Let syslog(3) use RFC 5424.

With r332099 changing syslogd(8) to parse RFC 5424 formatted syslog
messages, go ahead and also change the syslog(3) libc function to
generate them. Compared to RFC 3164, RFC 5424 has various advantages,
such as sub-second precision for log entry timestamps.

As this change could have adverse effects when not updating syslogd(8)
or using a different system logging daemon, add a notice to UPDATING and
increase __FreeBSD_version.

Differential Revision:	https://reviews.freebsd.org/D14926
This commit is contained in:
ed 2018-04-06 13:00:45 +00:00
parent 6301688144
commit 591ef7c807
4 changed files with 86 additions and 19 deletions

View File

@ -51,6 +51,45 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 12.x IS SLOW:
****************************** SPECIAL WARNING: ******************************
20180406:
In addition to supporting RFC 3164 formatted messages, the
syslogd(8) service is now capable of parsing RFC 5424 formatted
log messages. The main benefit of using RFC 5424 is that clients
may now send log messages with timestamps containing year numbers,
microseconds and time zone offsets.
Similarly, the syslog(3) C library function has been altered to
send RFC 5424 formatted messages to the local system logging
daemon. On systems using syslogd(8), this change should have no
negative impact, as long as syslogd(8) and the C library are
updated at the same time. On systems using a different system
logging daemon, it may be necessary to make configuration
adjustments, depending on the software used.
When using syslog-ng, add the 'syslog-protocol' flag to local
input sources to enable parsing of RFC 5424 formatted messages:
source src {
unix-dgram("/var/run/log" flags(syslog-protocol));
}
When using rsyslog, disable the 'SysSock.UseSpecialParser' option
of the 'imuxsock' module to let messages be processed by the
regular RFC 3164/5424 parsing pipeline:
module(load="imuxsock" SysSock.UseSpecialParser="off")
Do note that these changes only affect communication between local
applications and syslogd(8). The format that syslogd(8) uses to
store messages on disk or forward messages to other systems
remains unchanged. syslogd(8) still uses RFC 3164 for these
purposes. Options to customize this behaviour will be added in the
future. Utilities that process log files stored in /var/log are
thus expected to continue to function as before.
__FreeBSD_version has been incremented to 1200061 to denote this
change.
20180328:
Support for token ring networks has been removed. If you
have "device token" in your kernel config you should remove

View File

@ -28,7 +28,7 @@
.\" @(#)syslog.3 8.1 (Berkeley) 6/4/93
.\" $FreeBSD$
.\"
.Dd November 5, 2017
.Dd April 6, 2018
.Dt SYSLOG 3
.Os
.Sh NAME
@ -156,6 +156,9 @@ Write the message to standard error output as well to the system log.
.It Dv LOG_PID
Log the process id with each message: useful for identifying
instantiations of daemons.
On
.Fx ,
this option is enabled by default.
.El
.Pp
The

View File

@ -36,9 +36,10 @@ static char sccsid[] = "@(#)syslog.c 8.5 (Berkeley) 4/29/95";
__FBSDID("$FreeBSD$");
#include "namespace.h"
#include <sys/types.h>
#include <sys/param.h>
#include <sys/socket.h>
#include <sys/syslog.h>
#include <sys/time.h>
#include <sys/uio.h>
#include <sys/un.h>
#include <netdb.h>
@ -134,11 +135,13 @@ syslog(int pri, const char *fmt, ...)
static void
vsyslog1(int pri, const char *fmt, va_list ap)
{
int cnt;
struct timeval now;
struct tm tm;
char ch, *p;
time_t now;
int fd, saved_errno;
char *stdp, tbuf[2048], fmt_cpy[1024], timbuf[26], errstr[64];
long tz_offset;
int cnt, fd, saved_errno;
char hostname[MAXHOSTNAMELEN], *stdp, tbuf[2048], fmt_cpy[1024],
errstr[64], tz_sign;
FILE *fp, *fmt_fp;
struct bufcookie tbuf_cookie;
struct bufcookie fmt_cookie;
@ -168,24 +171,46 @@ vsyslog1(int pri, const char *fmt, va_list ap)
if (fp == NULL)
return;
/* Build the message. */
(void)time(&now);
(void)fprintf(fp, "<%d>", pri);
(void)fprintf(fp, "%.15s ", ctime_r(&now, timbuf) + 4);
/* Build the message according to RFC 5424. Tag and version. */
(void)fprintf(fp, "<%d>1 ", pri);
/* Timestamp similar to RFC 3339. */
if (gettimeofday(&now, NULL) == 0 &&
localtime_r(&now.tv_sec, &tm) != NULL) {
if (tm.tm_gmtoff < 0) {
tz_sign = '-';
tz_offset = -tm.tm_gmtoff;
} else {
tz_sign = '+';
tz_offset = tm.tm_gmtoff;
}
(void)fprintf(fp,
"%04d-%02d-%02d" /* Date. */
"T%02d:%02d:%02d.%06ld" /* Time. */
"%c%02ld:%02ld ", /* Time zone offset. */
tm.tm_year + 1900, tm.tm_mon + 1, tm.tm_mday,
tm.tm_hour, tm.tm_min, tm.tm_sec, now.tv_usec,
tz_sign, tz_offset / 3600, (tz_offset % 3600) / 60);
} else
(void)fprintf(fp, "- ");
/* Hostname. */
(void)gethostname(hostname, sizeof(hostname));
(void)fprintf(fp, "%s ", hostname);
if (LogStat & LOG_PERROR) {
/* Transfer to string buffer */
(void)fflush(fp);
stdp = tbuf + (sizeof(tbuf) - tbuf_cookie.left);
}
/*
* Application name, process ID, message ID and structured data.
* Provide the process ID regardless of whether LOG_PID has been
* specified, as it provides valuable information. Many
* applications tend not to use this, even though they should.
*/
if (LogTag == NULL)
LogTag = _getprogname();
if (LogTag != NULL)
(void)fprintf(fp, "%s", LogTag);
if (LogStat & LOG_PID)
(void)fprintf(fp, "[%d]", getpid());
if (LogTag != NULL) {
(void)fprintf(fp, ": ");
}
(void)fprintf(fp, "%s %d - - ",
LogTag == NULL ? "-" : LogTag, getpid());
/* Check to see if we can skip expanding the %m */
if (strstr(fmt, "%m")) {
@ -313,7 +338,7 @@ vsyslog1(int pri, const char *fmt, va_list ap)
struct iovec iov[2];
struct iovec *v = iov;
p = strchr(tbuf, '>') + 1;
p = strchr(tbuf, '>') + 3;
v->iov_base = p;
v->iov_len = cnt - (p - tbuf);
++v;

View File

@ -60,7 +60,7 @@
* in the range 5 to 9.
*/
#undef __FreeBSD_version
#define __FreeBSD_version 1200060 /* Master, propagated to newvers */
#define __FreeBSD_version 1200061 /* Master, propagated to newvers */
/*
* __FreeBSD_kernel__ indicates that this system uses the kernel of FreeBSD,