Ejemplo n.º 1
0
static void
log_rewrite_queue(LogPipe *s, LogMessage *msg, const LogPathOptions *path_options, gpointer user_data)
{
  LogRewrite *self = (LogRewrite *) s;
  gchar buf[128];
  gssize length;
  const gchar *value;

  if (self->condition && !filter_expr_eval_root(self->condition, &msg, path_options))
    {
      msg_debug("Rewrite condition unmatched, skipping rewrite",
                evt_tag_str("value", log_msg_get_value_name(self->value_handle, NULL)),
                NULL);
    }
  else
    {
      self->process(self, &msg, path_options);
    }
  if (G_UNLIKELY(debug_flag))
    {
      value = log_msg_get_value(msg, self->value_handle, &length);
      msg_debug("Rewrite expression evaluation result",
                evt_tag_str("value", log_msg_get_value_name(self->value_handle, NULL)),
                evt_tag_printf("new_value", "%.*s", (gint) length, value),
                evt_tag_str("rule", self->name),
                evt_tag_str("location", log_expr_node_format_location(s->expr_node, buf, sizeof(buf))),
                NULL);
    }
  log_pipe_forward_msg(s, msg, path_options);
}
Ejemplo n.º 2
0
static void 
log_rewrite_rule_call_item(gpointer item, gpointer user_data)
{
  LogRewrite *r = (LogRewrite *) item;
  LogMessage *msg = (LogMessage *) user_data;
  gssize length;
  const gchar *value;

  if (r->condition && !filter_expr_eval(r->condition, msg))
    {
      msg_debug("Rewrite condition unmatched, skipping rewrite",
                evt_tag_str("value", log_msg_get_value_name(r->value_handle, NULL)),
                NULL);
      return;
    }
  r->process(r, msg);
  if (G_UNLIKELY(debug_flag))
    {
      value = log_msg_get_value(msg, r->value_handle, &length);
      msg_debug("Rewrite expression evaluation result",
                evt_tag_str("value", log_msg_get_value_name(r->value_handle, NULL)),
                evt_tag_printf("new_value", "%.*s", (gint) length, value),
                NULL);
    }
}
Ejemplo n.º 3
0
gint
tls_lookup_options(GList *options)
{
  gint ret=TSO_NONE;
  GList *l;
  for (l=options; l != NULL; l=l->next)
    {
      msg_debug("ssl-option", evt_tag_str("opt", l->data), NULL);
      if (strcasecmp(l->data, "no-sslv2") == 0 || strcasecmp(l->data, "no_sslv2") == 0)
        ret|=TSO_NOSSLv2;
      else if (strcasecmp(l->data, "no-sslv3") == 0 || strcasecmp(l->data, "no_sslv3") == 0)
        ret|=TSO_NOSSLv3;
      else if (strcasecmp(l->data, "no-tlsv1") == 0 || strcasecmp(l->data, "no_tlsv1") == 0)
        ret|=TSO_NOTLSv1;
#ifdef SSL_OP_NO_TLSv1_2
      else if (strcasecmp(l->data, "no-tlsv11") == 0 || strcasecmp(l->data, "no_tlsv11") == 0)
        ret|=TSO_NOTLSv11;
      else if (strcasecmp(l->data, "no-tlsv12") == 0 || strcasecmp(l->data, "no_tlsv12") == 0)
        ret|=TSO_NOTLSv12;
#endif
      else
        msg_error("Unknown ssl-option", evt_tag_str("option", l->data), NULL);
    }
  msg_debug("ssl-options parsed", evt_tag_printf("parsed value", "%d", ret), NULL);
  return ret;
}
Ejemplo n.º 4
0
static gboolean
tf_num_parse(gint argc, GString *argv[],
	     const gchar *func_name, gint64 *n, gint64 *m)
{
  if (argc != 2)
    {
      msg_debug("Template function requires two arguments.",
		evt_tag_str("function", func_name), NULL);
      return FALSE;
    }

  if (!parse_number_with_suffix(argv[0]->str, n))
    {
      msg_debug("Parsing failed, template function's first argument is not a number",
		evt_tag_str("function", func_name),
		evt_tag_str("arg1", argv[0]->str), NULL);
      return FALSE;
    }

  if (!parse_number_with_suffix(argv[1]->str, m))
    {
      msg_debug("Parsing failed, template function's second argument is not a number",
		evt_tag_str("function", func_name),
		evt_tag_str("arg2", argv[1]->str), NULL);
      return FALSE;
    }

