Package: syslog-ng
Version: 1.6.5-2
Severity: wishlist
Tags: patch
Please consider adding the attached patch to the syslog-ng package, it
is very small, but does great things. The patch comes from
http://dev.riseup.net/patches/syslog-ng/ and what it does is provide a
simple filter to strip out unwanted regular expressions from logs, as
well as an IP alias that enables you to strip out IP addresses from
your logs.
>From the README:
This patch adds the capability to syslog-ng that allows you to strip
out any given regexp or all IP addresses from log messages before they
are written to disk. The goal is to give the system administrator the
means to implement site logging policies, by allowing them easy
control over exactly what data they retain in their logfiles,
regardless of what a particular daemon might think is best.
The attached patch adds this capability to the syslog-ng debian
package. Additionally, I have fixed a grammar error in debian/control,
also fixed two lintian errors (it is required to have a versioned
depends on util-linux and debian/changelog needs to be valid UTF-8),
those fixes are included with the attached patch.
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (300, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-vs1.9.5
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages syslog-ng depends on:
ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an
ii util-linux 2.12p-4 Miscellaneous system utilities
-- no debconf information
diff -uNr /tmp/syslog-ng-1.6.5/debian/changelog
/home/micah/debian/syslog-ng/syslog-ng-1.6.5/debian/changelog
--- /tmp/syslog-ng-1.6.5/debian/changelog 2005-04-08 15:21:08.866156088
-0500
+++ /home/micah/debian/syslog-ng/syslog-ng-1.6.5/debian/changelog
2005-04-08 15:25:44.570242696 -0500
@@ -1,16 +1,28 @@
+syslog-ng (1.6.5-3) unstable; urgency=low
+
+ * Added syslog-ng-anon IP anonymizing patch, see
+ /usr/share/doc/README.syslog-ng-anon for more information
+ * Fixed grammar error in debian/control
+ * Changed debian/control to use a versioned depends on util-linux
+ to fix lintian error
+ * Converted debian/changelog to be valid UTF-8 by to fix lintian
+ error
+
+ -- Micah Anderson <[EMAIL PROTECTED]> Fri, 8 Apr 2005 15:24:53 -0500
+
syslog-ng (1.6.5-2) unstable; urgency=low
* Checks if UDP ends in NL or NUL. Closes: #282782
* Merged in _second_ version of Loic's syslog-ng.conf. Closes: #268686
* Made kernel logging parameters configureable through
/etc/defaults/syslog-ng. Closes: #283091
- -- Magosányi Árpád (mag) <[EMAIL PROTECTED]> Sat, 11 Dec 2004 22:16:43
+0100
+ -- Magosányi Ãrpád (mag) <[EMAIL PROTECTED]> Sat, 11 Dec 2004
22:16:43 +0100
syslog-ng (1.6.5-1) unstable; urgency=low
* New upstream version
- -- Magosányi Árpád (mag) <[EMAIL PROTECTED]> Tue, 2 Nov 2004 01:53:53
+0100
+ -- Magosányi Ãrpád (mag) <[EMAIL PROTECTED]> Tue, 2 Nov 2004
01:53:53 +0100
syslog-ng (1.6.4-2) unstable; urgency=low
@@ -21,13 +33,13 @@
* New syslog-ng.conf. Closes: #268686
* Added Nate Campi's FAQ. Closes: #268998
- -- Magos�nyi �rp�d (mag) <[EMAIL PROTECTED]> Mon, 13 Sep 2004 17:19:50 +0200
+ -- Magosányi Árpád (mag) <[EMAIL PROTECTED]> Mon, 13 Sep 2004 17:19:50
+0200
syslog-ng (1.6.4-1) unstable; urgency=low
* New upstream version
- -- Magos�nyi �rp�d (mag) <[EMAIL PROTECTED]> Sat, 24 Jul 2004 17:45:51 +0200
+ -- Magosányi Árpád (mag) <[EMAIL PROTECTED]> Sat, 24 Jul 2004 17:45:51
+0200
syslog-ng (1.6.2-4) unstable; urgency=low
@@ -35,20 +47,20 @@
* added Nate Campi's expanded syslog-ng.conf to docs. Closes: #241783
* fixed cut-and-paste errors in manpage of syslog-ng.conf. Closes: #260845
- -- Magos�nyi �rp�d (mag) <[EMAIL PROTECTED]> Sat, 12 Jun 2004 23:27:45 +0200
+ -- Magosányi Árpád (mag) <[EMAIL PROTECTED]> Sat, 12 Jun 2004 23:27:45
+0200
syslog-ng (1.6.2-3) unstable; urgency=low
* changed manpage to better reflect -v. Closes: #228377
* fixed build-depends, hopefully correctly now:( Closes: #237668
- -- Magos�nyi �rp�d (mag) <[EMAIL PROTECTED]> Sat, 13 Mar 2004 18:35:37 +0100
+ -- Magosányi Árpád (mag) <[EMAIL PROTECTED]> Sat, 13 Mar 2004 18:35:37
+0100
syslog-ng (1.6.2-2) unstable; urgency=low
* Automake build-dependency added. Closes: #237668
- -- Magos�nyi �rp�d (mag) <[EMAIL PROTECTED]> Fri, 12 Mar 2004 21:44:56 +0100
+ -- Magosányi Árpád (mag) <[EMAIL PROTECTED]> Fri, 12 Mar 2004 21:44:56
+0100
syslog-ng (1.6.2-1) unstable; urgency=low
@@ -60,7 +72,7 @@
* (1.6.0rc4-2) removed logrotate configuration for ppp.log. Closes: #207411
* (1.6.0rc4-2) corrected documentation of match in syslog-ng.conf(5) .
Closes: #206819
- -- Magos�nyi �rp�d (mag) <[EMAIL PROTECTED]> Fri, 12 Mar 2004 15:04:15 +0100
+ -- Magosányi Árpád (mag) <[EMAIL PROTECTED]> Fri, 12 Mar 2004 15:04:15
+0100
syslog-ng (1.6.0rc4-4) unstable; urgency=low
@@ -69,13 +81,13 @@
the changes were not.)
* Regenerating non-source documentation.
- -- Magos�nyi �rp�d (mag) <[EMAIL PROTECTED]> Thu, 11 Dec 2003 23:05:11 +0100
+ -- Magosányi Árpád (mag) <[EMAIL PROTECTED]> Thu, 11 Dec 2003 23:05:11
+0100
syslog-ng (1.6.0rc4-3) unstable; urgency=low
* debian/rules changes to utilize gnu arch (tla)
- -- Magos�nyi �rp�d (mag) <[EMAIL PROTECTED]> Wed, 15 Oct 2003 17:05:20 +0200
+ -- Magosányi Árpád (mag) <[EMAIL PROTECTED]> Wed, 15 Oct 2003 17:05:20
+0200
syslog-ng (1.6.0rc4-2) unstable; urgency=low
@@ -84,7 +96,7 @@
* corrected documentation of match in syslog-ng.conf(5) . Closes: #206819
* added documentation to faq about log ownership. closes: #65456
- -- Magos�nyi �rp�d (mag) <[EMAIL PROTECTED]> Tue, 14 Oct 2003 16:30:01 +0200
+ -- Magosányi Árpád (mag) <[EMAIL PROTECTED]> Tue, 14 Oct 2003 16:30:01
+0200
syslog-ng (1.6.0rc4-1) unstable; urgency=low
@@ -97,7 +109,7 @@
Closes: #171792
* cut reference to future features. Closes: #215197
- -- Magos�nyi �rp�d (mag) <[EMAIL PROTECTED]> Tue, 14 Oct 2003 13:30:34 +0200
+ -- Magosányi Árpád (mag) <[EMAIL PROTECTED]> Tue, 14 Oct 2003 13:30:34
+0200
syslog-ng (1.6.0rc1+20030310-2) unstable; urgency=low
@@ -156,7 +168,7 @@
syslog-ng (1.5.19-3) unstable; urgency=low
* Change to --compare-versions. Close: #156112, #156136
- * Include example written by from J�rg Sommer <[EMAIL PROTECTED]>.
+ * Include example written by from Jörg Sommer <[EMAIL PROTECTED]>.
