* note: offAfterPRI is already the number of PRI chars (do not add one!) */
lenMsg = pMsg->iLenRawMsg - pMsg->offAfterPRI;
/* note: offAfterPRI is already the number of PRI chars (do not add one!) */
p2parse = pMsg->pszRawMsg + pMsg->offAfterPRI; /* point to start of text, after PRI */
/* skip over timestamp and space*/
lenMsg -=17;
@ -172,7 +177,8 @@ CODESTARTparse
--lenMsg;
++p2parse;
}
dbgprintf("pmsnare: separator [%d]'%s' msg after the timestamp and hostname: [%d]'%s'\n", tablength,TabRepresentation,lenMsg, p2parse);
dbgprintf("pmsnare: separator [%d]'%s' msg after the timestamp and hostname: [%d]'%s'\n", tablength,
TabRepresentation,lenMsg, p2parse);
if(lenMsg > 13 && strncasecmp((char*) p2parse, "MSWinEventLog", 13) == 0) {
snaremessage=13; /* 0 means not a snare message, a number is how long the tag is */
}
@ -229,7 +235,8 @@ CODEmodInit_QueryRegCFSLineHdlr
CHKiRet(objUse(datetime, CORE_COMPONENT));
DBGPRINTF("snare parser init called, compiled with version %s\n", VERSION);
bParseHOSTNAMEandTAG = glbl.GetParseHOSTNAMEandTAG(); /* cache value, is set only during rsyslogd option processing */
bParseHOSTNAMEandTAG = glbl.GetParseHOSTNAMEandTAG();
/* cache value, is set only during rsyslogd option processing */
ENDmodInit

4
dirty.h

@ -32,7 +32,9 @@ rsRetVal submitMsg2(smsg_t *pMsg);
rsRetVal __attribute__((deprecated)) submitMsg(smsg_t *pMsg);
rsRetVal multiSubmitFlush(multi_submit_t *pMultiSub);
rsRetVal logmsgInternal(const int iErr, const syslog_pri_t pri, const uchar *const msg, int flags);
rsRetVal __attribute__((deprecated)) parseAndSubmitMessage(uchar *hname, uchar *hnameIP, uchar *msg, int len, int flags, flowControl_t flowCtlTypeu, prop_t *pInputName, struct syslogTime *stTime, time_t ttGenTime, ruleset_t *pRuleset);
rsRetVal __attribute__((deprecated)) parseAndSubmitMessage(uchar *hname, uchar *hnameIP, uchar *msg, int len,
int flags, flowControl_t flowCtlTypeu, prop_t *pInputName, struct syslogTime *stTime, time_t ttGenTime,
ruleset_t *pRuleset);
rsRetVal createMainQueue(qqueue_t **ppQueue, uchar *pszQueueName, struct nvlst *lst);
rsRetVal startMainQueue(qqueue_t *pQueue);

