[src/trunk]: src/usr.sbin/syslogd Merge the thorpej-syslogd-hack-branch down ...

[thorpej <thorpej%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/f93bbe82f0f5
branches:  trunk
changeset: 571339:f93bbe82f0f5
user:      thorpej <thorpej%NetBSD.org@localhost>
date:      Fri Nov 19 02:18:11 2004 +0000

description:
Merge the thorpej-syslogd-hack-branch down to the trunk.  Enhancements
include:

- Extend the syntax of syslog.conf to allow selections of log destinations
  by comma-separated lists of program name (including kernel-generated
  messages) and originating host name.
- Ability to pipe selected messages through arbitrary filter commands.
- Ability to specify priority comparison operations.
- Improvements to domain name handling.
- Conversion to use kqueue for communication and signal events, eliminating
  all unsafe signal handlers.
- Allow spaces as well as tabs in syslog.conf.
- Log kernel printfs at LOG_NOTICE instad of LOG_CRIT.
- Ability to log facility/priority with a log message.
- Reliability improvements.

diffstat:

 usr.sbin/syslogd/syslog.conf.5 |   229 ++++++-
 usr.sbin/syslogd/syslogd.8     |    32 +-
 usr.sbin/syslogd/syslogd.c     |  1249 +++++++++++++++++++++++++++++++--------
 3 files changed, 1222 insertions(+), 288 deletions(-)

diffs (truncated from 2325 to 300 lines):

