syslogd patch
Printing out the whole path to the kernel all the time in syslog messages is
a bit redundant and ugly, especially seeing that it isn't done for any other
binaries.
Should I send-pr this thing too, or is just sending it to -hackers enough?
--- usr/src/usr.sbin/syslogd/syslogd.c.old Sat Jan 13 21:20:28 2001
+++ usr/src/usr.sbin/syslogd/syslogd.c Sat Jan 13 22:27:44 2001
@@ -734,8 +734,8 @@
int flags;
{
struct filed *f;
- int i, fac, msglen, omask, prilev;
- char *timestamp;
+ int i, fac, msglen, omask, prilev, bflen;
+ char *timestamp, *bfshort;
char prog[NAME_MAX+1];
char buf[MAXLINE+1];
@@ -784,7 +784,16 @@
/* add kernel prefix for kernel messages */
if (flags & ISKERNEL) {
- snprintf(buf, sizeof(buf), "%s: %s", bootfile, msg);
+ /* ignore path to kernel */
+ bflen = strlen(bootfile);
+ bfshort = bootfile;
+ while(bflen--)
+ if(*(bootfile+bflen) == '/')
+ {
+ bfshort = bootfile+bflen+1;
+ break;
+ }
+ snprintf(buf, sizeof(buf), "%s: %s", bfshort, msg);
msg = buf;
msglen = strlen(buf);
}
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
RE: syslogd patch
On 17-Jan-01 Eric Melville wrote:
> Printing out the whole path to the kernel all the time in syslog messages is
> a bit redundant and ugly, especially seeing that it isn't done for any other
> binaries.
>
> Should I send-pr this thing too, or is just sending it to -hackers enough?
>
> --- usr/src/usr.sbin/syslogd/syslogd.c.oldSat Jan 13 21:20:28 2001
> +++ usr/src/usr.sbin/syslogd/syslogd.cSat Jan 13 22:27:44 2001
> @@ -734,8 +734,8 @@
> int flags;
> {
> struct filed *f;
> - int i, fac, msglen, omask, prilev;
> - char *timestamp;
> + int i, fac, msglen, omask, prilev, bflen;
> + char *timestamp, *bfshort;
> char prog[NAME_MAX+1];
> char buf[MAXLINE+1];
>
> @@ -784,7 +784,16 @@
>
> /* add kernel prefix for kernel messages */
> if (flags & ISKERNEL) {
> - snprintf(buf, sizeof(buf), "%s: %s", bootfile, msg);
> + /* ignore path to kernel */
> + bflen = strlen(bootfile);
> + bfshort = bootfile;
> + while(bflen--)
> + if(*(bootfile+bflen) == '/')
> + {
> + bfshort = bootfile+bflen+1;
> + break;
> + }
> + snprintf(buf, sizeof(buf), "%s: %s", bfshort, msg);
You could use strrchr(3) here instead of rolling your own loop. However, this
will print out 'kernel' for every kernel. If I 'boot kernel.foo' from the
loader, then the bootfile will be /boot/kernel.foo/kernel, and this will trim
the /boot/kenrel.foo/ part. The kernel.foo part is actually the important
part, however, so I'd prefer it to not do this.
--
John Baldwin <[EMAIL PROTECTED]> -- http://www.FreeBSD.org/~jhb/
PGP Key: http://www.baldwin.cx/~john/pgpkey.asc
"Power Users Use the Power to Serve!" - http://www.FreeBSD.org/
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
Re: syslogd patch
Thus spake Eric Melville ([EMAIL PROTECTED]):
> Should I send-pr this thing too, or is just sending it to -hackers enough?
To -audit, in general.
> if (flags & ISKERNEL) {
> - snprintf(buf, sizeof(buf), "%s: %s", bootfile, msg);
> + /* ignore path to kernel */
> + bflen = strlen(bootfile);
> + bfshort = bootfile;
> + while(bflen--)
> + if(*(bootfile+bflen) == '/')
> + {
> + bfshort = bootfile+bflen+1;
> + break;
> + }
> + snprintf(buf, sizeof(buf), "%s: %s", bfshort, msg);
Why don't you just use basename(3)?
Alex
--
cat: /home/alex/.sig: No such file or directory
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
syslogd patch for n-tier logging topologies
http://people.targetnet.com/~james/syslog-forwarding-hints.diff.gz (patch relative to 4.1-STABLE, but should apply to -current) I was trying to build a 3 tier logging system, where boxes send syslog messages to a server on the local segment, and then that machine forwards the logs on to the "master" logging machine. The problem I had was that I use the '!progname' syntax in syslog.conf on the master host extensively. This syntax matches any message which *starts* with the given string. However, when a message is received from a remote host and subsequently forwarded to a remote host, the message is prepended with the string "Forwarded from hostname ". The message no longer starts with the program name, so it doesn't get selected by the '!progname' line in syslog.conf. One could just move the forwarding note to the end, but then you have to train your eyes to look at the end of the line instead of the beginning for the hostname. What is really needed is a way for the middle tier to tell the top tier machine the hostname of the machine who sent the message in the first place. My solution isn't the best, but it does have the advantage of not breaking the syslog protocol, and you can mix-and-match the old and new forwarding methods in syslog.conf. Basically, if you specify a hostname in syslog.conf but precede it with a % sign instead of an @, the forwarded message will look like this on the way out (presume the original host is bar, the middle is baz and the top is foo): old:<#>Sep 20 10:52:45 Forwarded from bar: progname: message new:<#>%bar Sep 20 10:52:45 progname: message If syslogd is started with the -h switch (hints), it will look at the first character of the message. If it is a %, syslogd reads the text following the % up to the next space, then reads the message as usual. When the log message is processed by logmsg(), I send the hint hostname instead of the gethostbyaddr-derived hostname. As a result, the top host logs the message with the proper hostname of the bottom host. The message still starts with the program name, so the '!progname' syntax works. If the remote host receiving the message doesn't use the -h switch or is running a non-modified copy of syslogd, the message will still get logged, but the hint will appear literally in the log. This isn't pretty, but it prevents the hints from crashing older syslog daemons. One other advantage to this system is that you only have to update syslogd or syslog.conf on the middle and top tiers (or more specifically, every tier except the bottom one). The majority of machines are in the lower tier, so rolling this out isn't too painful. I expect there will be a few comments on this, so bear in mind that the code isn't polished much. I don't know if using '%' as the selector character is a good idea, and there is the issue of spoofing: > logger "%af.mil Sep 21 13:37:30 icbmd[378] Launch commit in 39 seconds" Comments are appreciated. -- j. James FitzGibbon [EMAIL PROTECTED] Targetnet.com Inc. Voice/Fax +1 416 306-0466/0452 To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
