From thomas@bert.mlan.solnet.ch  Wed Feb 20 18:38:37 2008
Return-Path: <thomas@bert.mlan.solnet.ch>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 0DCAE16A411
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 20 Feb 2008 18:38:37 +0000 (UTC)
	(envelope-from thomas@bert.mlan.solnet.ch)
Received: from bert.mlan.solnet.ch (bert.mlan.solnet.ch [212.101.1.83])
	by mx1.freebsd.org (Postfix) with ESMTP id 82F4D13C45D
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 20 Feb 2008 18:38:35 +0000 (UTC)
	(envelope-from thomas@bert.mlan.solnet.ch)
Received: from bert.mlan.solnet.ch (localhost.mlan.solnet.ch [127.0.0.1])
	by bert.mlan.solnet.ch (8.14.2/8.14.2) with ESMTP id m1KIMsLY004151
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 20 Feb 2008 19:22:54 +0100 (CET)
	(envelope-from thomas@bert.mlan.solnet.ch)
Received: (from thomas@localhost)
	by bert.mlan.solnet.ch (8.14.2/8.14.2/Submit) id m1KIMsH6004150;
	Wed, 20 Feb 2008 19:22:54 +0100 (CET)
	(envelope-from thomas)
Message-Id: <200802201822.m1KIMsH6004150@bert.mlan.solnet.ch>
Date: Wed, 20 Feb 2008 19:22:54 +0100 (CET)
From: Thomas Vogt <thomas@bsdunix.ch>
Reply-To: Thomas Vogt <thomas@bsdunix.ch>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: enhancement to syslogd - always printing local time
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         120891
>Category:       bin
>Synopsis:       [patch] enhancement to syslogd(8) - always printing local time
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Wed Feb 20 18:40:02 UTC 2008
>Closed-Date:    Tue Jul 10 03:36:49 UTC 2012
>Last-Modified:  Tue Jul 10 03:39:54 UTC 2012
>Originator:     Thomas Vogt
>Release:        FreeBSD 7.0-RC1 i386
>Organization:
>Environment:
System: FreeBSD bert.mlan.solnet.ch 7.0-RC1 FreeBSD 7.0-RC1 #12: Tue Jan 29 10:06:24 CET 2008 root@bert.mlan.solnet.ch:/usr/obj/usr/src/sys/BERT i386


	
>Description:

Both patches are obtained from NetBSD. 

syslogd has currently an undocumented feature. if it does not recognize the timestamp field 
in the received message or if there is no timestamp at all like in Foundry XMR, it generates it,
based on the local time. We should document this behaviour in syslogd.8

There are switches which don't have NTP, so their time is meaningless.
Generate a useful timestamp for all messages received from network, regardless of validity of the timestamp field.
I expect that such a feature can be generally useful.
This patch which implements a -T option, causing syslogd to
generate a timestamp field for all messages received over the network. 

Original syslog entry, switch has GMT time:
Feb 20 18:14:45 zuchwil-foundry-sw1.foobar.com zuchwil-foundry-sw1 ACL: ACL: List 11 permitted tcp 212.101.1.83(telnet)(Ethernet 25 0014.a87c.9bc1) -> 212.101.XX.XX(telnet), 1 event(s) 

With the new -T option my localtime of the syslogd machine (GMT+1) will be added too at the begining of the line:
Feb 20 19:18:57 zuchwil-foundry-sw1.foobar.com Feb 20 18:18:57 zuchwil-fb-sw1 ACL: ACL: List 11 permitted tcp 212.101.1.83(telnet)(Ethernet 25 0014.a87c.9bc1) -> 212.101.XX.XX(telnet)


>How-To-Repeat:
	
>Fix:


