From owner-freebsd-bugs@FreeBSD.ORG Wed Feb 20 18:40:02 2008 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DE88E16A407 for ; Wed, 20 Feb 2008 18:40:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id B31F613C4EF for ; Wed, 20 Feb 2008 18:40:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m1KIe2DU046446 for ; Wed, 20 Feb 2008 18:40:02 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m1KIe2h5046439; Wed, 20 Feb 2008 18:40:02 GMT (envelope-from gnats) Resent-Date: Wed, 20 Feb 2008 18:40:02 GMT Resent-Message-Id: <200802201840.m1KIe2h5046439@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Thomas Vogt Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0DCAE16A411 for ; Wed, 20 Feb 2008 18:38:37 +0000 (UTC) (envelope-from thomas@bert.mlan.solnet.ch) Received: from bert.mlan.solnet.ch (bert.mlan.solnet.ch [212.101.1.83]) by mx1.freebsd.org (Postfix) with ESMTP id 82F4D13C45D for ; Wed, 20 Feb 2008 18:38:35 +0000 (UTC) (envelope-from thomas@bert.mlan.solnet.ch) Received: from bert.mlan.solnet.ch (localhost.mlan.solnet.ch [127.0.0.1]) by bert.mlan.solnet.ch (8.14.2/8.14.2) with ESMTP id m1KIMsLY004151 for ; Wed, 20 Feb 2008 19:22:54 +0100 (CET) (envelope-from thomas@bert.mlan.solnet.ch) Received: (from thomas@localhost) by bert.mlan.solnet.ch (8.14.2/8.14.2/Submit) id m1KIMsH6004150; Wed, 20 Feb 2008 19:22:54 +0100 (CET) (envelope-from thomas) Message-Id: <200802201822.m1KIMsH6004150@bert.mlan.solnet.ch> Date: Wed, 20 Feb 2008 19:22:54 +0100 (CET) From: Thomas Vogt To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: bin/120891: enhancement to syslogd - always printing local time X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Thomas Vogt List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Feb 2008 18:40:03 -0000 >Number: 120891 >Category: bin >Synopsis: enhancement to syslogd - always printing local time >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Wed Feb 20 18:40:02 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Thomas Vogt >Release: FreeBSD 7.0-RC1 i386 >Organization: >Environment: System: FreeBSD bert.mlan.solnet.ch 7.0-RC1 FreeBSD 7.0-RC1 #12: Tue Jan 29 10:06:24 CET 2008 root@bert.mlan.solnet.ch:/usr/obj/usr/src/sys/BERT i386 >Description: Both patches are obtained from NetBSD. syslogd has currently an undocumented feature. if it does not recognize the timestamp field in the received message or if there is no timestamp at all like in Foundry XMR, it generates it, based on the local time. We should document this behaviour in syslogd.8 There are switches which don't have NTP, so their time is meaningless. Generate a useful timestamp for all messages received from network, regardless of validity of the timestamp field. I expect that such a feature can be generally useful. This patch which implements a -T option, causing syslogd to generate a timestamp field for all messages received over the network. Original syslog entry, switch has GMT time: Feb 20 18:14:45 zuchwil-foundry-sw1.foobar.com zuchwil-foundry-sw1 ACL: ACL: List 11 permitted tcp 212.101.1.83(telnet)(Ethernet 25 0014.a87c.9bc1) -> 212.101.XX.XX(telnet), 1 event(s) With the new -T option my localtime of the syslogd machine (GMT+1) will be added too at the begining of the line: Feb 20 19:18:57 zuchwil-foundry-sw1.foobar.com Feb 20 18:18:57 zuchwil-fb-sw1 ACL: ACL: List 11 permitted tcp 212.101.1.83(telnet)(Ethernet 25 0014.a87c.9bc1) -> 212.101.XX.XX(telnet) >How-To-Repeat: >Fix: --- syslogd.c.orig 2008-02-20 14:00:11.000000000 +0100 +++ syslogd.c 2008-02-20 14:00:27.000000000 +0100 @@ -292,6 +292,7 @@ struct allowedpeer *AllowedPeers; /* List of allowed peers */ static int NumAllowed; /* Number of entries in AllowedPeers */ +static int RemoteAddDate; /* always add date to messages from network */ static int UniquePriority; /* Only log specified priority? */ static int LogFacPri; /* Put facility and priority in log message: */ @@ -321,7 +322,7 @@ static void log_deadchild(pid_t, int, const char *); static void markit(void); static int skip_message(const char *, const char *, int); -static void printline(const char *, char *); +static void printline(const char *, char *, int); static void printsys(char *); static int p_open(const char *, pid_t *); static void readklog(void); @@ -351,7 +352,7 @@ socklen_t len; bindhostname = NULL; - while ((ch = getopt(argc, argv, "46Aa:b:cCdf:kl:m:nop:P:sS:uv")) != -1) + while ((ch = getopt(argc, argv, "46Aa:b:cCdf:kl:m:nop:P:sS:Tuv")) != -1) switch (ch) { case '4': family = PF_INET; @@ -448,6 +449,9 @@ errx(1, "%s path too long, exiting", optarg); funix_secure.name = optarg; break; + case 'T': + RemoteAddDate = 1; + break; case 'u': /* only log specified priority */ UniquePriority++; break; @@ -640,7 +644,7 @@ hname = cvthname((struct sockaddr *)&frominet); unmapped((struct sockaddr *)&frominet); if (validate((struct sockaddr *)&frominet, hname)) - printline(hname, line); + printline(hname, line, RemoteAddDate ? ADDDATE : 0); } else if (l < 0 && errno != EINTR) logerror("recvfrom inet"); } @@ -653,7 +657,7 @@ (struct sockaddr *)&fromunix, &len); if (l > 0) { line[l] = '\0'; - printline(LocalHostName, line); + printline(LocalHostName, line, 0); } else if (l < 0 && errno != EINTR) logerror("recvfrom unix"); } @@ -693,7 +697,7 @@ { fprintf(stderr, "%s\n%s\n%s\n%s\n", - "usage: syslogd [-46ACcdknosuv] [-a allowed_peer]", + "usage: syslogd [-46ACcdknosTuv] [-a allowed_peer]", " [-b bind_address] [-f config_file]", " [-l [mode:]path] [-m mark_interval]", " [-P pid_file] [-p log_socket]"); @@ -705,7 +709,7 @@ * on the appropriate log files. */ static void -printline(const char *hname, char *msg) +printline(const char *hname, char *msg, int flags) { char *p, *q; long n; @@ -758,7 +762,7 @@ } *q = '\0'; - logmsg(pri, line, hname, 0); + logmsg(pri, line, hname, flags); } /* --- syslogd.8.orig 2008-02-20 14:18:55.000000000 +0100 +++ syslogd.8 2008-02-20 14:18:59.000000000 +0100 @@ -225,6 +225,12 @@ If specified twice, no network socket will be opened at all, which also disables logging to remote machines. +.It Fl T +Always use the local time and date for messages received from the +network, instead of the timestamp field supplied in the message +by the remote host. +This is useful if some of the originating hosts can't keep time +properly or are unable to generate a correct timestamp. .It Fl u Unique priority logging. Only log messages at the specified priority. @@ -291,6 +297,14 @@ option is specified); therefore, they must be created manually before running .Nm . +.Pp +The date and time are taken from the received message. +If the format of the timestamp field is incorrect, time obtained from +the local host is used instead. +This can be overriden by the +.Fl T +flag. +.Pp .Sh FILES .Bl -tag -width /var/run/syslog.pid -compact .It Pa /etc/syslog.conf >Release-Note: >Audit-Trail: >Unformatted: