rsyslog/rsyslog
1
0
Fork 0
mirror of https://github.com/rsyslog/rsyslog.git synced 2025-12-15 10:30:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'v4-stable' into 'v5-beta'

Browse Source 
Conflicts:
	ChangeLog
	configure.ac
	doc/manual.html
	tools/syslogd.c
This commit is contained in:
Rainer Gerhards 2010-02-25 14:42:21 +01:00
commit 0995bff594
8 changed files with 86 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
ChangeLog
View File

@ -325,6 +325,29 @@ Version 4.7.0 [v4-devel] (rgerhards), 2009-09-??
system configs.
See ticket for details: http://bugzilla.adiscon.com/show_bug.cgi?id=150
- imported changes from 4.5.6 and below
Version 4.6.1 [v4-stable] (rgerhards), 2010-02-??
---------------------------------------------------------------------------
Version 4.6.0 [v4-stable] (rgerhards), 2010-02-24
***************************************************************************
* This is a new stable v4 version. It contains all fixes and enhancements *
* made during the 4.5.x phase as well as those listed below. *
* Note: this version is scheduled to conclude the v4 development process. *
* Do not expect any more new developments in v4. The focus is now *
* on v5 (what also means we have a single devel branch again). *
* ("development" means new feature development, bug fixes are of *
* course provided for v4-stable) *
***************************************************************************
- improved testbench to contain samples for totally malformed messages
which miss parts of the message content
- bugfix: some malformed messages could lead to a missing LF inside files
or some other missing parts of the template content.
- bugfix: if a message ended immediately with a hostname, the hostname
was mistakenly interpreted as TAG, and localhost be used as hostname
- bugfix: message without MSG part could case a segfault
[backported from v5 commit 98d1ed504ec001728955a5bcd7916f64cd85f39f]
This actually was a "recent" regression, but I did not realize that it
was introduced by the performance optimization in v4-devel. Shame on
me for having two devel versions at the same time...
---------------------------------------------------------------------------
Version 4.5.8 [v4-beta] (rgerhards), 2010-02-10
- enhanced doc for using PostgreSQL

1
doc/manual.html
View File

@ -47,6 +47,7 @@ if you do not read the doc, but doing so will definitely improve your experience
<li><a href="generic_design.html">backgrounder on generic syslog application design</a></li>
<li><a href="modules.html">description of rsyslog modules</a></li>
<li><a href="rsyslog_packages.html">rsyslog packages</a></li>
<li><a href="http://cookbook.rsyslog.com">the rsyslog "cookbook"</a> - a set of configurations ready to use</li>
</ul>
<p><b>We have some in-depth papers on</b></p>
<ul>

16
doc/rsyslog_php_syslog_ng.html
View File

@ -7,8 +7,10 @@
<P><small><i>Written by
<a href="http://www.adiscon.com/en/people/rainer-gerhards.php">Rainer
Gerhards</a> (2005-08-04)</i></small></P>
<p><b>Note: it has been reported that this guide is somewhat outdated. Please
use with care. </b></p>
<p>Note: it has been reported that this guide is somewhat outdated. Please
use with care. Also, please note that <b>rsyslog's "native" web frontend is
<a href="http://www.phplogcon.org">phpLogCon</a></b>, which provides best integration
and a lot of extra functionality.</p>
<h2>Abstract</h2>
<p><i><b>In this paper, I describe how to use
<a href="http://www.vermeer.org/projects/php-syslog-ng">php-syslog-ng</a> with
@ -116,11 +118,11 @@ those unfamiliar with syslog-ng, this configuration is probably easier to set up
then switching to syslog-ng. For existing rsyslogd users, php-syslog-ng might be a nice
add-on to their logging infrastructure.</P>
<P>Please note that the <a href="http://www.monitorware.com/en/">MonitorWare family</a> (to which rsyslog belongs) also
offers a web-interface: <a href="http://www.phplogcon.org/">phpLogCon</a>. At the time of this writing, phpLogCon's code
is by far not as clean as I would like it to be. Also the user-interface is
definitely not as intutive as pp-syslog-ng. From a functionality point of view,
however, I think it already is a bit ahead. So you might
consider using it. I have set up a <a href="http://demo.rsyslog.com/">demo server</a>.,
offers a web-interface: <a href="http://www.phplogcon.org/">phpLogCon</a>.
From my point of view, obviously, <b>phpLogCon is the more natural choice for a web interface
to be used together with rsyslog</b>. It also offers superb functionality and provides,
for example,native display of Windows event log entries.
I have set up a <a href="http://demo.phplogcon.org/">demo server</a>.,
You can have a peek at it
without installing anything.</P>
<h2>Feedback Requested</h2>