--- syslogd.c.orig	2008-02-20 14:00:11.000000000 +0100
+++ syslogd.c	2008-02-20 14:00:27.000000000 +0100
@@ -292,6 +292,7 @@
 
 struct allowedpeer *AllowedPeers; /* List of allowed peers */
 static int	NumAllowed;	/* Number of entries in AllowedPeers */
+static int      RemoteAddDate;  /* always add date to messages from network */
 
 static int	UniquePriority;	/* Only log specified priority? */
 static int	LogFacPri;	/* Put facility and priority in log message: */
@@ -321,7 +322,7 @@
 static void	log_deadchild(pid_t, int, const char *);
 static void	markit(void);
 static int	skip_message(const char *, const char *, int);
-static void	printline(const char *, char *);
+static void	printline(const char *, char *, int);
 static void	printsys(char *);
 static int	p_open(const char *, pid_t *);
 static void	readklog(void);
@@ -351,7 +352,7 @@
 	socklen_t len;
 
 	bindhostname = NULL;
-	while ((ch = getopt(argc, argv, "46Aa:b:cCdf:kl:m:nop:P:sS:uv")) != -1)
+	while ((ch = getopt(argc, argv, "46Aa:b:cCdf:kl:m:nop:P:sS:Tuv")) != -1)
 		switch (ch) {
 		case '4':
 			family = PF_INET;
@@ -448,6 +449,9 @@
 				errx(1, "%s path too long, exiting", optarg);
 			funix_secure.name = optarg;
 			break;
+	        case 'T':
+  	                RemoteAddDate = 1;
+  	                break;
 		case 'u':		/* only log specified priority */
 			UniquePriority++;
 			break;
@@ -640,7 +644,7 @@
 						hname = cvthname((struct sockaddr *)&frominet);
 						unmapped((struct sockaddr *)&frominet);
 						if (validate((struct sockaddr *)&frominet, hname))
-							printline(hname, line);
+							printline(hname, line, RemoteAddDate ? ADDDATE : 0);
 					} else if (l < 0 && errno != EINTR)
 						logerror("recvfrom inet");
 				}
@@ -653,7 +657,7 @@
 				    (struct sockaddr *)&fromunix, &len);
 				if (l > 0) {
 					line[l] = '\0';
-					printline(LocalHostName, line);
+					printline(LocalHostName, line, 0);
 				} else if (l < 0 && errno != EINTR)
 					logerror("recvfrom unix");
 			}
@@ -693,7 +697,7 @@
 {
 
 	fprintf(stderr, "%s\n%s\n%s\n%s\n",
-		"usage: syslogd [-46ACcdknosuv] [-a allowed_peer]",
+		"usage: syslogd [-46ACcdknosTuv] [-a allowed_peer]",
 		"               [-b bind_address] [-f config_file]",
 		"               [-l [mode:]path] [-m mark_interval]",
 		"               [-P pid_file] [-p log_socket]");
@@ -705,7 +709,7 @@
  * on the appropriate log files.
  */
 static void
-printline(const char *hname, char *msg)
+printline(const char *hname, char *msg, int flags)
 {
 	char *p, *q;
 	long n;
@@ -758,7 +762,7 @@
 	}
 	*q = '\0';
 
-	logmsg(pri, line, hname, 0);
+	logmsg(pri, line, hname, flags);
 }
 
 /*


--- syslogd.8.orig	2008-02-20 14:18:55.000000000 +0100
+++ syslogd.8	2008-02-20 14:18:59.000000000 +0100
@@ -225,6 +225,12 @@
 If
 specified twice, no network socket will be opened at all, which also
 disables logging to remote machines.
+.It Fl T
+Always use the local time and date for messages received from the
+network, instead of the timestamp field supplied in the message
+by the remote host.
+This is useful if some of the originating hosts can't keep time
+properly or are unable to generate a correct timestamp.
 .It Fl u
 Unique priority logging.
 Only log messages at the specified priority.
@@ -291,6 +297,14 @@
 option is specified);
 therefore, they must be created manually before running
 .Nm .
+.Pp
+The date and time are taken from the received message.
+If the format of the timestamp field is incorrect, time obtained from
+the local host is used instead.
+This can be overriden by the
+.Fl T
+flag.
+.Pp
 .Sh FILES
 .Bl -tag -width /var/run/syslog.pid -compact
 .It Pa /etc/syslog.conf
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->dwmalone 
Responsible-Changed-By: dwmalone 
Responsible-Changed-When: Wed Feb 20 21:54:56 UTC 2008 
Responsible-Changed-Why:  
I said that I would have a look at this. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=120891 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: bin/120891: commit references a PR
Date: Thu, 25 Sep 2008 09:28:38 +0000 (UTC)

 dwmalone    2008-09-25 09:28:18 UTC
 
   FreeBSD src repository
 
   Modified files:
     usr.sbin/syslogd     syslogd.8 syslogd.c 
   Log:
   SVN rev 183347 on 2008-09-25 09:28:18Z by dwmalone
   
   Add a flag, -T, that tells syslogd to always replace the timestamp on
   messages from the network. We already replace malformatted timestamps
   and this option lets us replace timestamps that are correctly formatted
   but wrong.
   
