From owner-freebsd-hackers@FreeBSD.ORG Wed Feb 20 14:12:42 2008 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8DB2B16A415 for ; Wed, 20 Feb 2008 14:12:42 +0000 (UTC) (envelope-from freebsdlists@bsdunix.ch) Received: from conversation.bsdunix.ch (ns1.bsdunix.ch [82.220.1.90]) by mx1.freebsd.org (Postfix) with ESMTP id 2A5BC13C465 for ; Wed, 20 Feb 2008 14:12:41 +0000 (UTC) (envelope-from freebsdlists@bsdunix.ch) Received: from localhost (localhost.bsdunix.ch [127.0.0.1]) by conversation.bsdunix.ch (Postfix) with ESMTP id B8CF55F41 for ; Wed, 20 Feb 2008 14:52:48 +0100 (CET) X-Virus-Scanned: by amavisd-new at mail.bsdunix.ch Received: from conversation.bsdunix.ch ([127.0.0.1]) by localhost (conversation.bsdunix.ch [127.0.0.1]) (amavisd-new, port 10024) with LMTP id zQETDUA6mt+N for ; Wed, 20 Feb 2008 14:52:45 +0100 (CET) Received: from bert.mlan.solnet.ch (bert.mlan.solnet.ch [212.101.1.83]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by conversation.bsdunix.ch (Postfix) with ESMTP id BD1D45F1A for ; Wed, 20 Feb 2008 14:52:45 +0100 (CET) Message-ID: <47BC30AD.20600@bsdunix.ch> Date: Wed, 20 Feb 2008 14:52:45 +0100 From: Thomas Vogt User-Agent: Thunderbird 2.0.0.9 (X11/20080218) MIME-Version: 1.0 To: freebsd-hackers@freebsd.org Content-Type: multipart/mixed; boundary="------------030309040008010403090205" Subject: new syslogd option for adding local timestamp X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Feb 2008 14:12:42 -0000 This is a multi-part message in MIME format. --------------030309040008010403090205 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Hi list I ported the -T option from netbsd syslogd.c to freebsd syslog. "Add a -T flag to syslogd, which causes it to use local time for messages received from the network. Useful for collecting logs from devices which do not have correct time or if you need localtime anyway. It does not replace original timestamp. It just adds the localtime at the beginning of the string" Is this done correctly? I had no trouble during my tests with remote logging from several router and switches from cisco and foundry. If everything is correct, any chance we can add this to freebsd syslogd? Regards, Tom --------------030309040008010403090205 Content-Type: text/plain; name="syslogd.c-diff" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="syslogd.c-diff" --- syslogd.c.orig 2008-02-20 14:00:11.000000000 +0100 +++ syslogd.c 2008-02-20 14:00:27.000000000 +0100 @@ -292,6 +292,7 @@ struct allowedpeer *AllowedPeers; /* List of allowed peers */ static int NumAllowed; /* Number of entries in AllowedPeers */ +static int RemoteAddDate; /* always add date to messages from network */ static int UniquePriority; /* Only log specified priority? */ static int LogFacPri; /* Put facility and priority in log message: */ @@ -321,7 +322,7 @@ static void log_deadchild(pid_t, int, const char *); static void markit(void); static int skip_message(const char *, const char *, int); -static void printline(const char *, char *); +static void printline(const char *, char *, int); static void printsys(char *); static int p_open(const char *, pid_t *); static void readklog(void); @@ -351,7 +352,7 @@ socklen_t len; bindhostname = NULL; - while ((ch = getopt(argc, argv, "46Aa:b:cCdf:kl:m:nop:P:sS:uv")) != -1) + while ((ch = getopt(argc, argv, "46Aa:b:cCdf:kl:m:nop:P:sS:Tuv")) != -1) switch (ch) { case '4': family = PF_INET; @@ -448,6 +449,9 @@ errx(1, "%s path too long, exiting", optarg); funix_secure.name = optarg; break; + case 'T': + RemoteAddDate = 1; + break; case 'u': /* only log specified priority */ UniquePriority++; break; @@ -640,7 +644,7 @@ hname = cvthname((struct sockaddr *)&frominet); unmapped((struct sockaddr *)&frominet); if (validate((struct sockaddr *)&frominet, hname)) - printline(hname, line); + printline(hname, line, RemoteAddDate ? ADDDATE : 0); } else if (l < 0 && errno != EINTR) logerror("recvfrom inet"); } @@ -653,7 +657,7 @@ (struct sockaddr *)&fromunix, &len); if (l > 0) { line[l] = '\0'; - printline(LocalHostName, line); + printline(LocalHostName, line, 0); } else if (l < 0 && errno != EINTR) logerror("recvfrom unix"); } @@ -693,7 +697,7 @@ { fprintf(stderr, "%s\n%s\n%s\n%s\n", - "usage: syslogd [-46ACcdknosuv] [-a allowed_peer]", + "usage: syslogd [-46ACcdknosTuv] [-a allowed_peer]", " [-b bind_address] [-f config_file]", " [-l [mode:]path] [-m mark_interval]", " [-P pid_file] [-p log_socket]"); @@ -705,7 +709,7 @@ * on the appropriate log files. */ static void -printline(const char *hname, char *msg) +printline(const char *hname, char *msg, int flags) { char *p, *q; long n; @@ -758,7 +762,7 @@ } *q = '\0'; - logmsg(pri, line, hname, 0); + logmsg(pri, line, hname, flags); } /* --------------030309040008010403090205 Content-Type: text/plain; name="syslogd.8-diff" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="syslogd.8-diff" --- syslogd.8.orig 2008-02-20 14:18:55.000000000 +0100 +++ syslogd.8 2008-02-20 14:18:59.000000000 +0100 @@ -225,6 +225,12 @@ If specified twice, no network socket will be opened at all, which also disables logging to remote machines. +.It Fl T +Always use the local time and date for messages received from the +network, instead of the timestamp field supplied in the message +by the remote host. +This is useful if some of the originating hosts can't keep time +properly or are unable to generate a correct timestamp. .It Fl u Unique priority logging. Only log messages at the specified priority. @@ -291,6 +297,14 @@ option is specified); therefore, they must be created manually before running .Nm . +.Pp +The date and time are taken from the received message. +If the format of the timestamp field is incorrect, time obtained from +the local host is used instead. +This can be overriden by the +.Fl T +flag. +.Pp .Sh FILES .Bl -tag -width /var/run/syslog.pid -compact .It Pa /etc/syslog.conf --------------030309040008010403090205--