pax_global_header00006660000000000000000000000064114061052460014511gustar00rootroot0000000000000052 comment=e3566a58fec9302ebb13e7406d6f77ca49fdbc99 eventlog-0.2.12/000077500000000000000000000000001140610524600134165ustar00rootroot00000000000000eventlog-0.2.12/.arch-inventory000066400000000000000000000002271140610524600163700ustar00rootroot00000000000000precious ^(autom4te\.cache|compile|config\.guess|config\.h\.in|config\.sub|configure|depcomp|install-sh|ltmain\.sh|missing|mkinstalldirs|aclocal\.m4)$ eventlog-0.2.12/.gitignore000066400000000000000000000002241140610524600154040ustar00rootroot00000000000000Makefile.in aclocal.m4 autom4te.cache compile config.guess config.h.in config.sub configure depcomp install-sh ltmain.sh missing mkinstalldirs *.m4 eventlog-0.2.12/AUTHORS000066400000000000000000000001011140610524600144560ustar00rootroot00000000000000EventLog has been written by Balazs Scheidler eventlog-0.2.12/COPYING000066400000000000000000000026241140610524600144550ustar00rootroot00000000000000 Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. Neither the name of BalaBit nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY BALABIT AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. eventlog-0.2.12/CREDITS000066400000000000000000000003441140610524600144370ustar00rootroot00000000000000EventLog contains a couple of ideas which are based on the discussion on the log-analysis mailing list. Namely: Tina Bird Marcus J. Ranum Darren Reed marc Rainer Gerhards Thanks for their comments. eventlog-0.2.12/ChangeLog000066400000000000000000000115211140610524600151700ustar00rootroot00000000000000# do not edit -- automatically generated by arch changelog # arch-tag: automatic-ChangeLog--bazsi@balabit.hu--bazsi-1/eventlog--mainline--1.0 # 2005-12-03 11:21:29 GMT Balazs Scheidler patch-9 Summary: some more build system specific fixes, eventlog can now be released with ZBS Revision: eventlog--mainline--1.0--patch-9 new files: .arch-ids/VERSION.id .arch-ids/dist.conf.in.id VERSION dist.conf.in modified files: ChangeLog Makefile.am NEWS configure.in debian/changelog.in renamed files: debian/.arch-ids/changelog.id ==> debian/.arch-ids/changelog.in.id debian/changelog ==> debian/changelog.in 2005-12-03 10:11:14 GMT Balazs Scheidler patch-8 Summary: added Debianization files, released 0.2.4 Revision: eventlog--mainline--1.0--patch-8 2005-12-03 Balazs Scheidler * configure.in: bumped to 0.2.4 * debian/*: added Debianization new files: .arch-ids/ChangeLog.id ChangeLog debian/.arch-ids/=id debian/.arch-ids/changelog.id debian/.arch-ids/compat.id debian/.arch-ids/control.id debian/.arch-ids/copyright.id debian/.arch-ids/libevtlog-dev.install.id debian/.arch-ids/libevtlog0.install.id debian/.arch-ids/libevtlog0.shlibs.id debian/.arch-ids/rules.id debian/changelog debian/compat debian/control debian/copyright debian/libevtlog-dev.install debian/libevtlog0.install debian/libevtlog0.shlibs debian/rules modified files: Makefile.am NEWS PORTS configure.in doc/DESIGN.txt renamed files: .arch-ids/ChangeLog.id ==> .arch-ids/ChangeLog.0.id ChangeLog ==> ChangeLog.0 new directories: debian debian/.arch-ids 2005-08-08 07:40:56 GMT Balazs Scheidler patch-7 Summary: added AUTHORS and cleaned up non-tla managed files by adding an .arch-inventory Revision: eventlog--mainline--1.0--patch-7 new files: .arch-ids/.arch-inventory.id .arch-inventory modified files: {arch}/=tagging-method 2005-08-08 07:39:15 GMT Balazs Scheidler patch-6 Summary: added AUTHORS file Revision: eventlog--mainline--1.0--patch-6 new files: .arch-ids/AUTHORS.id AUTHORS 2005-02-12 23:03:30 GMT Balazs Scheidler patch-5 Summary: Committed the version number change, however eventlog has been released earlier. Revision: eventlog--mainline--1.0--patch-5 removed files: .arch-ids/Makefile.in.id Makefile.in src/.arch-ids/Makefile.in.id src/Makefile.in tests/.arch-ids/Makefile.in.id tests/Makefile.in modified files: configure.in eventlog.pc.in 2005-01-16 14:54:22 GMT Balazs Scheidler patch-4 Summary: inherit CFLAGS from the environment Revision: eventlog--mainline--1.0--patch-4 modified files: configure.in 2005-01-16 14:51:11 GMT Balazs Scheidler patch-3 Summary: Added COPYING file Revision: eventlog--mainline--1.0--patch-3 new files: .arch-ids/COPYING.id COPYING modified files: README configure.in eventlog.pc.in 2004-12-27 23:28:34 GMT Balazs Scheidler patch-2 Summary: changed default context flags Revision: eventlog--mainline--1.0--patch-2 2004-12-28 Balazs Scheidler * evtctx.c (evt_ctx_init): set default flags not to add extra tags by default modified files: ChangeLog configure.in src/evtctx.c 2004-12-26 23:13:56 GMT Balazs Scheidler patch-1 Summary: Fixed memory leak and out-of-tree builds Revision: eventlog--mainline--1.0--patch-1 2004-12-27 Balazs Scheidler * evtctx.c (evt_ctx_free): fixed tag-hook leak * tests/Makefile.am: fixed out-of-tree builds modified files: ChangeLog src/evtctx.c tests/Makefile.am tests/Makefile.in 2004-12-26 20:41:48 GMT Balazs Scheidler base-0 Summary: initial import Revision: eventlog--mainline--1.0--base-0 (automatically generated log message) new files: CREDITS ChangeLog Makefile Makefile.am Makefile.in NEWS PORTS README aclocal.m4 autogen.sh configure.in doc/API.txt doc/DESIGN.txt doc/configuration.txt eventlog.pc.in questions src/Makefile src/Makefile.am src/Makefile.in src/evt_internals.h src/evtctx.c src/evtfmt.c src/evtlog.h src/evtmaps.h src/evtout.c src/evtrec.c src/evtstr.c src/evtsyslog.c src/evttags.c tests/Makefile tests/Makefile.am tests/Makefile.in tests/evtfmt.c tests/evtrec.c tests/evtsyslog.c eventlog-0.2.12/ChangeLog.0000066400000000000000000000055251140610524600153350ustar00rootroot000000000000002004-12-28 Balazs Scheidler * evtctx.c (evt_ctx_init): set default flags not to add extra tags by default 2004-12-27 Balazs Scheidler * evtctx.c (evt_ctx_free): fixed tag-hook leak * tests/Makefile.am: fixed out-of-tree builds 2004-08-20 Balazs Scheidler * configure.in: bumped version number to 0.2 * configure.in: updated to autoconf 2.59 and automake 1.7.1, * src/evtlog.h: added support to several independent logging contexts, constructors directly return the constructed object instead of returning it through an argument, renamed evtstr_ prefix to evt_str_ to be more consistent, * src/evt_internals.h: renamed EVTCONFIG to EVTCONTEXT, made it reference counted, separated EVTSYSLOG from EVTCONTEXT, made it a separate global variable (as EVTCONFIG is not global anymore), reference counting functions are moved here (e.g. it is not publicly accessible) * src/*.c: followed changes in evtlog.h and evt_internals.h 2003-01-10 Balazs Scheidler * doc/API.txt: added doc on syslog compatibility * COPYING: changed to BSD license * src/evtout.c: instead of calling syslog() functions directly, call them through the function pointer * src/evtlog.h: added syslog compatibility by wrapper macros, only defined if EVENTLOG_SYSLOG_MACROS preprocessor symbol is defined * src/evtlog.c: call evt_syslog_wrapper_init() upon initialization * src/evt_internals.h: added EVTSYSLOG structure which contains function pointers for the libc syslog routines (it is needed to avoid direct calling of openlog, closelog, syslog as they might be defined inside the shared object) * src/evtsyslog.c: new file, contains the syslog-like functions and the dlsym based wrapper provided ENABLE_SYSLOG_WRAPPER is defined * configure.in: new configure option, --enable-syslog-wrapper which enables the dlsym based syslog() wrapper 2003-01-07 Balazs Scheidler * src/evt_internals.h (EVTTAG): et_prio member was dropped, log format is consistent, so it is easy to reorder tags at log analysis time * src/evtlog.h (evt_tag_*): removed prio argument, (evt_rec_ref): moved from internal to public API as it might be needed to avoid the free evt_log() does * src/evttags.c (evt_tag_*): removed prio argument * src/evtout.c (evt_log): the function consumes its argument, so no need for explicit free * src/evtmaps.h: removed priorities completely * src/evtrec.c: all tags are prepended to the list, no specific order is kept * tests/evtfmt.c, tests/evtrec.c: updated test programs * doc/configuration.txt: new file, contains the configuration file format * doc/DESIGN.txt: updated * doc/API.txt: updated 2003-01-06 Balazs Scheidler * configure.in: version 0.1 released * changelog started eventlog-0.2.12/Makefile.am000066400000000000000000000010751140610524600154550ustar00rootroot00000000000000 ACLOCAL_AMFLAGS=-I m4 SUBDIRS = src tests solbuild tgzbuild tgz2build winbuild EXTRA_DIST = VERSION NEWS PORTS CREDITS doc/API.txt doc/DESIGN.txt doc/configuration.txt \ debian/changelog debian/changelog.in debian/compat debian/control debian/copyright \ debian/libevtlog-dev.install debian/libevtlog0.install debian/libevtlog0.shlibs debian/rules \ eventlog.spec.bb.in eventlog.spec.bb \ balabit-vs-build makefile.msc