diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 0000000..b105dd7 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,44 @@ +--- +name: Bug Report +about: Report a bug in systemd-netlogd +title: '' +labels: bug +assignees: '' +--- + +**systemd-netlogd version** +Output of `systemd-netlogd --version`: + +**OS and systemd version** +- Distribution: +- systemd version (`systemctl --version`): + +**Configuration** +```ini +# Contents of /etc/systemd/netlogd.conf (redact sensitive data) +[Network] +Address= +Protocol= +``` + +**Describe the bug** +A clear description of what the bug is. + +**Steps to reproduce** +1. +2. +3. + +**Expected behavior** +What you expected to happen. + +**Actual behavior** +What actually happened. + +**Logs** +``` +# Output of: journalctl -u systemd-netlogd -n 50 +``` + +**Additional context** +Any other relevant information (network setup, TLS certificates, firewall rules, etc.). diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 0000000..9d90b14 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,19 @@ +--- +name: Feature Request +about: Suggest a new feature or enhancement +title: '' +labels: enhancement +assignees: '' +--- + +**Is your feature request related to a problem?** +A clear description of the problem. Example: "I need to forward logs to multiple destinations..." + +**Describe the solution you'd like** +What you want to happen. + +**Describe alternatives you've considered** +Any alternative solutions or workarounds. + +**Additional context** +Any other context, config examples, or references (RFCs, other implementations, etc.). diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..b52c2d5 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,23 @@ +## Summary + +Brief description of the changes. + +Fixes #(issue number) + +## Changes + +- +- + +## Testing + +- [ ] `meson test -C build` passes +- [ ] Tested with UDP/TCP/TLS as applicable +- [ ] New code has test coverage (if applicable) + +## Checklist + +- [ ] Code follows systemd coding style +- [ ] Commit messages are clear and descriptive +- [ ] Documentation updated (if applicable) +- [ ] No new compiler warnings diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ae51e17..5647e9a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -24,8 +24,6 @@ jobs: python3-sphinx \ ninja-build \ meson \ - glib-2.0-dev \ - libudev-dev \ libsystemd-dev \ clang \ gperf \ @@ -35,13 +33,15 @@ jobs: libssl-dev - name: Build project - run: make + run: | + meson setup build + meson compile -C build - name: Run tests run: meson test -C build -v - name: Install - run: sudo make install + run: sudo meson install -C build - name: Create systemd-journal-netlog user run: sudo useradd -r -d / -s /usr/sbin/nologin -g systemd-journal systemd-journal-netlog || true @@ -55,12 +55,12 @@ jobs: run: sudo systemctl status systemd-netlogd build-rpm: - name: Build RPM on ${{ matrix.os }} + name: Build RPM (${{ matrix.os }}) runs-on: ubuntu-latest strategy: fail-fast: false matrix: - os: [fedora:latest, fedora:39, rockylinux:9, rockylinux:8] + os: [fedora:latest, fedora:41] container: image: ${{ matrix.os }} @@ -68,8 +68,7 @@ jobs: steps: - uses: actions/checkout@v4 - - name: Install RPM build dependencies (Fedora) - if: startsWith(matrix.os, 'fedora') + - name: Install RPM build dependencies run: | dnf install -y \ rpm-build \ @@ -77,33 +76,79 @@ jobs: meson \ ninja-build \ gcc \ - glib2-devel \ systemd-devel \ libcap-devel \ gperf \ openssl-devel \ libcmocka-devel \ python3-sphinx \ - git + python3-devel \ + python3-lxml + + - name: Set up RPM build tree + run: rpmdev-setuptree + + - name: Create source tarball + run: | + VERSION=$(grep "version:" meson.build | head -1 | sed "s/.