Merge pull request #45 from ssahani/journal-structed-data

Journal structed data

Author: ssahani

README.md

@@ -47,37 +47,81 @@ systemd-netlogd reads configuration files named `/etc/systemd/netlogd.conf` and
            to a unicast UDP address or multicast UDP network group in syslog RFC 5424 format.
 
            The the address string format is similar to socket units. See systemd.socket(1)
-           
+
        Protocol=
             Specifies whether to use udp or tcp protocol. Defaults to udp.
-       
-        LogFormat=
+
+       LogFormat=
               Specifies whether to use RFC 5424 format or RFC 3339 format. Takes one of rfc5424 or rfc3339. Defaults to rfc5424.
        Optional settings
 
        StructuredData=
            Meta information about the syslog message, which can be used for Cloud Based
            syslog servers, such as Loggly
 
+       UseSysLogStructuredData=
+          A boolean. Specifies whether to extract ```SYSLOG_STRUCTURED_DATA=``` from journal. Defaults to false.
+
+       UseSysLogMsgId=
+          A boolean. Specifies whether to extract ```SYSLOG_MSGID=``` from journal. Defaults to false.
+
+
 **EXAMPLE**
 
  Example 1. /etc/systemd/netlogd.conf
 
+``` sh
     [Network]
     Address=239.0.0.1:6000
     #Protocol=udp
     #LogFormat=rfc5424
+
+```
+
 Example 2. /etc/systemd/netlogd.conf
 
+``` sh
     [Network]
     Address=192.168.8.101:514
     #Protocol=udp
     LogFormat=rfc3339
 
+```
+
 Example 3. /etc/systemd/netlogd.conf
 
+``` sh
+
     [Network]
     Address=192.168.8.101:514
     #Protocol=udp
     LogFormat=rfc5424
     StructuredData=[1ab456b6-90bb-6578-abcd-5b734584aaaa@41058]
+
+```
+
+Example 4. /etc/systemd/netlogd.conf
+
+``` sh
+
+    [Network]
+    Address=192.168.8.101:514
+    #Protocol=udp
+    LogFormat=rfc5424
+    UseSysLogStructuredData=yes
+    UseSysLogMsgId=yes
+
+```
+
+Use case of ```UseSysLogStructuredData=``` and ```UseSysLogMsgId=```
+
+```
+  sd_journal_send(
+    "MESSAGE=%s", "Message to process",
+    "PRIORITY=%s", "4",
+    "SYSLOG_FACILITY=%s", "1",
+    "SYSLOG_MSGID=%s", "1011",
+    "SYSLOG_STRUCTURED_DATA=%s", R"([exampleSDID@32473 iut="3" eventSource="Application"])",
+    NULL
+  );
+```

src/netlog/netlog-conf.c

@@ -26,8 +26,7 @@ int config_parse_netlog_remote_address(const char *unit,
 
         r = socket_address_parse(&m->address, rvalue);
         if (r < 0) {
-                log_syntax(unit, LOG_ERR, filename, line, -r,
-                           "Failed to parse address value, ignoring: %s", rvalue);
+                log_syntax(unit, LOG_WARNING, filename, line, -r, "Failed to parse '%s=%s', ignoring.", lvalue, rvalue);
                 return 0;
         }
 
@@ -54,9 +53,8 @@ int config_parse_protocol(const char *unit,
 
         r = protocol_from_string(rvalue);
         if (r < 0) {
-                log_syntax(unit, LOG_ERR, filename, line, -r,
-                           "Unrecognised Protocol '%s'", rvalue);
-                return -EPROTONOSUPPORT;
+                log_syntax(unit, LOG_WARNING, filename, line, -r, "Failed to parse '%s=%s', ignoring.", lvalue, rvalue);
+                return 0;
         }
 
         m->protocol = r;
@@ -83,9 +81,8 @@ int config_parse_log_format(const char *unit,
 
         r = log_format_from_string(rvalue);
         if (r < 0) {
-                log_syntax(unit, LOG_ERR, filename, line, -r,
-                           "Unrecognised log format '%s'", rvalue);
-                return -EPROTONOSUPPORT;
+                log_syntax(unit, LOG_WARNING, filename, line, -r, "Failed to parse '%s=%s', ignoring.", lvalue, rvalue);
+                return 0;
         }
 