  return TRUE;
}
Ejemplo n.º 5
0
static void
log_threaded_dest_driver_worker_thread_main(gpointer arg)
{
  LogThrDestDriver *self = (LogThrDestDriver *)arg;

  iv_init();

  msg_debug("Worker thread started",
            evt_tag_str("driver", self->super.super.id),
            NULL);

  log_queue_set_use_backlog(self->queue, TRUE);

  log_threaded_dest_driver_init_watches(self);

  log_threaded_dest_driver_start_watches(self);

  if (self->worker.thread_init)
    self->worker.thread_init(self);

  iv_main();

  __disconnect(self);
  if (self->worker.thread_deinit)
    self->worker.thread_deinit(self);

  msg_debug("Worker thread finished",
            evt_tag_str("driver", self->super.super.id),
            NULL);
  iv_deinit();
}
Ejemplo n.º 6
0
static void
log_filter_pipe_queue(LogPipe *s, LogMessage *msg, const LogPathOptions *path_options, gpointer user_data)
{
  LogFilterPipe *self = (LogFilterPipe *) s;
  gchar buf[128];
  gboolean res;

  msg_debug("Filter rule evaluation begins",
            evt_tag_str("rule", self->name),
            evt_tag_str("location", log_expr_node_format_location(s->expr_node, buf, sizeof(buf))),
            NULL);
  if (self->expr->modify)
    log_msg_make_writable(&msg, path_options);

  res = filter_expr_eval(self->expr, msg);
  msg_debug("Filter rule evaluation result",
            evt_tag_str("result", res ? "match" : "not-match"),
            evt_tag_str("rule", self->name),
            evt_tag_str("location", log_expr_node_format_location(s->expr_node, buf, sizeof(buf))),
            NULL);
  if (res)
    {
      log_pipe_forward_msg(s, msg, path_options);
    }
  else
    {
      if (path_options->matched)
        (*path_options->matched) = FALSE;
      log_msg_drop(msg, path_options);
    }
}
Ejemplo n.º 7
0
static gboolean
afstomp_dd_connect(STOMPDestDriver *self, gboolean reconnect)
{
  stomp_frame frame;

  if (reconnect && self->conn)
    return TRUE;

  if (!afstomp_try_connect(self))
    return FALSE;

  afstomp_create_connect_frame(self, &frame);
  if (!afstomp_send_frame(self, &frame))
    {
      msg_error("Sending CONNECT frame to STOMP server failed!", NULL);
      return FALSE;
    }

  stomp_receive_frame(self->conn, &frame);
  if (strcmp(frame.command, "CONNECTED"))
    {
      msg_debug("Error connecting to STOMP server, stomp server did not accept CONNECT request", NULL);
      stomp_frame_deinit(&frame);

      return FALSE;
  }
  msg_debug("Connecting to STOMP succeeded",
            evt_tag_str("driver", self->super.super.super.id),
            NULL);

  stomp_frame_deinit(&frame);

  return TRUE;
}
Ejemplo n.º 8
0
void
rspamd_stat_init (struct rspamd_config *cfg)
{
	guint i;

	if (stat_ctx == NULL) {
		stat_ctx = g_slice_alloc0 (sizeof (*stat_ctx));
	}

	stat_ctx->backends = stat_backends;
	stat_ctx->backends_count = G_N_ELEMENTS (stat_backends);
	stat_ctx->classifiers = stat_classifiers;
	stat_ctx->classifiers_count = G_N_ELEMENTS (stat_classifiers);
	stat_ctx->tokenizers = stat_tokenizers;
	stat_ctx->tokenizers_count = G_N_ELEMENTS (stat_tokenizers);
	stat_ctx->caches = stat_caches;
	stat_ctx->caches_count = G_N_ELEMENTS (stat_caches);

	/* Init backends */
	for (i = 0; i < stat_ctx->backends_count; i ++) {
		stat_ctx->backends[i].ctx = stat_ctx->backends[i].init (stat_ctx, cfg);
		msg_debug ("added backend %s", stat_ctx->backends[i].name);
	}