Close: #156114
* Change the if statement from `timeout <= 0' to `timeout > 0' and
therefore log STATS message only if timeout > 0. Close: #156045
diff -uNr /tmp/syslog-ng-1.6.5/debian/control
/home/micah/debian/syslog-ng/syslog-ng-1.6.5/debian/control
--- /tmp/syslog-ng-1.6.5/debian/control 2005-04-08 15:21:08.867155936 -0500
+++ /home/micah/debian/syslog-ng/syslog-ng-1.6.5/debian/control 2005-04-08
15:27:05.086002440 -0500
@@ -8,12 +8,12 @@
Package: syslog-ng
Architecture: any
-Depends: ${shlibs:Depends}, util-linux
+Depends: ${shlibs:Depends}, util-linux (>=2.12-10)
Recommends: logrotate
Provides: system-log-daemon, linux-kernel-log-daemon
Conflicts: system-log-daemon, sysklogd, linux-kernel-log-daemon
Description: Next generation logging daemon
- Syslog-ng tries to fill the gaps original syslogd's were lacking:
+ Syslog-ng fills the gaps the original syslogd's were lacking:
* powerful configurability
* filtering based on message content
* portability
diff -uNr /tmp/syslog-ng-1.6.5/doc/Makefile.am
/home/micah/debian/syslog-ng/syslog-ng-1.6.5/doc/Makefile.am
--- /tmp/syslog-ng-1.6.5/doc/Makefile.am 1999-11-15 06:30:41.000000000
-0600
+++ /home/micah/debian/syslog-ng/syslog-ng-1.6.5/doc/Makefile.am
2005-04-08 15:27:48.978329792 -0500
@@ -4,7 +4,8 @@
EXTRA_DIST = $(man_MANS) stresstest.sh syslog-ng.old.txt \
syslog-ng.conf.demo syslog-ng.conf.sample \
- syslog-ng.conf.solaris
+ syslog-ng.conf.solaris README.syslog-ng-anon \
+ syslog-ng-anon.conf
diff -uNr /tmp/syslog-ng-1.6.5/doc/Makefile.in
/home/micah/debian/syslog-ng/syslog-ng-1.6.5/doc/Makefile.in
--- /tmp/syslog-ng-1.6.5/doc/Makefile.in 2004-08-05 06:53:44.000000000
-0500
+++ /home/micah/debian/syslog-ng/syslog-ng-1.6.5/doc/Makefile.in
2005-04-08 15:27:48.981329336 -0500
@@ -116,7 +116,8 @@
EXTRA_DIST = $(man_MANS) stresstest.sh syslog-ng.old.txt \
syslog-ng.conf.demo syslog-ng.conf.sample \
- syslog-ng.conf.solaris
+ syslog-ng.conf.solaris README.syslog-ng-anon \
+ syslog-ng-anon.conf
subdir = doc
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
diff -uNr /tmp/syslog-ng-1.6.5/doc/README.syslog-ng-anon
/home/micah/debian/syslog-ng/syslog-ng-1.6.5/doc/README.syslog-ng-anon
--- /tmp/syslog-ng-1.6.5/doc/README.syslog-ng-anon 1969-12-31
18:00:00.000000000 -0600
+++ /home/micah/debian/syslog-ng/syslog-ng-1.6.5/doc/README.syslog-ng-anon
2005-04-08 15:27:48.984328880 -0500
@@ -0,0 +1,93 @@
+syslog-ng-anon
+
+ This patch adds the capability to syslog-ng that allows you to strip
+ out any given regexp or all IP addresses from log messages before
+ they are written to disk. The goal is to give the system administrator
+ the means to implement site logging policies, by allowing them easy
+ control over exactly what data they retain in their logfiles,
+ regardless of what a particular daemon might think is best.
+
+Background:
+
+ Data retention has become a hot legal topic for ISPs and other Online
+ Service Providers (OSPs). There are many instances where it is preferable
+ to keep less information on users than is collected by default on many
+ systems. In the United States it is not currently required to retain
+ data on users of a server, but you may be required to provide all data
+ on a user which you have retained. OSPs can protect themselves from legal
+ hassles and added work by choosing what data they wish to retain.
+
+ From "Best Practices for Online Service Providers"
+ (http://www.eff.org/osp):
+
+ As an intermediary, the OSP [Online Service Provider] finds itself in
+ a position to collect and store detailed information about its users
+ and their online activities that may be of great interest to third
+ parties. The USA PATRIOT Act also provides the government with
+ expanded powers to request this information. As a result, OSP owners
+ must deal with requests from law enforcement and lawyers to hand over
+ private user information and logs. Yet, compliance with these demands
+ takes away from an OSP's goal of providing users with reliable,
+ secure network services. In this paper, EFF offers some suggestions,
+ both legal and technical, for best practices that balance the needs
+ of OSPs and their users' privacy and civil liberties.
+
+ Rather than scrubbing the information you don't want in logs, this patch
+ ensures that the information is never written to disk. Also, for those
+ daemons which log through syslog facilities, this patch provides a
+ convenient single configuration to limit what you wish to log.
