2015-03-04 11:04 GMT+01:00 Ansgar Puester <[email protected]>:
> Hello Rainer,
>
> Thanks for your answer.
> BTW: Do you remember me? I worked for Reinhard and Shahid at
> KLV, Troisdorf from 1994 to 1997.
>
>
of course, but I simply was too swamped to send an off-list note :-( -- now
done!
> Back to rsyslog:
> I did the following correction in file runtime/glbl.c
>
> ansgar@eis350:~/psource/rsyslog-8.8.0/runtime > diff glbl.c glbl.c_ori
> 157c157
> < { "net.permitaclwarning", eCmdHdlrBinary, 0 },
> ---
> > { "net.permitACLwarning", eCmdHdlrBinary, 0 },
> 1098c1098
> < } else if(!strcmp(paramblk.descr[i].name,
> "net.permitaclwarning")) {
> ---
> > } else if(!strcmp(paramblk.descr[i].name,
> "net.permitwarning")) {
>
> After recompiling the error message (-d setting)
> main thread : glblDoneLoadCnf: program error, non-handled param
> 'net.permitACLwarning'
> disapears. That's O.K.
>
> ... but net.permitACLWarning still does not work like I expect
>
> I get TCP warnings when setting
> global(net.permitACLWarning="off") !
>
> I get UDP warnings independent from any setting of net.permitACLWarning.
>
> My C knowledge is to low to understand your interface implementation
> of the setter an getter methods SetOption_DisallowWarning and
> GetOption_DisallowWarning using DEFobjCurrIf et cetera.
>
It's a whole bunch of macros to do the boring stuff. It mostly shuffles the
value through the layers that need to be there.
It is possible that this is a long-hidden bug. Most folks nowadays do not
use these settings because they either use iptables or TLS authentication
(of course, this is moot for UDP...). It still should work, of course. But
that may be a reason nobody ran into it before.
> My configuration (important part for this) looks like this
>
> global(net.permitACLWarning="off")
> $AllowedSender UDP, 127.0.0.1
> $AllowedSender TCP, 127.0.0.1
> global(preserveFQDN="off")
> $ModLoad imudp # provides UDP syslog reception
> $UDPServerRun 514
> $ModLoad imtcp # provides TCP syslog reception
> $InputTCPMaxSessions 10
> $InputTCPServerRun 514
>
> The two AllowedSender lines are for test purposes only.
> The will be a real list later.
>
> I run tests from an other machine using the logger utility.
> local5 messages are directed to the logserv machine using
> local5.* @@192.168.1.2;TraditionalFormat
> local5.* @192.168.1.2;TraditionalFormat
> This is also a test configuration.
>
> Do you have a testsuite for net.permitACLWarning?
>
I don't think so. Contributions would be welcome :-)
> Are you able to reproduce my results?
>
I have at least two high priority items on my list plus one thing
(imuxsock) that I need to finish. It would be great if you could open a bug
tracker at github, so that it doesn't get lost in the interim (mail too
easily tends to scroll of the "visible window").
I'll try to have a look as quickly as possible.
Rainer
>
> Thanks in advance.
> Best regards
> Ansgar
>
> Am 02.03.2015 um 19:02 schrieb Rainer Gerhards:
>
> 2015-03-02 16:30 GMT+01:00 Ansgar Puester <[email protected]>:
>>
>> Hello,
>>>
>>> when using the -w command line option your receive the
>>> following error message
>>>
>>> rsyslogd: the -w command line option will go away soon.
>>> Please use the global(net.permitWarning="off") configuration parameter
>>> instead.
>>>
>>> tools/rsyslogd.c should be corrected
>>> 1215 old
>>> "soon.\nPlease use the global(net.permitWarning=\"off\")"
>>> 1215 new
>>> "soon.\nPlease use the global(net.permitACLWarning=\"off\")"
>>>
>>> When trying
>>> global(net.permitACLWarning="off")
>>> and setting
>>> $AllowedSender UDP, 127.0.0.1
>>> $AllowedSender TCP, 127.0.0.1
>>> I still get messages like
>>> rsyslogd-2063:TCP message from disallowed sender eisnodev.ap.de
>>> discarded
>>> or
>>> rsyslogd:UDP message from disallowed sender discarded
>>> from sender with IP 192.168.1.53
>>>
>>> runtime/glbl.c confuses me
>>> 157 { "net.permitACLwarning", eCmdHdlrBinary, 0 },
>>> but
>>> 1098 } else if(!strcmp(paramblk.descr[i].name, "net.permitwarning")) {
>>>
>>> Looks like net.permitACLwarning is never set.
>>> Debug output is always
>>> main thread : net.permitACLwarning: 0
>>>
>>> But even after trying to fix the strcmp bug and debug output tells me
>>>
>>>
>> This sounds right. Did you use lower case or mixed case? At this point, it
>> must be lower case. This is because param names are case-insensitive, and
>> during config reading they are converted to lower case.
>>
>> Ah... and I see that's the problem with the param table (line 157), too.
>> It
>> also must be lower case.
>>
>> Please let me know if that fixes the issue. If it works, feel free to send
>> a PR or let me know if I should do the patch.
>>
>> Thanks,
>> Rainer
>>
>> main thread : net.permitACLwarning: 1
>>> I still get disallowed sender messages.
>>> Probably I'm on a complete wrong way.
>>>
>>> Could you please check the implementation of
>>> net.permitACLWarning
>>> or give me a hint?
>>>
>>> Thanks in advance
>>> Ansgar
>>> _______________________________________________
>>> rsyslog mailing list
>>> http://lists.adiscon.net/mailman/listinfo/rsyslog
>>> http://www.rsyslog.com/professional-services/
>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
>>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
>>> DON'T LIKE THAT.
>>>
>>> _______________________________________________
>> rsyslog mailing list
>> http://lists.adiscon.net/mailman/listinfo/rsyslog
>> http://www.rsyslog.com/professional-services/
>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
>> DON'T LIKE THAT.
>>
>>
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> DON'T LIKE THAT.
>
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