pkgconfigdir = $(libdir)/pkgconfig pkgconfig_DATA = eventlog.pc debian/changelog: debian/changelog.in $(top_builddir)/config.status --file $@:$< eventlog-0.2.12/NEWS000066400000000000000000000030111140610524600141100ustar00rootroot00000000000000eventlog 0.2.8 Tue, 25 Mar 2008 21:03:00 +0100 Build system fixes. eventlog 0.2.7 Thu, 3 Jan 2008 13:27:28 +0100 Fixed eventlog.conf parsing to avoid crash for invalid syntax. eventlog 0.2.6 Mon, 30 Oct 2006 19:42:35 +0100 Added build scripts for RHEL3/4, Solaris, and AIX 5.2 eventlog 0.2.5 Sat, 15 Jul 2006 17:22:32 +0200 The order of tags is reversed. Previously eventlog generated messages with the tag ordering opposite of what the application requested. This is now fixed. eventlog 0.2.4 Sat, 03 Dec 2005 11:09:40 +0100 A proper release in a long time, syslog-ng itself relied on the latest snapshot until now. Added debianization files. ChangeLog is generated automatically based on tla commits. eventlog 0.1.2 Fri, 10 Jan 2003 10:15:48 +0100 Added two implementations of the syslog wrapper (macro and dlsym based). The dlsym() based can be enabled by configure-ing with the --enable-dlsym-wrapper option. The macro based can be used by defining the symbol EVENTLOG_SYSLOG_MACROS preprocessor symbol prior to including evtlog.h. eventlog 0.1.1 Tue, 7 Jan 2003 20:11:13 +0100 Incorporated first comments, evt_log now consumes its parameter, the tag ordering scheme was completely dropped. Also updated documentation, added a PORTS file and configuration.txt file eventlog 0.1 Mon, 6 Jan 2003 17:09:58 +0100 This is the initial release of eventlog, a structured event logging API. Not all features are implemented, but the basic building blocks are in place. eventlog-0.2.12/PORTS000066400000000000000000000002341140610524600142470ustar00rootroot00000000000000EventLog has been ported to the following systems: Platform Compiler used Debian GNU/Linux 3.0 woody gcc 2.95 Debian GNU/Linux 3.1 sarge gcc 3.3.5-13 eventlog-0.2.12/README000066400000000000000000000023111140610524600142730ustar00rootroot00000000000000 The EventLog library aims to be a replacement of the simple syslog() API provided on UNIX systems. The major difference between EventLog and syslog is that EventLog tries to add structure to messages. Where you had a simple non-structrured string in syslog() you have a combination of description and tag/value pairs. EventLog provides an interface to build, format and output an event record. The exact format and output method can be customized by the administrator via a configuration file. Installation ------------ Installing this library is quite straightforward as it does not depend on anything but libc. First grab your copy of the library. It is a tarball named eventlog-x.x.x.x.tar.gz where x.x.x.x is the library revision. tar xvfz eventlog-x.x.x.x.tar.gz cd eventlog-x.x.x.x ./configure make && make install If you want to package the library or move the binaries to another system, you can use the DESTDIR argument to 'make install' like this: make DESTDIR=/tmp/staging install which will use the /tmp/staging directory as root and copy all files beneath as it were a real system. Copyright --------- EventLog is distributed under the terms of a BSD style license, for details see the file COPYING. eventlog-0.2.12/VERSION000066400000000000000000000000071140610524600144630ustar00rootroot000000000000000.2.12 eventlog-0.2.12/autogen.sh000077500000000000000000000004011140610524600154120ustar00rootroot00000000000000#!/bin/sh # # $Id: autogen.sh,v 1.2 2004/08/20 19:46:28 bazsi Exp $ # # Run this script to generate Makefile skeletons and configure # scripts. # libtoolize -f -c aclocal -I m4 $* autoheader autoconf automake --add-missing --foreign --copy --force-missing eventlog-0.2.12/balabit-vs-build000077500000000000000000000044121140610524600164660ustar00rootroot00000000000000#!/bin/sh -e ZWACONF=./.zwaconf TARGET= set -e if [ -f $ZWACONF ]; then . $ZWACONF fi if [ -z "$TARGET" ]; then TARGET=$PWD/out fi get_version(){ head -1 debian/changelog | sed -e 's/.*(\([^)]*\)).*/\1/' } sed_file() { while [ -n "$1" ]; do in=$1.in out=$1 sed \ -e "s,@TARGET@,${TARGET},g" \ -e "s/@VERSION@/${VERSION}/g" \ $in > $out shift done } cmd=$1 shift case "$cmd" in get-version) get_version ;; prepare-dist) VERSION=`get_version` ;; dist-exclude-list|build-exclude-list) echo "out obj *.aqt *.ncb *.suo *.vcproj.*.user config.h" ;; bootstrap) ;; configure) OPTIONS=`getopt -l help,prefix: 'p:' $*` if [ $? -ne 0 ]; then echo "$0: unknown flags..." exit 1 fi eval set -- "$OPTIONS" while true ; do _arg=$1 if [ -z "$_arg" ]; then break fi case $1 in --prefix|-p) shift TARGET=`cygpath -u "$1"` ;; esac shift done echo "TARGET=$TARGET" > $ZWACONF ;; make) # kill variables declared by unix make with contents incompatible by nmake. unset MAKE unset MAKEFLAGS unset MAKEDIR set -x if [ -z "$ZBS_PREFIX" ]; then ZBS_PREFIX=. fi OUT=$ZBS_PREFIX/out if [ -n "$ZWA_INSTALL_DIR" ]; then export COMPILE_ENV="`cygpath -m $ZWA_INSTALL_DIR`" OUT=$COMPILE_ENV export DEP=$COMPILE_ENV fi export COMPILE_ENV="`cygpath -w $COMPILE_ENV`" if [ ! -f eventlog.pc ]; then # just make a dummy one to make makefile.msc happy sed_file eventlog.pc fi mkdir -p $OUT if [ -z "$1" ]; then nmake -nologo -f makefile.msc ROOT="`cygpath -w $OUT`" else case $1 in clean) nmake -nologo -f makefile.msc clean ROOT="`cygpath -w $OUT`" rm -f $ZWACONF ;; distclean) $0 clean ;; install) mkdir -p ${TARGET} if [ -n "$OUT" ] && [ "$OUT" != "`cygpath -m $TARGET`" ]; then cd ${OUT} mv * ${TARGET} fi ;; esac fi ;; *) echo "Unknown command: $cmd" exit 1 ;; esac exit 0 # vim: ts=2 sw=2 expandtab eventlog-0.2.12/configure.in000066400000000000000000000036071140610524600157350ustar00rootroot00000000000000dnl Process this file with autoconf to produce a configure script. AC_INIT(src/evtrec.c) dnl *************************************************************************** dnl definitions PACKAGE="eventlog" VERSION="`cat $srcdir/VERSION`" dnl *************************************************************************** dnl Initial setup if test -r $srcdir/dist.conf; then # read defaults, dist.conf does not change # values for parameters that are already set source $srcdir/dist.conf fi if test "`uname -s`" = "Linux";then CURRDATE=`date -R` else CURRDATE=`date +"%a, %d %b %Y %H:%M:%S %Z"` fi AM_INIT_AUTOMAKE($PACKAGE, $VERSION, 1) if test -n "$SNAPSHOT_VERSION"; then VERSION=$VERSION+$SNAPSHOT_VERSION fi AC_CONFIG_MACRO_DIR([m4]) AM_CONFIG_HEADER(config.h) AC_ARG_ENABLE(dlsym-wrapper, [ --enable-dlsym-wrapper Enable dlsym based syslog wrapper], enable_dlsym_wrapper=yes) AC_ARG_ENABLE(debug, [ --enable-debug Enable debug information], enable_debug=yes, enable_debug=no) dnl Checks for programs. AC_PROG_CC AM_PROG_LIBTOOL dnl Checks for libraries. dnl Checks for header files. dnl Checks for typedefs, structures, and compiler characteristics. AC_C_CONST dnl Checks for library functions. AC_CHECK_FUNCS(strdup strerror) if test "x$ac_compiler_gnu" = "xyes"; then CFLAGS="${CFLAGS} -Wall" if test "x$enable_debug" = "xyes"; then CFLAGS="-Wall -g" fi CPPFLAGS="-D_GNU_SOURCE" fi if test x$enable_dlsym_wrapper = xyes; then AC_CHECK_LIB(dl, dlsym) AC_DEFINE(ENABLE_DLSYM_WRAPPER, 1, [enable DLSYM wrapper]) fi AC_SUBST(CURRDATE) AC_SUBST(RELEASE_TAG) AC_SUBST(SNAPSHOT_VERSION) AC_SUBST(SOURCE_REVISION) AC_OUTPUT(Makefile src/Makefile tests/Makefile tgzbuild/Makefile tgz2build/Makefile eventlog.pc eventlog.spec.bb solbuild/Makefile winbuild/Makefile ) eventlog-0.2.12/debian/000077500000000000000000000000001140610524600146405ustar00rootroot00000000000000eventlog-0.2.12/debian/changelog.in000066400000000000000000000002671140610524600171240ustar00rootroot00000000000000@PACKAGE@ (@VERSION@) @RELEASE_TAG@; urgency=low * New upstream version. -- BalaBit Development Team @CURRDATE@ Local variables: mode: debian-changelog End: eventlog-0.2.12/debian/compat000066400000000000000000000000021140610524600160360ustar00rootroot000000000000003 eventlog-0.2.12/debian/control000066400000000000000000000035151140610524600162470ustar00rootroot00000000000000Source: eventlog Section: libs Priority: extra Maintainer: SZALAY Attila Build-depends: debhelper (>=4) Standards-Version: 3.6.2 Package: libevtlog0 Architecture: any Section: libs Depends: ${shlibs:Depends} Description: Syslog event logger library The EventLog library aims to be a replacement of the simple syslog() API provided on UNIX systems. The major difference between EventLog and syslog is that EventLog tries to add structure to messages. . EventLog provides an interface to build, format and output an event record. The exact format and output method can be customized by the administrator via a configuration file. . This package is the runtime part of the library. Package: libevtlog0-dbg Architecture: any Section: libdevel Depends: libevtlog0 (= ${Source-Version}) Description: Syslog event logger library debug symbols The EventLog library aims to be a replacement of the simple syslog() API provided on UNIX systems. The major difference between EventLog and syslog is that EventLog tries to add structure to messages. . EventLog provides an interface to build, format and output an event record. The exact format and output method can be customized by the administrator via a configuration file. . This package contains the debug symbols. Package: libevtlog-dev Architecture: any Section: libdevel Depends: libevtlog0 Description: Syslog even logger library development files The EventLog library aims to be a replacement of the simple syslog() API provided on UNIX systems. The major difference between EventLog and syslog is that EventLog tries to add structure to messages. . EventLog provides an interface to build, format and output an event record. The exact format and output method can be customized by the administrator via a configuration file. . This package contains the development files. eventlog-0.2.12/debian/copyright000066400000000000000000000006341140610524600165760ustar00rootroot00000000000000This package was debianized by SZALAY Attila on Tue May 24 20:33:23 CEST 2005 The original source can always be found at: http://www.balabit.hu/downloads/syslog-ng/1.9/src/ Upstream Author: Scheidler Balazs Copyright: * Copyright (c) 2003 BalaBit IT Ltd. * All rights reserved. * Author: Balazs Scheidler Please refer to /usr/share/common-licenses/BSD for details. eventlog-0.2.12/debian/libevtlog-dev.install000066400000000000000000000001441140610524600207720ustar00rootroot00000000000000usr/include/eventlog usr/lib/pkgconfig usr/lib/libevtlog.a usr/lib/libevtlog.la usr/lib/libevtlog.soeventlog-0.2.12/debian/libevtlog0.install000066400000000000000000000000271140610524600202760ustar00rootroot00000000000000usr/lib/libevtlog.so.* eventlog-0.2.12/debian/libevtlog0.shlibs000066400000000000000000000000421140610524600201110ustar00rootroot00000000000000libevtlog 0 libevtlog0 (>= 0.2.3) eventlog-0.2.12/debian/rules000077500000000000000000000021451140610524600157220ustar00rootroot00000000000000#!/usr/bin/make -f # Sample debian/rules that uses debhelper. # This file is public domain software, originally written by Joey Hess. # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 build: build-stamp build-stamp: dh_testdir # Add here commands to compile the package. ./configure --prefix=/usr $(MAKE) touch build-stamp clean: dh_testdir dh_testroot rm -f build-stamp -$(MAKE) distclean dh_clean install: build dh_testdir dh_testroot dh_clean -k dh_installdirs $(MAKE) install DESTDIR=`pwd`/debian/tmp/ # Build architecture-independent files here. binary-indep: build install # We have nothing to do by default. # Build architecture-dependent files here. binary-arch: build install dh_testdir dh_testroot dh_installchangelogs dh_installdocs dh_installexamples dh_install --fail-missing --sourcedir=debian/tmp dh_installman dh_link dh_strip -a --dbg-package=libevtlog0 dh_compress dh_fixperms dh_makeshlibs dh_installdeb dh_shlibdeps dh_gencontrol dh_md5sums dh_builddeb binary: binary-indep binary-arch .PHONY: build clean binary-indep binary-arch binary install eventlog-0.2.12/dist.conf.in000066400000000000000000000002201140610524600156270ustar00rootroot00000000000000# default environment parameters SNAPSHOT_VERSION=${SNAPSHOT_VERSION:-@SNAPSHOT_VERSION@} SOURCE_REVISION=${SOURCE_REVISION:-@SOURCE_REVISION@} eventlog-0.2.12/doc/000077500000000000000000000000001140610524600141635ustar00rootroot00000000000000eventlog-0.2.12/doc/API.txt000066400000000000000000000043611140610524600153410ustar00rootroot00000000000000 Application Programming Interface --------------------------------- The EventLog library implements a set of functions to construct, format and output event records. The public symbols are defined in the header file named , for a list and documentation of functions please consult that file as it contains inline function descriptions in gtk-doc format. It is very important to use consistent tag naming and that different applications use identify the same data with the same tag name. Therefore please use the predefined tag name if one is available. Predefined tag names are defined in the header file . This header is included by therefore you will not need to reference it explicitly. A third header file named "evt_internals.h" is defines the internals of the EventLog library. Please do not depend on its contents and don't include it directly. As this header file is not meant to be used in applications, it is not installed when the library is installed. Syslog compatibility -------------------- Most UNIX systems and therefore the programs running under UNIX use the syslog() API found in the libc for logging. Because of the large installed base it is worth supporting legacy applications before they are converted to use EventLog. Two different implementations of syslog compatibility is provided: macro and linker based. * Macro based compatibility This works by defining the syslog() function names as macros to refer to the compatibility functions found in EventLog. To use the macro based wrapper you will need to recompile the program from source: $ cc -DEVENTLOG_SYSLOG_MACROS syslogapp.c -levtlog * Linker based compatibility Some dynamic linker implementations (most notably: Linux and Solaris) support symbol overloading. EventLog can use this feature if the dlsym() function is present which supports RTLD_NEXT to fetch symbols hidden by EventLog itself. To enable this wrapper configure EventLog with the --enable-dlsym-wrapper configure option. To use the wrapper you simply need to preload the event log shared object like: $ LD_PRELOAD=/usr/lib/libeventlog.so.0 syslogapp Where syslogapp is the program to be run. As you can see the application itself did not need to be recompiled.eventlog-0.2.12/doc/DESIGN.txt000066400000000000000000000031731140610524600157010ustar00rootroot00000000000000Overview -------- This library was designed to support several event formats and multiple means of delivering messages. Therefore the process of sending a message to a log is separated to three independent parts: * Building the event record This is done by the application program using the library. It is a sequence of calling the following functions: evt_rec_init(...) evt_tag_str(...) / evt_tag_int(...) / evt_tag_printf(...) evt_log(...) /* consumes the log record, no need to free it */ The event record itself consists of the following properties: - a simple, constant human readable description of the event - an unordered set of tag/value pairs - a syslog compatible priority value (debug .. emerg) The record initialized by evt_rec_init() may contain a couple of tags by default (like pid, timestamp etc.) * Formatting the event record The way an event is formatted can be customized by the administrator. Several simple formats are available within the library, each having a unique identifier. The administrator refers to one of the formatters by using the "format" keyword in the /etc/eventlog.conf file. See the file configuration.txt to see the list of valid formatters. * Logging the event record The way an event record is sent to the log might also be customized by the administrator. Currently a single output method is implemented named 'local' which sends the message off by using syslog(). Additional methods are planned to be implemented like: - file - UDP syslog protocol (RFC3164) - plain TCP syslog protocol (as used by syslog-ng) - RFC3195 eventlog-0.2.12/doc/configuration.txt000066400000000000000000000006061140610524600175750ustar00rootroot00000000000000Configuration ------------- The library contains a very cruft configuration file parser which reads /etc/eventlog.conf. Each line in this file is in the form of: keyword value The following keywords are defined: * format: specifies which formatter to use (currently implemented: plain, xmlattr, xmltag) * outmethod: specifies which output method to use (currently implemented: local) eventlog-0.2.12/eventlog.pc.in000066400000000000000000000003441140610524600161730ustar00rootroot00000000000000prefix=@prefix@ exec_prefix=@exec_prefix@ libdir=@libdir@ includedir=@includedir@/eventlog Name: EventLog Description: General system logging format library Version: @VERSION@ Cflags: -I${includedir} Libs: -L${libdir} -levtlog eventlog-0.2.12/eventlog.spec.bb.in000066400000000000000000000042631140610524600171110ustar00rootroot00000000000000# # Specfile used by BalaBit internally. # Summary: Syslog event logger library Name: libevtlog0 Version: @VERSION@ Release: 1%{?dist} License: GPL Group: System Environment/Daemons Source: eventlog_%{version}.tar.gz URL: http://www.balabit.com Packager: Tamas Pal Vendor: Balabit IT Ltd. BuildRoot: %{_tmppath}/%{name}-root BuildRequires: bison, flex, gcc-c++ #BuildConflicts: #Exclusivearch: i386 %description The EventLog library aims to be a replacement of the simple syslog() API provided on UNIX systems. The major difference between EventLog and syslog is that EventLog tries to add structure to messages. EventLog provides an interface to build, format and output an event record. The exact format and output method can be customized by the administrator via a configuration file. This package is the runtime part of the library. %package -n libevtlog-dev Summary: libevtlog development package Group: Development/Libraries Requires: libevtlog0 = %{version} Provides: libevtlog-devel %description -n libevtlog-dev The EventLog library aims to be a replacement of the simple syslog() API provided on UNIX systems. The major difference between EventLog and syslog is that EventLog tries to add structure to messages. . EventLog provides an interface to build, format and output an event record. The exact format and output method can be customized by the administrator via a configuration file. . This package contains the development files. %prep %setup -q -n eventlog-%{version} %build # build syslog-ng using the bundled libol ./configure --prefix=%{_prefix} --libdir=%{_libdir} make %install #make install DESTDIR="$RPM_BUILD_ROOT" %makeinstall %files %defattr(-,root,root) %docdir %{prefix}/share/doc/libbevtlog0-@VERSION@ %ifnarch ppc %{_libdir}/libevtlog*.so* %endif %files -n libevtlog-dev %defattr(-,root,root) %{_includedir}/eventlog/*.h %{_libdir}/libevtlog.a %{_libdir}/libevtlog.la %ifnarch ppc %{_libdir}/libevtlog*.so %endif %{_libdir}/pkgconfig/eventlog.pc %ifnarch ppc %post -p /sbin/ldconfig %postun -p /sbin/ldconfig %check %endif %clean [ $RPM_BUILD_ROOT = / ] || rm -rf $RPM_BUILD_ROOT %changelog * Tue Oct 26 2006 Tamas Pal - initial packaging eventlog-0.2.12/m4/000077500000000000000000000000001140610524600137365ustar00rootroot00000000000000eventlog-0.2.12/m4/.placeholder000066400000000000000000000000001140610524600162070ustar00rootroot00000000000000eventlog-0.2.12/makefile.msc000077500000000000000000000006331140610524600157040ustar00rootroot00000000000000## Makefile for building the GLib dlls with Microsoft C ## Use: nmake -f makefile.msc PARTS = src all : \ sub-all sub-all: @if not exist $(COMPILE_ENV)\dep\debug mkdir $(COMPILE_ENV)\dep\debug for %d in ($(PARTS)) do @(cd %d && nmake -nologo -f makefile.msc all && cd .. || exit 2) clean : sub-clean sub-clean: for %d in ($(PARTS)) do @(cd %d && nmake -nologo -f makefile.msc clean && cd .. || exit 2) eventlog-0.2.12/questions000066400000000000000000000002571140610524600153770ustar00rootroot00000000000000 * tag naming, namespaces * tag ordering * character set? * output modules character conversion * how to store the (prio, tag name) tuple? * syslog facility/priority mapping? eventlog-0.2.12/solbuild/000077500000000000000000000000001140610524600152335ustar00rootroot00000000000000eventlog-0.2.12/solbuild/Makefile.am000066400000000000000000000003571140610524600172740ustar00rootroot00000000000000EXTRA_DIST = rules rules.conf pkginfo.dev pkginfo.lib pkgmaker.sh prototype-maker.sh admin pkginfo.dev: pkginfo.dev.in $(top_builddir)/config.status --file $@:$< pkginfo.lib: pkginfo.lib.in $(top_builddir)/config.status --file $@:$< eventlog-0.2.12/solbuild/admin000066400000000000000000000001441140610524600162450ustar00rootroot00000000000000basedir=default conflict=nocheck partial=nocheck instance=overwrite idepend=nocheck rdepend=nocheck eventlog-0.2.12/solbuild/pkginfo.dev.in000066400000000000000000000003671140610524600200030ustar00rootroot00000000000000PKG=ZOSevtdev NAME="libevtlog static libraries and development headers" VERSION=@VERSION@ ARCH=sparc CATEGORY=library CLASSES="library headers none" BASEDIR=/ VENDOR="Balabit IT Ltd." EMAIL="zorpos@balabit.com" DESC="Eventlog development package" eventlog-0.2.12/solbuild/pkginfo.lib.in000066400000000000000000000003331140610524600177640ustar00rootroot00000000000000PKG=ZOSlibevt NAME="libevtlog runtime library" VERSION=@VERSION@ ARCH=sparc CATEGORY=library CLASSES="library none" BASEDIR=/ VENDOR="Balabit IT Ltd." EMAIL="zorpos@balabit.com" DESC="Eventlog for Syslog-NG 2.x series" eventlog-0.2.12/solbuild/pkgmaker.sh000077500000000000000000000012121140610524600173670ustar00rootroot00000000000000#!/bin/sh cp -f ../pkginfo.lib ../pkginfo . ../pkginfo . ../rules.conf LIBFILENAME=${LIBPKGNAME}_${VERSION}_${SOLBUILD_ARCH}.pkg pkgmk -o -r `pwd` -f ../prototype.lib -d spool pkgtrans -nos spool $LIBFILENAME $PKG mv -f /var/spool/pkg/$LIBFILENAME ../../../ gzip --best -f ../../../$LIBFILENAME rm -rf /var/spool/pkg/$LIBPKGNAME cp -f ../pkginfo.dev ../pkginfo . ../pkginfo . ../rules.conf DEVFILENAME=${DEVPKGNAME}_${VERSION}_${SOLBUILD_ARCH}.pkg pkgmk -o -r `pwd` -f ../prototype.dev -d spool pkgtrans -nos spool $DEVFILENAME $PKG mv -f /var/spool/pkg/$DEVFILENAME ../../../ gzip -f --best ../../../$DEVFILENAME rm -rf /var/spool/pkg/$DEVPKGNAME eventlog-0.2.12/solbuild/prototype-maker.sh000077500000000000000000000022411140610524600207330ustar00rootroot00000000000000#!/bin/sh LIBPROTOTYPE="../prototype.lib" find usr/local/lib -exec chown root:bin \{\} \; find usr/local/lib -type f -name *.so* -exec strip \{\} \; echo "i pkginfo" > $LIBPROTOTYPE echo "i admin" >> $LIBPROTOTYPE echo "d none opt 0755 root bin" >> $LIBPROTOTYPE echo "d none usr/local 0755 root bin" >> $LIBPROTOTYPE echo "d none usr/local/lib 0755 root bin" >> $LIBPROTOTYPE # /usr/bin/grep is a f*ing LAME program !!! pkgproto -c library usr/local/lib | grep -v "usr/local/lib/pkgconfig/eventlog.pc" | grep -v "usr/local/lib/libevtlog.a" | grep -v "usr/local/lib/libevtlog.la" >> $LIBPROTOTYPE DEVPROTOTYPE="../prototype.dev" echo "i pkginfo" > $DEVPROTOTYPE echo "i admin" >> $DEVPROTOTYPE echo "d none opt 0755 root bin" >> $DEVPROTOTYPE echo "d none usr/local 0755 root bin" >> $DEVPROTOTYPE echo "d none usr/local/lib 0755 root bin" >> $DEVPROTOTYPE echo "d none usr/local/lib/pkgconfig 0755 root bin" >> $DEVPROTOTYPE pkgproto -c headers usr/local/include >> $DEVPROTOTYPE pkgproto -c headers usr/local/lib/pkgconfig/eventlog.pc >> $DEVPROTOTYPE pkgproto -c headers usr/local/lib/libevtlog.a >> $DEVPROTOTYPE pkgproto -c headers usr/local/lib/libevtlog.la >> $DEVPROTOTYPE eventlog-0.2.12/solbuild/rules000077500000000000000000000013111140610524600163070ustar00rootroot00000000000000#!/usr/local/bin/make -f STAMPDIR=solbuild/stamps PREFIX=/usr/local DOCDIR=$(PREFIX)/doc INSTPREFIX=solbuild/libevtlog all: binary binary: setup configure build install pkgpackage setup: $(STAMPDIR)/stamp-setup $(STAMPDIR)/stamp-setup: mkdir solbuild/stamps || true touch $@ configure: $(STAMPDIR)/stamp-configure $(STAMPDIR)/stamp-configure: setup ./configure --prefix=$(PREFIX) touch $@ build: $(STAMPDIR)/stamp-build $(STAMPDIR)/stamp-build: configure make touch $@ install: dir=`pwd`; make install DESTDIR=$$dir/$(INSTPREFIX); \ pkgpackage: (cd $(INSTPREFIX) ; sh ../prototype-maker.sh ; sh ../pkgmaker.sh ) clean: rm -rf solbuild/stamps || true rm -rf $(INSTPREFIX) || true make clean eventlog-0.2.12/solbuild/rules.conf000066400000000000000000000000571140610524600172360ustar00rootroot00000000000000LIBPKGNAME=libevtlog0 DEVPKGNAME=libevtlog-dev eventlog-0.2.12/src/000077500000000000000000000000001140610524600142055ustar00rootroot00000000000000eventlog-0.2.12/src/.gitignore000066400000000000000000000000031140610524600161660ustar00rootroot00000000000000*~ eventlog-0.2.12/src/Makefile.am000066400000000000000000000003421140610524600162400ustar00rootroot00000000000000 lib_LTLIBRARIES = libevtlog.la libevtlog_la_SOURCES = evtrec.c evtfmt.c evtout.c evtstr.c evtctx.c evttags.c evtsyslog.c noinst_HEADERS = evt_internals.h pkginclude_HEADERS = evtmaps.h evtlog.h EXTRA_DIST=makefile.msc eventlog-0.2.12/src/evt_internals.h000066400000000000000000000103371140610524600172370ustar00rootroot00000000000000/* * Event Logging API * Copyright (c) 2003 BalaBit IT Ltd. * All rights reserved. * Author: Balazs Scheidler * * EventLog library internal functions/typedefs. * * $Id: evt_internals.h,v 1.4 2004/08/20 19:46:28 bazsi Exp $ * * Some of the ideas are based on the discussions on the log-analysis * mailing list (http://www.loganalysis.org/). * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of BalaBit nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY BALABIT AND CONTRIBUTORS S IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * */ #ifndef __EVT_INTERNALS_H_INCLUDED #define __EVT_INTERNALS_H_INCLUDED #include "evtlog.h" #if HAVE_CONFIG_H #include #endif #ifdef _MSC_VER #include #endif #include /* whether to add the given default tag */ #define EF_ADD_PID 0x0001 #define EF_ADD_PROG 0x0002 #define EF_ADD_ISOSTAMP 0x0004 #define EF_ADD_UTCSTAMP 0x0008 #define EF_ADD_TIMEZONE 0x0010 #define EF_ADD_MSGID 0x0020 #define EF_ADD_ALL 0x003F #define EF_INITIALIZED 0x8000 #define __PATH_ETC_EVENTLOG_CONF "/etc/eventlog.conf" typedef struct __evttaghook EVTTAGHOOK; typedef struct __evtsyslogopts EVTSYSLOGOPTS; typedef struct __evtstr EVTSTR; struct __evtsyslogopts { void (*es_openlog)(const char *ident, int option, int facility); void (*es_closelog)(void); void (*es_syslog)(int priority, const char *format, ...); int es_options; }; struct __evtcontext { int ec_ref; char ec_formatter[32]; char *(*ec_formatter_fn)(EVTREC *e); char ec_outmethod[32]; int (*ec_outmethod_fn)(EVTREC *e); char *ec_prog; int ec_syslog_fac; EVTTAGHOOK *ec_tag_hooks; unsigned long ec_flags; }; struct __evttaghook { struct __evttaghook *et_next; int (*et_callback)(EVTREC *e, void *user_ptr); void *et_userptr; }; struct __evtrec { int ev_ref; int ev_syslog_pri; char *ev_desc; EVTTAG *ev_pairs; EVTTAG *ev_last_pair; EVTCONTEXT *ev_ctx; }; struct __evttag { EVTTAG *et_next; char *et_tag; char *et_value; }; struct __evtstr { size_t es_allocated; /* number of allocated characters in es_buf */ size_t es_length; /* length of string without trailing NUL */ char *es_buf; }; /* internal functions */ /* event context */ EVTCONTEXT *evt_ctx_ref(EVTCONTEXT *ctx); /* event records */ EVTREC *evt_rec_ref(EVTREC *e); /* event tag */ void evt_tag_free(EVTTAG *et); /* event strings */ EVTSTR *evt_str_init(size_t init_alloc); void evt_str_free(EVTSTR *es, int free_buf); int evt_str_append(EVTSTR *es, char *str); int evt_str_append_len(EVTSTR *es, char *str, size_t len); int evt_str_append_escape_bs(EVTSTR *es, char *unescaped, size_t unescaped_len, char escape_char); int evt_str_append_escape_xml_attr(EVTSTR *es, char *unescaped, size_t unescaped_len); int evt_str_append_escape_xml_pcdata(EVTSTR *es, char *unescaped, size_t unescaped_len); char *evt_str_get_str(EVTSTR *es); /* syslog linked wrapper */ extern EVTSYSLOGOPTS syslog_opts; void evt_syslog_wrapper_init(void); #endif eventlog-0.2.12/src/evtctx.c000066400000000000000000000123771140610524600157000ustar00rootroot00000000000000/* * Event Logging API * Copyright (c) 2003 BalaBit IT Ltd. * All rights reserved. * Author: Balazs Scheidler * * $Id: evtctx.c,v 1.3 2004/08/20 19:46:28 bazsi Exp $ * * Some of the ideas are based on the discussions on the log-analysis * mailing list (http://www.loganalysis.org/). * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of BalaBit nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY BALABIT AND CONTRIBUTORS S IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * */ /* * This is the main module which is responsible for managing the * configuration and to perform initialization. */ #include "evt_internals.h" #include #include #include #include #include #include #ifdef _MSC_VER #define getpid GetCurrentProcessId #endif static int evtrec_add_standard_tags(EVTREC *e, void *userptr) { time_t now; struct tm *tm = NULL; char buf[128]; EVTCONTEXT *ctx = e->ev_ctx; time(&now); if (ctx->ec_flags & EF_ADD_PID) evt_rec_add_tag(e, evt_tag_int(EVT_TAG_PID, (int) getpid())); if (ctx->ec_flags & EF_ADD_PROG) evt_rec_add_tag(e, evt_tag_str(EVT_TAG_PROG, ctx->ec_prog)); if (ctx->ec_flags & EF_ADD_ISOSTAMP) { tm = localtime(&now); strftime(buf, sizeof(buf), "%Y-%m-%dT%H:%M:%S%z", tm); evt_rec_add_tag(e, evt_tag_str(EVT_TAG_ISOSTAMP, buf)); } if (ctx->ec_flags & EF_ADD_UTCSTAMP) evt_rec_add_tag(e, evt_tag_int(EVT_TAG_UTCSTAMP, (int) now)); if (ctx->ec_flags & EF_ADD_TIMEZONE) { if (!tm) tm = localtime(&now); strftime(buf, sizeof(buf), "%z", tm); evt_rec_add_tag(e, evt_tag_str(EVT_TAG_TIMEZONE, buf)); } if (ctx->ec_flags & EF_ADD_MSGID) { evt_rec_add_tag(e, evt_tag_int(EVT_TAG_MSGID, 123456)); } return 1; } static void evt_read_config(EVTCONTEXT *ctx) { FILE *fp; char line[1024]; fp = fopen(__PATH_ETC_EVENTLOG_CONF, "r"); if (!fp) return; fgets(line, sizeof(line), fp); while (!feof(fp)) { char *keyword, *value; if (line[0] == '#' || line[0] == '\n') goto next; keyword = strtok(line, " \t\n"); value = strtok(NULL, " \t\n"); if (!keyword || !value) goto next; while (*value == ' ' || *value == '\t' || *value == '\n') value++; if (strcmp(keyword, "format") == 0) { strncpy(ctx->ec_formatter, value, sizeof(ctx->ec_formatter)); } else if (strcmp(keyword, "outmethod") == 0) { strncpy(ctx->ec_outmethod, value, sizeof(ctx->ec_outmethod)); } else if (strcmp(keyword, "implicit_tags") == 0) { ctx->ec_flags = strtoul(value, NULL, 0) & EF_ADD_ALL; } next: fgets(line, sizeof(line), fp); } } int evt_ctx_tag_hook_add(EVTCONTEXT *ctx, int (*func)(EVTREC *e, void *user_ptr), void *user_ptr) { EVTTAGHOOK *cb = malloc(sizeof(EVTTAGHOOK)); if (!cb) return 0; cb->et_callback = func; cb->et_userptr = user_ptr; cb->et_next = ctx->ec_tag_hooks; ctx->ec_tag_hooks = cb; return 1; } EVTCONTEXT * evt_ctx_init(const char *prog, int syslog_fac) { EVTCONTEXT *ctx; ctx = (EVTCONTEXT *) calloc(sizeof(*ctx), 1); if (ctx) { strcpy(ctx->ec_formatter, "plain"); strcpy(ctx->ec_outmethod, "local"); ctx->ec_ref = 1; ctx->ec_flags = EF_INITIALIZED; ctx->ec_prog = (char *) prog; ctx->ec_syslog_fac = syslog_fac; evt_ctx_tag_hook_add(ctx, evtrec_add_standard_tags, NULL); #ifndef _MSC_VER evt_syslog_wrapper_init(); #endif evt_read_config(ctx); } return ctx; } EVTCONTEXT * evt_ctx_ref(EVTCONTEXT *ctx) { assert(ctx->ec_ref > 0); ctx->ec_ref++; return ctx; } void evt_ctx_free(EVTCONTEXT *ctx) { assert(ctx->ec_ref > 0); if (--ctx->ec_ref == 0) { EVTTAGHOOK *p, *p_next; p = ctx->ec_tag_hooks; while (p) { p_next = p->et_next; free(p); p = p_next; } free(ctx); } } eventlog-0.2.12/src/evtfmt.c000066400000000000000000000113221140610524600156550ustar00rootroot00000000000000/* * Event Logging API * Copyright (c) 2003 BalaBit IT Ltd. * All rights reserved. * Author: Balazs Scheidler * * $Id: evtfmt.c,v 1.3 2004/08/20 19:46:28 bazsi Exp $ * * Some of the ideas are based on the discussions on the log-analysis * mailing list (http://www.loganalysis.org/). * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of BalaBit nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY BALABIT AND CONTRIBUTORS S IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * */ /* * Formatting implementations. This module is responsible for formatting * EVENT records. Each formatter has a unique ID and the administrator is * free to select which output format to use. */ #include "evt_internals.h" #include #include static char * evtrec_format_plain(EVTREC *e) { EVTSTR *es; EVTTAG *et; char *res; if (!(es = evt_str_init(128))) return NULL; evt_str_append_escape_bs(es, e->ev_desc, strlen(e->ev_desc), ';'); evt_str_append(es, ";"); if (e->ev_pairs) evt_str_append(es, " "); for (et = e->ev_pairs; et; et = et->et_next) { evt_str_append(es, et->et_tag); evt_str_append(es, "='"); evt_str_append_escape_bs(es, et->et_value, strlen(et->et_value), '\''); if (et->et_next) evt_str_append(es, "', "); else evt_str_append(es, "'"); } res = evt_str_get_str(es); evt_str_free(es, 0); return res; } static char * evtrec_format_xmlattr(EVTREC *e) { EVTSTR *es; EVTTAG *et; char *res; if (!(es = evt_str_init(128))) return NULL; evt_str_append(es, "ev_pairs; et; et = et->et_next) { evt_str_append(es, et->et_tag); evt_str_append(es, "=\""); evt_str_append_escape_xml_attr(es, et->et_value, strlen(et->et_value)); if (et->et_next) evt_str_append(es, "\" "); else evt_str_append(es, "\">"); } evt_str_append_escape_xml_pcdata(es, e->ev_desc, strlen(e->ev_desc)); evt_str_append(es, ""); res = evt_str_get_str(es); evt_str_free(es, 0); return res; } static char * evtrec_format_xmltags(EVTREC *e) { EVTSTR *es; EVTTAG *et; char *res; if (!(es = evt_str_init(256))) return NULL; evt_str_append(es, ""); for (et = e->ev_pairs; et; et = et->et_next) { evt_str_append(es, "<"); evt_str_append(es, et->et_tag); evt_str_append(es, ">"); evt_str_append_escape_xml_pcdata(es, et->et_value, strlen(et->et_value)); evt_str_append(es, "et_tag); evt_str_append(es, ">"); } evt_str_append_escape_xml_pcdata(es, e->ev_desc, strlen(e->ev_desc)); evt_str_append(es, ""); res = evt_str_get_str(es); evt_str_free(es, 0); return res; } static struct { char *ef_name; char *(*ef_formatter)(EVTREC *e); } evt_formatters[] = { { "plain", evtrec_format_plain }, { "xmlattr", evtrec_format_xmlattr }, { "xmltag", evtrec_format_xmltags }, { NULL, NULL } }; char * evt_format(EVTREC *e) { EVTCONTEXT *ctx = e->ev_ctx; if (!ctx->ec_formatter_fn) { int i; for (i = 0; evt_formatters[i].ef_name; i++) { if (strcmp(evt_formatters[i].ef_name, ctx->ec_formatter) == 0) { ctx->ec_formatter_fn = evt_formatters[i].ef_formatter; break; } } if (evt_formatters[i].ef_name == NULL) ctx->ec_formatter_fn = evtrec_format_plain; } return (*ctx->ec_formatter_fn)(e); } eventlog-0.2.12/src/evtlog.h000066400000000000000000000154241140610524600156640ustar00rootroot00000000000000/* * Event Logging API * Copyright (c) 2003 BalaBit IT Ltd. * All rights reserved. * Author: Balazs Scheidler * * EventLog library public functions. * * $Id: evtlog.h,v 1.5 2004/08/20 19:53:52 