*'\(.*\)'.*/\1/") + echo "Building version $VERSION" + tar czf ~/rpmbuild/SOURCES/systemd-netlogd-$VERSION.tar.gz \ + --transform "s,^\.,systemd-netlogd-$VERSION," \ + --exclude='.git' --exclude='builddir' \ + . + + - name: Copy spec file + run: cp systemd-netlogd.spec ~/rpmbuild/SPECS/ + + - name: Build RPMs + run: rpmbuild -ba ~/rpmbuild/SPECS/systemd-netlogd.spec + + - name: Test install RPM + run: | + dnf install -y ~/rpmbuild/RPMS/*/systemd-netlogd-*.rpm + rpm -qi systemd-netlogd + systemctl status systemd-netlogd || true + + - name: Upload RPM artifacts + uses: actions/upload-artifact@v4 + with: + name: rpms-${{ matrix.os }} + path: | + ~/rpmbuild/RPMS/*/*.rpm + ~/rpmbuild/SRPMS/*.rpm + retention-days: 30 + + build-rpm-rocky: + name: Build RPM (rockylinux:9) + runs-on: ubuntu-latest + + container: + image: rockylinux:9 + + steps: + - uses: actions/checkout@v4 - - name: Install RPM build dependencies (Rocky/RHEL) - if: startsWith(matrix.os, 'rockylinux') + - name: Enable CRB and install EPEL run: | dnf install -y epel-release + /usr/bin/crb enable + + - name: Install RPM build dependencies + run: | dnf install -y \ rpm-build \ rpmdevtools \ - meson \ - ninja-build \ gcc \ - glib2-devel \ systemd-devel \ libcap-devel \ gperf \ openssl-devel \ libcmocka-devel \ + python3-pip \ python3-sphinx \ - git + python3-devel \ + python3-lxml + pip3 install meson ninja - name: Set up RPM build tree run: rpmdev-setuptree @@ -112,23 +157,16 @@ jobs: run: | VERSION=$(grep "version:" meson.build | head -1 | sed "s/.*'\(.*\)'.*/\1/") echo "Building version $VERSION" - git archive --format=tar.gz --prefix=systemd-netlogd-$VERSION/ -o ~/rpmbuild/SOURCES/systemd-netlogd-$VERSION.tar.gz HEAD + tar czf ~/rpmbuild/SOURCES/systemd-netlogd-$VERSION.tar.gz \ + --transform "s,^\.,systemd-netlogd-$VERSION," \ + --exclude='.git' --exclude='builddir' \ + . - name: Copy spec file run: cp systemd-netlogd.spec ~/rpmbuild/SPECS/ - - name: Build source RPM - run: rpmbuild -bs ~/rpmbuild/SPECS/systemd-netlogd.spec - - - name: Build binary RPM - run: rpmbuild -bb ~/rpmbuild/SPECS/systemd-netlogd.spec - - - name: List built RPMs - run: | - echo "Source RPMs:" - ls -lh ~/rpmbuild/SRPMS/ - echo "Binary RPMs:" - ls -lh ~/rpmbuild/RPMS/*/ + - name: Build RPMs + run: rpmbuild -ba ~/rpmbuild/SPECS/systemd-netlogd.spec - name: Test install RPM run: | @@ -139,19 +177,19 @@ jobs: - name: Upload RPM artifacts uses: actions/upload-artifact@v4 with: - name: rpms-${{ matrix.os }} + name: rpms-rockylinux-9 path: | ~/rpmbuild/RPMS/*/*.rpm ~/rpmbuild/SRPMS/*.rpm retention-days: 30 build-deb: - name: Build DEB on ${{ matrix.os }} + name: Build DEB (${{ matrix.os }}) runs-on: ubuntu-latest strategy: fail-fast: false matrix: - os: [ubuntu:24.04, ubuntu:22.04, debian:12, debian:11] + os: [ubuntu:24.04, ubuntu:22.04, debian:12] container: image: ${{ matrix.os }} @@ -160,6 +198,8 @@ jobs: - uses: actions/checkout@v4 - name: Install build dependencies + env: + DEBIAN_FRONTEND: noninteractive run: | apt-get update apt-get install -y \ @@ -168,26 +208,64 @@ jobs: meson \ ninja-build \ pkg-config \ - libglib2.0-dev \ libsystemd-dev \ libcap-dev \ gperf \ libssl-dev \ libcmocka-dev \ python3-sphinx \ - git + fakeroot \ + devscripts - name: Build DEB package + run: dpkg-buildpackage -us -uc -b + + - name: Test install DEB run: | - # Create simple debian package structure - mkdir -p debian - - # Note: This is a basic build. For production, create proper debian/ directory - # with control, rules, changelog, etc. - make - meson test -C build -v - DESTDIR=$(pwd)/debian/tmp make install - - echo "DEB packaging would continue here with proper debian/ directory structure" - echo "For now, verifying build and install locations:" - find debian/tmp -type f + dpkg -i ../systemd-netlogd_*.deb || apt-get install -f -y + dpkg -s systemd-netlogd + systemctl status systemd-netlogd || true + + - name: Upload DEB artifacts + uses: actions/upload-artifact@v4 + with: + name: debs-${{ matrix.os }} + path: ../*.deb + retention-days: 30 + + build-archlinux: + name: Build on Arch Linux + runs-on: ubuntu-latest + + container: + image: archlinux:latest + + steps: + - name: Install base-devel and dependencies + run: | + pacman -Syu --noconfirm + pacman -S --noconfirm \ + base-devel \ + meson \ + gperf \ + libcap \ + openssl \ + systemd-libs \ + python-sphinx \ + cmocka \ + git + + - uses: actions/checkout@v4 + + - name: Build + run: | + meson setup build \ + --prefix=/usr/lib/systemd \ + --sysconfdir=/etc/systemd + meson compile -C build + + - name: Run tests + run: meson test -C build -v + + - name: Install + run: meson install -C build --destdir "$PWD/pkg" diff --git a/ARCHITECTURE.md b/ARCHITECTURE.md index cbb5245..f3e6415 100644 --- a/ARCHITECTURE.md +++ b/ARCHITECTURE.md @@ -47,7 +47,7 @@ systemd-netlogd is a network logging daemon that reads from the systemd journal │ │ │ │ ├──────► Protocol Layer │ │ │ ├─► RFC 5424 Formatter │ -│ │ ├─► RFC 3339 Formatter │ +│ │ ├─► RFC 3164 Formatter │ │ │ └─► RFC 5425 Formatter │ │ │ │ │ └──────► Transport Layer │ @@ -77,8 +77,8 @@ systemd-netlogd is a network logging daemon that reads from the systemd journal │ └─► Extract timestamp │ ├─► manager_push_to_network() - │ ├─► Select formatter (RFC 5424/3339) - │ ├─► format_rfc5424() or format_rfc3339() + │ ├─► Select formatter (RFC 5424/3164) + │ ├─► format_rfc5424() or format_rfc3164() │ │ ├─► Build priority field: = (facility * 8) + severity │ │ ├─► Format timestamp (RFC 3339) │ │ ├─► Add hostname, identifier, pid @@ -198,7 +198,7 @@ Example: <34>1 2024-01-20T10:30:15.123456+00:00 hostname myapp 1234 LOGIN001 [auth@12345] User logged in ``` -**RFC 3339 Format (Legacy):** +**RFC 3164 Format (Legacy):** ``` TIMESTAMP HOSTNAME APP-NAME[PROCID]: MSG ``` @@ -489,6 +489,7 @@ Facilities that may contain credentials: - [RFC 5424](https://tools.ietf.org/html/rfc5424) - The Syslog Protocol - [RFC 5425](https://tools.ietf.org/html/rfc5425) - Transport Layer Security (TLS) Transport Mapping for Syslog +- [RFC 3164](https://tools.ietf.org/html/rfc3164) - The BSD Syslog Protocol - [RFC 3339](https://tools.ietf.org/html/rfc3339) - Date and Time on the Internet: Timestamps - [RFC 6012](https://tools.ietf.org/html/rfc6012) - Datagram Transport Layer Security (DTLS) Transport Mapping for Syslog - [systemd Journal](https://www.freedesktop.org/software/systemd/man/sd-journal.html) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8909923..335a01b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -73,7 +73,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Added - Initial release - UDP transport for syslog messages -- RFC 3339 timestamp format +- RFC 3164 message format - systemd journal integration - Multicast support diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index bbb5c03..a7a36e1 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -267,7 +267,7 @@ int main(void) { Aim for: - All new functions should have tests - Edge cases and error conditions -- Protocol compliance (RFC 5424, RFC 3339) +- Protocol compliance (RFC 5424, RFC 3164) ## Submitting Changes @@ -418,7 +418,7 @@ perf report - [systemd Coding Style](https://systemd.io/CODING_STYLE/) - [RFC 5424](https://tools.ietf.org/html/rfc5424) - Syslog Protocol -- [RFC 3339](https://tools.ietf.org/html/rfc3339) - Date and Time on the Internet +- [RFC 3164](https://tools.ietf.org/html/rfc3164) - The BSD Syslog Protocol - [systemd Journal API](https://www.freedesktop.org/software/systemd/man/sd-journal.html) ## Getting Help diff --git a/FAQ.md b/FAQ.md index f70d415..f70b8cb 100644 --- a/FAQ.md +++ b/FAQ.md @@ -184,7 +184,7 @@ TLSServerCertificate=/path/to/self-signed-cert.pem ## Log Formats -### What's the difference between RFC 5424 and RFC 3339? +### What's the difference between RFC 5424 and RFC 3164? **RFC 5424** (recommended): ``` @@ -194,7 +194,7 @@ TLSServerCertificate=/path/to/self-signed-cert.pem - Structured data support - Modern syslog standard -**RFC 3339** (legacy): +**RFC 3164** (legacy): ``` <34>2024-01-20T10:30:15.123456+00:00 hostname myapp[1234]: User logged in ``` diff --git a/PKGBUILD b/PKGBUILD new file mode 100644 index 0000000..6d70a0d --- /dev/null +++ b/PKGBUILD @@ -0,0 +1,49 @@ +# Maintainer: Susant Sahani +pkgname=systemd-netlogd +pkgver=1.4.5 +pkgrel=1 +pkgdesc='Forward systemd journal entries to remote syslog servers' +arch=('x86_64' 'aarch64') +url='https://github.com/systemd/systemd-netlogd' +license=('LGPL-2.1-or-later') +depends=('systemd' 'openssl') +makedepends=('meson' 'gperf' 'libcap' 'python-sphinx' 'cmocka') +backup=('etc/systemd/netlogd.conf') +source=("$url/archive/v$pkgver.tar.gz") +sha256sums=('SKIP') + +build() { + cd "$pkgname-$pkgver" + meson setup build \ + --prefix=/usr/lib/systemd \ + --sysconfdir=/etc/systemd + meson compile -C build +} + +check() { + cd "$pkgname-$pkgver" + meson test -C build +} + +package() { + cd "$pkgname-$pkgver" + DESTDIR="$pkgdir" meson install -C build + + install -Dm644 LICENSE.LGPL2.1 "$pkgdir/usr/share/licenses/$pkgname/LICENSE" +} + +post_install() { + getent group systemd-journal >/dev/null 2>&1 || groupadd -r systemd-journal + getent passwd systemd-journal-netlog >/dev/null || \ + useradd -r -g systemd-journal -d / -s /usr/bin/nologin \ + -c "systemd Network Logging" systemd-journal-netlog + systemctl daemon-reload +} + +post_upgrade() { + systemctl daemon-reload +} + +post_remove() { + systemctl daemon-reload +} diff --git a/README.md b/README.md index 25a628e..3f0aed2 100644 --- a/README.md +++ b/README.md @@ -2,24 +2,32 @@ [![Build Status](https://github.com/systemd/systemd-netlogd/actions/workflows/ci.yml/badge.svg)](https://github.com/systemd/systemd-netlogd/actions) [![License: LGPL v2.1+](https://img.shields.io/badge/License-LGPL%20v2.1+-blue.svg)](https://www.gnu.org/licenses/lgpl-2.1) -[![Version](https://img.shields.io/badge/version-1.4.5-green.svg)](https://github.com/systemd/systemd-netlogd/releases) -> **Lightweight, network-aware