Hi!
for about 18 months now I've been reapplying a change to sysklogd
which adds the option of logging the facility and priority of each
message. I've found this option to be very helpful for automatically
re-processing logfiles generated by syslog. [e.g. grep for messages
of severity of at least error or above]
If the patched syslogd is started with the new -F option it logs using
the following format:
Apr 29 11:59:23 D6 nutmeg sshd[996]: log: Generating new 768 bit RSA key.
Apr 29 11:59:23 D6 nutmeg sshd[996]: log: RSA key generation complete.
Apr 29 12:00:01 K6 vanilla kernel: st: bufsize 32768, wrt 30720, max buffers 5,
s/g segs 16.
Apr 29 12:00:01 K4 vanilla kernel: Detected scsi tape st0 at scsi2, channel 0, id 5, lun 0
Apr 29 12:00:01 C6 anger CRON[19456]: (root) CMD (/usr/libexec/atrun)
The 4th field is new, its first character is the facility and the 2nd
the priority. Facilities are abbreviated like:
A auth
P authpriv
C cron
D daemon
K kern
L lpr
M mail
. mark
N news
S syslog
R user
U uucp
F ftp
0 local0
1 local1
2 local2
3 local3
4 local4
5 local5
6 local6
7 local7
Because the patch isn't that long, I'm including it here. I hope this
isn't against the policy of this meilinglist.
Christian.
--- sysklogd-1.4.1/syslogd.c.orig Sun Mar 11 15:40:10 2001
+++ sysklogd-1.4.1/syslogd.c Wed May 2 14:52:38 2001
@@ -417,6 +417,9 @@
* file is defined in the used libc and should not be hardcoded
* into the syslogd binary referring the system it was compiled on.
*
+ * Sat Oct 9 19:46:11 MET DST 1999: Christian von Roques <roques@aber.net>
+ * Added -F option to log a two character code for facility and priority.
+ *
* Sun Sep 17 20:45:33 CEST 2000: Martin Schulze <joey@infodrom.ffis.de>
* Fixed some bugs in printline() code that did not escape
* control characters '\177' through '\237' and contained a
@@ -673,53 +676,58 @@
struct code {
char *c_name;
int c_val;
+ char c_abbr;
};
+/* c_abbr of PriNames is currently unused, as they can be mapped to 0..7 */
struct code PriNames[] = {
- {"alert", LOG_ALERT},
- {"crit", LOG_CRIT},
- {"debug", LOG_DEBUG},
- {"emerg", LOG_EMERG},
- {"err", LOG_ERR},
- {"error", LOG_ERR}, /* DEPRECATED */
- {"info", LOG_INFO},
- {"none", INTERNAL_NOPRI}, /* INTERNAL */
- {"notice", LOG_NOTICE},
- {"panic", LOG_EMERG}, /* DEPRECATED */
- {"warn", LOG_WARNING}, /* DEPRECATED */
- {"warning", LOG_WARNING},
- {"*", TABLE_ALLPRI},
- {NULL, -1}
+ {"alert", LOG_ALERT, 'a'},
+ {"crit", LOG_CRIT, 'c'},
+ {"debug", LOG_DEBUG, 'd'},
+ {"emerg", LOG_EMERG, 'p'},
+ {"err", LOG_ERR, 'e'},
+ {"error", LOG_ERR, 'e'}, /* DEPRECATED */
+ {"info", LOG_INFO, 'i'},
+ {"none", INTERNAL_NOPRI, 0}, /* INTERNAL */
+ {"notice", LOG_NOTICE, 'n'},
+ {"panic", LOG_EMERG, 'p'}, /* DEPRECATED */
+ {"warn", LOG_WARNING, 'w'}, /* DEPRECATED */
+ {"warning", LOG_WARNING, 'w'},
+ {"*", TABLE_ALLPRI, 0},
+ {NULL, -1, 0}
};
struct code FacNames[] = {
- {"auth", LOG_AUTH},
- {"authpriv", LOG_AUTHPRIV},
- {"cron", LOG_CRON},
- {"daemon", LOG_DAEMON},
- {"kern", LOG_KERN},
- {"lpr", LOG_LPR},
- {"mail", LOG_MAIL},
