On 2017/04/17 00:57, Alexander Bluhm wrote:
> Hi,
>
> I have received complaints from a customer that the "last message
> repeated" feature of syslogd(8) makes their log auditing difficult.
> FreeBSD has -c and -cc to disable it, but our -c is already taken.
>
> Add -r to suppress the summary line for pipe and remote loghost,
> as they are most commonly used for automated log processing. With
> -rr the "last message repeated" can be disabled completely.
>
> ok?
>
> bluhm
>
> Index: usr.sbin/syslogd/syslogd.8
> ===================================================================
> RCS file: /data/mirror/openbsd/cvs/src/usr.sbin/syslogd/syslogd.8,v
> retrieving revision 1.53
> diff -u -p -r1.53 syslogd.8
> --- usr.sbin/syslogd/syslogd.8 2 Jan 2017 15:58:02 -0000 1.53
> +++ usr.sbin/syslogd/syslogd.8 16 Apr 2017 20:01:04 -0000
> @@ -39,7 +39,7 @@
> .Sh SYNOPSIS
> .Nm syslogd
> .Bk -words
> -.Op Fl 46dFhnuVZ
> +.Op Fl 46dFhnruVZ
> .Op Fl a Ar path
> .Op Fl C Ar CAfile
> .Op Fl c Ar cert_file
> @@ -129,6 +129,10 @@ the symbolic local host name.
> Specify the pathname of an alternate log socket to be used instead;
> the default is
> .Pa /dev/log .
> +.It Fl r
> +Suppress the message repeated summary and print every line immediately.
Would it be clearer if "message repeated" were in quotes?
> +If given once, only message piped to another program or forwarded
> +to a remote loghost are affected.
s/message/messages/
Doesn't this need something like "If given twice, all messages are
affected" or similar?
> Create a TLS listen socket for receiving encrypted messages and
> bind it to the specified address.
> Index: usr.sbin/syslogd/syslogd.c
I'm ok with the general idea and code diff.
> ===================================================================
> RCS file: /data/mirror/openbsd/cvs/src/usr.sbin/syslogd/syslogd.c,v
> retrieving revision 1.241
> diff -u -p -r1.241 syslogd.c
> --- usr.sbin/syslogd/syslogd.c 7 Apr 2017 15:36:16 -0000 1.241
> +++ usr.sbin/syslogd/syslogd.c 16 Apr 2017 20:14:30 -0000
> @@ -209,6 +209,7 @@ int Initialized = 0; /* set when we have
> int MarkInterval = 20 * 60; /* interval between marks in seconds */
> int MarkSeq = 0; /* mark sequence number */
> int PrivChild = 0; /* Exec the privileged parent process */
> +int Repeat = 0; /* 0 msg repeated, 1 in files only, 2 never */
> int SecureMode = 1; /* when true, speak only unix domain socks */
> int NoDNS = 0; /* when true, refrain from doing DNS lookups */
> int ZuluTime = 0; /* display date and time in UTC ISO format */
> @@ -369,8 +370,8 @@ main(int argc, char *argv[])
> tls_hostport = tls_host = NULL;
> nbind = nlisten = 0;
>
> - while ((ch = getopt(argc, argv, "46a:C:c:dFf:hK:k:m:nP:p:S:s:T:U:uVZ"))
> - != -1)
> + while ((ch = getopt(argc, argv,
> + "46a:C:c:dFf:hK:k:m:nP:p:rS:s:T:U:uVZ")) != -1) {
> switch (ch) {
> case '4': /* disable IPv6 */
> Family = PF_INET;
> @@ -425,6 +426,9 @@ main(int argc, char *argv[])
> case 'p': /* path */
> path_unix[0] = optarg;
> break;
> + case 'r':
> + Repeat++;
> + break;
> case 'S': /* allow tls and listen on address */
> tls_hostport = optarg;
> if ((p = strdup(optarg)) == NULL)
> @@ -455,6 +459,7 @@ main(int argc, char *argv[])
> default:
> usage();
> }
> + }
> if (argc != optind)
> usage();
>
> @@ -1766,7 +1771,10 @@ logline(int pri, int flags, char *from,
> /*
> * suppress duplicate lines to this file
> */
> - if ((flags & MARK) == 0 && msglen == f->f_prevlen &&
> + if ((Repeat == 0 || (Repeat == 1 &&
> + (f->f_type != F_PIPE && f->f_type != F_FORWUDP &&
> + f->f_type != F_FORWTCP && f->f_type != F_FORWTLS))) &&
> + (flags & MARK) == 0 && msglen == f->f_prevlen &&
> !strcmp(msg, f->f_prevline) &&
> !strcmp(from, f->f_prevhost)) {
> strlcpy(f->f_lasttime, timestamp,
>