daemon for forwarding systemd journal logs to remote syslog servers** +Forwards messages from the systemd journal to remote hosts over the +network using the Syslog protocol (RFC 5424 and RFC 3164). Supports +unicast and multicast destinations with UDP, TCP, TLS (RFC 5425), and +DTLS (RFC 6012) transports. -Forward your systemd journal to centralized logging infrastructure with zero local buffering, automatic network detection, and secure transport options (UDP, TCP, TLS, DTLS). +systemd-netlogd reads from the journal and forwards to the network +sequentially — no local buffering or extra disk usage. It starts +sending logs when the network is up and stops when it goes down +(using `sd-network`), and runs as the unprivileged +`systemd-journal-netlog` user. ---- +## Features -## ⚡ Quick Start +- **Network-aware** — automatically detects network state changes via `sd-network` +- **Zero buffering** — sequential journal reading without local caching +- **Secure transports** — UDP, TCP, TLS (RFC 5425), DTLS (RFC 6012) +- **Standard formats** — RFC 5424 (recommended), RFC 3164 (legacy BSD syslog) +- **Smart filtering** — exclude sensitive facilities (auth/authpriv) and log levels +- **Namespace support** — forward from specific journal namespaces or aggregate all +- **Hardened** — runs as unprivileged user with restricted capabilities +- **Fault tolerant** — automatic reconnection with cursor persistence ensures no message loss -```bash -# Install (Ubuntu/Debian) -sudo apt install systemd-netlogd - -# Or build from source -git clone https://github.com/systemd/systemd-netlogd.git -cd systemd-netlogd && make && sudo make install +## Quick Start +```bash # Configure sudo tee /etc/systemd/netlogd.conf < - - - -### ✅ What You Get -- **Zero disk buffering** - No local storage impact -- **Network-aware** - Auto-start/pause with network -- **Secure by default** - TLS/DTLS encryption support -- **Battle-tested** - Production-ready since 2016 -- **Resource efficient** - ~2-5 MB memory, <1% CPU -- **Native integration** - Direct systemd journal access - - - - -### ❌ What You Don't Need -- No rsyslog/syslog-ng complexity -- No local log buffering/queuing -- No heavy dependencies -- No manual journal export setup -- No root privileges required -- No configuration headaches - - - - - -### 🚀 Key Features - -- **🌐 Network-Aware**: Automatically detects network state changes via `sd-network` -- **⚡ Zero Buffering**: Sequential journal reading without local caching -- **🔒 Secure Transport**: UDP, TCP, TLS (RFC 5425), DTLS (RFC 6012) -- **📋 Standard Formats**: RFC 5424 (recommended), RFC 3339 (legacy BSD syslog) -- **🎯 Smart Filtering**: Exclude sensitive facilities (auth/authpriv) and log levels -- **📦 Namespace Support**: Forward from specific namespaces or aggregate all -- **🛡️ Hardened**: Runs as unprivileged `systemd-journal-netlog` user with restricted capabilities -- **🔄 Fault Tolerant**: Automatic reconnection with cursor persistence ensures no message loss - -### 💡 Use Cases - -``` -✓ Centralized logging for distributed systems ✓ Security monitoring & SIEM integration -✓ Cloud log aggregation (AWS, Azure, GCP) ✓ Compliance & audit log forwarding -✓ Edge device telemetry collection ✓ Multi-region log consolidation -✓ Container/Kubernetes cluster logging ✓ IoT fleet management -``` - ---- - -## 📦 Installation +## Installation -### Package Installation (Recommended) +### Package Manager - - - - - - - - - - - - - -