	/* Init caches */
	for (i = 0; i < stat_ctx->caches_count; i ++) {
		stat_ctx->caches[i].ctx = stat_ctx->caches[i].init (stat_ctx, cfg);
		msg_debug ("added cache %s", stat_ctx->caches[i].name);
	}
}
Ejemplo n.º 9
0
static void
_handle_file_created(WildcardSourceDriver *self, const DirectoryMonitorEvent *event)
{
  if (g_pattern_match_string(self->compiled_pattern, event->name))
    {
      WildcardFileReader *reader = g_hash_table_lookup(self->file_readers, event->full_path);

      if (!reader)
        {
          _create_file_reader(self, event->full_path);
          msg_debug("Wildcard: file created", evt_tag_str("filename", event->full_path));
        }
      else
        {
          if (wildcard_file_reader_is_deleted(reader))
            {
              msg_info("File is deleted, new file create with same name. "
                       "While old file is reading, skip the new one",
                       evt_tag_str("filename", event->full_path));
              pending_file_list_add(self->waiting_list, event->full_path);
            }
          else if (!log_pipe_init(&reader->super.super))
            {
              msg_error("Can not re-initialize reader for file",
                        evt_tag_str("filename", event->full_path));
            }
          else
            {
              msg_debug("Wildcard: file reader reinitialized", evt_tag_str("filename", event->full_path));
            }
        }
    }
}
Ejemplo n.º 10
0
static gpointer
afmongodb_worker_thread (gpointer arg)
{
  MongoDBDestDriver *self = (MongoDBDestDriver *)arg;

  msg_debug ("Worker thread started",
	     evt_tag_str("driver", self->super.super.id),
	     NULL);

  afmongodb_dd_connect(self, FALSE);

  self->ns = g_strconcat (self->db, ".", self->coll, NULL);

  self->current_value = g_string_sized_new(256);

  self->bson = bson_new_sized(4096);

  while (!self->writer_thread_terminate)
    {
      g_mutex_lock(self->suspend_mutex);
      if (self->writer_thread_suspended)
	{
	  g_cond_timed_wait(self->writer_thread_wakeup_cond,
			    self->suspend_mutex,
			    &self->writer_thread_suspend_target);
	  self->writer_thread_suspended = FALSE;
	  g_mutex_unlock(self->suspend_mutex);
	}
      else if (!log_queue_check_items(self->queue, NULL, afmongodb_dd_message_became_available_in_the_queue, self, NULL))
	{
	  g_cond_wait(self->writer_thread_wakeup_cond, self->suspend_mutex);
	  g_mutex_unlock(self->suspend_mutex);
	}
      else
        g_mutex_unlock(self->suspend_mutex);

      if (self->writer_thread_terminate)
	break;

      if (!afmongodb_worker_insert (self))
	{
	  afmongodb_dd_disconnect(self);
	  afmongodb_dd_suspend(self);
	}
    }

  afmongodb_dd_disconnect(self);

  g_free (self->ns);
  g_string_free (self->current_value, TRUE);

  bson_free (self->bson);

  msg_debug ("Worker thread finished",
	     evt_tag_str("driver", self->super.super.id),
	     NULL);

  return NULL;
}
Ejemplo n.º 11
0
/*
 * Delete the existing runpath from the object.
 *
 * entry:
 *	dynsec - Dynamic section
 *	numdyn - # of elements in dynamic array
 *
 * exit:
 *	Returns True (1) if the dynamic section was modified, and
 *	False (0) otherwise.
 *
 * note:
 *	The way this works is that we look at each item in the
 *	dynamic section and simply remove any DT_RPATH or
 *	DT_RUNPATH entries, copying up anything following in order
 *	to fill the hole. This is all that is needed to completely
 *	remove a runpath from an object. Note that the string is left
 *	in the string table. There is no safe way to remove it, since
 *	we cannot know that it is not used by any other item in the file,
 *	and no way to track or reuse the space if we did remove it.
 *	On the plus side, this means we can always restore the old
 *	runpath without having to add a new string.
 */
static int
remove_runpath(Cache *dynsec, GElf_Word numdyn)
{
	GElf_Dyn	dyn;
	GElf_Word	ndx, cpndx;
	int		changed = 0;

	for (ndx = cpndx = 0; ndx < numdyn; ndx++) {
		if (gelf_getdyn(dynsec->c_data, ndx, &dyn) == NULL)
			msg_elf("gelf_getdyn");

