From owner-svn-src-head@freebsd.org Fri May 26 16:36:32 2017 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5675BD8359D; Fri, 26 May 2017 16:36:32 +0000 (UTC) (envelope-from dab@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 229F61766; Fri, 26 May 2017 16:36:32 +0000 (UTC) (envelope-from dab@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v4QGaVq4004780; Fri, 26 May 2017 16:36:31 GMT (envelope-from dab@FreeBSD.org) Received: (from dab@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v4QGaU5L004774; Fri, 26 May 2017 16:36:30 GMT (envelope-from dab@FreeBSD.org) Message-Id: <201705261636.v4QGaU5L004774@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: dab set sender to dab@FreeBSD.org using -f From: David Bright Date: Fri, 26 May 2017 16:36:30 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r318960 - in head/usr.sbin/newsyslog: . tests X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 May 2017 16:36:32 -0000 Author: dab Date: Fri May 26 16:36:30 2017 New Revision: 318960 URL: https://svnweb.freebsd.org/changeset/base/318960 Log: Add newsyslog capability to write RFC5424 compliant rotation message. This modification adds the capability to newsyslog to write the rotation message in a format that is compliant with RFC5424. This capability is enabled on a per-log file basis through a new value ("T") in the flags field in newsyslog.conf. This is useful on systems that use the RFC5424 format for log files so that the rotation message format matches that of the other log messages. There has been recent mention of adding an RFC5424 compliant mode to syslogd and at least one alternative system log daemon (rsyslogd) that already has the capability to use that format. Reviewed by: vangyzen, ngie Approved by: vangyzen (mentor) MFC after: 2 months Relnotes: yes Sponsored by: Dell EMC Differential Revision: https://reviews.freebsd.org/D10253 Modified: head/usr.sbin/newsyslog/extern.h head/usr.sbin/newsyslog/newsyslog.8 head/usr.sbin/newsyslog/newsyslog.c head/usr.sbin/newsyslog/newsyslog.conf.5 head/usr.sbin/newsyslog/ptimes.c head/usr.sbin/newsyslog/tests/legacy_test.sh Modified: head/usr.sbin/newsyslog/extern.h ============================================================================== --- head/usr.sbin/newsyslog/extern.h Fri May 26 16:29:55 2017 (r318959) +++ head/usr.sbin/newsyslog/extern.h Fri May 26 16:36:30 2017 (r318960) @@ -60,6 +60,8 @@ int ptime_free(struct ptime_data *_pti int ptime_relparse(struct ptime_data *_ptime, int _parseopts, time_t _basetime, const char *_str); const char *ptimeget_ctime(const struct ptime_data *_ptime); +char *ptimeget_ctime_rfc5424(const struct ptime_data *_ptime, + char *timebuf, size_t bufsize); double ptimeget_diff(const struct ptime_data *_minuend, const struct ptime_data *_subtrahend); time_t ptimeget_secs(const struct ptime_data *_ptime); Modified: head/usr.sbin/newsyslog/newsyslog.8 ============================================================================== --- head/usr.sbin/newsyslog/newsyslog.8 Fri May 26 16:29:55 2017 (r318959) +++ head/usr.sbin/newsyslog/newsyslog.8 Fri May 26 16:36:30 2017 (r318960) @@ -17,7 +17,7 @@ .\" the suitability of this software for any purpose. It is .\" provided "as is" without express or implied warranty. .