"make test_logger" now compiles logger(1) test program
to overwrite system datetime stuff, hostname and PID, for example:
export TZ=GMT
export LOGGER_TEST_TIMEOFDAY=1234567890.123456
export LOGGER_TEST_HOSTNAME=foo
export LOGGER_TEST_GETPID=123
./test_logger --rfc5424 --no-act --stderr -i --tag MyTag mesg
<13>1 2009-02-13T23:31:30.123456+00:00 foo MyTag 123 - [timeQuality tzKnown="1" isSynced="0"] mesg
if the LOGGER_TEST_* variables are not specified then default to
standard logger(1) behavior.
Note that it would be possible to use for example "unshare --utc" to
make hostname stable and portable, but LOGGER_TEST_* variables allow
to keep the tests less complex.
Signed-off-by: Karel Zak <kzak@redhat.com>
* force --journal mode to also output to stderr when the option
--stderr specified on command line
* add --no-act to avoid all write() operations to make it possible to
write tests without "spam" system logs
Signed-off-by: Karel Zak <kzak@redhat.com>
It seems that musl libc and uClibc without UCLIBC_NTP_LEGACY
does not provide ntp_gettime and compile will fail.
References: https://github.com/karelzak/util-linux/issues/174
Signed-off-by: Karel Zak <kzak@redhat.com>
Empty log messages are generally considered useless. This option
enables to turn them off when processing files (including stdin).
[kzak@redhat.com: - rename --skip-empty-lines to --skip-empty,
- add the option to getopt_long(),
- add the option to bash-completion]
Signed-off-by: Karel Zak <kzak@redhat.com>
There were no apparent sanity checks other than applying the logmask
when reading PRI values from files. As such, invalid PRIs (tested with
values 192, 210, and 2100) are accepted. This in turn can trigger
problems in various receivers, especially older versions. See here
for details:
http://www.rsyslog.com/remote-syslog-pri-vulnerability-cve-2014-3683/
Note that 2100 was changed to 52 as described in above link.
This patch refactors PRI processing. Invalid PRIs are detected and in
this case the message is sent with the default priority, with the
invalid pri being part of the message to be sent. This is along the
line of what 2.26 did when it detected the PRI was invalid.
The refactoring now also enables pricese tracking of syslog header
length in all cases, so --size is now strictly obeyed.
[kzak@redhat.com: - fix compiler warning [-Wunused-variable]]
Signed-off-by: Karel Zak <kzak@redhat.com>
Previously, the message format was generated in one big step. Now
this is refactored to generate the header independently. This not
only provides a better isolation of functionality, but enables
to calculate the size of the header *before* generating the user
part of the message. That in turn is needed in order to precisely
enforce the message size limit. This is especially important while
processing files, as here parts of the message may be lost if the
receiver truncates the message. The file reader itself tries to
guard against this by reading only the permitted number of bytes,
but without knowing the header size, it would mis-guess here.
Note that when --prio-prefix is given, we still do not know exactly
the header length, because the PRI value is between 1 and 3 bytes.
Unfortunately, we do not know the actual size before reading. With
the current (simple) approach, we need to read the full line before
getting the PRI, so this is a hen-egg problem. To solve this, a
more complex reader would be required. It is questionable if this
is necessary for a tool like logger. So currently, we still have a
2-byte window of uncertainty if --prio-prefix is given.
[kzak@redhat.com: - fix compiler warnings [-Wunused-but-set-variable]]
Signed-off-by: Karel Zak <kzak@redhat.com>
This is an important capability that has been specified in RFC5424.
However, messages larger than 1024 chars are being accepted for years
now by at least rsyslog and syslog-ng.
This patch adds the option --size to permit setting a new max
size, with 1024 being the default.
Note that the size limit is only approximative, as we do not take the
header size in account (RFC talks about total message length).
[[kzak@redhat.com: - add 'S' to getopt_long(),
- rename --message-size to --size
- add the option to bash-completion]
Signed-off-by: Karel Zak <kzak@redhat.com>
* 'logger-fix-tcp-framing' of https://github.com/rgerhards/util-linux:
logger: bugfix: tcp syslog framing is broken, -T unusable
logger: refactor the way output is written
Logger can send via plain tcp syslog if -n -T options are given.
However, the framing is broken so that a syslog receiver can not
know where the first message ends and the next one starts. It
actually looks like no framing at all is used. Plain TCP syslog
framing is described in RFC6587.
