Index: usr.sbin/newsyslog/extern.h =================================================================== --- usr.sbin/newsyslog/extern.h +++ usr.sbin/newsyslog/extern.h @@ -60,6 +60,9 @@ int ptime_relparse(struct ptime_data *_ptime, int _parseopts, time_t _basetime, const char *_str); const char *ptimeget_ctime(const struct ptime_data *_ptime); +char *ptimeget_ctime_rfc5424(const struct ptime_data *_ptime, + char *timebuf, + size_t bufsize); double ptimeget_diff(const struct ptime_data *_minuend, const struct ptime_data *_subtrahend); time_t ptimeget_secs(const struct ptime_data *_ptime); Index: usr.sbin/newsyslog/newsyslog.8 =================================================================== --- usr.sbin/newsyslog/newsyslog.8 +++ usr.sbin/newsyslog/newsyslog.8 @@ -17,7 +17,7 @@ .\" the suitability of this software for any purpose. It is .\" provided "as is" without express or implied warranty. .\" -.Dd April 15, 2017 +.Dd May 19, 2017 .Dt NEWSYSLOG 8 .Os .Sh NAME @@ -125,7 +125,8 @@ Cause .Nm not to trim the logs, but to print out what it would do if this option -were not specified. This option implies the +were not specified. +This option implies the .Fl r option. .It Fl r Index: usr.sbin/newsyslog/newsyslog.c =================================================================== --- usr.sbin/newsyslog/newsyslog.c +++ usr.sbin/newsyslog/newsyslog.c @@ -79,6 +79,7 @@ #include #include #include +#include #include #include @@ -132,6 +133,8 @@ #define CE_NODUMP 0x0200 /* Set 'nodump' on newly created log file. */ #define CE_PID2CMD 0x0400 /* Replace PID file with a shell command.*/ +#define CE_RFC5424 0x0800 /* Use RFC5424 format rotation message */ + #define MIN_PID 5 /* Don't touch pids lower than this */ #define MAX_PID 99999 /* was lower, see /usr/include/sys/proc.h */ @@ -247,6 +250,15 @@ #define DAYTIME_LEN 16 static char daytime[DAYTIME_LEN];/* The current time in human readable form, * used for rotation-tracking messages. */ + +/* Another buffer to hold the current time in RFC5424 format. Fractional + * seconds are allowed by the RFC, but are not included in the + * rotation-tracking messages written by newsyslog and so are not accounted for + * in the length below. + */ +#define DAYTIME_RFC5424_LEN sizeof("YYYY-MM-DDTHH:MM:SS+00:00") +static char daytime_rfc5424[DAYTIME_RFC5424_LEN]; + static char hostname[MAXHOSTNAMELEN]; /* hostname */ static const char *path_syslogpid = _PATH_SYSLOGPID; @@ -630,6 +642,7 @@ timenow = ptime_init(NULL); ptimeset_time(timenow, time(NULL)); strlcpy(daytime, ptimeget_ctime(timenow) + 4, DAYTIME_LEN); + ptimeget_ctime_rfc5424(timenow, daytime_rfc5424, DAYTIME_RFC5424_LEN); /* Let's get our hostname */ (void)gethostname(hostname, sizeof(hostname)); @@ -1296,11 +1309,14 @@ case 'r': working->flags |= CE_PID2CMD; break; + case 't': + working->flags |= CE_RFC5424; + break; case 'u': working->flags |= CE_SIGNALGROUP; break; case 'w': - /* Depreciated flag - keep for compatibility purposes */ + /* Deprecated flag - keep for compatibility purposes */ break; case 'x': working->compress = COMPRESS_XZ; @@ -2101,7 +2117,7 @@ tmpsiz = sizeof(struct sigwork_entry) + strlen(ent->pid_cmd_file) + 1; stmp = malloc(tmpsiz); - + stmp->sw_runcmd = 0; /* If this is a command to run we just set the flag and run command */ if (ent->flags & CE_PID2CMD) { @@ -2257,15 +2273,34 @@ xtra = ""; if (log_ent->def_cfg) xtra = " using rule"; - if (log_ent->firstcreate) - fprintf(f, "%s %s newsyslog[%d]: logfile first created%s\n", - daytime, hostname, (int) getpid(), xtra); - else if (log_ent->r_reason != NULL) - fprintf(f, "%s %s newsyslog[%d]: logfile turned over%s%s\n", - daytime, hostname, (int) getpid(), log_ent->r_reason, xtra); - else - fprintf(f, "%s %s newsyslog[%d]: logfile turned over%s\n", - daytime, hostname, (int) getpid(), xtra); + if (log_ent->flags & CE_RFC5424) { + if (log_ent->firstcreate) { + fprintf(f, "<%d>1 %s %s newsyslog %d - - %s%s\n", + LOG_MAKEPRI(LOG_USER, LOG_INFO), + daytime_rfc5424, hostname, (int) getpid(), + "logfile first created", xtra); + } else if (log_ent->r_reason != NULL) { + fprintf(f, "<%d>1 %s %s newsyslog %d - - %s%s%s\n", + LOG_MAKEPRI(LOG_USER, LOG_INFO), + daytime_rfc5424, hostname, (int) getpid(), + "logfile turned over", log_ent->r_reason, xtra); + } else { + fprintf(f, "<%d>1 %s %s newsyslog %d - - %s%s\n", + LOG_MAKEPRI(LOG_USER, LOG_INFO), + daytime_rfc5424, hostname, (int) getpid(), + "logfile turned over", xtra); + } + } else { + if (log_ent->firstcreate) + fprintf(f, "%s %s newsyslog[%d]: logfile first created%s\n", + daytime, hostname, (int) getpid(), xtra); + else if (log_ent->r_reason != NULL) + fprintf(f, "%s %s newsyslog[%d]: logfile turned over%s%s\n", + daytime, hostname, (int) getpid(), log_ent->r_reason, xtra); + else + fprintf(f, "%s %s newsyslog[%d]: logfile turned over%s\n", + daytime, hostname, (int) getpid(), xtra); + } if (fclose(f) == EOF) err(1, "log_trim: fclose"); return (0); Index: usr.sbin/newsyslog/newsyslog.conf.5 =================================================================== --- usr.sbin/newsyslog/newsyslog.conf.5 +++ usr.sbin/newsyslog/newsyslog.conf.5 @@ -21,7 +21,7 @@ .\" the suitability of this software for any purpose. It is .\" provided "as is" without express or implied warranty. .\" -.Dd April 15, 2017 +.Dd May 19, 2017 .Dt NEWSYSLOG.CONF 5 .Os .Sh NAME @@ -242,7 +242,7 @@ (i.e., the start of the day; same as .Li @01T00 ) .It Li $M5D6 -rotate on every 5th day of month at 6:00 +rotate on every fifth day of month at 6:00 (same as .Li @05T06 ) .El @@ -319,6 +319,11 @@ .Ar path_to_pid_cmd_file after rotation instead of trying to send signal to a process id stored in the file. +.It Cm T +if this flag is set the informational rotation message written to +the log file will be in the format specified by RFC5424. +Normally, the rotation message is written in the traditional (RFC3164) +syslog format. .It Cm U indicates that the file specified by .Ar path_to_pid_cmd_file @@ -395,6 +400,17 @@ .Xr chown 8 , .Xr newsyslog 8 , .Xr syslogd 8 +.Pp +.Rs +.%A C. Lonvick +.%T The BSD syslog Protocol +.%O RFC3164 +.Re +.Rs +.%A R. Gerhards +.%T The Syslog Protocol +.%O RFC5424 +.Re .Sh HISTORY This manual page first appeared in .Fx 4.10 . Index: usr.sbin/newsyslog/ptimes.c =================================================================== --- usr.sbin/newsyslog/ptimes.c +++ usr.sbin/newsyslog/ptimes.c @@ -478,6 +478,74 @@ return (ctime(&ptime->tsecs)); } +/* + * Generate a time of day string in an RFC5424 compatible format. Return a + * pointer to the buffer with the timestamp string or NULL if an error. If the + * time is not supplied, cannot be converted to local time, or the resulting + * string would overflow the buffer, the returned string will be the RFC5424 + * NILVALUE. + */ +char * +ptimeget_ctime_rfc5424(const struct ptime_data *ptime, + char *timebuf, + size_t bufsize) +{ + static const char nilvalue[] = {"-"}; /* RFC5424 specified NILVALUE */ + int chars; + struct tm tm; + int tz_hours; + int tz_mins; + long tz_offset; + char tz_sign; + + if (timebuf == NULL) + return (NULL); + + if (bufsize < sizeof(nilvalue)) + return (NULL); + + /* + * Convert to localtime. RFC5424 mandates the use of the NILVALUE if + * the time cannot be obtained, so use that if there is an error in the + * conversion. + */ + if (ptime == NULL || localtime_r(&(ptime->tsecs), &tm) == NULL) { + strlcpy(timebuf, nilvalue, bufsize); + return (timebuf); + } + + /* + * Convert the time to a string in RFC5424 format. The conversion + * cannot be done with strftime() because it cannot produce the correct + * timezone offset format. + */ + if (tm.tm_gmtoff < 0) { + tz_sign = '-'; + tz_offset = -tm.tm_gmtoff; + } else { + tz_sign = '+'; + tz_offset = tm.tm_gmtoff; + } + + tz_hours = tz_offset / 3600; + tz_mins = (tz_offset % 3600) / 60; + + chars = snprintf(timebuf, bufsize, + "%04d-%02d-%02d" /* date */ + "T%02d:%02d:%02d" /* time */ + "%c%02d:%02d", /* time zone offset */ + tm.tm_year + 1900, tm.tm_mon + 1, tm.tm_mday, + tm.tm_hour, tm.tm_min, tm.tm_sec, + tz_sign, tz_hours, tz_mins); + + /* If the timestamp is too big for timebuf, return the NILVALUE. */ + if (chars >= (int)bufsize) { + strlcpy(timebuf, nilvalue, bufsize); + } + + return (timebuf); +} + double ptimeget_diff(const struct ptime_data *minuend, const struct ptime_data *subtrahend) Index: usr.sbin/newsyslog/tests/legacy_test.sh =================================================================== --- usr.sbin/newsyslog/tests/legacy_test.sh +++ usr.sbin/newsyslog/tests/legacy_test.sh @@ -98,6 +98,32 @@ fi } +# Verify that the specified file has RFC5424 rotation messages. +ckrfc5424() +{ + local lc=$(wc -l $1 | cut -w -f2) + local rc=$(grep -E '^<[0-9][0-9]*>1 [0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}' $1 | wc -l | cut -w -f2) + if [ "$lc" -eq 0 -o "$rc" -eq 0 -o "$lc" -ne "$rc" ] + then + notok + else + ok + fi +} + + +# Verify that the specified file does not have RFC5424 rotation messages. +cknorfc5424() +{ + local lc=$(wc -l $1 | cut -w -f2) + local rc=$(grep -E '^<[0-9][0-9]*>1 [0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}' $1 | wc -l | cut -w -f2) + if [ "$lc" -eq 0 -o "$rc" -ne 0 ] + then + notok + else + ok + fi +} # A part of a test succeeds @@ -381,6 +407,45 @@ tmpdir_clean } +tests_rfc5424() { + ext="$1" + dir="$2" + + if [ -n "$dir" ]; then + newsyslog_args=" -a ${dir}" + name_postfix="${ext} archive dir" + else + newsyslog_args="" + name_postfix="${ext}" + fi + + tmpdir_create + + begin "RFC5424 - create file ${name_postfix}" -newdir + run_newsyslog -C + ckfe $LOGFNAME + cknt ${dir}${LOGFNAME}.0${ext} + ckfe $LOGFNAME5424 + cknt ${dir}${LOGFNAME5424}.0${ext} + cknorfc5424 ${LOGFNAME} + ckrfc5424 ${LOGFNAME5424} + end + + begin "RFC5424 - rotate normal 1 ${name_postfix}" + run_newsyslog $newsyslog_args + ckfe ${LOGFNAME} + ckfe ${dir}${LOGFNAME}.0${ext} + ckfe $LOGFNAME5424 + ckfe ${dir}${LOGFNAME5424}.0${ext} + cknorfc5424 ${LOGFNAME} + cknorfc5424 ${dir}${LOGFNAME}.0${ext} + ckrfc5424 ${LOGFNAME5424} + ckrfc5424 ${dir}${LOGFNAME5424}.0${ext} + end + + tmpdir_clean +} + echo 1..126 mkdir -p ${TMPDIR} cd ${TMPDIR} @@ -388,6 +453,10 @@ LOGFNAME=foo.log LOGFPATH=${TMPDIR}/log/${LOGFNAME} +# Log file for RFC-5424 testing +LOGFNAME5424=foo5424.log +LOGFPATH5424=${TMPDIR}/log/${LOGFNAME5424} + # Normal, no archive dir, keep X files echo "$LOGFPATH 640 0 * @T00 NC" > newsyslog.conf tests_normal_rotate_keepn 0 @@ -454,4 +523,9 @@ echo "$LOGFPATH 640 3 * @T00 NCJ" > newsyslog.conf tests_time_rotate "bz2" "${TMPDIR}/alog/" +# RFC5424; Normal, no archive dir +echo "$LOGFPATH5424 640 3 * @T00 NCT" > newsyslog.conf +echo "$LOGFPATH 640 3 * @T00 NC" >> newsyslog.conf +tests_rfc5424 + rm -rf "${TMPDIR}"