This patch adds support to logger for RFC6587 octet counting.
RFC6587 provides support for two sorts of framing:
1. Octet counting (at RFC6587 s3.4.1)
In essence each frame is preceded by a decimal length and a
space.
2. Non-transparent framing (at RFC6587 s3.4.2), also called
'octet stuffing'
In essence each frame is terminated by a `\n`
Prior to this patch, logger used option 2 (non-transparent framing)
on TCP, and used no framing on UDP. After this patch, the default
behaviour is unchanged, but if the '--octet-count' option is supplied,
option 1 is used for both TCP and UDP. Arguably octet count framing
makes little sense on UDP, but some servers provide it and this
allows testing of those servers.
Signed-off-by: Alex Bligh <alex@alex.org.uk>
The libc openlog(3) does not have error detection whether unix socket
could be opened. As a side effect that made it possible to use logger
even if syslogd was not running. Of course user message in these cases
were lost. This change makes the logger do behave similar way again, so
that sysvinit scripts can successfully pipe messages to logger when ever.
Addresses: https://bugs.debian.org/787864
Addresses: https://bugs.debian.org/790875
Reported-by: Andreas Beckmann <anbe@debian.org>
Reported-by: Andreas Henriksson <andreas@fatal.se>
Tested-by: Robie Basak <robie.basak@ubuntu.com>
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
This change fixes crashing error, that ought not to be simply avoided.
$ echo foo | logger -n localhost
Segmentation fault (core dumped)
If the ctl->hdr is just checked not to be NULL syslog message will not
have valid header, so generating such is not optional when reading
message from stdin and writing it to remote destination.
Reviewed-by: Bernhard Voelker <mail@bernhard-voelker.de>
Signed-off-by: Patrick Plagwitz <patrick.plagwitz@fau.de>
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
"make test_logger" now compiles logger(1) test program
to overwrite system datetime stuff, hostname and PID, for example:
export TZ=GMT
export LOGGER_TEST_TIMEOFDAY=1234567890.123456
export LOGGER_TEST_HOSTNAME=foo
export LOGGER_TEST_GETPID=123
./test_logger --rfc5424 --no-act --stderr -i --tag MyTag mesg
<13>1 2009-02-13T23:31:30.123456+00:00 foo MyTag 123 - [timeQuality tzKnown="1" isSynced="0"] mesg
if the LOGGER_TEST_* variables are not specified then default to
standard logger(1) behavior.
Note that it would be possible to use for example "unshare --utc" to
make hostname stable and portable, but LOGGER_TEST_* variables allow
to keep the tests less complex.
Signed-off-by: Karel Zak <kzak@redhat.com>
* force --journal mode to also output to stderr when the option
--stderr specified on command line
* add --no-act to avoid all write() operations to make it possible to
write tests without "spam" system logs
Signed-off-by: Karel Zak <kzak@redhat.com>
It seems that musl libc and uClibc without UCLIBC_NTP_LEGACY
does not provide ntp_gettime and compile will fail.
References: https://github.com/karelzak/util-linux/issues/174
Signed-off-by: Karel Zak <kzak@redhat.com>
Empty log messages are generally considered useless. This option
enables to turn them off when processing files (including stdin).
[kzak@redhat.com: - rename --skip-empty-lines to --skip-empty,
- add the option to getopt_long(),
- add the option to bash-completion]
Signed-off-by: Karel Zak <kzak@redhat.com>
There were no apparent sanity checks other than applying the logmask
when reading PRI values from files. As such, invalid PRIs (tested with
values 192, 210, and 2100) are accepted. This in turn can trigger
problems in various receivers, especially older versions. See here
for details:
http://www.rsyslog.com/remote-syslog-pri-vulnerability-cve-2014-3683/
Note that 2100 was changed to 52 as described in above link.
This patch refactors PRI processing. Invalid PRIs are detected and in
this case the message is sent with the default priority, with the
invalid pri being part of the message to be sent. This is along the
line of what 2.26 did when it detected the PRI was invalid.
The refactoring now also enables pricese tracking of syslog header
length in all cases, so --size is now strictly obeyed.