This patch adds RFC6587 octet-stuffed framing to TCP syslog. For
local logging, this is always fine, for remote logging this is
NOT recommended by the IETF (the RFC is historic). However, a
full blown RFC5425 TLS sender seems to be out of scope for a tool
like logger IMO.
This patch also refactors the way output is written, seperating
the message format generators from the output writer.
Previously, output was written in exactly the same way in three
different places. This is now combined into a single function. This
hopefully makes it easier to adapt to changing output needs.
* 'logger-kernel-regression' of https://github.com/rgerhards/util-linux:
logger: fix -p kern.* priority is accepted regression
logger: messages are logged with kern.* priority by default
misc-utils/logger.c: In function ‘syslog_rfc3164’:
misc-utils/logger.c:336:9: warning: unused variable ‘now’ [-Wunused-variable]
Signed-off-by: Karel Zak <kzak@redhat.com>
The default should be user.notice and kern.* should never be used
(syslog(3) forbids this).
This is a severe regression, as messages are now logged to the wrong
bin or not at all. So they get lost and may confuse readers of the
kernel bin.
regression from 2.25.2 to 2.26
Since 1d57503378 logger no longer uses
the syslog(3) call. The way the local timestamp is generated did not
match the syslog(3) format. Most importantly, the month name is
formatted based on the user's local. For example:
$ ./logger --stderr test with logger 2.26.39-eb651-dirty
<5>Mär 5 14:17:47 logger: test with logger 2.26.39-eb651-dirty
"Mär" like in German "März" for "March".
previously:
$ logger --stderr test with logger 2.25.2
rger: test with logger 2.25.2
In the system log file, this results to the following:
Mar 5 14:17:47 host Mär 5 14:17:47 logger: test with logger 2.26.39-eb651-dirty
Mar 5 14:18:01 host rger: test with logger 2.25.2
This local naming is invalid as of RFC3164. One may argue that
the local log socket traditionally does not have RFC3164 format,
but the timestamp always was as defined in RFC3164 (and along
the lines of the ctime() call). Anything else would also be impractical,
as a syslog parser would otherwise need to know about all
potential locale-specific representations of month names.
This patch corrects the problem and also refactors the timestamp
handling a bit. The same timestamp is needed in local and rfc3164
processing, so there now is a new function to create that stamp.
The message format when writing to local sockets is inconsistent. Example:
$ ./logger --stderr test
<5>Mär 4 11:03:30 logger: test
$ ./logger -u /dev/log --stderr test
<5>1 2015-03-04T11:03:31.699841+0100 ubuntu1404esp rger - [timeQuality tzKnown="1" isSynced="1" syncAccuracy="29000"] test
The regression was introduced with 4de2e8a038
As far as the commit comments and man page indicates, this was meant to affect
remote system logging only, but it also affects local logging when the -u
option is given.
This causes problems with receivers who do not expect full-blown RFC format
on the log socket, like rsyslog. In consequence, this can also affect
log analysis programs and invalidate some of their results.
The patch corrects the behaviour so that the same old-style format is used for
any type of local logging. New-style can always be selected by command line-options.
RFC5424 is still the default for remote logging, as intended in the orignal
commit.
Result with the patch:
$ ./logger --stderr test
<5>Mär 4 11:15:35 logger: test
$ ./logger -u /dev/log --stderr test
<5>Mär 4 11:15:40 logger: test
$ ./logger -u /dev/log --rfc5424 --stderr test
<5>1 2015-03-04T11:21:28.796170+0100 ubuntu1404esp rger - [timeQuality tzKnown="1" isSynced="1" syncAccuracy="27500"] test
With earlier logger it's possible to combine the option -i with other
options, such as -s. But currently:
$:~> logger -is
logger: failed to parse id: 's'
The changed behaviour breaks existing scripts like dhcpcd-run-hooks from
dhcpcd.
Broken-since: aab5b44405
Reference: http://comments.gmane.org/gmane.linux.utilities.util-linux-ng/9683
Reported-by: Juergen Daubert <jue@jue.li>
Reviewed-by: Benno Schulenberg <bensberg@justemail.net>
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
The timestamp is written as
2015-03-04T15:02:02.566782+0100
unfortunately, this is not an RFC3339 timestamp as demanded by rfc5424.
