hi all,
I have slightly modified the ruleset for writing messages to /dev/log
on Linux, and thought about sharing it through the rule repository.
The current version contains some error checks and it seems to work.
Note, however, that for stream sockets the solution would be somewhat
different (it would probably require non-blocking writes on the
socket).
I would appreciate any comments and/or corrections to the rules :)
kind regards,
risto
type=Single
ptype=SubStr
pattern=SEC_STARTUP
context=SEC_INTERNAL_EVENT
continue=TakeNext
desc=Load the Socket module and store facility and level values to hashes
action=assign %a 0; eval %a (require Socket); eval %a (exit(1) unless %a); \
eval %a ( %facility = ( 'kern' => 0, 'user' => 1, 'mail' => 2, \
'daemon' => 3, 'auth' => 4, 'syslog' => 5, \
'lpr' => 6, 'news' => 7, 'uucp' => 8, \
'cron' => 9, 'authpriv' => 10, 'ftp' => 11, \
'ntp' => 12, 'local0' => 16, 'local1' => 17, \
'local2' => 18, 'local3' => 19, \
'local4' => 20, 'local5' => 21, \
'local6' => 22, 'local7' => 23 ); \
%level = ('emerg' => 0, 'alert' => 1, 'crit' => 2, \
'error' => 3, 'warning' => 4, 'notice' => 5, \
'info' => 6, 'debug' => 7); \
$syslogsocket = 0; )
type=Single
ptype=RegExp
pattern=(SEC_STARTUP|SEC_RESTART)
context=SEC_INTERNAL_EVENT
desc=(Re)Open connection to syslogd and compile the logging routine
action=eval %a ( if ($syslogsocket) { close(SYSLOG); $syslogsocket = 0; } \
if (socket(SYSLOG, Socket::PF_UNIX, Socket::SOCK_DGRAM, 0) \
&& connect(SYSLOG, Socket::sockaddr_un('/dev/log'))) \
{ $syslogsocket = 1; } ); \
eval %syslog ( sub { if (!$syslogsocket) { return undef; } \
if (scalar(@_) < 4) { return undef; } \
if (!exists($facility{$_[0]})) { return undef; } \
if (!exists($level{$_[1]})) { return undef; } \
my($pri) = $facility{$_[0]}*8 + $level{$_[1]}; \
my($tag) = $_[2]; my($msg) = $_[3]; \
my($n); my($time) = scalar(localtime(time())); \
substr($time, 0, 4) = ""; \
substr($time, -5) = ""; \
$n = send(SYSLOG, "<$pri>$time $tag: $msg", 0); \
return $n; } )
type=Single
ptype=SubStr
pattern=SEC_SOFTRESTART
context=SEC_INTERNAL_EVENT
desc=(Re)Open connection to syslogd
action=eval %a ( if ($syslogsocket) { close(SYSLOG); $syslogsocket = 0; } \
if (socket(SYSLOG, Socket::PF_UNIX, Socket::SOCK_DGRAM, 0) \
&& connect(SYSLOG, Socket::sockaddr_un('/dev/log'))) \
{ $syslogsocket = 1; } );
type=Single
ptype=RegExp
pattern=test: (\S+): (.+)
desc=log message '$2' for program $1 with priority daemon.info
action=call %o %syslog daemon info $1 $2
------------------------------------------------------------------------------
The Next 800 Companies to Lead America's Growth: New Video Whitepaper
David G. Thomson, author of the best-selling book "Blueprint to a
Billion" shares his insights and actions to help propel your
business during the next growth cycle. Listen Now!
http://p.sf.net/sfu/SAP-dev2dev
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
