1 /**************************************************************************//**
3 * Implementation of EVEL functions relating to the Syslog.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions are met:
11 * 1. Redistributions of source code must retain the above copyright notice,
12 * this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright notice,
14 * this list of conditions and the following disclaimer in the documentation
15 * and/or other materials provided with the distribution.
16 * 3. All advertising materials mentioning features or use of this software
17 * must display the following acknowledgement: This product includes
18 * software developed by the AT&T.
19 * 4. Neither the name of AT&T nor the names of its contributors may be used to
20 * endorse or promote products derived from this software without specific
21 * prior written permission.
23 * THIS SOFTWARE IS PROVIDED BY AT&T INTELLECTUAL PROPERTY ''AS IS'' AND ANY
24 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
25 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
26 * DISCLAIMED. IN NO EVENT SHALL AT&T INTELLECTUAL PROPERTY BE LIABLE FOR ANY
27 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
28 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
29 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
30 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
31 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
32 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
33 *****************************************************************************/
39 #include "evel_throttle.h"
41 /**************************************************************************//**
42 * Create a new Syslog event.
44 * @note The mandatory fields on the Syslog must be supplied to this factory
45 * function and are immutable once set. Optional fields have explicit
46 * setter functions, but again values may only be set once so that the
47 * Syslog has immutable properties.
48 * @param event_source_type The type of Syslog event source.
49 * @param syslog_msg The Syslog event message.
50 * @param syslog_tag The messgaeId identifying the type of message.
51 * @returns pointer to the newly manufactured ::EVENT_SYSLOG. If the event is
52 * not used (i.e. posted) it must be released using
54 * @retval NULL Failed to create the event.
55 *****************************************************************************/
56 EVENT_SYSLOG * evel_new_syslog(EVEL_SOURCE_TYPES event_source_type,
57 const char * const syslog_msg,
58 const char * const syslog_tag)
60 EVENT_SYSLOG * syslog = NULL;
63 /***************************************************************************/
64 /* Check preconditions. */
65 /***************************************************************************/
66 assert(event_source_type < EVEL_MAX_SOURCE_TYPES);
67 assert(syslog_msg != NULL);
68 assert(syslog_tag != NULL);
70 /***************************************************************************/
71 /* Allocate the Syslog. */
72 /***************************************************************************/
73 syslog = malloc(sizeof(EVENT_SYSLOG));
76 log_error_state("Out of memory");
79 memset(syslog, 0, sizeof(EVENT_SYSLOG));
80 EVEL_DEBUG("New Syslog is at %lp", syslog);
82 /***************************************************************************/
83 /* Initialize the header & the Syslog fields. Optional string values are */
84 /* uninitialized (NULL). */
85 /***************************************************************************/
86 evel_init_header(&syslog->header,"Syslog");
87 syslog->header.event_domain = EVEL_DOMAIN_SYSLOG;
88 syslog->major_version = EVEL_SYSLOG_MAJOR_VERSION;
89 syslog->minor_version = EVEL_SYSLOG_MINOR_VERSION;
90 syslog->event_source_type = event_source_type;
91 syslog->syslog_msg = strdup(syslog_msg);
92 syslog->syslog_tag = strdup(syslog_tag);
93 evel_init_option_int(&syslog->syslog_facility);
94 evel_init_option_int(&syslog->syslog_proc_id);
95 evel_init_option_int(&syslog->syslog_ver);
96 evel_init_option_string(&syslog->additional_filters);
97 evel_init_option_string(&syslog->event_source_host);
98 evel_init_option_string(&syslog->syslog_proc);
99 evel_init_option_string(&syslog->syslog_s_data);
100 evel_init_option_string(&syslog->syslog_sdid);
101 evel_init_option_string(&syslog->syslog_severity);
108 /**************************************************************************//**
109 * Set the Event Type property of the Syslog.
111 * @note The property is treated as immutable: it is only valid to call
112 * the setter once. However, we don't assert if the caller tries to
113 * overwrite, just ignoring the update instead.
115 * @param syslog Pointer to the syslog.
116 * @param type The Event Type to be set. ASCIIZ string. The caller
117 * does not need to preserve the value once the function
119 *****************************************************************************/
120 void evel_syslog_type_set(EVENT_SYSLOG * syslog,
121 const char * const type)
125 /***************************************************************************/
126 /* Check preconditions and call evel_header_type_set. */
127 /***************************************************************************/
128 assert(syslog != NULL);
129 assert(syslog->header.event_domain == EVEL_DOMAIN_SYSLOG);
130 evel_header_type_set(&syslog->header, type);
135 /**************************************************************************//**
136 * Add an additional value name/value pair to the Syslog.
138 * The name and value are null delimited ASCII strings. The library takes
139 * a copy so the caller does not have to preserve values after the function
142 * @param syslog Pointer to the syslog.