The colon in the time offset field is missing. The correct timestamp is
2015-03-04T15:02:02.566782+01:00
(Note "+0100" vs. "+01:00")
Hello,
Depending viewpoint this change is either regression fix, or
re-regression in context of none-systemd init. I ack the change is sent
very late to be part of v2.26, but then again the excess noise was found
only because of -rc1 was tested in sysvinit environment. IMHO it would
contradict purpose of having rc's if faults will not lead to fixes.
I also want to point out the sysvinit scripts are broken, not the
logger(1), but getting them corrected is practically impossible.
Assuming sysvinit script are further developed by various teams and
distributions who maintain them they should use --socket-error=on in
future, and write scripts that pass without noise. Meanwhile trying to
be clever when to silence errors seems like a reasonable thing to do.
--->8----
From: Sami Kerola <kerolasa@iki.fi>
Date: Sat, 14 Feb 2015 19:05:55 +0000
Subject: [PATCH] logger: add --socket-errors compatibility option
Now when logger(1) has stopped using openlog() for Unix sockets, in
commit mentioned in reference, the lack of /dev/log detected will report
error accordingly. According to Gabriele Balducci this makes sysvinit
style boot scripts to print a lot of errors. So make the logger to
detect whether it should be in compatibility mode, and not report errors
if logging device is missing. That imitates behavior of glibc openlog().
To allow full control to users the /dev/log error messages can be forced
to on or off. The automatic error messaging is explained in manual page.
Reference: 1d57503378
Reported-by: Gabriele Balducci <balducci@units.it>
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Also improve the description: notime, notq, and nohost are literals,
not things to be replaced by something else -- so no angular brackets.
Signed-off-by: Benno Schulenberg <bensberg@justemail.net>
Make compilation to work in systems which don't have sys/timex.h and its
ntp_gettime().
Reviewed-by: Sami Kerola <kerolasa@iki.fi>
Signed-off-by: Samuel Thibault <sthibault@debian.org>
This adds a concise description of a tool to its usage text.
A first form of this patch was proposed by Steven Honeyman
(see http://www.spinics.net/lists/util-linux-ng/msg09994.html).
Signed-off-by: Benno Schulenberg <bensberg@justemail.net>
Either works on linux, but kfreebsd build fails
if we don't use the <sys/time.h> include.
According to man gettimeofday the correct include is <sys/time.h>
Signed-off-by: Andreas Henriksson <andreas@fatal.se>
Setting whole array to be completely full of nulls cannot be as quick as
making the only significant member of the array when needed.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
There is no obvious way to make syslog(3) to print both pid or ppid, so
duplicate the libc syslog() to logger. Making the ppid printing work
using unix socket has side effect of local becoming capable to use both
rfc format output, which is hopefully seen as good thing. The
syslog_local() is format wise one-to-one copy with glibc syslog(3)
format.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
- use allocated buffers to compose the final messages
- initialize static buffers to zero
- remove strlen-after-sprintf
Signed-off-by: Karel Zak <kzak@redhat.com>
This makes the obsolete protocol a little bit more compliant with the
internet standard, but few should care now when we have rfc5424 support,
and rfc3164 feels broken. For example it requires hostname to be not
fully qualified, which is hard to understand, and should make users to
prefer the new protocol.
Reported-by: Frank Thilo <thilo@unix-ag.org>
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=705217
CC: Andreas Henriksson <andreas@fatal.se>
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
When --file is combined with command line arguments the later has
silently been ignored. This commit makes user to be aware the logger
will not use command line arguments when --file is specified.
Reported-by: "Daniel 'DaB.' Baur" <debian@daniel.baur4.info>
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=467244
CC: Andreas Henriksson <andreas@fatal.se>
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Users wish to see the message should include also remote messages, not
only the one sent to locally via libc function.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
When scripts send several messages they will be easier to group together
when parent process id is printed rather than id of the each logger
process.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Add support the more recent syslog protocol and make it default. The
older BSD syslog protocol can still be used with option --rfc3164.
Protocols are meaningful only when messages are sent to remote syslog
server.
Requested-by: Kodiak Firesmith <ksf@sei.cmu.edu>
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Add logger_open(), logger_command_line(), logger_stdin(), and
logger_close() functions, and move all remaining option argument
assignments to control structure.
Proposed-by: Karel Zak <kzak@redhat.com>
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
When if clause that continues throughout whole function it usually can be
shorten to immediate action, e.g., in this case return on the spot not at
end of the function.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
The getlogin(3) is known not to always work, and when that happens it is
reasonable to try determine user of name by looking process owner and
passwd information.