         m->log_format = r;

src/netlog/netlog-gperf.gperf

@@ -15,7 +15,9 @@ struct ConfigPerfItem;
 %struct-type
 %includes
 %%
-Network.Address,         config_parse_netlog_remote_address, 0, 0
-Network.Protocol,        config_parse_protocol,              0, offsetof(Manager, protocol)
-Network.LogFormat,       config_parse_log_format,            0, offsetof(Manager, log_format)
-Network.StructuredData,  config_parse_string,                0, offsetof(Manager, structured_data)
+Network.Address,                  config_parse_netlog_remote_address, 0, 0
+Network.Protocol,                 config_parse_protocol,              0, offsetof(Manager, protocol)
+Network.LogFormat,                config_parse_log_format,            0, offsetof(Manager, log_format)
+Network.StructuredData,           config_parse_string,                0, offsetof(Manager, structured_data)
+Network.UseSysLogStructuredData,  config_parse_bool,                  0, offsetof(Manager, syslog_structured_data)
+Network.UseSysLogMsgId,           config_parse_bool,                  0, offsetof(Manager, syslog_msgid)

src/netlog/netlog-manager.c

@@ -71,9 +71,8 @@ static int parse_field(const void *data, size_t length, const char *field, char
 }
 
 static int manager_read_journal_input(Manager *m) {
-        _cleanup_free_ char *facility = NULL, *identifier = NULL,
-                *priority = NULL, *message = NULL, *pid = NULL,
-                *hostname = NULL;
+        _cleanup_free_ char *facility = NULL, *identifier = NULL, *priority = NULL, *message = NULL, *pid = NULL,
+                *hostname = NULL, *structured_data = NULL, *msgid = NULL;
         unsigned sev = JOURNAL_DEFAULT_SEVERITY;
         unsigned fac = JOURNAL_DEFAULT_FACILITY;
         struct timeval tv;
@@ -120,6 +119,16 @@ static int manager_read_journal_input(Manager *m) {
                 r = parse_field(data, length, "MESSAGE=", &message);
                 if (r < 0)
                         return r;
+
+                r = parse_field(data, length, "SYSLOG_STRUCTURED_DATA=", &structured_data);
+                if (r < 0)
+                        return r;
+                else if (r > 0)
+                        continue;
+
+                r = parse_field(data, length, "SYSLOG_MSGID=", &msgid);
+                if (r < 0)
+                        return r;
         }
 
         r = sd_journal_get_realtime_usec(m->journal, &realtime);
@@ -148,8 +157,15 @@ static int manager_read_journal_input(Manager *m) {
                         sev = JOURNAL_DEFAULT_SEVERITY;
         }
 
-        return manager_push_to_network(m, sev, fac, identifier,
-                                       message, hostname, pid, r >= 0 ? &tv : NULL);
+        return manager_push_to_network(m,
+                                       sev,
+                                       fac,
+                                       identifier,
+                                       message, hostname,
+                                       pid,
+                                       r >= 0 ? &tv : NULL,
+                                       structured_data,
+                                       msgid);
 }
 
 static int update_cursor_state(Manager *m) {

src/netlog/netlog-manager.h

@@ -44,11 +44,14 @@ struct Manager {
         sd_journal *journal;
 
         char *state_file;
-
         char *last_cursor, *current_cursor;
         char *structured_data;
+
         SysLogTransmissionProtocol protocol;
         SysLogTransmissionLogFormat log_format;
+
+        bool syslog_structured_data;
+        bool syslog_msgid;
 };
 
 int manager_new(const char *state_file, const char *cursor, Manager **ret);
@@ -62,10 +65,16 @@ void manager_disconnect(Manager *m);
 void manager_close_network_socket(Manager *m);
 int manager_open_network_socket(Manager *m);
 