+
+ Here are some related links:
+
+ Best Practices for Online Service Providers
+ http://www.eff.org/osp
+ http://www.eff.org/osp/20040819_OSPBestPractices.pdf
+
+ EPIC International Data Retention Page
+ http://www.epic.org/privacy/intl/data_retention.html
+
+ Working Paper on Usage Log Data Management (from Computer, Freedom, and
+ Privacy conference) http://cryptome.org/usage-logs.htm
+
+
+Installing syslog-ng-anon
+
+ Applying the patch
+
+ This patch has been tested against the following versions of syslog-ng:
+ . version 1.9.5
+ . Debian package syslog-ng_1.9.5-2
+
+
+ To use this patch, obtain the source for syslog-ng
+ (http://www.balabit.com/downloads/syslog-ng/1.6/src/) and the latest
+ syslog-ng-anon patch (http://dev.riseup.net/patches/syslog-ng/).
+ Uncompress the syslog-ng source and then apply the patch:
+
+ % tar -zxvf syslog-ng.tar.gz
+ % cd syslog-ng
+ % patch -p3 < syslog-ng-anon.diff
+
+ Then compile and install syslog-ng as normal.
+
+ Debian package
+
+ Alternately, you can install syslog-ng-anon from this repository:
+ deb http://deb.riseup.net/debian unstable main
+
+ How to use it
+
+ This patch adds the filter "strip". For example:
+
+ filter f_strip {strip(<regexp>);};
+
+ This will strip out all matches of the regular expression on logs to
+ which the filter is applied. In place of a regular expression, you can
+ put "ips", which will remove all internet addresses. For example:
+
+ and the shortcut 'ips':
+
+ filter f_strip {strip(ips);};
+
+
+For a complete example, see the example syslog-ng-anon.conf.
diff -uNr /tmp/syslog-ng-1.6.5/doc/syslog-ng-anon.conf
/home/micah/debian/syslog-ng/syslog-ng-1.6.5/doc/syslog-ng-anon.conf
--- /tmp/syslog-ng-1.6.5/doc/syslog-ng-anon.conf 1969-12-31
18:00:00.000000000 -0600
+++ /home/micah/debian/syslog-ng/syslog-ng-1.6.5/doc/syslog-ng-anon.conf
2005-04-08 15:27:48.987328424 -0500
@@ -0,0 +1,243 @@
+#
+# Configuration file for syslog-ng under Debian.
+# Customized for riseup.net using syslog-ng-anon patch
+# (http://dev.riseup.net/patches/syslog-ng/)
+#
+# see http://www.campin.net/syslog-ng/expanded-syslog-ng.conf
+# for examples.
+#
+# levels: emerg alert crit err warning notice info debug
+#
+
+############################################################
+## global options
+
+options {
+ chain_hostnames(0);
+ time_reopen(10);
+ time_reap(360);
+ sync(0);
+ log_fifo_size(2048);
+ create_dirs(yes);
+ group(adm);
+ perm(0640);
+ dir_perm(0755);
+ use_dns(no);
+};
+
+############################################################
+## universal source
+
+source s_all {
+ internal();
+ unix-stream("/dev/log");
+ file("/proc/kmsg" log_prefix("kernel: "));
+};
+
+############################################################
+## generic destinations
+
+destination df_facility_dot_info { file("/var/log/$FACILITY.info"); };
+destination df_facility_dot_notice { file("/var/log/$FACILITY.notice"); };
+destination df_facility_dot_warn { file("/var/log/$FACILITY.warn"); };
+destination df_facility_dot_err { file("/var/log/$FACILITY.err"); };
+destination df_facility_dot_crit { file("/var/log/$FACILITY.crit"); };
+
+############################################################
+## generic filters
+
+filter f_strip { strip(ips); };
+filter f_at_least_info { level(info..emerg); };
+filter f_at_least_notice { level(notice..emerg); };
+filter f_at_least_warn { level(warn..emerg); };
+filter f_at_least_err { level(err..emerg); };
+filter f_at_least_crit { level(crit..emerg); };
+
+############################################################
+## auth.log
+
+filter f_auth { facility(auth, authpriv); };
+destination df_auth { file("/var/log/auth.log"); };
+log {
+ source(s_all);
+ filter(f_auth);
+ destination(df_auth);
+};
+
