On Wed, 4 Mar 2009, Rainer Gerhards wrote: > David, > > Just a quick info: I'll initially create a separate branch for these > changes, as I can not go through them in details right now. I'll keep > that branch updated and the goal is to move it into the master branch as > soon as possible. Thanks for all your hard work!
no problem, once you can comment on it I'll work on adding IPv6. one problem I will have at that point is that I don't have any systems that use it (and most of my systems don't even have it compiled into the kernel) one thing that would be very useful for people looking to create additional modules would be if there was a simple example module that did something, but didn't use all the callbacks and helper functions that you have created. trying to untangle those to figure out what's happening is pretty hard. the current imtemplate is close to what's needed, but it is just a little bit too trivial. it's not clear from that exactly where you would do things like opening sockets, initializing global variables, etc. I'm thinking that probably the most trivial example would be a stripped-down version of imudp and omfwd that just did the minimum needed to get the packets in and out. (possibly with one config option, just to show how it is done, but everything else hard-coded) Rainer doesn't need to be the person to do this, if there is someone else who understands the modules and has a little time it would sure help the rest of us. David Lang > Rainer > >> -----Original Message----- >> From: [email protected] >> [mailto:[email protected]] On Behalf Of [email protected] >> Sent: Wednesday, March 04, 2009 8:17 AM >> To: rsyslog-users >> Subject: Re: [rsyslog] UDP source forging. >> >> Ok, here is a diff that works. >> >> it cycles the source IP address from 32000-42000 (since we are just >> sending, and not creating a normal socket this should not matter) >> >> it needs LIBS = /usr/lib/libnet.a in the Makefile in tools >> >> to use it create a template that puts the hostname-ip ahead >> of what you >> want to send, similar to >> >> $template TraditionalFwdFormat,"%fromhost-ip% >> <%pri%>%timegenerated% %HOSTNAME% %syslogtag%%msg%\n" >> >> *.* @10.0.0.100;TraditionalFwdFormat >> >> the one problem right now is that any logs sent from the >> local box will go >> out with a source IP of 127.0.0.1 >> >> I wasted a bit of time trying to setup filters to use a >> different template >> if $myhostname == $fromhost, but apparently the filtering >> doesn't allow >> comparing two properties, and then I realized that you have a very >> high-performance name cache now, so you could easily replace >> my trivial >> inet_pton(AF_INET, source_text_ip, &(source_ip.sin_addr)); >> line with a call to the name lookup and then the >> %fromhost-ip% could be >> replaced by %fromhost% in the template and everything would >> work sanely >> (assuming forward and reverse name resolution are sane ;-) >> >> I haven't tried to do IPv6 yet, I know that it requires more >> effort to set >> the IP layer options, but I don't know exactly what yet. >> >> I wanted to float this first to see what you think before >> spending much >> more time on it. >> >> David Lang >> > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
