Skip to content

Adding datagram-socket functionality#36

Open
halides wants to merge 1 commit intotrellix-enterprise:masterfrom
halides:master
Open

Adding datagram-socket functionality#36
halides wants to merge 1 commit intotrellix-enterprise:masterfrom
halides:master

Conversation

@halides
Copy link

@halides halides commented Mar 5, 2013

Moved 'int sock' declaration to class definiton in the header, as it is needed in more places than with just a stream socket.
I've added only the offset for the 32bit source code distribution.

I tried a couple of if's to choose whether to print or not the newline (audit_handler.cc, around line 491). I also took a look at using the msg_delimiter but I'm still running on low steam and this is my second to last day at this workplace. Maybe you have a good idea for this?

What I gathered from rsyslog doing a proper parser for the JSON is a bit of a pain. As far as I understood you need to actually write it in weird "rsyslog C" and then compile it into the binary.
Sending the messages from the audit plugin in the current syslog format http://tools.ietf.org/html/rfc5424 or the legacy format http://tools.ietf.org/html/rfc3164 would make things easier. I'll actually see if I can make sense of the event_formatter and make an optional formatter.

I figured a month would be enough to do this properly (as a side project during work) but a bad case of sciatica renders it's toll. Last three weeks my ability to concentrate has been most lacking.

@halides
Writing to a datagram socket functional.
257553a 
Moved 'int sock' declaration to class definiton in the header, as it is needed in more places than with just a stream socket.
I've added only the offset for the 32bit source code distribution.
@glicht
Copy link
Contributor

glicht commented Mar 6, 2013

Thanks for the pull request. We will review and see how to merge this in.

@lurdan
Copy link

lurdan commented May 13, 2013

ping?

@glicht
Copy link
Contributor

glicht commented May 14, 2013

Hi,

We didn't merge this yet into the source tree as wanted to do some testing
before and we still didn't get the chance.

You can try working with the suggested patch. Would appreciate to hear any
feedback.

Guy
On May 13, 2013 5:45 AM, "lurdan" notifications@github.com wrote:

ping?


Reply to this email directly or view it on GitHubhttps://github.com//pull/36#issuecomment-17790717
.

@ruckc
Copy link

ruckc commented Feb 3, 2014

I tested this and somehow the json is getting severely mangled... Its missing a syslog tag and the opening JSON bracket & quote. Its also getting blank messages, nothing after hostname.

<0>2014-02-03T14:43:30.503391+00:00 localhost.localdomain msg-type":"activity","date":"139 distinct t.triggerid,t.expression from triggers t,functions f,items i where t.triggerid=f.triggerid and f.itemid=i.itemid and i.hostid=10086 and t.description='Free disk space is less than 5% on volume /data' and t.triggerid<>14454"}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@halides @glicht @lurdan @ruckc