Reference: http://man7.org/linux/man-pages/man3/getlogin.3.html
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
It is fair assumption messages an user is asking to be wrote will be
attempted to be wrote as hard as possible.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Fixing plain typos, miswordings, inconsistent periods, some missing
angular brackets, and a proper pluralization (even when it involves
a constant, because for some languages the precise value matters).
Signed-off-by: Benno Schulenberg <bensberg@justemail.net>
Earlier use of unknown facility or priority number was accepted, and
resulted in unexpected result. For example when looking journalctl
--priority=7.8 was converted to priotity 0 and facility 1.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
* systemd (since v209) uses only one library (when compiled
without --enable-compat-libs)
* all systemd build-sys stuff is merged into HAVE_SYSTEMD
(automake) and HAVE_LIBSYSTEMD (C macro) now
* all is controlled by --with-systemd, default is to automatically
check for systemd libs
* no more --enable-socket-activation and --enable-journald
Signed-off-by: Karel Zak <kzak@redhat.com>
This feature is hopefully mostly used to give MESSAGE_ID labels for
messages coming from scripts, making search of messages easy. The
logger(1) manual page update should give enough information how to use
--journald option.
[kzak@redhat.com: - add missing #ifdefs
- use xalloc.h]
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Signed-off-by: Karel Zak <kzak@redhat.com>
This patch adds a new option to logger that will make it look for a
priority prefix <n> at the beginning of every line. The priority is
a single decimal number formed as explained in syslog(3).
If a prefix is found logger will log the message using the found
facility and level in that prefix, if the prefix doesn't contain a
facility the default facility specified by the -p option will be used.
If no prefix is found, logger will use the priority specified by -p.
[kzak@redhat.com: - add --prio-prefix to usage() output]
Signed-off-by: Dennis H Jensen <dennis.h.jensen@siemens.com>
Signed-off-by: Karel Zak <kzak@redhat.com>
This commit fixes error in usage() text, which claimed TCP is default
transport protocol. That was not true, and neither it should be. The
syslog messages has traditionally sent using UDP.
For the logger remains using UDP as first transport, but if it fails a
TCP connection is attempted. If an user wishes remote logging can be
forced to use either UDP or TCP. The service port for UDP is familiar
'syslog', for TCP the port 'syslog-conn' seems like reasonable default.
[kzak@redhat.com: - rename myopenlog to unix_socket(),
- always reset st to -1]
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Signed-off-by: Karel Zak <kzak@redhat.com>
When journald, from systemd, is in use logger gave following error.
$ logger --socket /dev/log test logger: connect /dev/log: Protocol wrong
type for socket
The journald supports only AF_DGRAM, and nothing else. Support for
AF_STREAM sockets was dropped because it messed up message ordering.
From an users point of view necessity to add --udp (UNIX(TM) Datagram
Protocol?) option when talking to syslog via unix socket felt confusing
and wrong. The command should know what is the socket type, and silently
use the correct one, unless the type is explicitely defined.
CC: Karel Zak <kzak@redhat.com>
Adviced-by: Lennart Poettering <lennart@poettering.net>
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Move these functions to the top of the file where they can be marked
static and the prototypes can be removed.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
This is done for us via an atexit hook since c05a80ca63. Avoids a
useless 'Write error' on exit whenever invoking the tool.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Use getopt_long and usage output changed to match long options.
This patch will also scrutiny argument of formerly undocumented
-P option.
[kzak@redhat.com: - include c.h]
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Signed-off-by: Karel Zak <kzak@redhat.com>
It adds the ability to logger to log a message to a udp socket. The -n option
followed by the hostname of the remote host is mandatory to do this. The
optional -P option can be used to change the UDP destination port (default
514). The function udpopenlog is used to open the udp socket. After that
everything works in almost the same way like it does when logging to a UNIX
socket.
Signed-off-by: Josef Wuebbels <josef.wuebbels@mtu.de>
Those 4 functions are marked as LEGACY in POSIX.1-2001 and removed in
POSIX.1-2008.
Replaced with memmove,memset,strchr and strrchr.
Signed-off-by: Daniel Mierswa <impulze@impulze.org>
Karel Zak
Sami Kerola
Stef Walter
Rainer Gerhards
Benno Schulenberg
Samuel Thibault
Andreas Henriksson
Dennis H Jensen
Dave Reisner
maximilian attems
Jeremy Huntwork
WUEBBELS, Josef \(Extern\)
Daniel Mierswa
Pedro Ribeiro
LaMont Jones