From 191ad7e362673e79357320d39ecd2a1ed66cd466 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= Date: Wed, 30 Oct 2024 11:15:13 +0100 Subject: [PATCH 1/3] Do not override StructuredData= In case StructuredData= is set, actually use it and do not override it with the SYSLOG_STRUCTURED_DATA= parsed data. Fixes: 205dbe61 ("Actually respect UseSysLogStructuredData= and UseSysLogMsgId= settings") --- src/netlog/netlog-manager.c | 2 +- src/netlog/netlog-protocol.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/netlog/netlog-manager.c b/src/netlog/netlog-manager.c index 05655f0..9835b24 100644 --- a/src/netlog/netlog-manager.c +++ b/src/netlog/netlog-manager.c @@ -198,7 +198,7 @@ static int manager_read_journal_input(Manager *m) { message, hostname, pid, r >= 0 ? &tv : NULL, - m->structured_data ? structured_data : NULL, + structured_data, m->syslog_msgid ? msgid : NULL); } diff --git a/src/netlog/netlog-protocol.c b/src/netlog/netlog-protocol.c index 38d436f..e96726b 100644 --- a/src/netlog/netlog-protocol.c +++ b/src/netlog/netlog-protocol.c @@ -150,7 +150,7 @@ int format_rfc5424(Manager *m, /* Eighth: [structured-data] */ if (m->structured_data) IOVEC_SET_STRING(iov[n++], m->structured_data); - else if (syslog_structured_data) + else if (m->syslog_structured_data && syslog_structured_data) IOVEC_SET_STRING(iov[n++], syslog_structured_data); else IOVEC_SET_STRING(iov[n++], RFC_5424_NILVALUE); From 453ce7a79b77b9329974e3ab2de7b7be3beab0dd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= Date: Wed, 30 Oct 2024 11:29:03 +0100 Subject: [PATCH 2/3] Small formatting changes to ReadMe --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index bef60b7..4f42cec 100644 --- a/README.md +++ b/README.md @@ -56,7 +56,7 @@ systemd-netlogd reads configuration files named `/etc/systemd/netlogd.conf` and Controls whether log messages received by the systemd-netlogd daemon shall be forwarded to a unicast UDP address or multicast UDP network group in syslog RFC 5424 format. The the address string format is similar to socket units. See systemd.socket(1) Protocol= - Specifies whether to use udp, tcp, tls or dtls (Datagram Transport Layer Security) protocol. Defaults to udp. + Specifies whether to use udp, tcp, tls or dtls (Datagram Transport Layer Security) protocol. Defaults to udp. LogFormat= Specifies whether to use RFC 5424 format or RFC 3339 format. Takes one of rfc5424 or rfc3339. Defaults to rfc5424. @@ -65,7 +65,7 @@ systemd-netlogd reads configuration files named `/etc/systemd/netlogd.conf` and Takes a directory path. Specifies whether to operate on the specified journal directory DIR instead of the default runtime and system journal paths. Namespace= - Takes a journal namespace identifier string as argument. If not specified the data collected by the default namespace is shown. If specified shows the log data of the specified namespace instead. If the namespace is specified as "*" data from all namespaces is shown, interleaved. If the namespace identifier is prefixed with "+" data from the specified namespace and the default namespace is shown, interleaved, but no other + Takes a journal namespace identifier string as argument. If not specified the data collected by the default namespace is shown. If specified shows the log data of the specified namespace instead. If the namespace is specified as "*" data from all namespaces is shown, interleaved. If the namespace identifier is prefixed with "+" data from the specified namespace and the default namespace is shown, interleaved, but no other. ConnectionRetrySec= Specifies the minimum delay before subsequent attempts to contact a Log server are made. Takes a time span value. The default unit is seconds, but other units may be specified, see systemd.time(5). Defaults to 30 seconds and must not be smaller than 1 second. From 435d0059e0f05a58bd83cce211368616498642e8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= Date: Wed, 30 Oct 2024 11:29:33 +0100 Subject: [PATCH 3/3] Warn on suspicious configuration settings --- src/netlog/netlog-conf.c | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/src/netlog/netlog-conf.c b/src/netlog/netlog-conf.c index 4d5ee5d..608b57d 100644 --- a/src/netlog/netlog-conf.c +++ b/src/netlog/netlog-conf.c @@ -216,5 +216,28 @@ int manager_parse_config_file(Manager *m) { m->connection_retry_usec = DEFAULT_CONNECTION_RETRY_USEC; } + if (m->auth_mode != OPEN_SSL_CERTIFICATE_AUTH_MODE_DENY + && m->protocol != SYSLOG_TRANSMISSION_PROTOCOL_TLS + && m->protocol != SYSLOG_TRANSMISSION_PROTOCOL_DTLS) + log_warning("TLSCertificateAuthMode= set but unencrypted %s connection specified.", protocol_to_string(m->protocol)); + + if (m->dir && m->namespace) + log_warning("Ignoring Namespace= setting since Directory= is set."); + + if (m->structured_data && m->syslog_structured_data) + log_warning("Ignoring UseSysLogStructuredData= since StructuredData= is set."); + + if (timestamp_is_set(m->keep_alive_time) && !m->keep_alive) + log_warning("Ignoring KeepAliveTimeSec= since KeepAlive= is not set."); + + if (m->keep_alive_interval > 0 && !m->keep_alive) + log_warning("Ignoring KeepAliveIntervalSec= since KeepAlive= is not set."); + + if (m->keep_alive_cnt > 0 && !m->keep_alive) + log_warning("Ignoring KeepAliveProbes= since KeepAlive= is not set."); + + if (m->send_buffer != 0 && (m->send_buffer < 4096 || m->send_buffer > 128 * 1024 * 1024)) + log_warning("SendBuffer= set to an suspicious value of %zu.", m->send_buffer); + return 0; }