		/* Skip over any runpath element */
		if ((dyn.d_tag == DT_RPATH) || (dyn.d_tag == DT_RUNPATH)) {
			msg_debug("[%d]%s[%d]: skip runpath\n",
			    dynsec->c_ndx, dynsec->c_name, ndx);
			continue;
		}

		/*
		 * If cpndx and ndx differ, it means that we
		 * have skipped over a runpath in an earlier
		 * iteration. In this case, we need to copy
		 * the item in dynamic[ndx] back to dynamic[cpndx].
		 */
		if (ndx != cpndx) {
			msg_debug("[%d]%s[%d]: copy from [%d]\n",
			    dynsec->c_ndx, dynsec->c_name, cpndx, ndx);
			if (gelf_update_dyn(dynsec->c_data, cpndx, &dyn) == 0)
				msg_elf("gelf_update_dyn");
			changed = 1;
		}

		/* Advance copy index to receive next item */
		cpndx++;
	}

	/*
	 * If we removed a runpath element, then we should zero
	 * the slots left at the end. This is not strictly
	 * necessary, since the linker should not look past the
	 * first DT_NULL, but it is good to not leave garbage
	 * lying around.
	 */
	bzero(&dyn, sizeof (dyn));	/* Note: DT_NULL is 0 */
	for (; cpndx < numdyn; cpndx++) {
		msg_debug("[%d]%s[%d]: Set to DT_NULL\n",
		    dynsec->c_ndx, dynsec->c_name, cpndx);
		if (gelf_update_dyn(dynsec->c_data, cpndx, &dyn) == 0)
			msg_elf("gelf_update_dyn");
		changed = 1;
	}

	return (changed);
}
Ejemplo n.º 12
0
/*****************************************************************************
 * Processes VERSION command.
 *****************************************************************************/
void stat_version() {
	time_t tm;

	msg_debug(1, "Processing of VERSION command started");

	tm = get_remote_tm();
	printf("%lu version %u%02u%02u\n", (u_long)tm, (u_int)MAJOR_VERSION,
	    (u_int)MINOR_VERSION, (u_int)REVISION);

	msg_debug(1, "Processing of VERSION command finished");
}
Ejemplo n.º 13
0
static gboolean
rspamd_symbols_cache_check_deps (struct rspamd_task *task,
		struct symbols_cache *cache,
		struct cache_item *item,
		struct cache_savepoint *checkpoint)
{
	struct cache_dependency *dep;
	guint i;
	gboolean ret = TRUE;

	if (item->deps != NULL && item->deps->len > 0) {
		for (i = 0; i < item->deps->len; i ++) {
			dep = g_ptr_array_index (item->deps, i);

			g_assert (dep->item != NULL);

			if (!isset (checkpoint->processed_bits, dep->id * 2 + 1)) {
				if (!isset (checkpoint->processed_bits, dep->id * 2)) {
					/* Not started */
					if (!rspamd_symbols_cache_check_deps (task, cache,
							dep->item,
							checkpoint)) {
						g_ptr_array_add (checkpoint->waitq, item);
						ret = FALSE;
					}
					else if (!rspamd_symbols_cache_check_symbol (task, cache,
							dep->item,
							checkpoint)) {
						/* Now started, but has events pending */
						ret = FALSE;
						msg_debug ("started check of %d symbol as dep for %d",
								dep->id, item->id);
					}
					else {
						msg_debug ("dependency %d for symbol %d is already processed",
								dep->id, item->id);
					}
				}
				else {
					/* Started but not finished */
					ret = FALSE;
				}
			}
			else {
				msg_debug ("dependency %d for symbol %d is already checked",
						dep->id, item->id);
			}
		}
	}

	return ret;
}
Ejemplo n.º 14
0
static gboolean
log_reader_handle_line(LogReader *self, const guchar *line, gint length, GSockAddr *saddr)
{
  LogMessage *m;
  LogPathOptions path_options = LOG_PATH_OPTIONS_INIT;
  gint i;
  
  msg_debug("Incoming log entry", 
            evt_tag_printf("line", "%.*s", length, line),
            NULL);
  /* use the current time to get the time zone offset */
  m = log_msg_new((gchar *) line, length,
                  saddr,
                  &self->options->parse_options);
  
  if (!m->saddr && self->peer_addr)
    {
      m->saddr = g_sockaddr_ref(self->peer_addr);
    }

  if (self->options->tags)
    {
      for (i = 0; i < self->options->tags->len; i++)
        {
          log_msg_set_tag_by_id(m, g_array_index(self->options->tags, LogTagId, i));
        }
    }

  log_msg_set_tag_by_id(m, self->super.options->source_group_tag);

  log_pipe_queue(&self->super.super, m, &path_options);
  return log_source_free_to_send(&self->super);
}
Ejemplo n.º 15
0
/* NOTE: lock should be acquired for writing before calling this function. */
static void
_advance_time_based_on_message(PatternDB *self, PDBProcessParams *process_params, const LogStamp *ls)
{
  GTimeVal now;

