diff --git a/rsyslog-5.8.5.tar.bz2 b/rsyslog-5.8.5.tar.bz2 deleted file mode 100644 index f64bc0a..0000000 --- a/rsyslog-5.8.5.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:cfdc128f8b3ab88e36f85ce8fb12ff8d19790181b7b0138f97afda42c256ee78 -size 1909999 diff --git a/rsyslog-5.8.7-systemd-log-socket.patch b/rsyslog-5.8.7-systemd-log-socket.patch new file mode 100644 index 0000000..7197b9d --- /dev/null +++ b/rsyslog-5.8.7-systemd-log-socket.patch @@ -0,0 +1,43 @@ +From a738e3d5866a1dbbb1538b7461e266ec81cb1f45 Mon Sep 17 00:00:00 2001 +From: Marius Tomaschewski +Date: Mon, 20 Feb 2012 16:29:42 +0100 +Subject: [PATCH] Detect if to use /run/systemd/journal/syslog under systemd + +Detect if we have to use the new /run/systemd/journal/syslog +socket instead of the /dev/log under newer systemd versions. + +Signed-off-by: Marius Tomaschewski +--- + plugins/imuxsock/imuxsock.c | 9 +++++++++ + 1 files changed, 9 insertions(+), 0 deletions(-) + +diff --git a/plugins/imuxsock/imuxsock.c b/plugins/imuxsock/imuxsock.c +index feddb20..767f9a9 100644 +--- a/plugins/imuxsock/imuxsock.c ++++ b/plugins/imuxsock/imuxsock.c +@@ -67,6 +67,9 @@ MODULE_TYPE_NOKEEP + #define _PATH_LOG "/dev/log" + #endif + #endif ++#ifndef SYSTEMD_PATH_LOG ++#define SYSTEMD_PATH_LOG "/run/systemd/journal/syslog" ++#endif + + /* emulate struct ucred for platforms that do not have it */ + #ifndef HAVE_SCM_CREDENTIALS +@@ -775,6 +778,12 @@ CODESTARTwillRun + # endif + if(pLogSockName != NULL) + listeners[0].sockName = pLogSockName; ++ else if(sd_booted()) { ++ struct stat st; ++ if(stat(SYSTEMD_PATH_LOG, &st) != -1 && S_ISSOCK(st.st_mode)) { ++ listeners[0].sockName = SYSTEMD_PATH_LOG; ++ } ++ } + if(ratelimitIntervalSysSock > 0) { + if((listeners[0].ht = create_hashtable(100, hash_from_key_fn, key_equals_fn, NULL)) == NULL) { + /* in this case, we simply turn of rate-limiting */ +-- +1.7.7 + diff --git a/rsyslog-5.8.7.tar.bz2 b/rsyslog-5.8.7.tar.bz2 new file mode 100644 index 0000000..486ce44 --- /dev/null +++ b/rsyslog-5.8.7.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:6d43db0d7dbdefbdb0fce27ae70b304d53681ff5d8f6d823c761be4242bf5080 +size 1925789 diff --git a/rsyslog.changes b/rsyslog.changes index e615120..43c98fb 100644 --- a/rsyslog.changes +++ b/rsyslog.changes @@ -1,3 +1,65 @@ +------------------------------------------------------------------- +Mon Feb 20 15:33:05 UTC 2012 - mt@suse.com + +- Detect if we have to use the new /run/systemd/journal/syslog + socket instead of the /dev/log under newer systemd versions. + Obsoletes listen.conf installed by systemd (bnc#747871). +- updated to 5.8.7 [V5-stable]: + - bugfix: instabilities when using RFC5424 header fields + Thanks to Kaiwang Chen for the patch + - bugfix: imuxsock did truncate part of received message if it did + not contain a proper date. The truncation occured because we + removed that part of the messages that was expected to be the date. + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=295 + - bugfix: potential abort after reading invalid X.509 certificate + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=290 + Thanks to Tomas Heinrich for the patch + - bugfix: stats counter were not properly initialized on creation + - FQDN hostname for multihomed host was not always set to the correct + name if multiple aliases existed. Thanks to Tomas Heinreich for the + patch. +- updated to 5.8.6 [V5-stable]: + - bugfix: missing whitespace after property-based filter was not + detected + - bugfix: $OMFileFlushInterval period was