bazsi Exp $ * * Some of the ideas are based on the discussions on the log-analysis * mailing list (http://www.loganalysis.org/). * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of BalaBit nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY BALABIT AND CONTRIBUTORS `AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * */ #ifndef __EVTLOG_H_INCLUDED #define __EVTLOG_H_INCLUDED #ifndef _MSC_VER # include #endif #include #include "evtmaps.h" #define EVT_PRI_EMERG 0 /* system is unusable */ #define EVT_PRI_ALERT 1 /* action must be taken immediately */ #define EVT_PRI_CRIT 2 /* critical conditions */ #define EVT_PRI_ERR 3 /* error conditions */ #define EVT_PRI_WARNING 4 /* warning conditions */ #define EVT_PRI_NOTICE 5 /* normal but significant condition */ #define EVT_PRI_INFO 6 /* informational */ #define EVT_PRI_DEBUG 7 /* debug-level messages */ #define EVT_FAC_KERN (0<<3) /* kernel messages */ #define EVT_FAC_USER (1<<3) /* random user-level messages */ #define EVT_FAC_MAIL (2<<3) /* mail system */ #define EVT_FAC_DAEMON (3<<3) /* system daemons */ #define EVT_FAC_AUTH (4<<3) /* security/authorization messages */ #define EVT_FAC_SYSLOG (5<<3) /* messages generated internally by syslogd */ #define EVT_FAC_LPR (6<<3) /* line printer subsystem */ #define EVT_FAC_NEWS (7<<3) /* network news subsystem */ #define EVT_FAC_UUCP (8<<3) /* UUCP subsystem */ #define EVT_FAC_CRON (9<<3) /* clock daemon */ #define EVT_FAC_AUTHPRIV (10<<3) /* security/authorization messages (private) */ #define EVT_FAC_FTP (11<<3) /* ftp daemon */ /* other codes through 15 reserved for system use */ #define EVT_FAC_LOCAL0 (16<<3) /* reserved for local use */ #define EVT_FAC_LOCAL1 (17<<3) /* reserved for local use */ #define EVT_FAC_LOCAL2 (18<<3) /* reserved for local use */ #define EVT_FAC_LOCAL3 (19<<3) /* reserved for local use */ #define EVT_FAC_LOCAL4 (20<<3) /* reserved for local use */ #define EVT_FAC_LOCAL5 (21<<3) /* reserved for local use */ #define EVT_FAC_LOCAL6 (22<<3) /* reserved for local use */ #define EVT_FAC_LOCAL7 (23<<3) /* reserved for local use */ #ifdef __GNUC__ #define EVT_GNUC_PRINTF_FUNC(format_idx, first_arg_idx) __attribute__((format(printf, format_idx, first_arg_idx))) #else #define EVT_GNUC_PRINTF_FUNC(format_idx, first_arg_idx) #endif /* EVTCONTEXT encapsulates logging specific parameters like the * program name and facility to use */ typedef struct __evtcontext EVTCONTEXT; /* EVTREC is an event log record, contains a description and one or more * name/value pairs */ typedef struct __evtrec EVTREC; /* EVTTAG is a name value pair, comprising an event record */ typedef struct __evttag EVTTAG; /* eventlog contexts */ /** * evt_ctx_init: * @prog: program name to use to identify this process as * @syslog_fac: syslog facility code, like EVT_FAC_AUTH * * This function creates a new eventlog context. * * Returns: the new context, or NULL on failure **/ EVTCONTEXT *evt_ctx_init(const char *prog, int syslog_fac); /** * evt_ctx_free: * @ctx: context to free * * This function frees an eventlog context. **/ void evt_ctx_free(EVTCONTEXT *ctx); /** * evt_ctx_tag_hook_add: **/ int evt_ctx_tag_hook_add(EVTCONTEXT *ctx, int (*func)(EVTREC *e, void *user_ptr), void *user_ptr); /* event record manipulation */ EVTREC *evt_rec_init(EVTCONTEXT *ctx, int syslog_pri, const char *desc); void evt_rec_add_tag(EVTREC *e, EVTTAG *tag); void evt_rec_add_tagsv(EVTREC *e, va_list tags); void evt_rec_add_tags(EVTREC *e, EVTTAG *first, ...); int evt_rec_get_syslog_pri(EVTREC *e); void evt_rec_free(EVTREC *e); /** * evt_rec_tag_*: * @tag: specifies tag name as string * @value: specifies a value in the given type * * Adds the specified tag/value pair to EVTREC. * * Return value: 0 to indicate failure and 1 for success **/ EVTTAG *evt_tag_str(const char *tag, const char *value); EVTTAG *evt_tag_int(const char *tag, int value); EVTTAG *evt_tag_long(const char *tag, long value); EVTTAG *evt_tag_errno(const char *tag, int err); EVTTAG *evt_tag_printf(const char *tag, const char *format, ...) EVT_GNUC_PRINTF_FUNC(2, 3); /** * evt_format: * @e: event record * * Formats the given event as specified by the current configuration. * * Return value: returns a newly allocated string. The caller is responsible * for freeing the returned value. **/ char *evt_format(EVTREC *e); /** * evt_log: * @e: event record * * Formats and sends the given event as specified by the current * configuration. This function blocks and will not return until the message * is sent. The function consumes its argument, that is the caller does not * need to free the event record after passing it to evt_log(). * * Return value: 0 to indicate failure and 1 for success * **/ int evt_log(EVTREC *e); /* syslog wrapper */ void evt_openlog(const char *ident, int option, int facility); void evt_closelog(void); void evt_vsyslog(int pri, const char *format, va_list ap); void evt_syslog(int pri, const char *format, ...) EVT_GNUC_PRINTF_FUNC(2, 3); #ifdef EVENTLOG_SYSLOG_MACROS #define openlog evt_openlog #define syslog evt_syslog #define vsyslog evt_vsyslog #define closelog evt_closelog #endif #endif eventlog-0.2.12/src/evtmaps.h000066400000000000000000000041701140610524600160370ustar00rootroot00000000000000/* * Event Logging API * Copyright (c) 2003 BalaBit IT Ltd. * All rights reserved. * Author: Balazs Scheidler * * $Id: evtmaps.h,v 1.3 2003/01/10 09:24:51 bazsi Exp $ * * Some of the ideas are based on the discussions on the log-analysis * mailing list (http://www.loganalysis.org/). * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of BalaBit nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY BALABIT AND CONTRIBUTORS S IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * */ #ifndef __EVTMAPS_H_INCLUDED #define __EVTMAPS_H_INCLUDED /* base event map, with no namespace */ #define EVT_TAG_PID "pid" #define EVT_TAG_PROG "prog" #define EVT_TAG_ISOSTAMP "isostamp" #define EVT_TAG_UTCSTAMP "utcstamp" #define EVT_TAG_TIMEZONE "tz" #define EVT_TAG_MSGID "msgid" #define EVT_TAG_FD "fd" #define EVT_TAG_OSERROR "error" #define EVT_TAG_FILENAME "filename" #endif eventlog-0.2.12/src/evtout.c000066400000000000000000000064431140610524600157060ustar00rootroot00000000000000/* * Event Logging API * Copyright (c) 2003 BalaBit IT Ltd. * All rights reserved. * Author: Balazs Scheidler * * $Id: evtout.c,v 1.4 2004/08/20 19:46:29 bazsi Exp $ * * Some of the ideas are based on the discussions on the log-analysis * mailing list (http://www.loganalysis.org/). * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of BalaBit nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY BALABIT AND CONTRIBUTORS S IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * */ /* * Output implementations. An output method is responsible for delivering a * message. Each output method has a unique ID and the administrator is * free to select which method to use. */ #include "evt_internals.h" #include #include #include /* local method implementation */ static int evt_output_local(EVTREC *e) { static int initialized = 0; char *msg; EVTCONTEXT *ctx = e->ev_ctx; if (!initialized) { /* * there's a small window of race here, if this is used in a * multithreaded program, but it's a small race, and can only occur * when the first message is sent */ initialized = 1; syslog_opts.es_openlog(ctx->ec_prog, syslog_opts.es_options, ctx->ec_syslog_fac); } msg = evt_format(e); syslog_opts.es_syslog(e->ev_syslog_pri, "%s", msg); free(msg); return 1; } static struct { char *eo_name; int (*eo_outmethod_fn)(EVTREC *e); } evt_outmethods[] = { { "local", evt_output_local }, { NULL, NULL } }; int evt_log(EVTREC *e) { int res; EVTCONTEXT *ctx = e->ev_ctx; if (!ctx->ec_outmethod_fn) { int i; for (i = 0; evt_outmethods[i].eo_name; i++) { if (strcmp(evt_outmethods[i].eo_name, ctx->ec_outmethod) == 0) { ctx->ec_outmethod_fn = evt_outmethods[i].eo_outmethod_fn; break; } } if (evt_outmethods[i].eo_name == NULL) ctx->ec_outmethod_fn = evt_output_local; } res = (*ctx->ec_outmethod_fn)(e); evt_rec_free(e); return res; } eventlog-0.2.12/src/evtrec.c000066400000000000000000000067161140610524600156530ustar00rootroot00000000000000/* * Event Logging API * Copyright (c) 2003 BalaBit IT Ltd. * All rights reserved. * Author: Balazs Scheidler * * $Id: evtrec.c,v 1.4 2004/08/20 19:46:29 bazsi Exp $ * * Some of the ideas are based on the discussions on the log-analysis * mailing list (http://www.loganalysis.org/). * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of BalaBit nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY BALABIT AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * */ #include "evt_internals.h" #include #include #include /* for snprintf */ void evt_rec_add_tag(EVTREC *e, EVTTAG *tag) { /* make it the last in list */ tag->et_next = NULL; if (e->ev_last_pair) e->ev_last_pair->et_next = tag; else e->ev_pairs = tag; e->ev_last_pair = tag; } void evt_rec_add_tagsv(EVTREC *e, va_list tags) { EVTTAG *t; t = va_arg(tags, EVTTAG *); while (t) { evt_rec_add_tag(e, t); t = va_arg(tags, EVTTAG *); } } void evt_rec_add_tags(EVTREC *e, EVTTAG *first, ...) { va_list ap; va_start(ap, first); evt_rec_add_tagsv(e, ap); va_end(ap); } int evt_rec_get_syslog_pri(EVTREC *e) { return e->ev_syslog_pri; } static int evt_rec_call_hooks(EVTREC *e) { EVTTAGHOOK *et; int res = 1; for (et = e->ev_ctx->ec_tag_hooks; et; et = et->et_next) { if (!et->et_callback(e, et->et_userptr)) res = 0; } return res; } EVTREC * evt_rec_init(EVTCONTEXT *ctx, int syslog_pri, const char *desc) { EVTREC *e; e = (EVTREC *) malloc(sizeof(EVTREC)); if (e) { e->ev_ctx = evt_ctx_ref(ctx); e->ev_desc = strdup(desc); e->ev_pairs = NULL; e->ev_last_pair = NULL; e->ev_ref = 1; e->ev_syslog_pri = syslog_pri; if (!evt_rec_call_hooks(e)) { free(e); e = NULL; } } return e; } EVTREC * evt_rec_ref(EVTREC *e) { e->ev_ref++; return e; } void evt_rec_free(EVTREC *e) { EVTTAG *p, *p_next; if (--e->ev_ref == 0) { free(e->ev_desc); for (p = e->ev_pairs; p; p = p_next) { p_next = p->et_next; evt_tag_free(p); } evt_ctx_free(e->ev_ctx); free(e); } } eventlog-0.2.12/src/evtstr.c000066400000000000000000000136751140610524600157140ustar00rootroot00000000000000/* * Event Logging API * Copyright (c) 2003 BalaBit IT Ltd. * All rights reserved. * Author: Balazs Scheidler * * $Id: evtstr.c,v 1.3 2004/08/20 19:46:29 bazsi Exp $ * * Some of the ideas are based on the discussions on the log-analysis * mailing list (http://www.loganalysis.org/). * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of BalaBit nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY BALABIT AND CONTRIBUTORS S IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * */ /* * A couple of string support functions which make it easy to output * escaped strings. It is used by event formatting functions. */ #include "evt_internals.h" #include #include #include #include #ifdef _MSC_VER #include #endif /* event string handling */ static int evt_str_grow(EVTSTR *es, size_t new_alloc) { es->es_buf = realloc(es->es_buf, new_alloc); return es->es_buf != NULL; } int evt_str_append_len(EVTSTR *es, char *str, size_t len) { /* make sure we have room new string + trailing zero */ if (es->es_allocated < es->es_length + len + 1) { if (!evt_str_grow(es, es->es_length + len + 1)) return 0; } memcpy(es->es_buf + es->es_length, str, len); es->es_length += len; es->es_buf[es->es_length] = 0; /* trailing zero */ return 1; } int evt_str_append(EVTSTR *es, char *str) { return evt_str_append_len(es, str, strlen(str)); } int evt_str_append_escape_bs(EVTSTR *es, char *unescaped, size_t unescaped_len, char escape_char) { /* a single character is escaped to at most 4 characters: \xXX */ /* FIXME: this is a gcc extension, alternative would be to use alloca(), * which is not portable */ char *buf = (char *)alloca(4*unescaped_len + 1); int i, dst; for (i = 0, dst = 0; i < unescaped_len; i++) { if ((unsigned) unescaped[i] < 32 || (unsigned) unescaped[i] > 127) { sprintf(&buf[dst], "\\x%02x", (unsigned char) unescaped[i]); dst += 4; } else if (unescaped[i] == escape_char) { buf[dst++] = '\\'; buf[dst++] = escape_char; } else { buf[dst++] = unescaped[i]; } assert(dst <= 4*unescaped_len); } return evt_str_append_len(es, buf, dst); } int evt_str_append_escape_xml_attr(EVTSTR *es, char *unescaped, size_t unescaped_len) { /* a single character is escaped to at most 6 characters: '&#xXX;' or '"' */ /* FIXME: this is a gcc extension, alternative would be to use alloca(), * which is not portable */ char *buf = (char *)alloca(6*unescaped_len + 1); int i, dst; for (i = 0, dst = 0; i < unescaped_len; i++) { if ((unsigned) unescaped[i] < 32) { sprintf(&buf[dst], "&#x%02x;", (unsigned char) unescaped[i]); dst += 6; } else if (unescaped[i] == '"') { strcpy(&buf[dst], """); dst += 6; } else { buf[dst++] = unescaped[i]; } assert(dst <= 6*unescaped_len); } return evt_str_append_len(es, buf, dst); } int evt_str_append_escape_xml_pcdata(EVTSTR *es, char *unescaped, size_t unescaped_len) { /* a single character is escaped to at most 6 characters: '&#xXX;' or '>' or '<' */ /* FIXME: this is a gcc extension, alternative would be to use alloca(), * which is not portable */ char *buf = (char *)alloca(6*unescaped_len + 1); int i, dst; for (i = 0, dst = 0; i < unescaped_len; i++) { if ((unsigned) unescaped[i] < 32) { sprintf(&buf[dst], "&#x%02x;", (unsigned char) unescaped[i]); dst += 6; } else if (unescaped[i] == '<') { strcpy(&buf[dst], "<"); dst += 4; } else if (unescaped[i] == '>') { strcpy(&buf[dst], ">"); dst += 4; } else { buf[dst++] = unescaped[i]; } assert(dst <= 6*unescaped_len); } return evt_str_append_len(es, buf, dst); } char * evt_str_get_str(EVTSTR *es) { return es->es_buf; } EVTSTR * evt_str_init(size_t init_alloc) { EVTSTR *es; es = (EVTSTR *) malloc(sizeof(EVTSTR)); if (es) { /* make room for init_alloc characters + trailing zero */ init_alloc++; es->es_allocated = init_alloc; es->es_length = 0; es->es_buf = malloc(init_alloc); es->es_buf[0] = 0; } return es; } void evt_str_free(EVTSTR *es, int free_buf) { if (free_buf) free(es->es_buf); free(es); } eventlog-0.2.12/src/evtsyslog.c000066400000000000000000000067611140610524600164220ustar00rootroot00000000000000/* * Event Logging API * Copyright (c) 2003 BalaBit IT Ltd. * All rights reserved. * Author: Balazs Scheidler * * $Id: evtsyslog.c,v 1.3 2004/08/20 20:27:54 bazsi Exp $ * * Some of the ideas are based on the discussions on the log-analysis * mailing list (http://www.loganalysis.org/). * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of BalaBit nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY BALABIT AND CONTRIBUTORS S IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * */ #include "evt_internals.h" #include #include #include EVTCONTEXT *syslog_context; EVTSYSLOGOPTS syslog_opts; void evt_openlog(const char *ident, int options, int facility) { syslog_context = evt_ctx_init(ident, facility); /* NOTE: we save the legacy syslog option value, so that our local target * can use it */ syslog_opts.es_options = options; } void evt_closelog(void) { } void evt_vsyslog(int pri, const char *format, va_list ap) { EVTREC *e; char msgbuf[1024]; vsnprintf(msgbuf, sizeof(msgbuf), format, ap); e = evt_rec_init(syslog_context, pri, msgbuf); evt_log(e); } void evt_syslog(int pri, const char *format, ...) { va_list ap; va_start(ap, format); evt_vsyslog(pri, format, ap); va_end(ap); } #if ENABLE_DLSYM_WRAPPER #include void openlog(const char *ident, int option, int facility) { evt_openlog(ident, option, facility); } void syslog(int pri, const char *format, ...) { va_list ap; va_start(ap, format); evt_vsyslog(pri, format, ap); va_end(ap); } void closelog(void) { evt_closelog(); } void evt_syslog_wrapper_init(void) { static int initialized = 0; if (!initialized) { syslog_opts.es_openlog = dlsym(RTLD_NEXT, "openlog"); syslog_opts.es_closelog = dlsym(RTLD_NEXT, "closelog"); syslog_opts.es_syslog = dlsym(RTLD_NEXT, "syslog"); syslog_opts.es_options = LOG_PID | LOG_NOWAIT; initialized = 1; } } #else void evt_syslog_wrapper_init(void) { static int initialized = 0; if (!initialized) { syslog_opts.es_openlog = openlog; syslog_opts.es_closelog = closelog; syslog_opts.es_syslog = syslog; syslog_opts.es_options = LOG_PID | LOG_NOWAIT; initialized = 1; } } #endif eventlog-0.2.12/src/evttags.c000066400000000000000000000061641140610524600160350ustar00rootroot00000000000000/* * Event Logging API * Copyright (c) 2003 BalaBit IT Ltd. * All rights reserved. * Author: Balazs Scheidler * * $Id: evttags.c,v 1.4 2004/08/20 19:46:29 bazsi Exp $ * * Some of the ideas are based on the discussions on the log-analysis * mailing list (http://www.loganalysis.org/). * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of BalaBit nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY BALABIT AND CONTRIBUTORS S IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * */ /* * This module implements tag support functions. */ #include "evt_internals.h" #include #include #include #include #ifdef _MSC_VER #ifndef snprintf #define snprintf _snprintf #endif #endif void evt_tag_free(EVTTAG *et) { free(et->et_tag); free(et->et_value); free(et); } EVTTAG * evt_tag_str(const char *tag, const char *value) { EVTTAG *p; /* neither tag nor value can be NULL */ if (!tag || !value) return 0; p = (EVTTAG *) malloc(sizeof(EVTTAG)); if (p) { p->et_tag = strdup(tag); p->et_value = strdup(value); } return p; } EVTTAG * evt_tag_int(const char *tag, int value) { char buf[32]; /* a 64 bit int fits into 20 characters */ snprintf(buf, sizeof(buf), "%d", value); return evt_tag_str(tag, buf); } EVTTAG * evt_tag_long(const char *tag, long value) { char buf[32]; /* a 64 bit int fits into 20 characters */ snprintf(buf, sizeof(buf), "%ld", value); return evt_tag_str(tag, buf); } EVTTAG * evt_tag_errno(const char *tag, int err) { char buf[128]; snprintf(buf, sizeof(buf), "%s (%d)", strerror(err), err); return evt_tag_str(tag, buf); } EVTTAG * evt_tag_printf(const char *tag, const char *format, ...) { va_list ap; char buf[1024]; va_start(ap, format); vsnprintf(buf, sizeof(buf), format, ap); va_end(ap); return evt_tag_str(tag, buf); } eventlog-0.2.12/src/makefile.msc000066400000000000000000000044771140610524600165020ustar00rootroot00000000000000## Use: nmake -f makefile.msc !IFNDEF COMPILE_ENV COMPILE_ENV=c:\build !ENDIF !IFNDEF COMPILE_ENV ROOT=$(COMPILE_ENV)\out !ENDIF !IFNDEF DEBUG # Full optimization: OPTIMIZE = -Ox /Zi CRUNTIME = -MD /WL # Line number debug info only DEBUGINFO = -Zi LINKDEBUG = /debug !ELSE # Debugging: OPTIMIZE = CRUNTIME = -MDd DEBUGINFO = -Zi -DG_ENABLE_DEBUG=1 LINKDEBUG = /debug !ENDIF LDFLAGS = /link /machine:ix86 $(LINKDEBUG) TOP = $(COMPILE_ENV) DEP = $(TOP)\dep ################ # Compiler to use. CCOMPILER = cl CC = $(CCOMPILER) -GF $(CRUNTIME) -W3 -nologo ################ # Linker LINK=link /nologo /MANIFEST ################ # The including makefile should define INCLUDES, DEFINES and # DEPCFLAGS. INCLUDES are the includes related to the module being # built. DEFINES similarly. DEPCFLAGS should be set to a set of # GLIB_CFLAGS, GTK_CFLAGS etc corresponding to what other modules we # depend on. CFLAGS = -I$(TOP)\include -I$(DEP)\include\ -L$(DEP)\lib $(OPTIMIZE) $(DEBUGINFO) $(INCLUDES) $(DEFINES) $(DEPCFLAGS) -D_CRT_SECURE_NO_WARNINGS -D_WIN32_WINNNT=0x0500 -D_WIN32_WINDOWS=0x0500 -D_WIN32 -D_WINDOWS -D_VC80_UPGRADE=0x0710 .c.i :: $(CC) $(CFLAGS) -E $< # The default target should be "all" default: all clean:: -@del *.obj >NUL 2>&1 -@del *.res >NUL 2>&1 -@del *.i >NUL 2>&1 -@del *.exe >NUL 2>&1 -@del *.dll >NUL 2>&1 -@del *.lib >NUL 2>&1 -@del *.err >NUL 2>&1 -@del *.map >NUL 2>&1 -@del *.sym >NUL 2>&1 -@del *.exp >NUL 2>&1 -@del *.lk1 >NUL 2>&1 -@del *.mk1 >NUL 2>&1 -@del *.pdb >NUL 2>&1 -@del *.ilk >NUL 2>&1 # Needed by hacker rule to make makefile.msc from makefile.msc.in: SED = e:\cygwin\bin\sed ################################################################ INCLUDES = -FI$(TOP)\include\msvc_recommended_pragmas.h -I . all: install OUTPUTS = \ evtlog.lib OBJECTS = \ evtctx.obj \ evtfmt.obj \ evtrec.obj \ evtstr.obj \ evttags.obj DLLOBJECTS = evtlog.res evtlog.lib: $(OBJECTS) lib /out:$@ $(OBJECTS) install: evtlog.lib if not exist $(ROOT)\include\eventlog mkdir $(ROOT)\include\eventlog copy /y evtlog.h $(ROOT)\include\eventlog copy /y evtmaps.h $(ROOT)\include\eventlog if not exist $(ROOT)\lib mkdir $(ROOT)\lib if not exist $(ROOT)\lib\pkgconfig mkdir $(ROOT)\lib\pkgconfig copy /y .\evtlog.lib $(ROOT)\lib if exist ..\eventlog.pc copy /y ..\eventlog.pc $(ROOT)\lib\pkgconfig eventlog-0.2.12/tests/000077500000000000000000000000001140610524600145605ustar00rootroot00000000000000eventlog-0.2.12/tests/Makefile.am000066400000000000000000000006511140610524600166160ustar00rootroot00000000000000AM_CPPFLAGS=-I$(top_srcdir)/src noinst_PROGRAMS = evtrec evtfmt evtsyslog evtsyslog-macros evtrec_SOURCES = evtrec.c evtrec_LDADD = ../src/libevtlog.la evtfmt_SOURCES = evtfmt.c evtfmt_LDADD = ../src/libevtlog.la evtsyslog_SOURCES = evtsyslog.c evtsyslog_LDADD = ../src/libevtlog.la evtsyslog_macros_SOURCES = evtsyslog.c evtsyslog_macros_CFLAGS = -DEVENTLOG_SYSLOG_MACROS=1 evtsyslog_macros_LDADD = ../src/libevtlog.la eventlog-0.2.12/tests/evtfmt.c000066400000000000000000000013331140610524600162310ustar00rootroot00000000000000#include "evtlog.h" #include #include #include int main(void) { EVTCONTEXT *ctx; EVTREC *e; char *es; ctx = evt_ctx_init("evtfmt", LOG_AUTH); e = evt_rec_init(ctx, LOG_INFO, "Test message with an embedded ';' in it. It also contains an like tag."); evt_rec_add_tags(e, evt_tag_str("test:tag", "'value'"), evt_tag_str("test:tag2", "\n\n\n\n"), evt_tag_int("test:fd", fileno(stderr)), evt_tag_errno("test:error", EAGAIN), evt_tag_printf("test:printf", "%d %d", 5, 6), NULL); es = evt_format(e); printf("%s\n", es); free(es); evt_log(e); return 0; } eventlog-0.2.12/tests/evtrec.c000066400000000000000000000007011140610524600162120ustar00rootroot00000000000000#include "evtlog.h" #include #include int main(void) { EVTREC *e; EVTCONTEXT *ctx; ctx = evt_ctx_init("evtrec", LOG_AUTH); e = evt_rec_init(ctx, LOG_INFO, "Test message"); evt_rec_add_tags(e, evt_tag_str("test:tag", "value"), evt_tag_int("test:fd", fileno(stderr)), evt_tag_errno("test:error", EAGAIN), NULL); evt_log(e); return 0; } eventlog-0.2.12/tests/evtsyslog.c000066400000000000000000000003161140610524600167630ustar00rootroot00000000000000#include #ifdef EVENTLOG_SYSLOG_MACROS #include #endif int main() { openlog("evtsyslog", LOG_PID, 0); syslog(LOG_AUTH | LOG_NOTICE, "test message"); closelog(); return 0; } eventlog-0.2.12/tgz2build/000077500000000000000000000000001140610524600153245ustar00rootroot00000000000000eventlog-0.2.12/tgz2build/Makefile.am000066400000000000000000000002321140610524600173550ustar00rootroot00000000000000EXTRA_DIST = rules rules.conf rules.conf.in libevtlog-dev.files libevtlog0.files rules.conf: rules.conf.in $(top_builddir)/config.status --file $@:$< eventlog-0.2.12/tgz2build/libevtlog-dev.files000066400000000000000000000002061140610524600211110ustar00rootroot00000000000000opt/syslog-ng/include/eventlog/* opt/syslog-ng/lib/pkgconfig/eventlog.pc opt/syslog-ng/lib/libevtlog.a opt/syslog-ng/lib/libevtlog.la eventlog-0.2.12/tgz2build/libevtlog0.files000066400000000000000000000001021140610524600204100ustar00rootroot00000000000000opt/syslog-ng/lib/libevtlog.s[l,o]* opt/syslog-ng/lib/libevtlog.a eventlog-0.2.12/tgz2build/rules000077500000000000000000000015211140610524600164030ustar00rootroot00000000000000#!/usr/bin/make -f include tgz2build/rules.conf STAMPDIR=tgz2build/stamps CONFIGURE_OPTS := --prefix $(ZBS_PREFIX) --enable-shared ifneq (,$(findstring solaris,$(ZBS_DIST))) ifneq (,$(findstring amd64,$(ZBS_ARCH))) CONFIGURE_OPTS += endif endif all: binary binary: setup configure build install setup: $(STAMPDIR)/stamp-setup $(STAMPDIR)/stamp-setup: mkdir tgz2build/stamps || true touch $@ configure: $(STAMPDIR)/stamp-configure $(STAMPDIR)/stamp-configure: ./configure $(CONFIGURE_OPTS) touch $@ build: $(STAMPDIR)/stamp-build $(STAMPDIR)/stamp-build: $(MAKE) touch $@ install: rm -rf $(ZBS_STAGE_DIR) $(MAKE) install DESTDIR=$(ZBS_STAGE_DIR) clean: rm -rf tgz2build/stamps || true rm -rf tgz2build/staging || true $(MAKE) clean eventlog-0.2.12/tgz2build/rules.conf000066400000000000000000000000561140610524600173260ustar00rootroot00000000000000LIBPKGNAME=libevtlog0 DEVPKGNAME=libevtlog-deveventlog-0.2.12/tgz2build/rules.conf.in000066400000000000000000000000561140610524600177330ustar00rootroot00000000000000LIBPKGNAME=libevtlog0 DEVPKGNAME=libevtlog-deveventlog-0.2.12/tgzbuild/000077500000000000000000000000001140610524600152425ustar00rootroot00000000000000eventlog-0.2.12/tgzbuild/Makefile.am000066400000000000000000000000621140610524600172740ustar00rootroot00000000000000EXTRA_DIST = libevtlog-dev.files libevtlog0.files eventlog-0.2.12/tgzbuild/libevtlog-dev.files000066400000000000000000000001211140610524600210230ustar00rootroot00000000000000include/eventlog lib/pkgconfig lib/libevtlog.a lib/libevtlog.la lib/libevtlog.so eventlog-0.2.12/tgzbuild/libevtlog0.files000066400000000000000000000000231140610524600203300ustar00rootroot00000000000000lib/libevtlog.so.* eventlog-0.2.12/winbuild/000077500000000000000000000000001140610524600152335ustar00rootroot00000000000000eventlog-0.2.12/winbuild/Makefile.am000066400000000000000000000000561140610524600172700ustar00rootroot00000000000000EXTRA_DIST=libevtlog-dev.files rules win2deps eventlog-0.2.12/winbuild/libevtlog-dev.files000066400000000000000000000000671140610524600210250ustar00rootroot00000000000000include/eventlog/* lib/pkgconfig/eventlog.pc lib/*.lib eventlog-0.2.12/winbuild/rules000077500000000000000000000014631140610524600163170ustar00rootroot00000000000000#!/usr/local/bin/make -f STAMPDIR=winbuild/stamps STAGINGDIR=winbuild/staging ZBS_STAGE_DIR=$(STAGINGDIR) BUILDCMD=./balabit-vs-build all: binary binary: setup configure build install setup: $(STAMPDIR)/stamp-setup $(STAMPDIR)/stamp-setup: mkdir -p $(STAMPDIR) chmod +x $(BUILDCMD) touch $@ configure: $(STAMPDIR)/stamp-configure $(BUILDCMD) configure --prefix=$(ZBS_STAGE_DIR) touch $@ $(STAMPDIR)/stamp-configure: setup build: $(STAMPDIR)/stamp-build $(STAMPDIR)/stamp-build: configure $(BUILDCMD) make touch $@ install: $(STAMPDIR)/stamp-install $(STAMPDIR)/stamp-install: build rm -rf $(ZBS_STAGE_DIR) || true $(BUILDCMD) make install touch $@ clean: rm -rf $(STAMPDIR) || true rm -rf $(STAGINGDIR) || true $(BUILDCMD) make clean .PHONY: build clean binary-indep binary-arch binary install eventlog-0.2.12/winbuild/win2deps000066400000000000000000000000201140610524600167010ustar00rootroot00000000000000msvc-compat-dev