  /* clamp the current time between the timestamp of the current message
   * (low limit) and the current system time (high limit).  This ensures
   * that incorrect clocks do not skew the current time know by the
   * correllation engine too much. */

  cached_g_current_time(&now);
  self->last_tick = now;

  if (ls->tv_sec < now.tv_sec)
    now.tv_sec = ls->tv_sec;

  /* the expire callback uses this pointer to find the process_params it
   * needs to emit messages.  ProcessParams itself is a per-thread value,
   * however the timer callback is executing with the writer lock held.
   * There's no other mechanism to pass this pointer to the timer callback,
   * so we add it to PatternDB, but make sure it is properly protected by
   * locks.
   * */
  self->timer_process_params = process_params;
  timer_wheel_set_time(self->timer_wheel, now.tv_sec);
  self->timer_process_params = NULL;

  msg_debug("Advancing patterndb current time because of an incoming message",
            evt_tag_long("utc", timer_wheel_get_time(self->timer_wheel)));
}
Ejemplo n.º 16
0
/**
 * afsql_dd_run_query:
 *
 * Run an SQL query on the connected database.
 *
 * NOTE: This function can only be called from the database thread.
 **/
static gboolean
afsql_dd_run_query(AFSqlDestDriver *self, const gchar *query, gboolean silent, dbi_result *result)
{
  dbi_result db_res;

  msg_debug("Running SQL query",
            evt_tag_str("query", query),
            NULL);

  db_res = dbi_conn_query(self->dbi_ctx, query);
  if (!db_res)
    {
      const gchar *dbi_error;

      if (!silent)
        {
          dbi_conn_error(self->dbi_ctx, &dbi_error);
          msg_error("Error running SQL query",
                    evt_tag_str("type", self->type),
                    evt_tag_str("host", self->host),
                    evt_tag_str("port", self->port),
                    evt_tag_str("user", self->user),
                    evt_tag_str("database", self->database),
                    evt_tag_str("error", dbi_error),
                    evt_tag_str("query", query),
                    NULL);
        }
      return FALSE;
    }
  if (result)
    *result = db_res;
  else
    dbi_result_free(db_res);
  return TRUE;
}
Ejemplo n.º 17
0
static gboolean
_open_diskq(LogThreadedFetcherDriver *s)
{
  ThreadedDiskqSourceDriver *self = (ThreadedDiskqSourceDriver *) s;

  struct stat new_diskq_file_stat;
  if (stat(self->filename, &new_diskq_file_stat) != 0)
    {
      msg_info("Diskq file does now exist, retrying", evt_tag_str("file", self->filename));
      return FALSE;
    }

  if (self->waiting_for_file_change)
    {
      if(!_new_diskq_file_exists(self, &new_diskq_file_stat))
        {
          msg_debug("Still waiting for new file", evt_tag_str("file", self->filename));
          return FALSE;
        }

      self->waiting_for_file_change = FALSE;
    }

  if (!_load_queue(self))
    return FALSE;

  self->diskq_file_stat = new_diskq_file_stat;
  return TRUE;
}
Ejemplo n.º 18
0
static void
system_generate_cim_parser(GlobalConfig *cfg, GString *sysblock)
{
  if (cfg_is_config_version_older(cfg, 0x0306))
    {
      msg_warning_once("WARNING: Starting with " VERSION_3_6 ", the system() source performs JSON parsing of messages starting with the '@cim:' prefix. No additional action is needed",
                       NULL);
      return;
    }

  if (!_is_json_parser_available(cfg))
    {
      msg_debug("system(): json-parser() is missing, skipping the automatic JSON parsing of messages submitted via syslog(3), Please install the json module",
                NULL);
      return;
    }

  g_string_append(sysblock,
                  "channel {\n"
                  "  channel {\n"
                  "    parser {\n"
                  "      json-parser(prefix('.cim.') marker('@cim:'));\n"
                  "    };\n"
                  "    flags(final);\n"
                  "  };\n"
                  "  channel { };\n"
                  "};\n");
}
Ejemplo n.º 19
0
static void
rspamd_symbols_cache_watcher_cb (gpointer sessiond, gpointer ud)
{
	struct rspamd_task *task = sessiond;
	struct cache_item *item = ud, *it;
	struct cache_savepoint *checkpoint;
	struct symbols_cache *cache;
	gint i, remain = 0;

	checkpoint = task->checkpoint;
	cache = task->cfg->cache;