[kzak@redhat.com: - fix compiler warning [-Wunused-variable]]
Signed-off-by: Karel Zak <kzak@redhat.com>
Previously, the message format was generated in one big step. Now
this is refactored to generate the header independently. This not
only provides a better isolation of functionality, but enables
to calculate the size of the header *before* generating the user
part of the message. That in turn is needed in order to precisely
enforce the message size limit. This is especially important while
processing files, as here parts of the message may be lost if the
receiver truncates the message. The file reader itself tries to
guard against this by reading only the permitted number of bytes,
but without knowing the header size, it would mis-guess here.
Note that when --prio-prefix is given, we still do not know exactly
the header length, because the PRI value is between 1 and 3 bytes.
Unfortunately, we do not know the actual size before reading. With
the current (simple) approach, we need to read the full line before
getting the PRI, so this is a hen-egg problem. To solve this, a
more complex reader would be required. It is questionable if this
is necessary for a tool like logger. So currently, we still have a
2-byte window of uncertainty if --prio-prefix is given.
[kzak@redhat.com: - fix compiler warnings [-Wunused-but-set-variable]]
Signed-off-by: Karel Zak <kzak@redhat.com>
This is an important capability that has been specified in RFC5424.
However, messages larger than 1024 chars are being accepted for years
now by at least rsyslog and syslog-ng.
This patch adds the option --size to permit setting a new max
size, with 1024 being the default.
Note that the size limit is only approximative, as we do not take the
header size in account (RFC talks about total message length).
[[kzak@redhat.com: - add 'S' to getopt_long(),
- rename --message-size to --size
- add the option to bash-completion]
Signed-off-by: Karel Zak <kzak@redhat.com>
* 'logger-fix-tcp-framing' of https://github.com/rgerhards/util-linux:
logger: bugfix: tcp syslog framing is broken, -T unusable
logger: refactor the way output is written
Logger can send via plain tcp syslog if -n -T options are given.
However, the framing is broken so that a syslog receiver can not
know where the first message ends and the next one starts. It
actually looks like no framing at all is used. Plain TCP syslog
framing is described in RFC6587.
This patch adds RFC6587 octet-stuffed framing to TCP syslog. For
local logging, this is always fine, for remote logging this is
NOT recommended by the IETF (the RFC is historic). However, a
full blown RFC5425 TLS sender seems to be out of scope for a tool
like logger IMO.
This patch also refactors the way output is written, seperating
the message format generators from the output writer.
Previously, output was written in exactly the same way in three
different places. This is now combined into a single function. This
hopefully makes it easier to adapt to changing output needs.
* 'logger-kernel-regression' of https://github.com/rgerhards/util-linux:
logger: fix -p kern.* priority is accepted regression
logger: messages are logged with kern.* priority by default
misc-utils/logger.c: In function ‘syslog_rfc3164’:
misc-utils/logger.c:336:9: warning: unused variable ‘now’ [-Wunused-variable]
Signed-off-by: Karel Zak <kzak@redhat.com>
The default should be user.notice and kern.* should never be used
(syslog(3) forbids this).
This is a severe regression, as messages are now logged to the wrong
bin or not at all. So they get lost and may confuse readers of the
kernel bin.
regression from 2.25.2 to 2.26
Since 1d57503378 logger no longer uses
the syslog(3) call. The way the local timestamp is generated did not
match the syslog(3) format. Most importantly, the month name is
formatted based on the user's local. For example:
$ ./logger --stderr test with logger 2.26.39-eb651-dirty
<5>Mär 5 14:17:47 logger: test with logger 2.26.39-eb651-dirty
"Mär" like in German "März" for "March".
previously:
$ logger --stderr test with logger 2.25.2
rger: test with logger 2.25.2
In the system log file, this results to the following:
Mar 5 14:17:47 host Mär 5 14:17:47 logger: test with logger 2.26.39-eb651-dirty
Mar 5 14:18:01 host rger: test with logger 2.25.2
This local naming is invalid as of RFC3164. One may argue that
the local log socket traditionally does not have RFC3164 format,
but the timestamp always was as defined in RFC3164 (and along
the lines of the ctime() call). Anything else would also be impractical,
as a syslog parser would otherwise need to know about all
potential locale-specific representations of month names.
This patch corrects the problem and also refactors the timestamp
handling a bit. The same timestamp is needed in local and rfc3164
processing, so there now is a new function to create that stamp.
