Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding datagram-socket functionality #36

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Adding datagram-socket functionality #36

wants to merge 1 commit into from

Conversation

halides
Copy link

@halides halides commented Mar 5, 2013

Moved 'int sock' declaration to class definiton in the header, as it is needed in more places than with just a stream socket.
I've added only the offset for the 32bit source code distribution.

I tried a couple of if's to choose whether to print or not the newline (audit_handler.cc, around line 491). I also took a look at using the msg_delimiter but I'm still running on low steam and this is my second to last day at this workplace. Maybe you have a good idea for this?

What I gathered from rsyslog doing a proper parser for the JSON is a bit of a pain. As far as I understood you need to actually write it in weird "rsyslog C" and then compile it into the binary.
Sending the messages from the audit plugin in the current syslog format http://tools.ietf.org/html/rfc5424 or the legacy format http://tools.ietf.org/html/rfc3164 would make things easier. I'll actually see if I can make sense of the event_formatter and make an optional formatter.

I figured a month would be enough to do this properly (as a side project during work) but a bad case of sciatica renders it's toll. Last three weeks my ability to concentrate has been most lacking.

@halides
Writing to a datagram socket functional.
257553a 
Moved 'int sock' declaration to class definiton in the header, as it is needed in more places than with just a stream socket.
I've added only the offset for the 32bit source code distribution.
@glicht
Copy link
Contributor

glicht commented Mar 6, 2013

Thanks for the pull request. We will review and see how to merge this in.

@lurdan
Copy link

lurdan commented May 13, 2013

ping?

@glicht
Copy link
Contributor

glicht commented May 14, 2013

Hi,

We didn't merge this yet into the source tree as wanted to do some testing
before and we still didn't get the chance.

You can try working with the suggested patch. Would appreciate to hear any
feedback.

Guy
On May 13, 2013 5:45 AM, "lurdan" [email protected] wrote:

ping?


Reply to this email directly or view it on GitHubhttps://github.com//pull/36#issuecomment-17790717
.

@ruckc
Copy link

ruckc commented Feb 3, 2014

I tested this and somehow the json is getting severely mangled... Its missing a syslog tag and the opening JSON bracket & quote. Its also getting blank messages, nothing after hostname.

<0>2014-02-03T14:43:30.503391+00:00 localhost.localdomain msg-type":"activity","date":"139 distinct t.triggerid,t.expression from triggers t,functions f,items i where t.triggerid=f.triggerid and f.itemid=i.itemid and i.hostid=10086 and t.description='Free disk space is less than 5% on volume /data' and t.triggerid<>14454"}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@halides @glicht @lurdan @ruckc