	/* Specify that we are done with this item */
	setbit (checkpoint->processed_bits, item->id * 2 + 1);

	if (checkpoint->pass > 0) {
		for (i = 0; i < (gint)checkpoint->waitq->len; i ++) {
			it = g_ptr_array_index (checkpoint->waitq, i);

			if (!isset (checkpoint->processed_bits, it->id * 2)) {
				if (!rspamd_symbols_cache_check_deps (task, cache, it,
						checkpoint)) {
					remain ++;
					continue;
				}

				rspamd_symbols_cache_check_symbol (task, cache, it, checkpoint);
			}
		}
	}

	msg_debug ("finished watcher, %ud symbols waiting", remain);
}
Ejemplo n.º 20
0
static gboolean
_setup_auth_header(LogPipe *s)
{
  HTTPDestinationDriver *self = (HTTPDestinationDriver *)s;
  GlobalConfig *cfg = log_pipe_get_config(s);

  HttpAuthHeader *prev_auth_header = cfg_persist_config_fetch(cfg, _format_auth_header_name(s));

  if (prev_auth_header)
    {
      http_auth_header_free(self->auth_header);
      self->auth_header = prev_auth_header;
      msg_debug("Auth header instance found in persist cfg",
                log_pipe_location_tag(s));
      return TRUE;
    }

  if (self->auth_header)
    {
      if (!http_auth_header_init(self->auth_header))
        {
          return FALSE;
        }
      _load_auth_header(s);
    }

  return TRUE;
}
Ejemplo n.º 21
0
static gboolean
redis_dd_connect(RedisDriver *self, gboolean reconnect)
{
  if (reconnect && (self->c != NULL))
    {
      redisCommand(self->c, "ping");

      if (!self->c->err)
        return TRUE;
      else
        self->c = redisConnect(self->host, self->port);
    }
  else
    self->c = redisConnect(self->host, self->port);

  if (self->c->err)
    {
      msg_error("REDIS server error, suspending",
                evt_tag_str("driver", self->super.super.super.id),
                evt_tag_str("error", self->c->errstr),
                evt_tag_int("time_reopen", self->super.time_reopen),
                NULL);
      return FALSE;
    }
  else
    msg_debug("Connecting to REDIS succeeded",
              evt_tag_str("driver", self->super.super.super.id), NULL);

  return TRUE;
}
Ejemplo n.º 22
0
  static void
log_writer_queue(LogPipe *s, LogMessage *lm, const LogPathOptions *path_options)
{
  LogWriter *self = (LogWriter *) s;

  if (self->options->suppress > 0 && log_writer_last_msg_check(self, lm, path_options))
    return;

  stats_counter_inc(self->processed_messages);
  if (!log_queue_push_tail(self->queue, lm, path_options))
  {
    /* drop incoming message, we must ack here, otherwise the sender might
     * block forever, however this should not happen unless the sum of
     * window_sizes of sources feeding this writer exceeds log_fifo_size
     * or if flow control is not turned on.
     */

    /* we don't send a message here since the system is draining anyway */

    stats_counter_inc(self->dropped_messages);
    msg_debug("Destination queue full, dropping message",
        evt_tag_int("queue_len", log_queue_get_length(self->queue)),
        evt_tag_int("mem_fifo_size", self->options->mem_fifo_size),
        NULL);
    log_msg_drop(lm, path_options);
    return;
  }
}
Ejemplo n.º 23
0
static void
_stop_file_reader(FileReader *reader, gpointer user_data)
{
  msg_debug("Stop following file, because of deleted and eof",
            evt_tag_str("filename", reader->filename->str));
  file_reader_stop_follow_file(reader);
}
Ejemplo n.º 24
0
static gboolean
afunix_sd_acquire_socket(AFSocketSourceDriver *s, gint *result_fd)
{
  AFUnixSourceDriver *self = (AFUnixSourceDriver *) s;
  gboolean fd_ok;
  GlobalConfig *cfg = log_pipe_get_config(&s->super.super.super);