   PR:             120891
   Submitted by:   Thomas Vogt <thomas@bsdunix.ch>
   MFC after:      1 week
   
   Revision  Changes    Path
   1.63      +12 -0     src/usr.sbin/syslogd/syslogd.8
   1.159     +12 -7     src/usr.sbin/syslogd/syslogd.c
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: open->patched 
State-Changed-By: dwmalone 
State-Changed-When: Thu Sep 25 09:32:49 UTC 2008 
State-Changed-Why:  
Patch applied to -current. I will try and merge it before 7.1. 

David. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=120891 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: bin/120891: commit references a PR
Date: Wed, 14 Mar 2012 21:46:04 +0000 (UTC)

 Author: sbruno
 Date: Wed Mar 14 21:45:45 2012
 New Revision: 232987
 URL: http://svn.freebsd.org/changeset/base/232987
 
 Log:
   MFC r183347
   Add a flag, -T, that tells syslogd to always replace the timestamp on
   messages from the network. We already replace malformatted timestamps
   and this option lets us replace timestamps that are correctly formatted
   but wrong.
   
   PR:		120891
   Submitted by:	Thomas Vogt <thomas@bsdunix.ch>
   MFC after:	1 week
   
   MFC r186263
   Fixing !INET6 builds after bumping WARNS to 3.
   
   MFC r186331
   Constify 'name' field in struct funix.  This commit makes syslogd(8)
   WARNS?=6 on amd64 but I have not tested under universe so keep WARNS?=
   level as-is for now.
   
   MFC r186234
   Rather than hardcode the 'struct iovec iov' array size, use a #define.
   While I'm here bump WARNS to 3.
   
   Obtained from:	Juniper Networks
   
   MFC r186236
   Use passed parameter rather than the #define.
   (more accurate extraction of Juniper Networks change)
   
   MFC r224002
   Add a new option, -N to disable the default and recommended syslogd(8)
   behavior, which binds to the well known UDP port.
   
   This option implies -s.
   
   Obtained from:	delphij@ obrien@ avatar@ trhodes@ dwmalone@
 
 Modified:
   stable/7/usr.sbin/syslogd/syslogd.8
   stable/7/usr.sbin/syslogd/syslogd.c
 Directory Properties:
   stable/7/usr.sbin/syslogd/   (props changed)
 
 Modified: stable/7/usr.sbin/syslogd/syslogd.8
 ==============================================================================
 --- stable/7/usr.sbin/syslogd/syslogd.8	Wed Mar 14 21:26:06 2012	(r232986)
 +++ stable/7/usr.sbin/syslogd/syslogd.8	Wed Mar 14 21:45:45 2012	(r232987)
 @@ -36,7 +36,7 @@
  .Nd log systems messages
  .Sh SYNOPSIS
  .Nm
 -.Op Fl 468ACcdknosuv
 +.Op Fl 468ACcdkNnosuv
  .Op Fl a Ar allowed_peer
  .Op Fl b Ar bind_address
  .Op Fl f Ar config_file
 @@ -207,6 +207,13 @@ facility is reserved for messages read d
  Select the number of minutes between
  .Dq mark
  messages; the default is 20 minutes.
 +.It Fl N
 +Disable binding on UDP sockets.  RFC 3164 recommends that outgoing
 +syslogd messages should originate from the privileged port, this
 +option
 +.Em disables
 +the recommended behavior.  This option inherits
 +.Fl s .
  .It Fl n
  Disable dns query for every request.
  .It Fl o
 @@ -242,6 +249,11 @@ Do not log messages from remote machines
  If
  specified twice, no network socket will be opened at all, which also
  disables logging to remote machines.
 +.It Fl T
 +Always use the local time and date for messages received from the network,
 +instead of the timestamp field supplied in the message by the remote host.
 +This is useful if some of the originating hosts can't keep time properly
 +or are unable to generate a correct timestamp.
  .It Fl u
  Unique priority logging.
  Only log messages at the specified priority.
 @@ -308,6 +320,13 @@ will not append to log files that do not
  option is specified);
  therefore, they must be created manually before running
  .Nm .
 +.Pp
 +The date and time are taken from the received message.
 +If the format of the timestamp field is incorrect,
 +time obtained from the local host is used instead.
 +This can be overriden by the
 +.Fl T
 +flag.
  .Sh FILES
  .Bl -tag -width /var/run/syslog.pid -compact
  .It Pa /etc/syslog.conf
 
