bin/120891: enhancement to syslogd - always printing local time

Thomas Vogt thomas at bsdunix.ch
Wed Feb 20 18:40:03 UTC 2008 

>Number:         120891
>Category:       bin
>Synopsis:       enhancement to syslogd - always printing local time
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Wed Feb 20 18:40:02 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator:     Thomas Vogt
>Release:        FreeBSD 7.0-RC1 i386
>Organization:
>Environment:
System: FreeBSD bert.mlan.solnet.ch 7.0-RC1 FreeBSD 7.0-RC1 #12: Tue Jan 29 10:06:24 CET 2008 root at bert.mlan.solnet.ch:/usr/obj/usr/src/sys/BERT i386


	
>Description:

Both patches are obtained from NetBSD. 

syslogd has currently an undocumented feature. if it does not recognize the timestamp field 
in the received message or if there is no timestamp at all like in Foundry XMR, it generates it,
based on the local time. We should document this behaviour in syslogd.8

There are switches which don't have NTP, so their time is meaningless.
Generate a useful timestamp for all messages received from network, regardless of validity of the timestamp field.
I expect that such a feature can be generally useful.
This patch which implements a -T option, causing syslogd to
generate a timestamp field for all messages received over the network. 

Original syslog entry, switch has GMT time:
Feb 20 18:14:45 zuchwil-foundry-sw1.foobar.com zuchwil-foundry-sw1 ACL: ACL: List 11 permitted tcp 212.101.1.83(telnet)(Ethernet 25 0014.a87c.9bc1) -> 212.101.XX.XX(telnet), 1 event(s) 

With the new -T option my localtime of the syslogd machine (GMT+1) will be added too at the begining of the line:
Feb 20 19:18:57 zuchwil-foundry-sw1.foobar.com Feb 20 18:18:57 zuchwil-fb-sw1 ACL: ACL: List 11 permitted tcp 212.101.1.83(telnet)(Ethernet 25 0014.a87c.9bc1) -> 212.101.XX.XX(telnet)


>How-To-Repeat:
	
>Fix:


--- syslogd.c.orig	2008-02-20 14:00:11.000000000 +0100
+++ syslogd.c	2008-02-20 14:00:27.000000000 +0100
@@ -292,6 +292,7 @@
 
 struct allowedpeer *AllowedPeers; /* List of allowed peers */
 static int	NumAllowed;	/* Number of entries in AllowedPeers */
+static int      RemoteAddDate;  /* always add date to messages from network */
 
 static int	UniquePriority;	/* Only log specified priority? */
 static int	LogFacPri;	/* Put facility and priority in log message: */
@@ -321,7 +322,7 @@
 static void	log_deadchild(pid_t, int, const char *);
 static void	markit(void);
 static int	skip_message(const char *, const char *, int);
-static void	printline(const char *, char *);
+static void	printline(const char *, char *, int);
 static void	printsys(char *);
 static int	p_open(const char *, pid_t *);
 static void	readklog(void);
@@ -351,7 +352,7 @@
 	socklen_t len;
 
 	bindhostname = NULL;
-	while ((ch = getopt(argc, argv, "46Aa:b:cCdf:kl:m:nop:P:sS:uv")) != -1)
+	while ((ch = getopt(argc, argv, "46Aa:b:cCdf:kl:m:nop:P:sS:Tuv")) != -1)
 		switch (ch) {
 		case '4':
 			family = PF_INET;
@@ -448,6 +449,9 @@
 				errx(1, "%s path too long, exiting", optarg);
 			funix_secure.name = optarg;
 			break;
+	        case 'T':
+  	                RemoteAddDate = 1;
+  	                break;
 		case 'u':		/* only log specified priority */
 			UniquePriority++;
 			break;
@@ -640,7 +644,7 @@
 						hname = cvthname((struct sockaddr *)&frominet);
 						unmapped((struct sockaddr *)&frominet);
 						if (validate((struct sockaddr *)&frominet, hname))
-							printline(hname, line);
+							printline(hname, line, RemoteAddDate ? ADDDATE : 0);
 					} else if (l < 0 && errno != EINTR)
 						logerror("recvfrom inet");
 				}
@@ -653,7 +657,7 @@
 				    (struct sockaddr *)&fromunix, &len);
 				if (l > 0) {
 					line[l] = '\0';
-					printline(LocalHostName, line);
+					printline(LocalHostName, line, 0);
 				} else if (l < 0 && errno != EINTR)
 					logerror("recvfrom unix");
 			}
@@ -693,7 +697,7 @@
 {
 
 	fprintf(stderr, "%s\n%s\n%s\n%s\n",
-		"usage: syslogd [-46ACcdknosuv] [-a allowed_peer]",
+		"usage: syslogd [-46ACcdknosTuv] [-a allowed_peer]",
 		"               [-b bind_address] [-f config_file]",
 		"               [-l [mode:]path] [-m mark_interval]",
 		"               [-P pid_file] [-p log_socket]");
@@ -705,7 +709,7 @@
  * on the appropriate log files.
  */
 static void
-printline(const char *hname, char *msg)
+printline(const char *hname, char *msg, int flags)
 {
 	char *p, *q;
 	long n;
@@ -758,7 +762,7 @@
 	}
 	*q = '\0';
 
-	logmsg(pri, line, hname, 0);
+	logmsg(pri, line, hname, flags);
 }
 
 /*


--- syslogd.8.orig	2008-02-20 14:18:55.000000000 +0100
+++ syslogd.8	2008-02-20 14:18:59.000000000 +0100
@@ -225,6 +225,12 @@
 If
 specified twice, no network socket will be opened at all, which also
 disables logging to remote machines.
+.It Fl T
+Always use the local time and date for messages received from the
+network, instead of the timestamp field supplied in the message
+by the remote host.
+This is useful if some of the originating hosts can't keep time
+properly or are unable to generate a correct timestamp.
 .It Fl u
 Unique priority logging.
 Only log messages at the specified priority.
@@ -291,6 +297,14 @@
 option is specified);
 therefore, they must be created manually before running
 .Nm .
+.Pp
+The date and time are taken from the received message.
+If the format of the timestamp field is incorrect, time obtained from
+the local host is used instead.
+This can be overriden by the
+.Fl T
+flag.
+.Pp
 .Sh FILES
 .Bl -tag -width /var/run/syslog.pid -compact
 .It Pa /etc/syslog.conf
>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list