  fd_ok = afunix_sd_acquire_named_socket(s, result_fd, self->filename);

  if (fd_ok && (*result_fd == -1) && (strcmp(self->filename, "/dev/log") == 0))
    {
      fd_ok = afunix_sd_acquire_named_socket(s, result_fd, "/run/systemd/journal/syslog");

      if (fd_ok && *result_fd > -1)
        {
          if (cfg_is_config_version_older(cfg, 0x0304))
            {
              msg_warning("WARNING: systemd detected while using /dev/log; migrating automatically to /run/systemd/journal/syslog. Please update your configuration to use the system() source.",
                          evt_tag_str("id", self->super.super.super.id),
                          NULL);

              g_free(self->filename);
              self->filename = g_strdup("/run/systemd/journal/syslog");
              return TRUE;
            }
        }
    }

  if (!fd_ok)
    msg_debug("Failed to acquire systemd socket, trying to open ourselves",
              evt_tag_str("filename", self->filename),
              NULL);

  return fd_ok;
}
Ejemplo n.º 25
0
gboolean
rspamd_map_check_proto (const gchar *map_line, gint *res, const gchar **pos)
{
    g_assert (res != NULL);
    g_assert (pos != NULL);

    if (g_ascii_strncasecmp (map_line, "http://",
                             sizeof ("http://") - 1) == 0) {
        *res = MAP_PROTO_HTTP;
        *pos = map_line + sizeof ("http://") - 1;
    }
    else if (g_ascii_strncasecmp (map_line, "file://", sizeof ("file://") -
                                  1) == 0) {
        *res = MAP_PROTO_FILE;
        *pos = map_line + sizeof ("file://") - 1;
    }
    else if (*map_line == '/') {
        /* Trivial file case */
        *res = MAP_PROTO_FILE;
        *pos = map_line;
    }
    else {
        msg_debug ("invalid map fetching protocol: %s", map_line);
        return FALSE;
    }

    return TRUE;
}
Ejemplo n.º 26
0
static gboolean
systemd_syslog_sd_acquire_socket(AFSocketSourceDriver *s,
                          gint *acquired_fd)
{
  gint fd, number_of_fds;

  *acquired_fd = -1;
  fd = -1;

  number_of_fds = sd_listen_fds(0);

  if (number_of_fds > 1)
    {
      msg_error("Systemd socket activation failed: got more than one fd",
                evt_tag_int("number", number_of_fds),
                NULL);

      return TRUE;
    }
  else if (number_of_fds < 1)
    {
      msg_error("Failed to acquire /run/systemd/journal/syslog socket, disabling systemd-syslog source",
                NULL);
      return TRUE;
    }
  else
    {
      fd = SD_LISTEN_FDS_START;
      msg_debug("Systemd socket activation",
                evt_tag_int("file-descriptor", fd),
                NULL);

      if (sd_is_socket_unix(fd, SOCK_DGRAM, -1, NULL, 0))
        {
          *acquired_fd = fd;
        }
      else
        {
          msg_error("The systemd supplied UNIX domain socket is of a"
                    " different type, check the configured driver and"
                    " the matching systemd unit file",
                    evt_tag_int("systemd-sock-fd", fd),
                    evt_tag_str("expecting", "unix-dgram()"),
                    NULL);
          *acquired_fd = -1;
          return TRUE;
        }
    }

  if (*acquired_fd != -1)
    {
      g_fd_set_nonblock(*acquired_fd, TRUE);
      msg_verbose("Acquired systemd syslog socket",
                  evt_tag_int("systemd-syslog-sock-fd", *acquired_fd),
                  NULL);
      return TRUE;
    }

  return TRUE;
}
Ejemplo n.º 27
0
/*
 * NOTE: suppress_lock must be held.
 */
static void
log_writer_last_msg_flush(LogWriter *self)
{
  LogMessage *m;
  LogPathOptions path_options = LOG_PATH_OPTIONS_INIT;
  gchar buf[1024];
  gssize len;
  const gchar *p;

  msg_debug("Suppress timer elapsed, emitting suppression summary", 
            NULL);