201
grammar/rainerscript.c

@ -1276,6 +1276,13 @@ str2num(es_str_t *s, int *bSuccess)
int64_t num = 0;
const uchar *const c = es_getBufAddr(s);
if(s->lenStr == 0) {
DBGPRINTF("rainerscript: str2num: strlen == 0; invalid input (no string)\n");
if(bSuccess != NULL) {
*bSuccess = 0;
}
goto done;
}
if(c[0] == '-') {
neg = -1;
i = -1;
@ -1290,6 +1297,7 @@ str2num(es_str_t *s, int *bSuccess)
num *= neg;
if(bSuccess != NULL)
*bSuccess = (i == s->lenStr) ? 1 : 0;
done:
return num;
}
@ -1606,7 +1614,8 @@ doFunc_exec_template(struct cnffunc *__restrict__ const func,
}
static es_str_t*
doFuncReplace(struct svar *__restrict__ const operandVal, struct svar *__restrict__ const findVal, struct svar *__restrict__ const replaceWithVal) {
doFuncReplace(struct svar *__restrict__ const operandVal, struct svar *__restrict__ const findVal,
struct svar *__restrict__ const replaceWithVal) {
int freeOperand, freeFind, freeReplacement;
es_str_t *str = var2String(operandVal, &freeOperand);
es_str_t *findStr = var2String(findVal, &freeFind);
@ -1663,7 +1672,8 @@ doFuncReplace(struct svar *__restrict__ const operandVal, struct svar *__restric
}
static es_str_t*
doFuncWrap(struct svar *__restrict__ const sourceVal, struct svar *__restrict__ const wrapperVal, struct svar *__restrict__ const escaperVal) {
doFuncWrap(struct svar *__restrict__ const sourceVal, struct svar *__restrict__ const wrapperVal,
struct svar *__restrict__ const escaperVal) {
int freeSource, freeWrapper;
es_str_t *sourceStr;
if (escaperVal) {
@ -1704,12 +1714,120 @@ doRandomGen(struct svar *__restrict__ const sourceVal) {
long int x = randomNumber();
if (max > MAX_RANDOM_NUMBER) {
DBGPRINTF("rainerscript: desired random-number range [0 - %lld] "
"is wider than supported limit of [0 - %d)",
"is wider than supported limit of [0 - %d)\n",
max, MAX_RANDOM_NUMBER);
}
return x % max;
}
static long long
ipv42num(char *str)
{
unsigned num[4] = {0, 0, 0, 0};
long long value = -1;
size_t len = strlen(str);
int cyc = 0;
int prevdot = 0;
int startblank = 0;
int endblank = 0;
DBGPRINTF("rainerscript: (ipv42num) arg: '%s'\n", str);
for(unsigned int i = 0 ; i < len ; i++) {
switch(str[i]){
case '0':
case '1':
case '2':
case '3':
case '4':
case '5':
case '6':
case '7':
case '8':
case '9':
if(endblank == 1){
DBGPRINTF("rainerscript: (ipv42num) error: wrong IP-Address format (invalid space(1))\n");
goto done;
}
prevdot = 0;
startblank = 0;
DBGPRINTF("rainerscript: (ipv42num) cycle: %d\n", cyc);
num[cyc] = num[cyc]*10+(str[i]-'0');
break;
case ' ':
prevdot = 0;
if(i == 0 || startblank == 1){
startblank = 1;
break;
}
else{
endblank = 1;
break;
}
case '.':
if(endblank == 1){
DBGPRINTF("rainerscript: (ipv42num) error: wrong IP-Address format (inalid space(2))\n");
goto done;
}
startblank = 0;
if(prevdot == 1){
DBGPRINTF("rainerscript: (ipv42num) error: wrong IP-Address format (two dots after one another)\n");
goto done;
}
prevdot = 1;
cyc++;
if(cyc > 3){
DBGPRINTF("rainerscript: (ipv42num) error: wrong IP-Address format (too many dots)\n");
goto done;
}
break;
default:
DBGPRINTF("rainerscript: (ipv42num) error: wrong IP-Address format (invalid charakter)\n");
goto done;
}
}
if(cyc != 3){
DBGPRINTF("rainerscript: (ipv42num) error: wrong IP-Address format (wrong number of dots)\n");
goto done;
}
value = num[0]*256*256*256+num[1]*256*256+num[2]*256+num[3];
done:
DBGPRINTF("rainerscript: (ipv42num): return value:'%lld'\n",value);
return(value);
}
static es_str_t*
num2ipv4(struct svar *__restrict__ const sourceVal) {
int success = 0;
int numip[4];
char str[16];
size_t len;
es_str_t *estr;
long long num = var2Number(sourceVal, &success);
DBGPRINTF("rainrescript: (num2ipv4) var2Number output: '%lld\n'", num);
if (! success) {
DBGPRINTF("rainerscript: (num2ipv4) couldn't access number\n");
len = snprintf(str, 16, "-1");
goto done;
}
if(num < 0 || num > 4294967295) {
DBGPRINTF("rainerscript: (num2ipv4) invalid number(too big/negative); does not represent IPv4 address\n");
len = snprintf(str, 16, "-1");
goto done;
}
for(int i = 0 ; i < 4 ; i++){
numip[i] = num % 256;
num = num / 256;
}
DBGPRINTF("rainerscript: (num2ipv4) Numbers: 1:'%d' 2:'%d' 3:'%d' 4:'%d'\n", numip[0], numip[1], numip[2], numip[3]);
len = snprintf(str, 16, "%d.%d.%d.%d", numip[3], numip[2], numip[1], numip[0]);
done:
DBGPRINTF("rainerscript: (num2ipv4) ipv4-Address: %s, lengh: %zu\n", str, len);
estr = es_newStrFromCStr(str, len);
return(estr);
}
/* Perform a function call. This has been moved out of cnfExprEval in order
* to keep the code small and easier to maintain.
*/
@ -1775,6 +1893,12 @@ doFuncCall(struct cnffunc *__restrict__ const func, struct svar *__restrict__ co
ret->datatype = 'N';
varFreeMembers(&r[0]);
break;
case CNFFUNC_NUM2IPV4:
cnfexprEval(func->expr[0], &r[0], usrptr);
ret->d.estr = num2ipv4(&r[0]);
ret->datatype = 'S';
varFreeMembers(&r[0]);
break;
case CNFFUNC_GETENV:
/* note: the optimizer shall have replaced calls to getenv()
* with a constant argument to a single string (once obtained via
@ -1814,6 +1938,15 @@ doFuncCall(struct cnffunc *__restrict__ const func, struct svar *__restrict__ co
ret->d.estr = estr;
varFreeMembers(&r[0]);
break;
case CNFFUNC_IPV42NUM:
cnfexprEval(func->expr[0], &r[0], usrptr);
str = (char*)var2CString(&r[0], &bMustFree);
ret->datatype = 'N';
ret->d.n = ipv42num(str);
varFreeMembers(&r[0]);