 Modified: stable/7/usr.sbin/syslogd/syslogd.c
 ==============================================================================
 --- stable/7/usr.sbin/syslogd/syslogd.c	Wed Mar 14 21:26:06 2012	(r232986)
 +++ stable/7/usr.sbin/syslogd/syslogd.c	Wed Mar 14 21:45:45 2012	(r232987)
 @@ -128,7 +128,7 @@ const char	ctty[] = _PATH_CONSOLE;
   */
  struct funix {
  	int			s;
 -	char			*name;
 +	const char		*name;
  	mode_t			mode;
  	STAILQ_ENTRY(funix)	next;
  };
 @@ -277,6 +277,7 @@ static int	fklog = -1;	/* /dev/klog */
  static int	Initialized;	/* set when we have initialized ourselves */
  static int	MarkInterval = 20 * 60;	/* interval between marks in seconds */
  static int	MarkSeq;	/* mark sequence number */
 +static int	NoBind;		/* don't bind() as suggested by RFC 3164 */
  static int	SecureMode;	/* when true, receive only unix domain socks */
  #ifdef INET6
  static int	family = PF_UNSPEC; /* protocol family (IPv4, IPv6 or both) */
 @@ -293,6 +294,7 @@ static char	bootfile[MAXLINE+1]; /* boot
  
  struct allowedpeer *AllowedPeers; /* List of allowed peers */
  static int	NumAllowed;	/* Number of entries in AllowedPeers */
 +static int	RemoteAddDate;	/* Always set the date on remote messages */
  
  static int	UniquePriority;	/* Only log specified priority? */
  static int	LogFacPri;	/* Put facility and priority in log message: */
 @@ -322,7 +324,7 @@ static void	logmsg(int, const char *, co
  static void	log_deadchild(pid_t, int, const char *);
  static void	markit(void);
  static int	skip_message(const char *, const char *, int);
 -static void	printline(const char *, char *);
 +static void	printline(const char *, char *, int);
  static void	printsys(char *);
  static int	p_open(const char *, pid_t *);
  static void	readklog(void);
 @@ -352,7 +354,8 @@ main(int argc, char *argv[])
  	socklen_t len;
  
  	bindhostname = NULL;
 -	while ((ch = getopt(argc, argv, "468Aa:b:cCdf:kl:m:nop:P:sS:uv")) != -1)
 +	while ((ch = getopt(argc, argv, "468Aa:b:cCdf:kl:m:nNop:P:sS:Tuv"))
 +	    != -1)
  		switch (ch) {
  		case '4':
  			family = PF_INET;
 @@ -430,6 +433,10 @@ main(int argc, char *argv[])
  		case 'm':		/* mark interval */
  			MarkInterval = atoi(optarg) * 60;
  			break;
 +		case 'N':
 +			NoBind = 1;
 +			SecureMode = 1;
 +			break;
  		case 'n':
  			resolve = 0;
  			break;
 @@ -452,6 +459,9 @@ main(int argc, char *argv[])
  				errx(1, "%s path too long, exiting", optarg);
  			funix_secure.name = optarg;
  			break;
 +		case 'T':
 +			RemoteAddDate = 1;
 +			break;
  		case 'u':		/* only log specified priority */
  			UniquePriority++;
  			break;
 @@ -644,7 +654,7 @@ main(int argc, char *argv[])
  						hname = cvthname((struct sockaddr *)&frominet);
  						unmapped((struct sockaddr *)&frominet);
  						if (validate((struct sockaddr *)&frominet, hname))
 -							printline(hname, line);
 +							printline(hname, line, RemoteAddDate ? ADDDATE : 0);
  					} else if (l < 0 && errno != EINTR)
  						logerror("recvfrom inet");
  				}
 @@ -657,7 +667,7 @@ main(int argc, char *argv[])
  				    (struct sockaddr *)&fromunix, &len);
  				if (l > 0) {
  					line[l] = '\0';
 -					printline(LocalHostName, line);
 +					printline(LocalHostName, line, 0);
  				} else if (l < 0 && errno != EINTR)
  					logerror("recvfrom unix");
  			}
 @@ -697,7 +707,7 @@ usage(void)
  {
  
