| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
are started before syslogd(8). This resulted in ugly sendsyslog(2)
dropped logs and the real message was lost.
Create a temporary stash for log messages within the kernel. It
has a limited size of 100 messages, and each message is truncated
to 8192 bytes. When the stash is exhausted, the well-known dropped
message is generated with a counter. After syslogd(8) has setup
everything, it sends a debug line through libc to flush the kernel
stash. Then syslogd receives all messages from the kernel before
the usual logs.
OK deraadt@ visa@
|
| |
|
|
|
|
|
|
|
| |
if a client aborted the connection silently. As syslogd does not
write anything into incoming connections, it will not recognize
failure. Setting TCP keep alive on the listen socket does prevent
that for accecpted sockets. Note that outgoing connections do not
need it as syslogd will write data into them.
noticed by dhill@; OK millert@ beck@ deraadt@
|
| |
|
|
|
|
|
| |
UDP sockets for sending messages. Keep the sockets open if the
config allows to send UDP. Then they can be used to send if DNS
is working during the next SIGHUP.
bug reported and fix tested by sven falempin; OK millert@
|
| |
|
|
|
|
|
|
|
|
| |
did not work anymore. unveil(2) prevented removal. Cleaning the
UNIX domain sockets is not necessary. They are harmless and unlinked
before a new bind. So delete that functionality and convert global
to local variables. Providing /var/run/syslog.pid is a common
feature that should be kept. A stale pid file is confusing. So
add a constant path to unveil(2) to allow pid file removal.
OK deraadt@
|
| |
|
|
|
|
| |
fail. Log the message without formating, that is the best syslogd(8)
can do.
OK deraadt@
|
| |
|
|
|
|
| |
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.
|
| |
|
|
|
|
|
| |
bursts it is possible that syslogd(8) cannot process messages fast
enough. The larger kernel buffer allows to work them off in more
time. Then fewer dropped messages are reported.
problem found by millert@; OK claudio@ deraadt@
|
| |
|
|
|
|
|
| |
program names containing period ('.') and underscore ('_') ASCII characters.
Missing feature reported by and patch tested by
Kawashima underscore James at yahoo dot co dot jp.
"Makes sense." deraadt@
|
| |
|
|
|
|
| |
Allows stopping `syslogd -F' with ^C.
OK bluhm
|
| |
|
|
|
|
| |
when we had real signal handlers. But now we use libevent, so
remove the old logic.
OK deraadt@ millert@
|
| |
|
|
| |
fnmatch(3); ok sthen@ bluhm@
|
| |
|
|
|
|
|
|
|
| |
Syslogd continued logging messages to a file that had an EIO error.
This could slow down the whole system. File system errors may cause
huge delays at every access. This prevented debugging the issue.
Now syslogd will log a warning and shut down logging to this file
until restart or SIGHUP.
OK deraadt@ espie@ millert@
|
| |
|
|
|
|
|
|
| |
to files located there. It did this permanently, so cleaning /var
without SIGHUP to syslogd did not help. Better retry, write an
error message to other log hosts, and write a summary of dropped
messages after it works again.
OK millert@ friehm@
|
| |
|
|
|
|
|
|
| |
never appear in any log file. After initialization, write a summary
into log files and to remote log host. So the problem shows up,
when someone is looking at the persistent messages.
Print the "dropped message" warning in a common function.
OK sthen@ millert@
|
| |
|
|
| |
Add my copyright explicitly.
|
| |
|
|
|
|
| |
to UDP loghost fails. Otherwise syslogd(8) would no longer send
to this destination after the error occured once.
tested by Rivo Nurges; OK millert@ benno@ deraadt@
|
| |
|
|
|
| |
to receive sendsyslog(2) messages.
discussed with martijn@; OK jmc@ deraadt@
|
| |
|
|
|
|
|
|
| |
initialized. For every message it did reopen the console with file
descriptor passing from the privsep parent. Now preopen the console,
so writing the message out works in more cases. If the console has
been revoked, a reopen via privsep and write again is tried anyway.
OK brynet@ deraadt@ jca@
|
| |
|
|
|
|
|
|
|
| |
it has closed the file descriptor before checking the errno. So
f_file contained a bad file descriptor that could be reused at the
next open. Keep the file open if errno is EAGAIN. Move the close(2)
down where the old file descriptor in f_file is overwritten in all
cases.
OK deraadt@ jca@
|
| |
|
|
|
|
|
|
|
|
|
| |
open. These sockets are used for sending UDP packets if there is
a UDP loghost in syslog.conf(5). If syslogd is started with -u,
they can receive packets, otherwise they are disabled with
shutdown(SHUT_RD). In case syslogd does neither send nor receive,
close the sockets after reading the configuration file. This gives
us a cleaner netstat output, and the ports are not reported by port
scanners. This has no security implication.
OK benno@ jca@ sthen@ deraadt@
|
| |
|
|
|
|
| |
truncate the length of a syslog message to 8192 bytes. Use one
global define LOG_MAXLINE for all of them.