doubled - now using correct + value + - bugfix: ActionQueue could malfunction due to index error + Thanks to Vlad Grigorescu for the patch + - bugfix: $ActionExecOnlyOnce interval did not work properly + Thanks to Tomas Heinrich for the patch + - bugfix: race condition when extracting program name, APPNAME, + structured data and PROCID (RFC5424 fields) could lead to invalid + characters e.g. in dynamic file names or during forwarding (general + malfunction ofthese fields in templates, mostly under heavy load) + - bugfix: imuxsock did no longer ignore message-provided timestamp, + if so configured (the *default*). Lead to no longer sub-second + timestamps. + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=281 + - bugfix: omfile returns fatal error code for things that go really + wrong previously, RS_RET_RESUME was returned, which lead to a loop + inside the rule engine as omfile could not really recover. + - bugfix: imfile did invalid system call under some circumstances + when a file that was to be monitored did not exist BUT the state + file actually existed. Mostly a cosmetic issue. Root cause was + incomplete error checking in stream.c; so patch may affect other + code areas. + - bugfix: rsyslogd -v always said 64 atomics were not present + thanks to mono_matsuko for the patch +- Changed /etc/rsyslog.early.conf to just include rsyslog.conf, + fixed spec to use sd-daemon.[ch] from docs on 11.4 only. + +------------------------------------------------------------------- +Mon Feb 20 12:11:18 UTC 2012 - mt@suse.com + +- Cleaned up the config files a bit, updated comments in config + file, marked the /etc/rsyslog.early.conf obsolete. + Note: rsyslog will be started early/before network using its normal + /etc/rsyslog.conf config file (adopted scripts in syslog-service + package). When any kind of remote logging is in use, then on-disk + queues should be enabled. To start it after the network, please set + the SYSLOG_REQUIRES_NETWORK=yes variable in /etc/sysconfig/syslog + (bnc#728565). + ------------------------------------------------------------------- Wed Sep 7 12:58:48 UTC 2011 - mrueckert@suse.de diff --git a/rsyslog.conf.in b/rsyslog.conf.in index 26ce8ed..4612929 100644 --- a/rsyslog.conf.in +++ b/rsyslog.conf.in @@ -1,13 +1,15 @@ ## +## === When you're using remote logging, enable on-disk queues === +## === in rsyslog.d/remote.conf. When neccesary also set the === +## === SYSLOG_REQUIRES_NETWORK=yes in /etc/sysconfig/syslog, === +## === e.g. when rsyslog has to receive on a specific IP only. === +## ## Note, that when the MYSQL, PGSQL, GSSAPI, GnuTLS or SNMP modules ## (provided in separate rsyslog-module-* packages) are enabled, the ## configuration can't be used on a system with /usr on a remote -## filesystem. -## [The modules are linked against libraries installed bellow of /usr -## thus also installed in /usr/lib*/rsyslog because of this.] -## -## You can change it by adding network-remotefs to the Required-Start -## and Required-Stop LSB init tags in the /etc/init.d/syslog script. +## filesystem, except on newer systems where initrd mounts /usr. +## [The modules are linked against libraries installed bellow of +## /usr thus also installed in /usr/lib*/rsyslog because of this.] ## # @@ -16,28 +18,34 @@ # and report them at http://bugzilla.novell.com/ # -# rsyslog v3: load input modules +# since rsyslog v3: load input modules # If you do not load inputs, nothing happens! -$ModLoad immark.so # provides --MARK-- message capability (every 1 