1) Don't check for getopt returning '?', we have a default case.
2) Check if the priority is LOG_KERN correctly - in practice
LOG_KERN is 0, so it makes no difference. OpenBSD fixed a
different nearby bug that we don't have 'cos our definition
of LOG_MAKEPRI is different to OpenBSD's.
Copy a comment from OpenBSD, observing that LOG_KERN is 0.
Inspired by PR: 67139
if the line doesn't match ^<%d>, then treat it as a regular kernel
printf line. Previously if a kernel printf message started with "<"
it would be interpreted as a log message, often with LOG_EMERG
level. This was triggered by some printfs in sys/dev/aic7xxx/, and
can also happen with the partial lines that result if syslogd cannot
keep up with the rate of arrival of kernel messages.
Reviewed by: dwmalone
MFC after: 1 week
is possible for an error to occur while trying to log an error, and
this can result in infinite recursion (or at least until we run out
of stack).
Rather than this, we ignore requests to log an error while logging an
error.
PR: 51253
MFC after: 2 weeks
1. Hostnames were not treated case insensitively in all cases.
2. The method for stripping hostnames when reading the syslog.conf
differed from that when finding the hostname of an incoming request.
This lead to a broken match check. In my case, it meant I had to
have '@scooter.smi.example.com.example.com' to have 'logger.example.com'
properly save messages from 'scooter.smi.sendmail.com'.
3. Add paranoia to cfline() such that it doesn't try to access memory
outside of the bounds of the f_host string.
4. While I am here, get rid of an outdated comment, argv[{0,1,2}] are now
checked for NULL after the strdup() calls.
Reviewed by: dwmalone
MFC after: 1 week
revision 1.101 (which did not introduce the bug but made it harder to fix)
PR: misc/40363
Submitted by: David Dunham <dwdunham@isilon.com>
MFC after: 2 weeks
that already exists for hosts: being able to specify a section that applies
to every program *except* the one in question.
The normal syntax for program specification is still valid. For the new
capability, one uses:
!-program
Since there is no way to specify a program beginning with a dash in the old
syntax, as it would be interpreted as the case above, the following
alternative syntax to the original capability is provided:
!+program
This shouldn't introduce incompatibilities with any syslogd configuration
in production because -stable's syslogd does not support a dash anywhere in
the program specification.
MFC after: 2 weeks
for it.
While I'm here, add a the ability to say "!level" in a way which
should be compatible with Linux's syslogd.
PR: 28935
No objections: audit
MFC after: 2 weeks
EHOSTDOWN. These are often transient errors (when the remote host
reboots, temporary network problems, etc.), and we'd rather err on the
side of caution and keep trying send messages that never arrive than
just give up.
Note that this is not an implementation of the "back-off" methods
given in the PR. Those just seem too complicated. Why not just keep
trying each time? Trying and failing doesn't really consume
significantly more resources than if we were successful for each
message.
PR: bin/31029
MFC after: 1 week
do not stop copying it into a buffer when encountering a
non-alphanumerical character. Only stop at unprintable characters.
This makes syslogd work correctly with executables like `interp.bin',
`httpd_old', etc.
PR: misc/40941
MFC after: 1 week
with the old behavior available via the -o option (it might still be
useful if one has many kernels and cares which messages came from
which). If the boot file is not used as the prefix, it is still
logged once at startup.
This change is prompted by the fact that the boot file is now much
longer ("/boot/kernel/kernel" vs. "/kernel"), which significanlty
bloats the syslogd output.
Reviewed by: peter
than really solve it. This approach (inspired by Ruslan's patch) solves
the real problem by stripping the local domain off the host name in the
config line structure.
Also mark a bunch of code sections that either do not check the return value
of a strdup(), malloc() or calloc() call, or do not properly handle a NULL
return.
1.64, i.e. July of last year. Also fix a minor style bug in the same code.
PR: bin/28634
Pointy hat to: dwmalone
Pointed out by: my buggy DSL router's remote logging facility
__unused, and change local variables named `sin' (struct
sockaddr_in) to `sin4'. (`sin' conflicts with the definition of
sin(3), which gcc assumes to be defined even if math.h isn't
included (it's a builtin). This is probably a bug in gcc.)
- Apply WARNS=1. WARNS=2 was not used because this program assigns
string literals to (struct iovec).iov_base for writing, and the only
clean way to silence -Wwrite-strings in that case would be to
strdup() and consequently free() those literals, which I considered
too disruptive.
Reviewed by: bde (partially)
the system on which it is running. The hostname is reloaded when
'HUPped' and a log message generated to note a change (before anyone
points it out, this is not an added security feature).
PR: bin/24444
Reviewed by: freebsd-audit
Approved by: ru
MFC after: 2 weeks
- Lose any stray host bits that a user may have entered when providing
a network number and netmask to the `-a' option for IPv6. This is
corresponding to 1.79 that is for IPv4 only.
MFC after: 1 week
user unless they come directly from the kernel. Document this and
add a flag to syslogd which prevents this conversion.
Sort getopt args while I'm at it.
PR: 21788
Submitted by: Andre Albsmeier <andre.albsmeier@mchp.siemens.de>
Remove extra parens from my host selection commit.
Add white space after if, while, for and switch.
Get rid of braces around a single statement if.
There should be no functional changes in this commit.
Reviewed by: sheldonh
a similar way to the way it can select messages from a given program.
