Instead of running the domark() timer on half the MarkInterval option,
we take the FreeBSD approach and run on each TIMERINTVL (30 sec), same
as the doflush() timer. This allows greater resolution on the MARK log
message, meaning we would be off by < 30 seconds instead of the current
MarkInterval / 2.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
This patch imports the FreeBSD meaning to the `-c` command line option.
It disables "last message repeated" style log compression for repeated
log messages. A single `-c` disables compression for pipes, another
`-c` (-cc works) also disables compression for all other log targets.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
This is a follow-up to d7576c7 which initially added support for running
in systemd based systems. Since the unit file sources the syslog.socket
we have /run/systemd/journal/syslog open already on descriptor 3. All
we need to do is verify that's the mode syslogd runs in.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
(-T) -- fixes changes in 8f8332885 that resulted in "Jan 0 00:00:00" timestamps.
check_timestamp() saw the nonzero timestamp.usec and returned without setting
buffer->timestamp, leaving it with nonzero usecs and an all-zeros struct tm.
Slight differences in output when called with `-v` flag:
- Should output to stdout, that's what people expect (not an error)
- Should output *project* name and version, for syslogd this is not
so obvious since it *logs* 'syslogd vx.y.z' while the version is
'sysklogd vx.y.z'
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
This may cause a bit of a regression for some users, but the RFC is
crystal clear on this point, the tag MUST NOT exceed 32 characters.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
As reported on GitHub. When logging to a remote host, after a few
SIGHUP's we get the following log message:
Only 16 IP addresses per socket supported.
When closing all currently open sockets, the socket count must be reset
to allow for opening new ones, otherwise we'll run out of "counts".
Yes, this should be refactored to use the FreeBSD model implementation.
Problem introduced in v2.4.0, commit 075815e.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Do not corrupt logfiles when kernel messages contain control codes,
notably \n. Instead, preserve the kernel's protective C-style hex
encoding. For example, \n embedded in a message by a kernel-level
facility is received as "\x0a". Kernel-level facilities cannot be
trusted to use only syslog-safe codes in kernel messages. See:
<https://kernel.org/doc/Documentation/ABI/testing/dev-kmsg>
This change avoids the possibility of advancing past the null
terminator, by always testing the value at the pointer before
advancing the pointer.
While repairing this, I reconciled the code sections that read the
priority, sequence, and timestamp, so that they handle the pointer in
exactly the same way. This makes the source easier to maintain.
Only to clean up, possibly relevant for no-MMU systems, but
they have other issues as well (e.g. fork) that prevent them
from using the sysklogd project.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Logic for secure mode setting in .conf file
- Command line always wins
- SIGHUP activates changes
Note, if -s is given on command line it always wins, regardless.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
This is redundant and causes message truncation. The <PRI> field is
skipped within wallmsg() itself.
Signed-off-by: Edward K. McGuire <metaed@gmail.com>
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
This patch allows the user to disable the 8-bit data check in the log
message validator. If you have experienced problems with logging any
unicode (utf-8) messages after v1.6, this option is for you.
The correct way to handle this is to add proper parser support for the
Unicode BOM, defined in RFC5424[1], as NetBSD syslogd does[2], search
for IS_BOM().
[1]: https://datatracker.ietf.org/doc/html/rfc5424#appendix-A.8
[2]: http://cvsweb.netbsd.org/bsdweb.cgi/src/usr.sbin/syslogd/syslogd.c?rev=1.138
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
This patch adds a very rudimentary container check. When one, of a
select few containers, are detected, sysklogd disables the kernel
logging -- since there's no point in logging kernel messages other
than from the host system.
Issue #48
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
This patch adds support for disabling kernel logging, opensys(). This
is in addition to the character device validation check, and primarily
for use in container use-cases -- where logging kernel is not needed.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Issue #48 describes a problem with 100% CPU load in a container
use-case. Turns out one of the issues was that /dev/kmsg was
not a proper character device. This patch adds a very basic
check to ensure /dev/kmsg is usable.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
We need the '-K' option to disable kernel logging, so this option needs
to be renamed, unfortunately. Fortunately it's not been released yet.
Issue #42
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
When entering the forwarding suspend timer, free any previous address
info and do a new DNS lookup when the timer elapses. The failure to
send may be because we're using a stale IP address.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
This patch replaces the INET_SUSPEND_TIME for DNS lookup with a 5 sec
back-off to prevent DNS lookup on each message.
Also, reorder WARN() and NOTE() so they are called *after* setting the
f_type, otherwise we unleash endless recursive loops.
To avoid filling up the log with "Failed resolving ..." messages every
time we retry, we set a flag to remember we've already logged warning.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
When time_t wraps around on 32-bit UNIX systems we shouldn't assert (and
cause syslogd to be continously restarted) but instead try to handle the
wraparound more gracefully.
This change, initially proposed by Raul Porancea, checks for wraparound
and allows syslogd to continue on error. Logging with invalid date is
better than no logs at all. Thanks Raul for tracking this one down!
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
The logit() function winds up calling vfprintf(), GLIBC is friendly
enough to check for NULL and replace segfault with "(null)", but other
C-libs may not handle it as gracefully.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
The spec[1] says the /dev/kmsg timestamp is a monotonic clock and in
microseconds. After a while you realize it's also relative to the boot
of the system, that fact was probably too obvious to be put in the spec.
However, what's *not* in the spec, and what takes a while to realize, is
that this monotonic time is *not* adjusted for suspend/resume cycles ...
On a frequently used laptop this can manifest itself as follows. The
kernel is stuck on Nov 15, and for the life of me I cannot find any to
adjust for this offset:
$ dmesg -T |tail -1; date
[Mon Nov 15 01:42:08 2021] wlan0: Limiting TX power to 23 (23 - 0) dBm as advertised by 18:e8:29:55:b0:62
Tue 23 Nov 2021 05:20:53 PM CET
Hence this patch. After initial "emptying" of /dev/kmsg when syslogd
starts up, we raise a flag (denoting done with backlog), and after this
point we ignore the kernel's idea of time and replace it with the actual
time we have now, the same that userspace messages are logged with.
Sure, there will be occasions where there's a LOT of kernel messages to
read and we won't be able to keep track. Yet, this patch is better than
the current state (where we log Nov 15).
[1]: https://www.kernel.org/doc/Documentation/ABI/testing/dev-kmsg
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
GLIBC is friendly enough to check for NULL and replace segfault with
"(null)", but other C-libs may not handle it as gracefully.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
It is well established practise on Linux to use /dev/kmsg (old or
new API) before syslogd is up (and /dev/log exists). This patch
enables support for extracting non-kernel log messages and logging
them with their proper facility and priority.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