143 * @param name ASCIIZ string with the attribute's name. The caller
144 * does not need to preserve the value once the function
146 * @param value ASCIIZ string with the attribute's value. The caller
147 * does not need to preserve the value once the function
149 *****************************************************************************/
150 void evel_syslog_addl_filter_set(EVENT_SYSLOG * syslog,
155 /***************************************************************************/
156 /* Check preconditions. */
157 /***************************************************************************/
158 assert(syslog != NULL);
159 assert(syslog->header.event_domain == EVEL_DOMAIN_SYSLOG);
160 assert(filter != NULL);
162 evel_set_option_string(&syslog->additional_filters,
164 "Syslog filter string");
169 /**************************************************************************//**
170 * Set the Event Source Host property of the Syslog.
172 * @note The property is treated as immutable: it is only valid to call
173 * the setter once. However, we don't assert if the caller tries to
174 * overwrite, just ignoring the update instead.
176 * @param syslog Pointer to the Syslog.
177 * @param host The Event Source Host to be set. ASCIIZ string. The caller
178 * does not need to preserve the value once the function
180 *****************************************************************************/
181 void evel_syslog_event_source_host_set(EVENT_SYSLOG * syslog,
182 const char * const host)
186 /***************************************************************************/
187 /* Check preconditions. */
188 /***************************************************************************/
189 assert(syslog != NULL);
190 assert(syslog->header.event_domain == EVEL_DOMAIN_SYSLOG);
191 assert(host != NULL);
193 evel_set_option_string(&syslog->event_source_host,
195 "Event Source Host");
199 /**************************************************************************//**
200 * Set the Facility property of the Syslog.
202 * @note The property is treated as immutable: it is only valid to call
203 * the setter once. However, we don't assert if the caller tries to
204 * overwrite, just ignoring the update instead.
206 * @param syslog Pointer to the Syslog.
207 * @param facility The Syslog Facility to be set. ASCIIZ string. The caller
208 * does not need to preserve the value once the function
210 *****************************************************************************/
211 void evel_syslog_facility_set(EVENT_SYSLOG * syslog,
212 EVEL_SYSLOG_FACILITIES facility)
216 /***************************************************************************/
217 /* Check preconditions. */
218 /***************************************************************************/
219 assert(syslog != NULL);
220 assert(syslog->header.event_domain == EVEL_DOMAIN_SYSLOG);
221 assert(facility < EVEL_MAX_SYSLOG_FACILITIES);
223 evel_set_option_int(&syslog->syslog_facility,
229 /**************************************************************************//**
230 * Set the Process property of the Syslog.
232 * @note The property is treated as immutable: it is only valid to call
233 * the setter once. However, we don't assert if the caller tries to
234 * overwrite, just ignoring the update instead.
236 * @param syslog Pointer to the Syslog.
237 * @param proc The Process to be set. ASCIIZ string. The caller does not
238 * need to preserve the value once the function returns.
239 *****************************************************************************/
240 void evel_syslog_proc_set(EVENT_SYSLOG * syslog, const char * const proc)
244 /***************************************************************************/
245 /* Check preconditions. */
246 /***************************************************************************/
247 assert(syslog != NULL);
248 assert(syslog->header.event_domain == EVEL_DOMAIN_SYSLOG);
249 assert(proc != NULL);
251 evel_set_option_string(&syslog->syslog_proc, proc, "Process");
255 /**************************************************************************//**
256 * Set the Process ID property of the Syslog.
258 * @note The property is treated as immutable: it is only valid to call
259 * the setter once. However, we don't assert if the caller tries to
260 * overwrite, just ignoring the update instead.
262 * @param syslog Pointer to the Syslog.
263 * @param proc_id The Process ID to be set. ASCIIZ string. The caller does
264 * not need to preserve the value once the function returns.
265 *****************************************************************************/
266 void evel_syslog_proc_id_set(EVENT_SYSLOG * syslog, int proc_id)
270 /***************************************************************************/
271 /* Check preconditions. */
272 /***************************************************************************/
273 assert(syslog != NULL);
274 assert(syslog->header.event_domain == EVEL_DOMAIN_SYSLOG);
277 evel_set_option_int(&syslog->syslog_proc_id,
283 /**************************************************************************//**
284 * Set the Version property of the Syslog.
286 * @note The property is treated as immutable: it is only valid to call
287 * the setter once. However, we don't assert if the caller tries to
288 * overwrite, just ignoring the update instead.
290 * @param syslog Pointer to the Syslog.
291 * @param version The Version to be set. ASCIIZ string. The caller does not
292 * need to preserve the value once the function returns.