+############################################################
+## daemon.log
+
+filter f_daemon { facility(daemon); };
+destination df_daemon { file("/var/log/daemon.log"); };
+log {
+ source(s_all);
+ filter(f_daemon);
+ destination(df_daemon);
+};
+
+############################################################
+## kern.log
+
+filter f_kern { facility(kern); };
+destination df_kern { file("/var/log/kern.log"); };
+log {
+ source(s_all);
+ filter(f_kern);
+ destination(df_kern);
+};
+
+############################################################
+## user.log
+
+filter f_user { facility(user); };
+destination df_user { file("/var/log/user.log"); };
+log {
+ source(s_all);
+ filter(f_user);
+ destination(df_user);
+};
+
+############################################################
+## sympa.log
+
+filter f_sympa { program("^(sympa|bounced|archived|task_manager)"); };
+destination d_sympa { file("/var/log/sympa.log"); };
+log {
+ source(s_all);
+ filter(f_sympa);
+ destination(d_sympa);
+ flags(final);
+};
+
+############################################################
+## wwsympa.log
+
+filter f_wwsympa { program("^wwsympa"); };
+destination d_wwsympa { file("/var/log/wwsympa.log"); };
+log {
+ source(s_all);
+ filter(f_wwsympa);
+ filter(f_strip);
+ destination(d_wwsympa);
+ flags(final);
+};
+
+############################################################
+## ldap.log
+
+filter f_ldap { program("slapd"); };
+destination d_ldap { file("/var/log/ldap.log"); };
+log {
+ source(s_all);
+ filter(f_ldap);
+ destination(d_ldap);
+ flags(final);
+};
+
+############################################################
+## postfix.log
+
+# special source because of chroot jail
+#source s_postfix { unix-stream("/var/spool/postfix/dev/log" keep-alive(yes));
};
+filter f_postfix { program("^postfix/"); };
+destination d_postfix { file("/var/log/postfix.log"); };
+log {
+ source(s_all);
+ filter(f_postfix);
+ filter(f_strip);
+ destination(d_postfix);
+ flags(final);
+};
+
+############################################################
+## courier.log
+
+filter f_courier { program("courier|imap|pop"); };
+destination d_courier { file("/var/log/courier.log"); };
+log {
+ source(s_all);
+ filter(f_courier);
+ filter(f_strip);
+ destination(d_courier);
+ flags(final);
+};
+
+############################################################
+## maildrop.log
+
+filter f_maildrop { program("^maildrop"); };
+destination d_maildrop { file("/var/log/maildrop.log"); };
+log {
+ source(s_all);
+ filter(f_maildrop);
+ destination(d_courier);
+ flags(final);
+};
+
+############################################################
+## mail.log
+
+filter f_mail { facility(mail); };
+destination df_mail { file("/var/log/mail.log"); };
+
+log {
+ source(s_all);
+ filter(f_mail);
+ destination(df_mail);
+};
+
+############################################################
+## messages.log
+
+filter f_messages {
+ level(debug,info,notice)
+ and not facility(auth,authpriv,daemon,mail,user,kern);
+};
+destination df_messages { file("/var/log/messages.log"); };
+log {
+ source(s_all);
+ filter(f_messages);
+ destination(df_messages);
+};
+
+############################################################
+## errors.log
+
+filter f_errors {
+ level(warn,err,crit,alert,emerg)
+ and not facility(auth,authpriv,daemon,mail,user,kern);
+};
+destination df_errors { file("/var/log/errors.log"); };
+log {
+ source(s_all);
+ filter(f_errors);
+ destination(df_errors);
+};
+
+############################################################
+## emergencies
+
+filter f_emerg { level(emerg); };
+destination du_all { usertty("*"); };
+log {
+ source(s_all);
+ filter(f_emerg);
+ destination(du_all);
+};
+
+############################################################