  	fprintf(stderr, "%s\n%s\n%s\n%s\n",
 -		"usage: syslogd [-468ACcdknosuv] [-a allowed_peer]",
 +		"usage: syslogd [-468ACcdknosTuv] [-a allowed_peer]",
  		"               [-b bind_address] [-f config_file]",
  		"               [-l [mode:]path] [-m mark_interval]",
  		"               [-P pid_file] [-p log_socket]");
 @@ -709,7 +719,7 @@ usage(void)
   * on the appropriate log files.
   */
  static void
 -printline(const char *hname, char *msg)
 +printline(const char *hname, char *msg, int flags)
  {
  	char *p, *q;
  	long n;
 @@ -762,7 +772,7 @@ printline(const char *hname, char *msg)
  	}
  	*q = '\0';
  
 -	logmsg(pri, line, hname, 0);
 +	logmsg(pri, line, hname, flags);
  }
  
  /*
 @@ -2180,10 +2190,13 @@ allowaddr(char *s)
  	char *cp1, *cp2;
  	struct allowedpeer ap;
  	struct servent *se;
 -	int masklen = -1, i;
 +	int masklen = -1;
  	struct addrinfo hints, *res;
  	struct in_addr *addrp, *maskp;
 +#ifdef INET6
 +	int i;
  	u_int32_t *addr6p, *mask6p;
 +#endif
  	char ip[NI_MAXHOST];
  
  #ifdef INET6
 @@ -2339,12 +2352,15 @@ allowaddr(char *s)
  static int
  validate(struct sockaddr *sa, const char *hname)
  {
 -	int i, j, reject;
 +	int i;
  	size_t l1, l2;
  	char *cp, name[NI_MAXHOST], ip[NI_MAXHOST], port[NI_MAXSERV];
  	struct allowedpeer *ap;
  	struct sockaddr_in *sin4, *a4p = NULL, *m4p = NULL;
 +#ifdef INET6
 +	int j, reject;
  	struct sockaddr_in6 *sin6, *a6p = NULL, *m6p = NULL;
 +#endif
  	struct addrinfo hints, *res;
  	u_short sport;
  
 @@ -2647,13 +2663,24 @@ socksetup(int af, const char *bindhostna
  			close(*s);
  			continue;
  		}
 -		if (bind(*s, r->ai_addr, r->ai_addrlen) < 0) {
 -			close(*s);
 -			logerror("bind");
 -			continue;
 -		}
 +		/*
 +		 * RFC 3164 recommends that client side message
 +		 * should come from the privileged syslogd port.
 +		 *
 +		 * If the system administrator choose not to obey
 +		 * this, we can skip the bind() step so that the
 +		 * system will choose a port for us.
 +		 */
 +		if (!NoBind) {
 +			if (bind(*s, r->ai_addr, r->ai_addrlen) < 0) {
 +				close(*s);
 +				logerror("bind");
 +				continue;
 +			}
  
 -		double_rbuf(*s);
 +			if (!SecureMode)
 +				double_rbuf(*s);
 +		}
  
  		(*socks)++;
  		s++;
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: patched->closed 
State-Changed-By: eadler 
State-Changed-When: Tue Jul 10 03:36:48 UTC 2012 
State-Changed-Why:  
MFCed a while back  r232987 

http://www.freebsd.org/cgi/query-pr.cgi?pr=120891 
Responsible-Changed-From-To: dwmalone->freebsd-bugs 
Responsible-Changed-By: eadler 
Responsible-Changed-When: Tue Jul 10 03:39:53 UTC 2012 
Responsible-Changed-Why:  
over to the pool (approved by bugmeister) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=120891 
>Unformatted:
