Logic for secure mode setting in .conf file
- Command line always wins
- SIGHUP activates changes
Note, if -s is given on command line it always wins, regardless.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
This patch allows the user to disable the 8-bit data check in the log
message validator. If you have experienced problems with logging any
unicode (utf-8) messages after v1.6, this option is for you.
The correct way to handle this is to add proper parser support for the
Unicode BOM, defined in RFC5424[1], as NetBSD syslogd does[2], search
for IS_BOM().
[1]: https://datatracker.ietf.org/doc/html/rfc5424#appendix-A.8
[2]: http://cvsweb.netbsd.org/bsdweb.cgi/src/usr.sbin/syslogd/syslogd.c?rev=1.138
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
The usage text (syslogd -?) and the syslogd.8 man page was not in sync
wrt. the -b option. This patch updates it to match the layout of -a,
the -a option is also slightly updated.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
This patch adds support for disabling kernel logging, opensys(). This
is in addition to the character device validation check, and primarily
for use in container use-cases -- where logging kernel is not needed.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
We need the '-K' option to disable kernel logging, so this option needs
to be renamed, unfortunately. Fortunately it's not been released yet.
Issue #42
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
When syncing with the FreeBSD man page the audit missed this option.
The man page should detail what the daemon does, even though in this
case it would've been nice to have the FreeBSD behahvior for -v.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
This patch migrates the sysklogd project to use the modern /dev/kmsg
interface on Linux. There are many advantages over the older /proc
interface; 1) no need to wait for /proc to be mounted, 2) it provides
multiple simultaneous access. For more information, see:
https://www.kernel.org/doc/Documentation/ABI/testing/dev-kmsg
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
The FreeBSD syslogd has more priority matching features and can also
group rules per program/hostname logging. The sysklogd project does
not yet support this, so that is removed and instead the syntax and
examples are better described.
Signed-off-by: Joachim Nilsson <troglobit@gmail.com>
Add missing -r option for log rotation and remove -8 option, which we
don't have yet.
Add SECURITY, DEBUGGING, and SIGNALS sections and expand upon the BUGS
section a bit to link things together.
Signed-off-by: Joachim Nilsson <troglobit@gmail.com>
- Much less command line options (for now)
- Mention support for RFC3164 and RFC5424
- Add the history of the sysklogd project
Signed-off-by: Joachim Nilsson <troglobit@gmail.com>
This patch replaces the original man pages by Greg and Martin, that were
both licensed under the GNU GPL, with 3-clause BSD licensed versions of
the same man pages from FreeBSD.
- syslogd.8 FreeBSD Subversion r335862
- syslog.conf.5 FreeBSD Subversion r314436
Signed-off-by: Joachim Nilsson <troglobit@gmail.com>
This patch removes one of the traditionally key pieces of the sysklogd
project, klogd. Now that syslogd performs logging of kernel messages
we no longer require a separate daemon for that.
Signed-off-by: Joachim Nilsson <troglobit@gmail.com>
For most use-cases a kernel with CONFIG_KALLSYMS and a stand-alone
syslogd is sufficient. No need for the complexity of klogd.
Signed-off-by: Joachim Nilsson <troglobit@gmail.com>
- We have the -a PEER and -s to limit exposure to remote attacks
- Mention include file syntax in .conf file differences section
- Mention SECURITY section in BUGS, there are countermeasures
Signed-off-by: Joachim Nilsson <troglobit@gmail.com>
This patch re-adds the -n flag, but now to disable DNS reverse-query for
all incoming messages. This can potentially speed up logging a lot for
small/embedded systems that act as log sink.
Signed-off-by: Joachim Nilsson <troglobit@gmail.com>
This change will probably break most installations. We do this to free
up '-n' for use as disabling DNS lookups, from FreeBSD *and* NetBSD.
Signed-off-by: Joachim Nilsson <troglobit@gmail.com>