- {"mark", LOG_MARK}, /* INTERNAL */
- {"news", LOG_NEWS},
- {"security", LOG_AUTH}, /* DEPRECATED */
- {"syslog", LOG_SYSLOG},
- {"user", LOG_USER},
- {"uucp", LOG_UUCP},
+ {"auth", LOG_AUTH, 'A'},
+ {"authpriv", LOG_AUTHPRIV, 'P'},
+ {"cron", LOG_CRON, 'C'},
+ {"daemon", LOG_DAEMON, 'D'},
+ {"kern", LOG_KERN, 'K'},
+ {"lpr", LOG_LPR, 'L'},
+ {"mail", LOG_MAIL, 'M'},
+ {"mark", LOG_MARK, '.'}, /* INTERNAL */
+ {"news", LOG_NEWS, 'N'},
+ {"security", LOG_AUTH, 'A'}, /* DEPRECATED */
+ {"syslog", LOG_SYSLOG, 'S'},
+ {"user", LOG_USER, 'R'},
+ {"uucp", LOG_UUCP, 'U'},
#if defined(LOG_FTP)
- {"ftp", LOG_FTP},
+ {"ftp", LOG_FTP, 'F'},
#endif
- {"local0", LOG_LOCAL0},
- {"local1", LOG_LOCAL1},
- {"local2", LOG_LOCAL2},
- {"local3", LOG_LOCAL3},
- {"local4", LOG_LOCAL4},
- {"local5", LOG_LOCAL5},
- {"local6", LOG_LOCAL6},
- {"local7", LOG_LOCAL7},
- {NULL, -1},
+ {"local0", LOG_LOCAL0, '0'},
+ {"local1", LOG_LOCAL1, '1'},
+ {"local2", LOG_LOCAL2, '2'},
+ {"local3", LOG_LOCAL3, '3'},
+ {"local4", LOG_LOCAL4, '4'},
+ {"local5", LOG_LOCAL5, '5'},
+ {"local6", LOG_LOCAL6, '6'},
+ {"local7", LOG_LOCAL7, '7'},
+ {NULL, -1, 0},
};
+char FacAbbr[LOG_NFACILITIES]; /* initialized from FacNames[].c_abbr */
+
+int FacilityLog = 0; /* log facility and priority */
int Debug; /* debug flag */
char LocalHostName[MAXHOSTNAMELEN+1]; /* our hostname */
char *LocalDomain; /* our local domain name */
@@ -829,7 +837,7 @@
funix[i] = -1;
}
- while ((ch = getopt(argc, argv, "a:dhf:l:m:np:rs:v")) != EOF)
+ while ((ch = getopt(argc, argv, "a:dhFf:l:m:np:rs:v")) != EOF)
switch((char)ch) {
case 'a':
if (nfunix < MAXFUNIX)
@@ -840,6 +848,9 @@
case 'd': /* debug */
Debug = 1;
break;
+ case 'F':
+ FacilityLog = 1;
+ break;
case 'f': /* configuration file */
ConfFile = optarg;
break;
@@ -986,6 +997,16 @@
if (isupper(*p))
*p = tolower(*p);
+ /*
+ * Initialize FacAbbr from FacName[].c_abbr
+ */
+ {
+ struct code *f;
+
+ for (f = FacNames; f->c_name; f++)
+ FacAbbr[LOG_FAC(f->c_val)] = f->c_abbr;
+ }
+
(void) signal(SIGTERM, die);
(void) signal(SIGINT, Debug ? die : SIG_IGN);
(void) signal(SIGQUIT, Debug ? die : SIG_IGN);
@@ -1174,7 +1195,7 @@
int usage()
{
- fprintf(stderr, "usage: syslogd [-drvh] [-l hostlist] [-m markinterval] [-n] [-p path]\n" \
+ fprintf(stderr, "usage: syslogd [-dFrvh] [-l hostlist] [-m markinterval] [-n] [-p path]\n" \
" [-s domainlist] [-f conffile]\n");
exit(1);
}
@@ -1663,6 +1684,7 @@
struct iovec iov[6];
register struct iovec *v = iov;
char repbuf[80];
+ char facbuf[4];
#ifdef SYSLOG_INET
register int l;
char line[MAXLINE + 1];
@@ -1670,13 +1692,18 @@
struct hostent *hp;
#endif
+ facbuf[0] = ' ';
+ facbuf[1] = FacAbbr[LOG_FAC(f->f_prevpri)];
+ facbuf[2] = '0'+LOG_PRI(f->f_prevpri);
+ facbuf[3] = ' ';
+
dprintf("Called fprintlog, ");
v->iov_base = f->f_lasttime;
v->iov_len = 15;
v++;
- v->iov_base = " ";
- v->iov_len = 1;
+ v->iov_base = facbuf;
+ v->iov_len = FacilityLog ? 4 : 1;
v++;
v->iov_base = f->f_prevhost;
v->iov_len = strlen(v->iov_base);
This archive was generated by hypermail 2b30 : Thu May 03 2001 - 01:03:59 CEST