diff -r f1dd64e82e10 -r f93bbe82f0f5 usr.sbin/syslogd/syslog.conf.5
--- a/usr.sbin/syslogd/syslog.conf.5    Thu Nov 18 22:56:32 2004 +0000
+++ b/usr.sbin/syslogd/syslog.conf.5    Fri Nov 19 02:18:11 2004 +0000
@@ -1,4 +1,4 @@
-.\"    $NetBSD: syslog.conf.5,v 1.11 2003/08/07 11:25:44 agc Exp $
+.\"    $NetBSD: syslog.conf.5,v 1.12 2004/11/19 02:18:11 thorpej Exp $
 .\"
 .\" Copyright (c) 1990, 1991, 1993
 .\"    The Regents of the University of California.  All rights reserved.
@@ -29,7 +29,7 @@
 .\"
 .\"     from: @(#)syslog.conf.5        8.1 (Berkeley) 6/9/93
 .\"
-.Dd June 9, 1993
+.Dd November 18, 2004
 .Dt SYSLOG.CONF 5
 .Os
 .Sh NAME
@@ -43,7 +43,11 @@
 file is the configuration file for the
 .Xr syslogd 8
 program.
-It consists of lines with two fields: the
+It consists of blocks of lines separated by
+.Em program
+and
+.Em hostname
+specifications, with each line containing two fields: the
 .Em selector
 field which specifies the types of messages and priorities to which the
 line applies, and an
@@ -64,6 +68,8 @@
 .Em facility ,
 a period
 .Pq Sq \&. ,
+an optional set of comparison flags
+.Pq Bo ! Bc Bq <=> ,
 and a
 .Em level ,
 with no intervening white-space.
@@ -88,6 +94,28 @@
 library routines.
 .Pp
 The
+.Em comparison flags
+may be used to specify exactly what levels are logged.
+If unspecified, the default comparison is
+.Sq >=
+.Pq greater than or equal to ,
+or, if the
+.Fl U
+option is passed to
+.Xr syslogd 8 ,
+.Sq =
+.Pq equal to .
+Comparison flags beginning with
+.So ! Sc
+will have their logical sense inverted.
+Thus,
+.Sq !=info
+means all levels except info and
+.Sq !notice
+has the same meaning as
+.Sq <notice .
+.Pp
+The
 .Em level
 describes the severity of the message, and is a keyword from the
 following ordered list (higher to lower): emerg, alert, crit, err,
@@ -99,6 +127,84 @@
 .Xr syslog 3
 library routine.
 .Pp
+Each block of lines is separated from the previous block by a
+.Em program
+or
+.Em hostname
+specification.
+A block will only log messages corresponding to the most recent
+.Em program
+and
+.Em hostname
+specifications given.
+Consider the case of a block that selects
+.Ql pppd
+as the
+.Em program ,
+directly followed by a block that selects messages from the
+.Em hostname
+.Ql dialhost .
+The second block will log only messages from the
+.Xr pppd 8
+program from the host
+.Sq dialhost .
+.Pp
+A
+.Em program
+specification of the form
+.Ql #!+prog1,prog2
+or
+.Ql !+prog1,prog2
+will cause subsequent blocks to be applied to messages logged by the
+specified programs.
+A
+.Em program
+specification of the form
+.Ql #!-prog1,prog2
+or
+.Ql !-prog1,prog2
+will cause subsequent blocks to be applied to messages logged by programs
+other than the ones specified.
+A
+.Em program
+specification of the form
+.Ql #!prog1,prog2
+or
+.Ql !prog1,prog2
+is equivalent to
+.Ql !+prog1,prog2 .
+Program selectors may also match kernel-generated messages.
+For example, a program specification of
+.Ql !+subsys
+will match kernel-generated messages of the form
+.Ql subsys: here is a message .
+The special specification
+.Ql !*
+will cause subsequent blocks to apply to all programs.
+.Pp
+A
+.Em hostname
+specification of the form
+.Ql #+host1,host2
+or
+.Ql +host1,host2
+will cause subsequent blocks to be applied to messages received from
+the specified hosts.
+A
+.Em hostname
+specification of the form
+.Ql #-host1,host2
+or
+.Ql -host1,host2
+will cause subsequent blocks to be applied to messages from hosts other
+than the ones specified.
+If the hostname is given as
+.Ql @ ,
+the local hostname will be used.
+The special specification
+.Ql +*
+will cause subsequent blocks to apply to all hosts.
+.Pp
 See
 .Xr syslog 3
 for a further descriptions of both the
@@ -106,12 +212,22 @@
 and
 .Em level
 keywords and their significance.
+It is preferred that selections be made based on
+.Em facility
+rather than
+.Em program ,
+since the latter can vary in a networked environment.
+However, there are cases where a
+.Em facility
+may be too broadly defined.
 .Pp
 If a received message matches the specified
-.Em facility
-and is of the specified
+.Em facility ,
+and the specified
 .Em level
-.Em (or a higher level) ,
+comparison is true,
+and the first word in the message after the date matches the
+.Em program ,
 the action specified in the
 .Em action
 field will be taken.
@@ -165,11 +281,25 @@
 field of each line specifies the action to be taken when the
 .Em selector
 field selects a message.
-There are four forms:
+There are five forms:
 .Bl -bullet
 .It
 A pathname (beginning with a leading slash).
 Selected messages are appended to the file.
+.Pp
+To ensure that kernel messages are written to disk promptly,
+.Xr syslogd 8
+calls
+.Xr fsync 2
+after writing messages from the kernel.
+Other messages are not synced explcitly.
+You may disable syncing of files specified to receive kernel messages
+by prefixing the pathname with a minus sign
+.Ql - .
+Note that use of this option may cause the loss of log information in
+the event of a system crash immediately following the write attempt.
+However, using this option may prove to be useful if your system's
+kernel is logging many messages.
 .It
 A hostname (preceded by an at
 .Pq Sq @
@@ -184,6 +314,52 @@
 .It
 An asterisk.
 Selected messages are written to all logged-in users.
+.It
+A vertical bar
+.Pq Sq |
+followed by a command to which to pipe the selected messages.
+The command string is passed to
+.Pa /bin/sh
+for evaluation, so the usual shell metacharacters or input/output
+redirection can occur.
+(Note that redirecting
+.Xr stdio 3
+buffered output from the invoked command can cause additional delays,
+or even lost output data in case a logging subprocess exits with a
+signal.)
+The command itself runs with
+.Em stdout
+and
+.Em stderr
+redirected to
+.Pa /dev/null .
+Upon receipt of a
+.Dv SIGHUP ,
+.Xr syslogd 8
+will close the pipe to the process.
+If the process does not exit voluntarily, it will be sent a
+.Dv SIGTERM
+signal after a grace period of up to 60 seconds.
+.Pp
+The command will only be started once data arrives that should be
+piped to it.
+If the command exits, it will be restarted as necessary.
+.Pp
+If it is desired that the subprocess should receive exactly one line of
+input, this can be achieved by exiting after reading and processing the
+single line.
+A wrapper script can be used to achieve this effect, if necessary.
+Note that this method can be very resource-intensive if many log messages
+are being piped through the filter.
+.Pp
+Unless the command is a full pipeline, it may be useful to
+start the command with
+.Em exec
+so that the invoking shell process does not wait for the command to
+complete.
+Note that the command is started with the UID of the
+.Xr syslogd 8
+process, normally the superuser.
 .El
 .Pp
 Blank lines and lines whose first non-blank character is a hash
@@ -209,23 +385,50 @@
 # Don't log private authentication messages!
 *.info;mail.none;authpriv.none         /var/log/messages
 
+# Log daemon messages at debug level only
+daemon.=debug                          /var/log/daemon.debug
+
 # The authpriv file has restricted access.
-authpriv.*                                             /var/log/secure
+authpriv.*                             /var/log/secure
 
 # Log all the mail messages in one place.
-mail.*                                                 /var/log/maillog
+mail.*                                 /var/log/maillog
 
 # Everybody gets emergency messages, plus log them on another
 # machine.
-*.emerg                                                        *
-*.emerg                                                        @arpa.berkeley.edu
+*.emerg                                        *
+*.emerg                                        @arpa.berkeley.edu
 
 # Root and Eric get alert and higher messages.
-*.alert                                                        root,eric
+*.alert                                        root,eric
 
 # Save mail and news errors of level err and higher in a
 # special file.
-mail,news.err                                          /var/log/spoolerr
+mail,news.err                          /var/log/spoolerr
+
+# Pipe all authentication messages to a filter.
+auth.*                                 |exec /usr/local/sbin/authfilter
+
+# Log kernel messages to a separate file without syncing each message.
+kern.*                                 -/var/log/kernlog
+
+# Save ftpd transactions along with mail and news.
+!ftpd
+*.*                                    /var/log/spoolerr