Lines beginning with "+hostname" or "#+hostname" select messaes
from that hostname and lines beginning with "-hostname" or "#-hostname"
match messages not from that hostname.
There are some significant style issues left in the original program
selection code and the man page. This should be cleared up in some
later commits.
Reviewed by: sheldonh
Based on an original patch by: Bernd Walter <ticso@cicely8.cicely.de>
Man page stylist: sheldonh
as they ought to be. The description of SA_RESTART was a little
unobvious to me in the man page, so i missed it. Thanks to Bruce for
spotting this.
Submitted by: bde
would cause syslogd to eventually kill innocent processes in the
system over time (note: not `could' but `would'). Many thanks to my
colleague Mirko for digging into the kernel structures and providing
me with the debugging framework to find out about the nature of this
bug (and to isolate that syslogd was the culprit) in a rather large
set of distributed machines at client sites where this happened
occasionally.
Whenever a child process was no longer responsive, or when syslogd
receives a SIGHUP so it closes all its logging file descriptors, for
any descriptor that refers to a pipe syslogd enters the data about the
old logging child process into a `dead queue', where it is being
removed from (and the status of the dead kitten being fetched) upon
receipt of a SIGCHLD. However, there's a high probability that the
SIGCHLD already arrives before the child's data are actually entered
into the dead queue inside the SIGHUP handler, so the SIGCHLD handler
has nothing to fetch and remove and simply continues. Whenever this
happens, the process'es data remain on the dead queue forever, and
since domark() tried to get rid of totally unresponsive children by
first sending a SIGTERM and later a SIGKILL, it was only a matter of
time until the system had recycled enough PIDs so an innocent process
got shot to death.
Fix the race by masking SIGHUP and SIGCHLD from both handlers mutually.
Add additional bandaids ``just in case'', i. e. don't enter a process
into the dead queue if we can't signal it (this should only happen in
case it is already dead by that time so we can fetch the status
immediately instead of deferring this to the SIGCHLD handler); for the
kill(2) inside domark(), check for an error status (/* Can't happen */
:) and remove it from the dead queue in this case (which if it would
have been there in the first place would have reduced the problem to a
statistically minimal likelihood so i certainly would never have
noticed the bug at all :).
Mirko also reviewed the fix in priciple (mutual blocking of both
signals inside the handlers), but not the actual code.
Reviewed by: Mirko Kaffka <mirko@interface-business.de>
Approved by: jkh
vogons, set the size of the receive buffer to 1 and rely on the kernel to
simply drop incoming packets. The logging code was buggy anyway.
Use socklen_t instead of int for the length argument to recvfrom.
Add a 'continue' at the end of a loop for ANSI conformance.
should be used from now on for anything security but not auth-related.
Included are updates for all relevant manpages and also to /etc files,
creating a new /var/log/security. Nothing in the system logs to
/var/log/security yet as of the time of this commit.
Reviewed by: rgrimes, imp, chris
-current (Thanks Harald). However, on my attempt to try this on -STABLE,
I found that when forwarding to another host the actual messages gets lost.
This is due to a wrong index because when the -v option was added, the
indexes shifted one place.
PR: 7407
Submitted by: Andre Albsmeier <andre.albsmeier@mchp.siemens.de>
This allows one to specify additional sockets in the unix domain
that syslogd listens to. Its primary use is to create log sockets in
chroot environments.
Obtained from:OpenBSD (with a bug fixed d
category.
e.g. separate out ipfw entries to a separate file.
Reviewed by: (briefly) phk
Submitted by: archie@whistle.com
Obtained from: Whistle source tree
This change is likely to introduce a few linebreaks in the boot
messages, but that is not easy to solve without breaking syslogd
semantics. Maybe the right fix is to return an integral number
of lines from the kernel driver.
Noticed by: dg
It is important that we keep the ability to send packets to a remote
server and that the packets come from our well-known port, also in
that case.
Reviewed by: peter, rgrimes.
found that my syslogd is now running them for several months...
Add an option to syslogd to restrict the IP addresses that are allowed
to log to this syslogd. It's too late to develop the inter-syslogd
communications protocol mentioned in the BUGS section, some 10 years
too late. Thus, restricting the IP address range is about the most
effective change we can do if we want to allow incoming syslog
messages at all.
IMHO, we should encourage the system administrators to use this option,
and thus provide a knob in /etc/rc.* for it, defaulting to -a 127.0.0.1/32
(just as a hint about the usage).
Please state opinions about whether to merge this change into 2.2 or
not (i've got it running on RELENG_2_2 anyway).
stable now at a customer's site.
Finally add the ability to syslogd to pipe particular messages through
an arbitrary filtering command. Idea stolen from IRIX.
This code is courtesy of the interface business GmbH, Dresden.
Comment about whether to also merge this into 2.2 or not, please.
Reviewed by: (long ago) peter
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.
Boy, I'm glad we're not using sup anymore. This update would have been
insane otherwise.
bug in syslogd which causes it to die after random amounts of time (widely
reported), this at least allows the administrator to easily restart it
without wondering why it simply exits again each time.
has always held an open file descriptor. This allowed logging to
spare virtual consoles and being able to switch to them.
My previous change removed this since all writes were done with ttymsg()
which opens it's own fd, and hence syslogd didn't need it's own fd to
send messages on... but this caused an unexpected behavior change.
This should close PR#2176