  m = log_msg_new_empty();
  m->timestamps[LM_TS_STAMP] = m->timestamps[LM_TS_RECVD];
  m->pri = self->last_msg->pri;
  m->flags = LF_INTERNAL | LF_LOCAL;

  p = log_msg_get_value(self->last_msg, LM_V_HOST, &len);
  log_msg_set_value(m, LM_V_HOST, p, len);
  p = log_msg_get_value(self->last_msg, LM_V_PROGRAM, &len);
  log_msg_set_value(m, LM_V_PROGRAM, p, len);

  len = g_snprintf(buf, sizeof(buf), "Last message '%.20s' repeated %d times, suppressed by syslog-ng on %s",
                   log_msg_get_value(self->last_msg, LM_V_MESSAGE, NULL),
                   self->last_msg_count,
                   get_local_hostname(NULL));
  log_msg_set_value(m, LM_V_MESSAGE, buf, len);

  path_options.ack_needed = FALSE;

  log_queue_push_tail(self->queue, m, &path_options);
  log_writer_last_msg_release(self);
}
Ejemplo n.º 28
0
static void
run_application_hook(gint type)
{
  GList *l, *l_next;
  
  g_assert(current_state <= type);
  
  msg_debug("Running application hooks", evt_tag_int("hook", type), NULL);
  current_state = type;
  for (l = application_hooks; l; l = l_next)
    {
      ApplicationHookEntry *e = l->data;
      
      if (e->type == type)
        {
          l_next = l->next;
          application_hooks = g_list_remove_link(application_hooks, l);
          e->func(type, e->user_data);
          g_free(e);
          g_list_free_1(l);
        }
      else
        {
          l_next = l->next;
        }
    }

}
Ejemplo n.º 29
0
static void
_map_key_value_pairs_to_syslog_macros(LogMessage *msg, gchar *key, gchar *value, gssize value_len)
{
    if (strcmp(key, "MESSAGE") == 0)
    {
        log_msg_set_value(msg, LM_V_MESSAGE, value, value_len);
        msg_debug("Incoming log entry from journal",
                  evt_tag_printf("message", "%.*s", (int)value_len, value));
    }
    else if (strcmp(key, "_HOSTNAME") == 0)
    {
        log_msg_set_value(msg, LM_V_HOST, value, value_len);
    }
    else if (strcmp(key, "_PID") == 0)
    {
        log_msg_set_value(msg, LM_V_PID, value, value_len);
    }
    else if (strcmp(key, "SYSLOG_FACILITY") == 0)
    {
        msg->pri = (msg->pri & 7) | atoi(value) << 3;
    }
    else if (strcmp(key, "PRIORITY") == 0)
    {
        msg->pri = (msg->pri & ~7) | atoi(value);
    }
}
Ejemplo n.º 30
0
static gboolean
zone_info_read(const gchar *zonename, ZoneInfo **zone, ZoneInfo **zone64)
{
    unsigned char *buff = NULL;
    gchar *filename = NULL;
    int byte_read = 0;
    int version;
    GError *error = NULL;
    GMappedFile *file_map = NULL;

    *zone = NULL;
    *zone64 = NULL;

    filename = g_build_path(G_DIR_SEPARATOR_S, get_time_zone_basedir(), zonename, NULL);

    file_map = g_mapped_file_new(filename, FALSE, &error);
    if (!file_map)
    {
        msg_error("Failed to open the time zone file", evt_tag_str("filename", filename), evt_tag_str("message", error->message), NULL);
        g_error_free(error);
        g_free(filename);
        return FALSE;
    }

    byte_read = g_mapped_file_get_length(file_map);
    buff = (unsigned char*)g_mapped_file_get_contents(file_map);

    if (byte_read == -1)
    {
        msg_error("Failed to read the time zone file", evt_tag_str("filename", filename), NULL);
        g_mapped_file_unref(file_map);
        g_free(filename);
        return FALSE;
    }

    msg_debug("Processing the time zone file (32bit part)", evt_tag_str("filename", filename), NULL);
    *zone = zone_info_parser(&buff, FALSE, &version);
    if (version == 2)
    {
        msg_debug("Processing the time zone file (64bit part)", evt_tag_str("filename", filename), NULL);
        *zone64 = zone_info_parser(&buff, TRUE, &version);
    }

    g_mapped_file_unref(file_map);
    g_free(filename);
    return TRUE;
}