+## console messages
+
+filter f_xconsole {
+ facility(daemon,mail)
+ or level(debug,info,notice,warn)
+ or (facility(news)
+ and level(crit,err,notice));
+};
+destination dp_xconsole { pipe("/dev/xconsole"); };
+log {
+ source(s_all);
+ filter(f_xconsole);
+ destination(dp_xconsole);
+};
+
diff -uNr /tmp/syslog-ng-1.6.5/src/cfg-grammar.y
/home/micah/debian/syslog-ng/syslog-ng-1.6.5/src/cfg-grammar.y
--- /tmp/syslog-ng-1.6.5/src/cfg-grammar.y 2004-05-06 03:57:52.000000000
-0500
+++ /home/micah/debian/syslog-ng/syslog-ng-1.6.5/src/cfg-grammar.y
2005-04-08 15:27:48.990327968 -0500
@@ -89,7 +89,7 @@
%token KW_REMOVE_IF_OLDER KW_LOG_PREFIX KW_PAD_SIZE
/* filter items*/
-%token KW_FACILITY KW_LEVEL KW_NETMASK KW_HOST KW_MATCH
+%token KW_FACILITY KW_LEVEL KW_NETMASK KW_HOST KW_MATCH KW_STRIP
/* yes/no switches */
%token KW_YES KW_NO
@@ -668,6 +668,7 @@
| KW_NETMASK '(' string ')' { $$ = make_filter_netmask($3);
free($3); }
| KW_HOST '(' string ')' { $$ = make_filter_host($3);
free($3); }
| KW_MATCH '(' string ')' { $$ = make_filter_match($3);
free($3); }
+ | KW_STRIP '(' string ')' { $$ = make_filter_strip($3);
free($3); }
| KW_FILTER '(' string ')' { $$ = make_filter_call($3);
free($3); }
;
diff -uNr /tmp/syslog-ng-1.6.5/src/cfg-lex.l
/home/micah/debian/syslog-ng/syslog-ng-1.6.5/src/cfg-lex.l
--- /tmp/syslog-ng-1.6.5/src/cfg-lex.l 2005-04-08 15:21:08.855157760 -0500
+++ /home/micah/debian/syslog-ng/syslog-ng-1.6.5/src/cfg-lex.l 2005-04-08
15:27:48.993327512 -0500
@@ -140,6 +140,7 @@
{ "netmask", KW_NETMASK },
{ "host", KW_HOST },
{ "match", KW_MATCH },
+ { "strip", KW_STRIP },
/* on/off switches */
{ "yes", KW_YES },
diff -uNr /tmp/syslog-ng-1.6.5/src/filters.c
/home/micah/debian/syslog-ng/syslog-ng-1.6.5/src/filters.c
--- /tmp/syslog-ng-1.6.5/src/filters.c 2004-01-13 12:08:02.000000000 -0600
+++ /home/micah/debian/syslog-ng/syslog-ng-1.6.5/src/filters.c 2005-04-08
15:27:48.995327208 -0500
@@ -226,6 +226,44 @@
return &self->super;
}
+static int do_filter_strip(struct filter_expr_node *c,
+ struct log_filter *rule UNUSED,
+ struct log_info *log)
+{
+ CAST(filter_expr_re, self, c);
+ char *buffer = log->msg->data;
+ regmatch_t pmatch;
+
+ int error = regexec(&self->regex, buffer, 1, &pmatch, 0);
+ while (error==0) {
+ buffer += pmatch.rm_so;
+ memset(buffer, '-', pmatch.rm_eo - pmatch.rm_so);
+ error = regexec (&self->regex, buffer, 1, &pmatch, REG_NOTBOL);
+ }
+ return 1;
+}
+
+struct filter_expr_node *make_filter_strip(const char *re)
+{
+ int regerr;
+ NEW(filter_expr_re, self);
+ self->super.eval = do_filter_strip;
+
+ if (strcasecmp(re,"ips") == 0) {
+ re =
"(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])([\\.\\-](25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])){3}";
+ }
+ regerr = regcomp(&self->regex, re, REG_ICASE | REG_EXTENDED);
+ if (regerr) {
+ char errorbuf[256];
+ regerror(regerr, &self->regex, errorbuf, sizeof(errorbuf));
+ werror("Error compiling regular expression: \"%z\" (%z)\n", re,
errorbuf);
+ KILL(self);
+ return NULL;
+ }
+
+ return &self->super;
+}
+
static int do_filter_prog(struct filter_expr_node *c,
struct log_filter *rule UNUSED,
struct log_info *log)
diff -uNr /tmp/syslog-ng-1.6.5/src/filters.h
/home/micah/debian/syslog-ng/syslog-ng-1.6.5/src/filters.h
--- /tmp/syslog-ng-1.6.5/src/filters.h 2002-02-04 10:07:50.000000000 -0600
+++ /home/micah/debian/syslog-ng/syslog-ng-1.6.5/src/filters.h 2005-04-08
15:27:48.997326904 -0500
@@ -66,6 +66,7 @@
struct filter_expr_node *make_filter_netmask(const char *nm);
struct filter_expr_node *make_filter_host(const char *re);
struct filter_expr_node *make_filter_match(const char *re);
+struct filter_expr_node *make_filter_strip(const char *re);
struct filter_expr_node *make_filter_call(const char *name);
#endif