hour) -$MarkMessagePeriod 3600 +# provides --MARK-- message capability (every 1 hour) +$ModLoad immark.so +$MarkMessagePeriod 3600 -$ModLoad imuxsock.so # provides support for local system logging (e.g. via logger command) - # reduce dupplicate log messages (last message repeated n times) -$RepeatedMsgReduction on +# provides support for local system logging (e.g. via logger command) +$ModLoad imuxsock.so -$ModLoad imklog.so # kernel logging (may be also provided by /sbin/klogd), - # see also http://www.rsyslog.com/doc-imklog.html. -$klogConsoleLogLevel 1 # set log level 1 (same as in /etc/sysconfig/syslog). +# reduce dupplicate log messages (last message repeated n times) +$RepeatedMsgReduction on +# kernel logging (may be also provided by /sbin/klogd) +# see also http://www.rsyslog.com/doc-imklog.html. +$ModLoad imklog.so +# set log level 1 (same as in /etc/sysconfig/syslog). +$klogConsoleLogLevel 1 # -# Use traditional log format by default. To change it for a single -# file, append ";RSYSLOG_TraditionalFileFormat" to the filename. +# Use traditional log format by default. To change a single +# file to use rsyslog format (high-precision timestamps), +# append ";RSYSLOG_FileFormat" to the filename. See +# http://www.rsyslog.com/doc/rsyslog_conf_templates.html +# for more informations. # $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat - # # Include config generated by /etc/init.d/syslog script # using the SYSLOGD_ADDITIONAL_SOCKET* variables in the diff --git a/rsyslog.d.remote.conf.in b/rsyslog.d.remote.conf.in index 9928276..13bf32b 100644 --- a/rsyslog.d.remote.conf.in +++ b/rsyslog.d.remote.conf.in @@ -1,40 +1,53 @@ ## +## === When you're using remote logging, enable on-disk queues === +## === in rsyslog.d/remote.conf. When neccesary also set the === +## === SYSLOG_REQUIRES_NETWORK=yes in /etc/sysconfig/syslog, === +## === e.g. when rsyslog has to receive on a specific IP only. === +## ## Note, that when the MYSQL, PGSQL, GSSAPI, GnuTLS or SNMP modules ## (provided in separate rsyslog-module-* packages) are enabled, the ## configuration can't be used on a system with /usr on a remote -## filesystem. -## [The modules are linked against libraries installed bellow of /usr -## thus also installed in /usr/lib*/rsyslog because of this.] -## -## You can change it by adding network-remotefs to the Required-Start -## and Required-Stop LSB init tags in the /etc/init.d/syslog script. +## filesystem, except on newer systems where initrd mounts /usr. +## [The modules are linked against libraries installed bellow of +## /usr thus also installed in /usr/lib*/rsyslog because of this.] ## - -# Remote Logging (we use TCP for reliable delivery) +# ######### Enable On-Disk queues for remote logging ########## +# # An on-disk queue is created for this action. If the remote host is # down, messages are spooled to disk and sent when it is up again. +# #$WorkDirectory RSYSLOG_SPOOL_DIR # where to place spool files #$ActionQueueFileName uniqName # unique name prefix for spool files #$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible) #$ActionQueueSaveOnShutdown on # save messages to disk on shutdown #$ActionQueueType LinkedList # run asynchronously #$ActionResumeRetryCount -1 # infinite retries if host is down + +# ######### Sending Messages to Remote Hosts ########## + +# Remote Logging using TCP for reliable delivery # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional #*.* @@remote-host +# Remote Logging using UDP +# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional +#*.* @remote-host + # ######### Receiving Messages from Remote Hosts ########## # TCP Syslog Server: # provides TCP syslog reception and GSS-API (if compiled to support it) -#$ModLoad imtcp.so # load module -# Note: as of now, you need to use the -t command line option to -# enable TCP reception (e.g. -t514 to run a server at port 514/tcp) -# This will change in later v3 releases. +#$ModLoad imtcp.so # load module +##$UDPServerAddress 10.10.0.1 # force to listen on this IP only, +## # needs SYSLOG_REQUIRES_NETWORK=yes. +#$InputTCPServerRun # Starts a TCP server on selected port # UDP Syslog Server: -#$ModLoad imudp.so # provides UDP syslog reception -#$UDPServerRun 514 # start a UDP syslog server at standard port 514 +#$ModLoad imudp.so # provides UDP syslog reception +##$UDPServerAddress 10.10.0.1 # force to listen on this IP only, +## # needs SYSLOG_REQUIRES_NETWORK=yes. +#$UDPServerRun 514 # start a UDP syslog server at standard port 514 ########### Encrypting Syslog Traffic with TLS ########## diff --git a/rsyslog.early.conf.in b/rsyslog.early.conf.in index 0ac9aa0..6839f2a 100644 --- a/rsyslog.early.conf.in +++ b/rsyslog.early.conf.in @@ -1,119 +1,13 @@ ## -## WARNING: This config contains only statements that are -## safe for early syslog start, that is before the -## network and remote filesystems are available. +## NOTE: This config file is obsolete and will be dropped in +## further package versions. Even while early syslog +## start, the /etc/rsyslog.conf file is used now. +## See rsyslog.conf and remote.conf for more details. ## -## Don't include ETC_RSYSLOG_D_DIR/remote.conf -## in this configuration file or enable any of the -## additional (MYSQL, PGSQL, GSSAPI, GnuTLS, SNMP) -## modules provided in separate module packages. -## -## -## if you experience problems, check -## http://www.rsyslog.com/troubleshoot for assistance -## and report them at http://bugzilla.novell.com/ +## We still ship the file, because systemd does not +## provide a way to execute syslog-service-generator. ## -# rsyslog v3: load input modules -# If you do not load inputs, nothing happens! - -$ModLoad immark.so # provides --MARK-- message capability -$ModLoad imuxsock.so # provides support for local system logging (e.g. via logger command) -$ModLoad imklog.so # kernel logging (may be also provided by /sbin/klogd) - -# -# Include config generated by /etc/init.d/syslog script -# using the SYSLOGD_ADDITIONAL_SOCKET* variables in the -# /etc/sysconfig/syslog file. -# -$IncludeConfig ADDITIONAL_SOCKETS - -### -# -# print most on tty10 and on the xconsole pipe -# -kern.warning;*.err;authpriv.none /dev/tty10;RSYSLOG_TraditionalFileFormat -kern.warning;*.err;authpriv.none |/dev/xconsole;RSYSLOG_TraditionalFileFormat -*.emerg :omusrmsg:* - -# enable this, if you want that root is informed -# immediately, e.g. of logins -#*.alert root - -# -# firewall messages into separate file and stop their further processing -# -if ($syslogfacility-text == 'kern') and \ - ($msg contains 'IN=' and $msg contains 'OUT=') then \ - -/var/log/firewall;RSYSLOG_TraditionalFileFormat -if ($syslogfacility-text == 'kern') and \ - ($msg contains 'IN=' and $msg contains 'OUT=') then \ - ~ - -# -# acpid messages into separate file and stop their further processing -# -# => all acpid messages for debuging (uncomment if needed): -#if ($programname == 'acpid' or $syslogtag == '[acpid]:') then \ -# -/var/log/acpid;RSYSLOG_TraditionalFileFormat -# -# => up to notice (skip info and debug) -if ($programname == 'acpid' or $syslogtag == '[acpid]:') and \ - ($syslogseverity <= 5) then \ - -/var/log/acpid;RSYSLOG_TraditionalFileFormat -if ($programname == 'acpid' or $syslogtag == '[acpid]:') then \ - ~ - -# -# NetworkManager into separate file and stop their further processing -# -if ($programname == 'NetworkManager') or \ - ($programname startswith 'nm-') then \ - -/var/log/NetworkManager;RSYSLOG_TraditionalFileFormat -if ($programname == 'NetworkManager') or \ - ($programname startswith 'nm-') then \ - ~ - -# -# email-messages -# -mail.