The message format when writing to local sockets is inconsistent. Example:
$ ./logger --stderr test
<5>Mär 4 11:03:30 logger: test
$ ./logger -u /dev/log --stderr test
<5>1 2015-03-04T11:03:31.699841+0100 ubuntu1404esp rger - [timeQuality tzKnown="1" isSynced="1" syncAccuracy="29000"] test
The regression was introduced with 4de2e8a038
As far as the commit comments and man page indicates, this was meant to affect
remote system logging only, but it also affects local logging when the -u
option is given.
This causes problems with receivers who do not expect full-blown RFC format
on the log socket, like rsyslog. In consequence, this can also affect
log analysis programs and invalidate some of their results.
The patch corrects the behaviour so that the same old-style format is used for
any type of local logging. New-style can always be selected by command line-options.
RFC5424 is still the default for remote logging, as intended in the orignal
commit.
Result with the patch:
$ ./logger --stderr test
<5>Mär 4 11:15:35 logger: test
$ ./logger -u /dev/log --stderr test
<5>Mär 4 11:15:40 logger: test
$ ./logger -u /dev/log --rfc5424 --stderr test
<5>1 2015-03-04T11:21:28.796170+0100 ubuntu1404esp rger - [timeQuality tzKnown="1" isSynced="1" syncAccuracy="27500"] test
With earlier logger it's possible to combine the option -i with other
options, such as -s. But currently:
$:~> logger -is
logger: failed to parse id: 's'
The changed behaviour breaks existing scripts like dhcpcd-run-hooks from
dhcpcd.
Broken-since: aab5b44405
Reference: http://comments.gmane.org/gmane.linux.utilities.util-linux-ng/9683
Reported-by: Juergen Daubert <jue@jue.li>
Reviewed-by: Benno Schulenberg <bensberg@justemail.net>
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
The timestamp is written as
2015-03-04T15:02:02.566782+0100
unfortunately, this is not an RFC3339 timestamp as demanded by rfc5424.
The colon in the time offset field is missing. The correct timestamp is
2015-03-04T15:02:02.566782+01:00
(Note "+0100" vs. "+01:00")
Hello,
Depending viewpoint this change is either regression fix, or
re-regression in context of none-systemd init. I ack the change is sent
very late to be part of v2.26, but then again the excess noise was found
only because of -rc1 was tested in sysvinit environment. IMHO it would
contradict purpose of having rc's if faults will not lead to fixes.
I also want to point out the sysvinit scripts are broken, not the
logger(1), but getting them corrected is practically impossible.
Assuming sysvinit script are further developed by various teams and
distributions who maintain them they should use --socket-error=on in
future, and write scripts that pass without noise. Meanwhile trying to
be clever when to silence errors seems like a reasonable thing to do.
--->8----
From: Sami Kerola <kerolasa@iki.fi>
Date: Sat, 14 Feb 2015 19:05:55 +0000
Subject: [PATCH] logger: add --socket-errors compatibility option
Now when logger(1) has stopped using openlog() for Unix sockets, in
commit mentioned in reference, the lack of /dev/log detected will report
error accordingly. According to Gabriele Balducci this makes sysvinit
style boot scripts to print a lot of errors. So make the logger to
detect whether it should be in compatibility mode, and not report errors
if logging device is missing. That imitates behavior of glibc openlog().
To allow full control to users the /dev/log error messages can be forced
to on or off. The automatic error messaging is explained in manual page.
Reference: 1d57503378
Reported-by: Gabriele Balducci <balducci@units.it>
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Also improve the description: notime, notq, and nohost are literals,
not things to be replaced by something else -- so no angular brackets.
Signed-off-by: Benno Schulenberg <bensberg@justemail.net>
Make compilation to work in systems which don't have sys/timex.h and its
ntp_gettime().
Reviewed-by: Sami Kerola <kerolasa@iki.fi>
Signed-off-by: Samuel Thibault <sthibault@debian.org>
This adds a concise description of a tool to its usage text.
A first form of this patch was proposed by Steven Honeyman
(see http://www.spinics.net/lists/util-linux-ng/msg09994.html).
Signed-off-by: Benno Schulenberg <bensberg@justemail.net>
Either works on linux, but kfreebsd build fails
if we don't use the <sys/time.h> include.
According to man gettimeofday the correct include is <sys/time.h>
Signed-off-by: Andreas Henriksson <andreas@fatal.se>
Setting whole array to be completely full of nulls cannot be as quick as
making the only significant member of the array when needed.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>