\" -.Dd April 15, 2017 +.Dd May 19, 2017 .Dt NEWSYSLOG 8 .Os .Sh NAME @@ -125,7 +125,8 @@ reasons for either trimming that log or Cause .Nm not to trim the logs, but to print out what it would do if this option -were not specified. This option implies the +were not specified. +This option implies the .Fl r option. .It Fl r Modified: head/usr.sbin/newsyslog/newsyslog.c ============================================================================== --- head/usr.sbin/newsyslog/newsyslog.c Fri May 26 16:29:55 2017 (r318959) +++ head/usr.sbin/newsyslog/newsyslog.c Fri May 26 16:36:30 2017 (r318960) @@ -79,6 +79,7 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include #include #include @@ -132,6 +133,8 @@ __FBSDID("$FreeBSD$"); #define CE_NODUMP 0x0200 /* Set 'nodump' on newly created log file. */ #define CE_PID2CMD 0x0400 /* Replace PID file with a shell command.*/ +#define CE_RFC5424 0x0800 /* Use RFC5424 format rotation message */ + #define MIN_PID 5 /* Don't touch pids lower than this */ #define MAX_PID 99999 /* was lower, see /usr/include/sys/proc.h */ @@ -247,6 +250,15 @@ static struct ptime_data *timenow; /* Th #define DAYTIME_LEN 16 static char daytime[DAYTIME_LEN];/* The current time in human readable form, * used for rotation-tracking messages. */ + +/* Another buffer to hold the current time in RFC5424 format. Fractional + * seconds are allowed by the RFC, but are not included in the + * rotation-tracking messages written by newsyslog and so are not accounted for + * in the length below. + */ +#define DAYTIME_RFC5424_LEN sizeof("YYYY-MM-DDTHH:MM:SS+00:00") +static char daytime_rfc5424[DAYTIME_RFC5424_LEN]; + static char hostname[MAXHOSTNAMELEN]; /* hostname */ static const char *path_syslogpid = _PATH_SYSLOGPID; @@ -630,6 +642,7 @@ parse_args(int argc, char **argv) timenow = ptime_init(NULL); ptimeset_time(timenow, time(NULL)); strlcpy(daytime, ptimeget_ctime(timenow) + 4, DAYTIME_LEN); + ptimeget_ctime_rfc5424(timenow, daytime_rfc5424, DAYTIME_RFC5424_LEN); /* Let's get our hostname */ (void)gethostname(hostname, sizeof(hostname)); @@ -1296,11 +1309,14 @@ no_trimat: case 'r': working->flags |= CE_PID2CMD; break; + case 't': + working->flags |= CE_RFC5424; + break; case 'u': working->flags |= CE_SIGNALGROUP; break; case 'w': - /* Depreciated flag - keep for compatibility purposes */ + /* Deprecated flag - keep for compatibility purposes */ break; case 'x': working->compress = COMPRESS_XZ; @@ -2101,7 +2117,7 @@ save_sigwork(const struct conf_entry *en tmpsiz = sizeof(struct sigwork_entry) + strlen(ent->pid_cmd_file) + 1; stmp = malloc(tmpsiz); - + stmp->sw_runcmd = 0; /* If this is a command to run we just set the flag and run command */ if (ent->flags & CE_PID2CMD) { @@ -2257,15 +2273,34 @@ log_trim(const char *logname, const stru xtra = ""; if (log_ent->def_cfg) xtra = " using rule"; - if (log_ent->firstcreate) - fprintf(f, "%s %s newsyslog[%d]: logfile first created%s\n", - daytime, hostname, (int) getpid(), xtra); - else if (log_ent->r_reason != NULL) - fprintf(f, "%s %s newsyslog[%d]: logfile turned over%s%s\n", - daytime, hostname, (int) getpid(), log_ent->r_reason, xtra); - else - fprintf(f, "%s %s newsyslog[%d]: logfile turned over%s\n", - daytime, hostname, (int) getpid(), xtra); + if (log_ent->flags & CE_RFC5424) { + if (log_ent->firstcreate) { + fprintf(f, "<%d>1 %s %s newsyslog %d - - %s%s\n", + LOG_MAKEPRI(LOG_USER, LOG_INFO), + daytime_rfc5424, hostname, getpid(), + "logfile first created", xtra); + } else if (log_ent->r_reason != NULL) { + fprintf(f, "<%d>1 %s %s newsyslog %d - - %s%s%s\n", + LOG_MAKEPRI(LOG_USER, LOG_INFO), + daytime_rfc5424, hostname, getpid(), + "logfile turned over", log_ent->r_reason, xtra); + } else { + fprintf(f, "<%d>1 %s %s newsyslog %d - - %s%s\n", + LOG_MAKEPRI(LOG_USER, LOG_INFO), + daytime_rfc5424, hostname, getpid(), + "logfile turned over", xtra); + } + } else { + if (log_ent->firstcreate) + fprintf(f, "%s %s newsyslog[%d]: logfile first created%s\n", + daytime, hostname, getpid(), xtra); + else if (log_ent->r_reason != NULL) + fprintf(f, "%s %s newsyslog[%d]: logfile turned over%s%s\n", + daytime, hostname, getpid(), log_ent->r_reason, xtra); + else + fprintf(f, "%s %s newsyslog[%d]: logfile turned over%s\n", + daytime, hostname, getpid(), xtra); + } if (fclose(f) == EOF) err(1, "log_trim: fclose"); return (0); Modified: head/usr.sbin/newsyslog/newsyslog.conf.5 ============================================================================== --- head/usr.sbin/newsyslog/newsyslog.conf.5 Fri May 26 16:29:55 2017 (r318959) +++ head/usr.sbin/newsyslog/newsyslog.conf.5 Fri May 26 16:36:30 2017 (r318960) @@ -21,7 +21,7 @@ .\" the suitability of this software for any purpose. It is .\" provided "as is" without express or implied warranty. .\" -.Dd April 15, 2017 +.Dd May 19, 2017 .Dt NEWSYSLOG.CONF 5 .Os .Sh NAME @@ -242,7 +242,7 @@ rotate at the first day of every month a (i.e., the start of the day; same as .Li @01T00 ) .It Li $M5D6 -rotate on every 5th day of month at 6:00 +rotate on every fifth day of month at 6:00 (same as .Li @05T06 ) .El @@ -319,6 +319,11 @@ will run shell command defined in .Ar path_to_pid_cmd_file after rotation instead of trying to send signal to a process id stored in the file. +.It Cm T +if this flag is set the informational rotation message written to +the log file will be in the format specified by RFC5424. +Normally, the rotation message is written in the traditional (RFC3164) +syslog format. .It Cm U indicates that the file specified by .Ar path_to_pid_cmd_file @@ -395,6 +400,17 @@ entry: .Xr chown 8 , .Xr newsyslog 8 , .Xr syslogd 8 +.Pp +.Rs +.%A C. Lonvick +.%T The BSD syslog Protocol +.%O RFC3164 +.Re +.Rs +.%A R. Gerhards +.%T The Syslog Protocol +.%O RFC5424 +.Re .Sh HISTORY This manual page first appeared in .Fx 4.10 . Modified: head/usr.sbin/newsyslog/ptimes.c ============================================================================== --- head/usr.sbin/newsyslog/ptimes.c Fri May 26 16:29:55 2017 (r318959) +++ head/usr.sbin/newsyslog/ptimes.c Fri May 26 16:36:30 2017 (r318960) @@ -478,6 +478,75 @@ ptimeget_ctime(const struct ptime_data * return (ctime(&ptime->tsecs)); } +/* + * Generate a time of day string in an RFC5424 compatible format. Return a + * pointer to the buffer with the timestamp string or NULL if an error. If the + * time is not supplied, cannot be converted to local time, or the resulting + * string would overflow the buffer, the returned string will be the RFC5424 + * NILVALUE. + */ +char * +ptimeget_ctime_rfc5424(const struct ptime_data *ptime, + char *timebuf, size_t bufsize) +{ + static const char NILVALUE[] = {"-"}; /* RFC5424 specified NILVALUE */ + int chars; + struct tm tm; + int tz_hours; + int tz_mins; + long tz_offset; + char tz_sign; + + if (timebuf == NULL) { + return (NULL); + } + + if (bufsize < sizeof(NILVALUE)) { + return (NULL); + } + + /* + * Convert to localtime. RFC5424 mandates the use of the NILVALUE if + * the time cannot be obtained, so use that if there is an error in the + * conversion. + */ + if (ptime == NULL || localtime_r(&(ptime->tsecs), &tm) == NULL) { + strlcpy(timebuf, NILVALUE, bufsize); + return (timebuf); + } + + /* + * Convert the time to a string in RFC5424 format. The conversion + * cannot be done with strftime() because it cannot produce the correct + * timezone offset format. + */ + if (tm.tm_gmtoff < 0) { + tz_sign = '-'; + tz_offset = -tm.tm_gmtoff; + } else { + tz_sign = '+'; + tz_offset = tm.tm_gmtoff; + } + + tz_hours = tz_offset / 3600; + tz_mins = (tz_offset % 3600) / 60; + + chars = snprintf(timebuf, bufsize, + "%04d-%02d-%02d" /* date */ + "T%02d:%02d:%02d" /* time */ + "%c%02d:%02d", /* time zone offset */ + tm.tm_year + 1900, tm.tm_mon + 1, tm.tm_mday, + tm.tm_hour, tm.tm_min, tm.tm_sec, + tz_sign, tz_hours, tz_mins); + + /* If the timestamp is too big for timebuf, return the NILVALUE. */ + if (chars >= (int)bufsize) { + strlcpy(timebuf, NILVALUE, bufsize); + } + + return (timebuf); +} + double ptimeget_diff(const struct ptime_data *minuend, const struct ptime_data *subtrahend) Modified: head/usr.sbin/newsyslog/tests/legacy_test.sh ============================================================================== --- head/usr.sbin/newsyslog/tests/legacy_test.sh Fri May 26 16:29:55 2017 (r318959) +++ head/usr.sbin/newsyslog/tests/legacy_test.sh Fri May 26 16:36:30 2017 (r318960) @@ -2,6 +2,15 @@ # $FreeBSD$ +# A regular expression matching the format of an RFC-5424 log line header, +# including the timestamp up through the seconds indicator; it does not include +# the (optional) timezone offset. +RFC5424_FMT='^<[0-9][0-9]*>1 [0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}' + +# A regular expression matching the format of an RFC-3164 (traditional syslog) +# log line header, including the timestamp. +RFC3164_FMT='^[A-Z][a-z]{2} [ 0-9][0-9] [0-9]{2}:[0-9]{2}:[0-9]{2}' + COUNT=0 TMPDIR=$(pwd)/work if [ $? -ne 0 ]; then @@ -98,6 +107,32 @@ ckntfe() fi } +# Verify that the specified file has RFC-5424 rotation messages. +ckrfc5424() +{ + local lc=$(wc -l $1 | cut -w -f2) + local rc=$(grep -cE "${RFC5424_FMT}" $1) + if [ "$lc" -eq 0 -o "$rc" -eq 0 -o "$lc" -ne "$rc" ] + then + notok + else + ok + fi +} + + +# Verify that the specified file has RFC-3164 rotation messages. +ckrfc3164() +{ + local lc=$(wc -l $1 | cut -w -f2) + local rc=$(grep -cE "${RFC3164_FMT}" $1) + if [ "$lc" -eq 0 -o "$rc" -eq 0 -o "$lc" -ne "$rc" ] + then + notok + else + ok + fi +} # A part of a test succeeds @@ -381,6 +416,45 @@ tests_time_rotate() { tmpdir_clean } +tests_rfc5424() { + ext="$1" + dir="$2" + + if [ -n "$dir" ]; then + newsyslog_args=" -a ${dir}" + name_postfix="${ext} archive dir" + else + newsyslog_args="" + name_postfix="${ext}" + fi + + tmpdir_create + + begin "RFC-5424 - create file ${name_postfix}" -newdir + run_newsyslog -C + ckfe $LOGFNAME + cknt ${dir}${LOGFNAME}.0${ext} + ckfe $LOGFNAME5424 + cknt ${dir}${LOGFNAME5424}.0${ext} + ckrfc3164 ${LOGFNAME} + ckrfc5424 ${LOGFNAME5424} + end + + begin "RFC-5424 - rotate normal 1 ${name_postfix}" + run_newsyslog $newsyslog_args + ckfe ${LOGFNAME} + ckfe ${dir}${LOGFNAME}.0${ext} + ckfe $LOGFNAME5424 + ckfe ${dir}${LOGFNAME5424}.0${ext} + ckrfc3164 ${LOGFNAME} + ckrfc3164 ${dir}${LOGFNAME}.0${ext} + ckrfc5424 ${LOGFNAME5424} + ckrfc5424 ${dir}${LOGFNAME5424}.0${ext} + end + + tmpdir_clean +} + echo 1..126 mkdir -p ${TMPDIR} cd ${TMPDIR} @@ -388,6 +462,10 @@ cd ${TMPDIR} LOGFNAME=foo.log LOGFPATH=${TMPDIR}/log/${LOGFNAME} +# Log file for RFC-5424 testing +LOGFNAME5424=foo5424.log +LOGFPATH5424=${TMPDIR}/log/${LOGFNAME5424} + # Normal, no archive dir, keep X files echo "$LOGFPATH 640 0 * @T00 NC" > newsyslog.conf tests_normal_rotate_keepn 0 @@ -454,4 +532,9 @@ tests_time_rotate "gz" "${TMPDIR}/alog/" echo "$LOGFPATH 640 3 * @T00 NCJ" > newsyslog.conf tests_time_rotate "bz2" "${TMPDIR}/alog/" +# RFC-5424; Normal, no archive dir +echo "$LOGFPATH5424 640 3 * @T00 NCT" > newsyslog.conf +echo "$LOGFPATH 640 3 * @T00 NC" >> newsyslog.conf +tests_rfc5424 + rm -rf "${TMPDIR}"