Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/usr.sbin/syslogd Merge the thorpej-syslogd-hack-branch down ...
details: https://anonhg.NetBSD.org/src/rev/f93bbe82f0f5
branches: trunk
changeset: 571339:f93bbe82f0f5
user: thorpej <thorpej%NetBSD.org@localhost>
date: Fri Nov 19 02:18:11 2004 +0000
description:
Merge the thorpej-syslogd-hack-branch down to the trunk. Enhancements
include:
- Extend the syntax of syslog.conf to allow selections of log destinations
by comma-separated lists of program name (including kernel-generated
messages) and originating host name.
- Ability to pipe selected messages through arbitrary filter commands.
- Ability to specify priority comparison operations.
- Improvements to domain name handling.
- Conversion to use kqueue for communication and signal events, eliminating
all unsafe signal handlers.
- Allow spaces as well as tabs in syslog.conf.
- Log kernel printfs at LOG_NOTICE instad of LOG_CRIT.
- Ability to log facility/priority with a log message.
- Reliability improvements.
diffstat:
usr.sbin/syslogd/syslog.conf.5 | 229 ++++++-
usr.sbin/syslogd/syslogd.8 | 32 +-
usr.sbin/syslogd/syslogd.c | 1249 +++++++++++++++++++++++++++++++--------
3 files changed, 1222 insertions(+), 288 deletions(-)
diffs (truncated from 2325 to 300 lines):
diff -r f1dd64e82e10 -r f93bbe82f0f5 usr.sbin/syslogd/syslog.conf.5
--- a/usr.sbin/syslogd/syslog.conf.5 Thu Nov 18 22:56:32 2004 +0000
+++ b/usr.sbin/syslogd/syslog.conf.5 Fri Nov 19 02:18:11 2004 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: syslog.conf.5,v 1.11 2003/08/07 11:25:44 agc Exp $
+.\" $NetBSD: syslog.conf.5,v 1.12 2004/11/19 02:18:11 thorpej Exp $
.\"
.\" Copyright (c) 1990, 1991, 1993
.\" The Regents of the University of California. All rights reserved.
@@ -29,7 +29,7 @@
.\"
.\" from: @(#)syslog.conf.5 8.1 (Berkeley) 6/9/93
.\"
-.Dd June 9, 1993
+.Dd November 18, 2004
.Dt SYSLOG.CONF 5
.Os
.Sh NAME
@@ -43,7 +43,11 @@
file is the configuration file for the
.Xr syslogd 8
program.
-It consists of lines with two fields: the
+It consists of blocks of lines separated by
+.Em program
+and
+.Em hostname
+specifications, with each line containing two fields: the
.Em selector
field which specifies the types of messages and priorities to which the
line applies, and an
@@ -64,6 +68,8 @@
.Em facility ,
a period
.Pq Sq \&. ,
+an optional set of comparison flags
+.Pq Bo ! Bc Bq <=> ,
and a
.Em level ,
with no intervening white-space.
@@ -88,6 +94,28 @@
library routines.
.Pp
The
+.Em comparison flags
+may be used to specify exactly what levels are logged.
+If unspecified, the default comparison is
+.Sq >=
+.Pq greater than or equal to ,
+or, if the
+.Fl U
+option is passed to
+.Xr syslogd 8 ,
+.Sq =
+.Pq equal to .
+Comparison flags beginning with
+.So ! Sc
+will have their logical sense inverted.
+Thus,
+.Sq !=info
+means all levels except info and
+.Sq !notice
+has the same meaning as
+.Sq <notice .
+.Pp
+The
.Em level
describes the severity of the message, and is a keyword from the
following ordered list (higher to lower): emerg, alert, crit, err,
@@ -99,6 +127,84 @@
.Xr syslog 3
library routine.
.Pp
+Each block of lines is separated from the previous block by a
+.Em program
+or
+.Em hostname
+specification.
+A block will only log messages corresponding to the most recent
+.Em program
+and
+.Em hostname
+specifications given.
+Consider the case of a block that selects
+.Ql pppd
+as the
+.Em program ,
+directly followed by a block that selects messages from the
+.Em hostname
+.Ql dialhost .
+The second block will log only messages from the
+.Xr pppd 8
+program from the host
+.Sq dialhost .
+.Pp
+A
+.Em program
+specification of the form
+.Ql #!+prog1,prog2
+or
+.Ql !+prog1,prog2
+will cause subsequent blocks to be applied to messages logged by the
+specified programs.
+A
+.Em program
+specification of the form
+.Ql #!-prog1,prog2
+or
+.Ql !-prog1,prog2
+will cause subsequent blocks to be applied to messages logged by programs
+other than the ones specified.
+A
+.Em program
+specification of the form
+.Ql #!prog1,prog2
+or
+.Ql !prog1,prog2
+is equivalent to
+.Ql !+prog1,prog2 .
+Program selectors may also match kernel-generated messages.
+For example, a program specification of
+.Ql !+subsys
+will match kernel-generated messages of the form
+.Ql subsys: here is a message .