-int manager_push_to_network(Manager *m, int severity, int facility,
-                            const char *identifier, const char *message,
-                            const char *hostname, const char *pid,
-                            const struct timeval *tv);
+int manager_push_to_network(Manager *m,
+                            int severity,
+                            int facility,
+                            const char *identifier,
+                            const char *message,
+                            const char *hostname,
+                            const char *pid,
+                            const struct timeval *tv,
+                            const char *syslog_structured_data,
+                            const char *syslog_msgid);
 
 const char *protocol_to_string(int v) _const_;
 int protocol_from_string(const char *s) _pure_;

src/netlog/netlog-network.c

@@ -94,7 +94,9 @@ static int format_rfc5424(Manager *m,
                           const char *message,
                           const char *hostname,
                           const char *pid,
-                          const struct timeval *tv) {
+                          const struct timeval *tv,
+                          const char *syslog_structured_data,
+                          const char *syslog_msgid) {
 
         char header_time[FORMAT_TIMESTAMP_MAX];
         char header_priority[sizeof("<   >1 ")];
@@ -140,12 +142,18 @@ static int format_rfc5424(Manager *m,
         IOVEC_SET_STRING(iov[n++], " ");
 
         /* Seventh: msgid */
-        IOVEC_SET_STRING(iov[n++], RFC_5424_NILVALUE);
+        if (syslog_msgid)
+                IOVEC_SET_STRING(iov[n++], syslog_msgid);
+        else
+                IOVEC_SET_STRING(iov[n++], RFC_5424_NILVALUE);
+
         IOVEC_SET_STRING(iov[n++], " ");
 
         /* Eighth: [structured-data] */
         if (m->structured_data)
                 IOVEC_SET_STRING(iov[n++], m->structured_data);
+        else if (syslog_structured_data)
+                IOVEC_SET_STRING(iov[n++], syslog_structured_data);
         else
                 IOVEC_SET_STRING(iov[n++], RFC_5424_NILVALUE);
 
@@ -238,7 +246,9 @@ int manager_push_to_network(Manager *m,
                             const char *message,
                             const char *hostname,
                             const char *pid,
-                            const struct timeval *tv) {
+                            const struct timeval *tv,
+                            const char *syslog_structured_data,
+                            const char *syslog_msgid) {
 
        int r;
 
@@ -248,7 +258,7 @@ int manager_push_to_network(Manager *m,
                return 0;
 
        if (m->log_format == SYSLOG_TRANSMISSION_LOG_FORMAT_RFC_5424)
-               r = format_rfc5424(m, severity, facility, identifier, message, hostname, pid, tv);
+               r = format_rfc5424(m, severity, facility, identifier, message, hostname, pid, tv, syslog_structured_data, syslog_msgid);
        else
                r = format_rfc3339(m, severity, facility, identifier, message, hostname, pid, tv);
 

src/share/conf-parser.c

@@ -479,3 +479,35 @@ int config_parse_string(
 
         return 0;
 }
+
+int config_parse_bool(
+                const char* unit,
+                const char *filename,
+                unsigned line,
+                const char *section,
+                unsigned section_line,
+                const char *lvalue,
+                int ltype,
+                const char *rvalue,
+                void *data,
+                void *userdata) {
+
+        bool fatal = ltype;
+        bool *b = data;
+        int k;
+
+        assert(filename);
+        assert(lvalue);
+        assert(rvalue);
+
+        k = parse_boolean(rvalue);
+        if (k < 0) {
+                log_syntax(unit, fatal ? LOG_ERR : LOG_WARNING, filename, line, k,
+                           "Failed to parse boolean value%s: %s",
+                           fatal ? "" : ", ignoring", rvalue);
+                return fatal ? -ENOEXEC : 0;
+        }
+
+        *b = k;
+        return 0;
+}

src/share/conf-parser.h

@@ -88,6 +88,7 @@ int config_parse_many(const char *conf_file,      /* possibly NULL */
 
 /* Generic parsers */
 int config_parse_string(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
+int config_parse_bool(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
 
 #define DEFINE_CONFIG_PARSE_ENUM(function,name,type,msg)                \
         int function(const char *unit,                                  \