17
runtime/datetime.c
View File

@ -309,11 +309,11 @@ ParseTIMESTAMP3339(struct syslogTime *pTime, uchar** ppszTS, int *pLenStr)
}
/* OK, we actually have a 3339 timestamp, so let's indicated this */
if(lenStr > 0 && *pszTS == ' ') {
if(lenStr > 0) {
if(*pszTS != ' ') /* if it is not a space, it can not be a "good" time - 2010-02-22 rgerhards */
ABORT_FINALIZE(RS_RET_INVLD_TIME);
++pszTS; /* just skip past it */
--lenStr;
++pszTS;
} else {
ABORT_FINALIZE(RS_RET_INVLD_TIME);
}
/* we had success, so update parse pointer and caller-provided timestamp */
@ -528,6 +528,7 @@ ParseTIMESTAMP3164(struct syslogTime *pTime, uchar** ppszTS, int *pLenStr)
if(lenStr == 0 || *pszTS++ != ' ')
ABORT_FINALIZE(RS_RET_INVLD_TIME);
--lenStr;
/* we accept a slightly malformed timestamp when receiving. This is
* we accept one-digit days
@ -583,7 +584,13 @@ ParseTIMESTAMP3164(struct syslogTime *pTime, uchar** ppszTS, int *pLenStr)
* invalid format, it occurs frequently enough (e.g. with Cisco devices)
* to permit it as a valid case. -- rgerhards, 2008-09-12
*/
if(lenStr == 0 || *pszTS++ == ':') {
if(lenStr > 0 && *pszTS == ':') {
++pszTS; /* just skip past it */
--lenStr;
}
if(lenStr > 0) {
if(*pszTS != ' ') /* if it is not a space, it can not be a "good" time - 2010-02-22 rgerhards */
ABORT_FINALIZE(RS_RET_INVLD_TIME);
++pszTS; /* just skip past it */
--lenStr;
}

2
runtime/rsyslog.h
View File

@ -35,7 +35,7 @@
* value to the fixed size of the message object.
*/
#define CONF_TAG_MAXSIZE 512 /* a value that is deemed far too large for any valid TAG */
#define CONF_TAG_HOSTNAME 512 /* a value that is deemed far too large for any valid HOSTNAME */
#define CONF_HOSTNAME_MAXSIZE 512 /* a value that is deemed far too large for any valid HOSTNAME */
#define CONF_RAWMSG_BUFSIZE 101
#define CONF_TAG_BUFSIZE 32
#define CONF_HOSTNAME_BUFSIZE 32

1
tests/Makefile.am
View File

@ -100,6 +100,7 @@ EXTRA_DIST= 1.rstest 2.rstest 3.rstest err1.rstest \
testsuites/3.parse1 \
testsuites/4.parse1 \
testsuites/oversizeTag-1.parse1 \
testsuites/weird.parse1 \
testsuites/date1.parse1 \
testsuites/date2.parse1 \
testsuites/date3.parse1 \

5
tests/testsuites/oversizeTag-1.parse1
View File

@ -1,3 +1,2 @@
<38>Mar 27 19:06:53 source_server 0123456780123456780123456780123456789: MSG part
38,auth,info,Mar 27 19:06:53,source_server,0123456780123456780123456780123456789,0123456780123456780123456780123456789:, MSG part
# yet another real-life sample where we had some issues with
<38>Mar 27 19:06:53 source_server 0123456789012345678901234567890123456789: MSG part
38,auth,info,Mar 27 19:06:53,source_server,0123456789012345678901234567890123456789,0123456789012345678901234567890123456789:, MSG part

37
tests/testsuites/weird.parse1 Normal file
View File

@ -0,0 +1,37 @@
# some really weird samples, some of them seen in practice,
# some other deliberately generated. The main point is that they
# should not cause an abort...
<14>Aug 30 23:00:05 X4711 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
14,user,info,Aug 30 23:00:05,X4711,AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA,AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA,
# important: the following line has a SP at the end of the line!
<14>Aug 30 23:00:05 X4711
14,user,info,Aug 30 23:00:05,X4711,,,
# and this one NOT
<14>Aug 30 23:00:05 X4711
14,user,info,Aug 30 23:00:05,X4711,,,
# there is a SP at the end of the line
<14>Aug 30 23:00:05
14,user,info,Aug 30 23:00:05,localhost,,,
# and here is no SP at the end of the line
<14>Aug 30 23:00:05
14,user,info,Aug 30 23:00:05,localhost,,,
# unfortunately, I can not test missing dates with this test suite, because
# we would have the current date in the response, which we can not check against
#
# and now the same tests with RFC3339 data - this can make a difference
# as a different date parser is involved.
#
<14>2010-08-30T23:00:05Z X4711 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
14,user,info,Aug 30 23:00:05,X4711,AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA,AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA,
# important: the following line has a SP at the end of the line!
<14>2010-08-30T23:00:05Z X4711
14,user,info,Aug 30 23:00:05,X4711,,,
# and this one NOT
<14>2010-08-30T23:00:05Z X4711
14,user,info,Aug 30 23:00:05,X4711,,,
# there is a SP at the end of the line
<14>2010-08-30T23:00:05Z
14,user,info,Aug 30 23:00:05,localhost,,,
# and here is no SP at the end of the line
<14>2010-08-30T23:00:05Z
14,user,info,Aug 30 23:00:05,localhost,,,