+The special specification
+.Ql !*
+will cause subsequent blocks to apply to all programs.
+.Pp
+A
+.Em hostname
+specification of the form
+.Ql #+host1,host2
+or
+.Ql +host1,host2
+will cause subsequent blocks to be applied to messages received from
+the specified hosts.
+A
+.Em hostname
+specification of the form
+.Ql #-host1,host2
+or
+.Ql -host1,host2
+will cause subsequent blocks to be applied to messages from hosts other
+than the ones specified.
+If the hostname is given as
+.Ql @ ,
+the local hostname will be used.
+The special specification
+.Ql +*
+will cause subsequent blocks to apply to all hosts.
+.Pp
See
.Xr syslog 3
for a further descriptions of both the
@@ -106,12 +212,22 @@
and
.Em level
keywords and their significance.
+It is preferred that selections be made based on
+.Em facility
+rather than
+.Em program ,
+since the latter can vary in a networked environment.
+However, there are cases where a
+.Em facility
+may be too broadly defined.
.Pp
If a received message matches the specified
-.Em facility
-and is of the specified
+.Em facility ,
+and the specified
.Em level
-.Em (or a higher level) ,
+comparison is true,
+and the first word in the message after the date matches the
+.Em program ,
the action specified in the
.Em action
field will be taken.
@@ -165,11 +281,25 @@
field of each line specifies the action to be taken when the
.Em selector
field selects a message.
-There are four forms:
+There are five forms:
.Bl -bullet
.It
A pathname (beginning with a leading slash).
Selected messages are appended to the file.
+.Pp
+To ensure that kernel messages are written to disk promptly,
+.Xr syslogd 8
+calls
+.Xr fsync 2
+after writing messages from the kernel.
+Other messages are not synced explcitly.
+You may disable syncing of files specified to receive kernel messages
+by prefixing the pathname with a minus sign
+.Ql - .
+Note that use of this option may cause the loss of log information in
+the event of a system crash immediately following the write attempt.
+However, using this option may prove to be useful if your system's
+kernel is logging many messages.
.It
A hostname (preceded by an at
.Pq Sq @
@@ -184,6 +314,52 @@
.It
An asterisk.
Selected messages are written to all logged-in users.
+.It
+A vertical bar
+.Pq Sq |
+followed by a command to which to pipe the selected messages.
+The command string is passed to
+.Pa /bin/sh
+for evaluation, so the usual shell metacharacters or input/output
+redirection can occur.
+(Note that redirecting
+.Xr stdio 3
+buffered output from the invoked command can cause additional delays,
+or even lost output data in case a logging subprocess exits with a
+signal.)
+The command itself runs with
+.Em stdout
+and
+.Em stderr
+redirected to
+.Pa /dev/null .
+Upon receipt of a
+.Dv SIGHUP ,
+.Xr syslogd 8
+will close the pipe to the process.
+If the process does not exit voluntarily, it will be sent a
+.Dv SIGTERM
+signal after a grace period of up to 60 seconds.
+.Pp
+The command will only be started once data arrives that should be
+piped to it.
+If the command exits, it will be restarted as necessary.
+.Pp
+If it is desired that the subprocess should receive exactly one line of
+input, this can be achieved by exiting after reading and processing the
+single line.
+A wrapper script can be used to achieve this effect, if necessary.
+Note that this method can be very resource-intensive if many log messages
+are being piped through the filter.
+.Pp
+Unless the command is a full pipeline, it may be useful to
+start the command with
+.Em exec
+so that the invoking shell process does not wait for the command to
+complete.
+Note that the command is started with the UID of the
+.Xr syslogd 8
+process, normally the superuser.
.El
.Pp
Blank lines and lines whose first non-blank character is a hash
@@ -209,23 +385,50 @@
# Don't log private authentication messages!
*.info;mail.none;authpriv.none /var/log/messages
+# Log daemon messages at debug level only
+daemon.=debug /var/log/daemon.debug
+
# The authpriv file has restricted access.
-authpriv.* /var/log/secure
+authpriv.* /var/log/secure
# Log all the mail messages in one place.
-mail.* /var/log/maillog
+mail.* /var/log/maillog
# Everybody gets emergency messages, plus log them on another
# machine.
-*.emerg *
-*.emerg @arpa.berkeley.edu
+*.emerg *
+*.emerg @arpa.berkeley.edu
# Root and Eric get alert and higher messages.
-*.alert root,eric
+*.alert root,eric
# Save mail and news errors of level err and higher in a
# special file.
-mail,news.err /var/log/spoolerr
+mail,news.err /var/log/spoolerr
+
+# Pipe all authentication messages to a filter.
+auth.* |exec /usr/local/sbin/authfilter
+
+# Log kernel messages to a separate file without syncing each message.
+kern.* -/var/log/kernlog
+
+# Save ftpd transactions along with mail and news.
+!ftpd
+*.* /var/log/spoolerr
Home |
Main Index |
Thread Index |
Old Index