OK deraadt@ millert@
|
| |
|
|
|
|
|
|
|
|
|
| |
get lost. Remove log_setdebug() as it adds too much abstraction,
use the global variable Started instead. Set the Started value
before the init() function. Then errors during config file processing
will be logged to the console as Initialize is still 0. This is
better than stderr as the latter may be redirected to /dev/null.
Print the timestamp and hostname also for direct messages to console,
so that they look like all others.
bug report jung@; OK benno@
|
| |
|
|
|
|
| |
connections. This expands the feature from UDP and TCP to syslog
over TLS.
input jmc@; OK millert@
|
| |
|
|
|
|
|
| |
remote loghost as they are most commonly used for automated log
processing. With -rr the "last message repeated" feature can be
disabled completely.
OK sthen@ deraadt@ jmc@
|
| |
|
|
|
|
|
|
|
| |
A log client reconnects at every SIGHUP. Write these accept and
close messages with debug priority, then they can be turned on in
syslog.conf. Default is off.
While there, move a debug message and set the priority of the exit
message explicitly to error.
OK mpf@ millert@
|
| |
|
|
|
| |
The functionality has moved into log_setdebug().
OK millert@
|
| |
|
|
|
|
| |
the error string. Log the message when the error happens and make
the function void.
OK millert@
|
| |
|
|
|
|
|
| |
process incoming messages. Split this functionality into log_info()
and logline(). Sort the parameters like they appear in the syslog
line.
OK millert@
|
| |
|
|
|
|
| |
Make messages a bit more consistent. Note that the new function
supports format strings. Replace some log_debug() with log_warn().
OK millert@
|
| |
|
|
|
|
| |
Internally syslogd's fatal() calls die() to do cleanup if necessary.
Also replace all err(3) after log_init() with fatal().
OK millert@
|
| |
|
|
|
| |
log_debugadd() to construct debug message incrementally.
OK deraadt@
|
| |
|
|
|
| |
cannot happen and there is nothing that could be done about it.
OK deraadt@
|
| |
|
|
| |
ok bluhm@ deraadt@
|
| |
|
|
|
| |
socketpair(2) has failed. Do not call ioctl(LIOCSFD) in this case.
OK millert@
|
| |
|
|
|
|
|
|
| |
should terminate early in case of an error. But if syslogd dies,
no messages can be seen at all. Except from command line parsing
and memory shortage during statup, report errors and run all working
subsystems, but do not die.
OK millert@ dreaadt@
|
| |
|
|
|
|
|
|
|
|
| |
functions with a more common log.c implementation. Of course
openlog(3) cannot be used, so adapt the log.[ch] initially copied
from ospfd(8) to syslogd's special needs. As the messages are
limited to ERRBUFSIZE anyway, malloc(3) in the error logging code
can be avoided. Changing all log calls to the new API will be done
in a separate step.
OK millert@
|
| |
|
|
|
|
| |
callbacks for TCP and TLS accept(2) instead of looking at the value
of the listen file descriptor.
OK millert@
|
| | |
|
| |
|
|
|
|
| |
overcome this limitation, allow to specify more than one listen
address for UDP and TCP.
input jmc@; OK deraadt@ millert@
|
| |
|
|
|
|
|
| |
reloading its config. This could happen when multiple signals were
sent during a short interval. So block SIGHUP until signal handlers
are installed.
OK deraadt@ jca@
|
| |
|
|
|
|
|
|
| |
re-exec itself. This exec is done during startup of the privsep
parent or when syslogd restarts after a SIGHUP. Convert a relative
path in argv[0] to an absolute one with realpath(3) before chdir(2).
Do all the path handling in priv_init().
suggested by millert@; OK jca@
|
| |
|
|
|
|
|
|
|
| |
syslogd(8) and the buffer is overwritten. But after a complete
message buffer was read, we got a split line. This happened as
syslogd did a partial read which ended within a line. To avoid the
latter, syslogd has to reserve space for the kernel message buffer
plus 64 chars for the buffer full message.
OK millert@
|
| |
|
|
| |
Feedback and OK jsing@
|
| |
|
|
| |
OK bluhm@
|
| |
|
|
|
|
| |
syslogd(8). Just malloc(3) them dynamically which also gives a
more random address space layout.
OK deraadt@
|
| |
|
|
| |
No binary change.
|
| |
|
|
|
| |
descriptor variables in syslogd(8) this way.
OK rzalamena@
|
| |
|
|
|
| |
to reshuffle its memory layout.
Input rzalamena@; OK deraadt@
|
| |
|
|
|
|
| |
of a second to each syslog timestamp. As we do not measure the
time in syslog(3), use only 3 digits with millisecond precision.
OK dlg@
|
| |
|
|
|
|
|
|
|
| |
that the syslog timestamp does not contain the year and the timezone,
but has local time with daylight saving time.
Now with -Z syslogd(8) switches to RFC 5424 ISO format for timestamps.
Then all logging is also done in UTC. Default is to keep local
time and BSD syslog RFC 3164 format.
BIG BIG BIG OK for the feature ajacoutot@; OK deraadt@
|
bluhm
deraadt
schwarze
kn
djm
jsg
mestre