* -/var/log/mail;RSYSLOG_TraditionalFileFormat -mail.info -/var/log/mail.info;RSYSLOG_TraditionalFileFormat -mail.warning -/var/log/mail.warn;RSYSLOG_TraditionalFileFormat -mail.err /var/log/mail.err;RSYSLOG_TraditionalFileFormat - -# -# news-messages -# -news.crit -/var/log/news/news.crit;RSYSLOG_TraditionalFileFormat -news.err -/var/log/news/news.err;RSYSLOG_TraditionalFileFormat -news.notice -/var/log/news/news.notice;RSYSLOG_TraditionalFileFormat -# enable this, if you want to keep all news messages -# in one file -#news.* -/var/log/news.all;RSYSLOG_TraditionalFileFormat - -# -# Warnings in one file -# -*.=warning;*.=err -/var/log/warn;RSYSLOG_TraditionalFileFormat -*.crit /var/log/warn;RSYSLOG_TraditionalFileFormat - -# -# the rest in one file -# -*.*;mail.none;news.none -/var/log/messages;RSYSLOG_TraditionalFileFormat - -# -# enable this, if you want to keep all messages -# in one file -#*.* -/var/log/allmessages;RSYSLOG_TraditionalFileFormat - -# -# Some foreign boot scripts require local7 -# -local0,local1.* -/var/log/localmessages;RSYSLOG_TraditionalFileFormat -local2,local3.* -/var/log/localmessages;RSYSLOG_TraditionalFileFormat -local4,local5.* -/var/log/localmessages;RSYSLOG_TraditionalFileFormat -local6,local7.* -/var/log/localmessages;RSYSLOG_TraditionalFileFormat +$IncludeConfig ETC_RSYSLOG_CONF ### diff --git a/rsyslog.spec b/rsyslog.spec index e38d794..0e9ddcc 100644 --- a/rsyslog.spec +++ b/rsyslog.spec @@ -1,7 +1,7 @@ # # spec file for package rsyslog # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -20,8 +20,8 @@ Name: rsyslog Summary: The enhanced syslogd for Linux and Unix -Version: 5.8.5 -Release: 1 +Version: 5.8.7 +Release: 0 # for setting those bcond_with* configs see # http://lizards.opensuse.org/2008/09/12/conditional-features-aka-use-flags/ %if 0%{?suse_version} >= 1140 @@ -120,6 +120,7 @@ Source1: rsyslog.sysconfig Source2: rsyslog.conf.in Source3: rsyslog.early.conf.in Source4: rsyslog.d.remote.conf.in +Patch1: rsyslog-5.8.7-systemd-log-socket.patch %description Rsyslog is an enhanced multi-threaded syslogd supporting, among others, @@ -280,11 +281,15 @@ This module provides a UDP forwarder that allows changing the sender address. %prep %setup -q -n %{name}-%{upstream_version} +%patch1 -p1 %if %{with systemd} +%if 0%{?suse_version} <= 1140 # Bug: https://bugzilla.novell.com/show_bug.cgi?id=656259 # install the files systemd provides rather than what we provide. +# On newer systems, systemd-devel provides them. cp -a /usr/share/doc/packages/systemd/sd-daemon.[ch] runtime/ %endif +%endif dos2unix doc/*.html %build @@ -391,6 +396,7 @@ for file in rsyslog.conf rsyslog.early.conf rsyslog.d.remote.conf ; do -e 's;tty10;console;g' \ %endif -e 's;ADDITIONAL_SOCKETS;%{additional_sockets};g' \ + -e 's;ETC_RSYSLOG_CONF;%{_sysconfdir}/rsyslog.conf;g' \ -e 's;ETC_RSYSLOG_D_DIR;%{_sysconfdir}/rsyslog.d;g' \ -e 's;ETC_RSYSLOG_D_GLOB;%{_sysconfdir}/rsyslog.d/*.conf;g' \ -e 's;RSYSLOG_SPOOL_DIR;%{_localstatedir}/spool/rsyslog;g' \