293 *****************************************************************************/
294 void evel_syslog_version_set(EVENT_SYSLOG * syslog, int version)
298 /***************************************************************************/
299 /* Check preconditions. */
300 /***************************************************************************/
301 assert(syslog != NULL);
302 assert(syslog->header.event_domain == EVEL_DOMAIN_SYSLOG);
303 assert(version >= 0);
305 evel_set_option_int(&syslog->syslog_ver,
311 /**************************************************************************//**
312 * Set the Structured Data property of the Syslog.
314 * @note The property is treated as immutable: it is only valid to call
315 * the setter once. However, we don't assert if the caller tries to
316 * overwrite, just ignoring the update instead.
318 * @param syslog Pointer to the Syslog.
319 * @param s_data The Structured Data to be set. ASCIIZ string. The caller
320 * does not need to preserve the value once the function
322 *****************************************************************************/
323 void evel_syslog_s_data_set(EVENT_SYSLOG * syslog, const char * const s_data)
327 /***************************************************************************/
328 /* Check preconditions. */
329 /***************************************************************************/
330 assert(syslog != NULL);
331 assert(syslog->header.event_domain == EVEL_DOMAIN_SYSLOG);
332 assert(s_data != NULL);
334 evel_set_option_string(&syslog->syslog_s_data,
340 /**************************************************************************//**
341 * Set the Structured SDID property of the Syslog.
343 * @note The property is treated as immutable: it is only valid to call
344 * the setter once. However, we don't assert if the caller tries to
345 * overwrite, just ignoring the update instead.
347 * @param syslog Pointer to the Syslog.
348 * @param sdid The Structured Data to be set. ASCIIZ string. name@number
349 * Caller does not need to preserve the value once the function
351 *****************************************************************************/
352 void evel_syslog_sdid_set(EVENT_SYSLOG * syslog, const char * const sdid)
356 /***************************************************************************/
357 /* Check preconditions. */
358 /***************************************************************************/
359 assert(syslog != NULL);
360 assert(syslog->header.event_domain == EVEL_DOMAIN_SYSLOG);
361 assert(sdid != NULL);
363 evel_set_option_string(&syslog->syslog_sdid,
369 /**************************************************************************//**
370 * Set the Structured Severity property of the Syslog.
372 * @note The property is treated as immutable: it is only valid to call
373 * the setter once. However, we don't assert if the caller tries to
374 * overwrite, just ignoring the update instead.
376 * @param syslog Pointer to the Syslog.
377 * @param sdid The Structured Data to be set. ASCIIZ string.
378 * Caller does not need to preserve the value once the function
380 *****************************************************************************/
381 void evel_syslog_severity_set(EVENT_SYSLOG * syslog, const char * const severty)
385 /***************************************************************************/
386 /* Check preconditions. */
387 /***************************************************************************/
388 assert(syslog != NULL);
389 assert(syslog->header.event_domain == EVEL_DOMAIN_SYSLOG);
390 assert(severty != NULL);
392 if( !strcmp(severty,"Alert") || !strcmp(severty,"Critical") || !strcmp(severty,"Debug") ||
393 !strcmp(severty,"Emergency") || !strcmp(severty,"Error") || !strcmp(severty,"Info") ||
394 !strcmp(severty,"Notice") || !strcmp(severty,"Warning") )
396 evel_set_option_string(&syslog->syslog_severity,
403 /**************************************************************************//**
404 * Encode the Syslog in JSON according to AT&T's schema for the event type.
406 * @param jbuf Pointer to the ::EVEL_JSON_BUFFER to encode into.
407 * @param event Pointer to the ::EVENT_HEADER to encode.
408 *****************************************************************************/
409 void evel_json_encode_syslog(EVEL_JSON_BUFFER * jbuf,
410 EVENT_SYSLOG * event)
412 char * event_source_type;
416 /***************************************************************************/
417 /* Check preconditions. */
418 /***************************************************************************/
419 assert(event != NULL);
420 assert(event->header.event_domain == EVEL_DOMAIN_SYSLOG);
422 event_source_type = evel_source_type(event->event_source_type);
424 evel_json_encode_header(jbuf, &event->header);
425 evel_json_open_named_object(jbuf, "syslogFields");
427 evel_enc_kv_opt_string(jbuf, "additionalFields", &event->additional_filters);
428 /***************************************************************************/
429 /* Mandatory fields */
430 /***************************************************************************/
431 evel_enc_kv_string(jbuf, "eventSourceType", event_source_type);
432 evel_enc_kv_string(jbuf, "syslogMsg", event->syslog_msg);
433 evel_enc_kv_string(jbuf, "syslogTag", event->syslog_tag);
435 jbuf, "syslogFieldsVersion", event->major_version, event->minor_version);
437 /***************************************************************************/
438 /* Optional fields */
439 /***************************************************************************/
440 evel_enc_kv_opt_string(jbuf, "eventSourceHost", &event->event_source_host);
441 evel_enc_kv_opt_int(jbuf, "syslogFacility", &event->syslog_facility);
442 evel_enc_kv_opt_int(jbuf, "syslogPri", &event->syslog_priority);
443 evel_enc_kv_opt_string(jbuf, "syslogProc", &event->syslog_proc);
444 evel_enc_kv_opt_int(jbuf, "syslogProcId", &event->syslog_proc_id);
445 evel_enc_kv_opt_string(jbuf, "syslogSData", &event->syslog_s_data);
446 evel_enc_kv_opt_string(jbuf, "syslogSdId", &event->syslog_sdid);
447 evel_enc_kv_opt_string(jbuf, "syslogSev", &event->syslog_severity);
448 evel_enc_kv_opt_int(jbuf, "syslogVer", &event->syslog_ver);
449 evel_json_close_object(jbuf);
451 EVEL_CT_ASSERT(EVEL_SYSLOG_FACILITY_KERNEL == 0);
452 EVEL_CT_ASSERT(EVEL_SYSLOG_FACILITY_USER == 1);
453 EVEL_CT_ASSERT(EVEL_SYSLOG_FACILITY_MAIL == 2);
454 EVEL_CT_ASSERT(EVEL_SYSLOG_FACILITY_SYSTEM_DAEMON == 3);
455 EVEL_CT_ASSERT(EVEL_SYSLOG_FACILITY_SECURITY_AUTH == 4);
456 EVEL_CT_ASSERT(EVEL_SYSLOG_FACILITY_INTERNAL == 5);
457 EVEL_CT_ASSERT(EVEL_SYSLOG_FACILITY_LINE_PRINTER == 6);
458 EVEL_CT_ASSERT(EVEL_SYSLOG_FACILITY_NETWORK_NEWS == 7);
459 EVEL_CT_ASSERT(EVEL_SYSLOG_FACILITY_UUCP == 8);
460 EVEL_CT_ASSERT(EVEL_SYSLOG_FACILITY_CLOCK_DAEMON == 9);
461 EVEL_CT_ASSERT(EVEL_SYSLOG_FACILITY_SECURITY_AUTH2 == 10);
462 EVEL_CT_ASSERT(EVEL_SYSLOG_FACILITY_FTP_DAEMON == 11);
463 EVEL_CT_ASSERT(EVEL_SYSLOG_FACILITY_NTP == 12);
464 EVEL_CT_ASSERT(EVEL_SYSLOG_FACILITY_LOG_AUDIT == 13);
465 EVEL_CT_ASSERT(EVEL_SYSLOG_FACILITY_LOG_ALERT == 14);
466 EVEL_CT_ASSERT(EVEL_SYSLOG_FACILITY_CLOCK_DAEMON2 == 15);
467 EVEL_CT_ASSERT(EVEL_SYSLOG_FACILITY_LOCAL0 == 16);
468 EVEL_CT_ASSERT(EVEL_SYSLOG_FACILITY_LOCAL1 == 17);
469 EVEL_CT_ASSERT(EVEL_SYSLOG_FACILITY_LOCAL2 == 18);
470 EVEL_CT_ASSERT(EVEL_SYSLOG_FACILITY_LOCAL3 == 19);
471 EVEL_CT_ASSERT(EVEL_SYSLOG_FACILITY_LOCAL4 == 20);
472 EVEL_CT_ASSERT(EVEL_SYSLOG_FACILITY_LOCAL5 == 21);
473 EVEL_CT_ASSERT(EVEL_SYSLOG_FACILITY_LOCAL6 == 22);
474 EVEL_CT_ASSERT(EVEL_SYSLOG_FACILITY_LOCAL7 == 23);
479 /**************************************************************************//**
482 * Free off the Syslog supplied. Will free all the contained allocated memory.
484 * @note It does not free the Syslog itself, since that may be part of a
486 *****************************************************************************/
487 void evel_free_syslog(EVENT_SYSLOG * event)
492 /***************************************************************************/
493 /* Check preconditions. As an internal API we don't allow freeing NULL */
494 /* events as we do on the public API. */
495 /***************************************************************************/
496 assert(event != NULL);
497 assert(event->header.event_domain == EVEL_DOMAIN_SYSLOG);
499 /***************************************************************************/
500 /* Free all internal strings then the header itself. */
501 /***************************************************************************/
503 evel_free_option_string(&event->additional_filters);
504 evel_free_option_string(&event->event_source_host);
505 free(event->syslog_msg);
506 evel_free_option_string(&event->syslog_proc);
507 evel_free_option_string(&event->syslog_s_data);
508 evel_free_option_string(&event->syslog_sdid);
509 evel_free_option_string(&event->syslog_severity);
510 free(event->syslog_tag);
511 evel_free_header(&event->header);