Ubuntu/Debiansudo apt install systemd-netlogd
FedoraSearch COPR repositories
Arch LinuxAUR: yay -S systemd-netlogd-git
+| Distribution | Command | +|----------------|-------------------------------------| +| Ubuntu/Debian | `sudo apt install systemd-netlogd` | +| Fedora | Available via COPR repositories | +| Arch Linux | AUR: `yay -S systemd-netlogd-git` | ### Build from Source -
-Click to expand build instructions +**Prerequisites:** systemd >= 230 (v255+ recommended), meson, gperf, libcap, OpenSSL -**Prerequisites**: systemd v230+ (v255+ recommended) - -**Install dependencies:** ```bash -# Debian/Ubuntu +# Install dependencies (Debian/Ubuntu) sudo apt install build-essential meson gperf libcap-dev libsystemd-dev libssl-dev libcmocka-dev -# Fedora/RHEL +# Install dependencies (Fedora/RHEL) sudo dnf install gcc meson gperf libcap-devel systemd-devel openssl-devel libcmocka-devel -``` -**Build and install:** -```bash +# Build git clone https://github.com/systemd/systemd-netlogd.git cd systemd-netlogd -make # or: meson setup build && meson compile -C build -sudo make install # or: sudo meson install -C build -``` +meson setup build +meson compile -C build -**Create system user:** -```bash -sudo useradd -r -d / -s /usr/sbin/nologin -g systemd-journal systemd-journal-netlog -``` +# Run tests +meson test -C build -**Enable and start:** -```bash +# Install +sudo meson install -C build + +# Create system user and start +sudo useradd -r -d / -s /usr/sbin/nologin -g systemd-journal systemd-journal-netlog sudo systemctl daemon-reload sudo systemctl enable --now systemd-netlogd ``` -
- ---- - -## ⚙️ Configuration +## Configuration -### Quick Configuration +Configuration file: `/etc/systemd/netlogd.conf` -**File:** `/etc/systemd/netlogd.conf` (or `/etc/systemd/netlogd.conf.d/*.conf` for drop-ins) +Drop-in overrides: `/etc/systemd/netlogd.conf.d/*.conf` -**Reload:** `sudo systemctl reload systemd-netlogd` +Reload after changes: `sudo systemctl reload systemd-netlogd` -### Common Configuration Options - -| Option | Description | Default | -|--------|-------------|---------| -| **`Address=`** | Destination server (IP:port or multicast) | *Required* | -| **`Protocol=`** | Transport: `udp`, `tcp`, `tls`, `dtls` | `udp` | -| **`LogFormat=`** | Format: `rfc5424`, `rfc5425`, `rfc3339` | `rfc5424` | -| `ConnectionRetrySec=` | Retry interval on failure | `30s` | -| `TLSCertificateAuthMode=` | TLS validation: `deny`, `warn`, `allow`, `no` | `deny` | -| `TLSServerCertificate=` | Path to CA certificate PEM file | System CA | -| `ExcludeSyslogFacility=` | Filter out facilities (e.g., `auth authpriv`) | None | -| `ExcludeSyslogLevel=` | Filter out levels (e.g., `debug info`) | None | - -
-📋 View all configuration options +### Options | Option | Description | Default | |--------|-------------|---------| | `Address=` | Destination (IP:port or multicast group) | **Required** | | `Protocol=` | `udp`, `tcp`, `tls`, `dtls` | `udp` | -| `LogFormat=` | `rfc5424`, `rfc5425` (TLS), `rfc3339` (legacy) | `rfc5424` | +| `LogFormat=` | `rfc5424`, `rfc5425` (TLS), `rfc3164` (legacy) | `rfc5424` | | `Directory=` | Custom journal directory path | System default | | `Namespace=` | Journal namespace: `*` (all), `+id` (id+default), `id` | Default | | `ConnectionRetrySec=` | Reconnect delay after failure | `30s` | -| `TLSCertificateAuthMode=` | Certificate validation mode | `deny` | +| `TLSCertificateAuthMode=` | Certificate validation: `deny`, `warn`, `allow`, `no` | `deny` | | `TLSServerCertificate=` | CA/server certificate PEM path | System CA store | | `KeepAlive=` | Enable TCP keepalive probes | `false` | | `KeepAliveTimeSec=` | Keepalive idle timeout | `7200` | @@ -193,26 +115,22 @@ sudo systemctl enable --now systemd-netlogd | `StructuredData=` | Static structured data `[SD-ID@PEN ...]` | None | | `UseSysLogStructuredData=` | Extract `SYSLOG_STRUCTURED_DATA` from journal | `false` | | `UseSysLogMsgId=` | Extract `SYSLOG_MSGID` from journal | `false` | -| `ExcludeSyslogFacility=` | Space-separated facility list | None | -| `ExcludeSyslogLevel=` | Space-separated level list | None | +| `ExcludeSyslogFacility=` | Space-separated facility list to exclude | None | +| `ExcludeSyslogLevel=` | Space-separated level list to exclude | None | -**Facilities:** `kern`, `user`, `mail`, `daemon`, `auth`, `syslog`, `lpr`, `news`, `uucp`, `cron`, `authpriv`, `ftp`, `ntp`, `security`, `console`, `solaris-cron`, `local0-7` +**Facilities:** `kern`, `user`, `mail`, `daemon`, `auth`, `syslog`, `lpr`, `news`, `uucp`, `cron`, `authpriv`, `ftp`, `ntp`, `security`, `console`, `solaris-cron`, `local0`–`local7` **Levels:** `emerg`, `alert`, `crit`, `err`, `warning`, `notice`, `info`, `debug` -
- ---- +### Examples -## 📝 Configuration Examples - -### Basic UDP +**Basic UDP:** ```ini [Network] Address=192.168.1.100:514 ``` -### Production TLS (Recommended) +**Production TLS (recommended):** ```ini [Network] Address=logs.example.com:6514 @@ -225,351 +143,83 @@ NoDelay=yes ExcludeSyslogFacility=auth authpriv ``` -### Cloud Service (Papertrail) +**Cloud service (Papertrail):** ```ini [Network] Address=logs7.papertrailapp.com:12345 Protocol=tls ``` -### High-Performance Local Network -```ini -[Network] -Address=192.168.1.100:514 -Protocol=udp -ExcludeSyslogLevel=debug info -ConnectionRetrySec=5 -``` - -### With Structured Data +**With structured data:** ```ini [Network] Address=192.168.1.100:514 Protocol=tcp LogFormat=rfc5424 StructuredData=[app@12345 env="production" region="us-east"] -``` - -**📁 More examples:** See [`examples/`](examples/) directory for 10+ production-ready configurations - ---- - -## 🔧 Advanced Usage - -### Tag Journal Entries with Structured Data - -
-Click to see C example - -```c -#include - -int main() { - sd_journal_send( - "MESSAGE=User login successful", - "PRIORITY=6", // info - "SYSLOG_FACILITY=10", // authpriv - "SYSLOG_MSGID=LOGIN001", - "SYSLOG_STRUCTURED_DATA=[auth@12345 user=\"alice\" ip=\"1.2.3.4\"]", - NULL - ); - return 0; -} -``` - -Compile: `gcc example.c -lsystemd -o example && ./example` - -Configure netlogd to extract structured data: -```ini -[Network] -Address=192.168.1.100:514 -LogFormat=rfc5424 UseSysLogStructuredData=yes UseSysLogMsgId=yes ``` -
+See the [`examples/`](examples/) directory for more production-ready configurations. -### Testing and Validation +## Troubleshooting ```bash -# Start a test receiver -nc -ul 514 # UDP -nc -l 514 # TCP +# Check service status +sudo systemctl status systemd-netlogd +journalctl -u systemd-netlogd -n 50 -# Generate test logs -logger -p user.info "Test message" -logger -p user.warning "Warning test" +# Test network connectivity +nc -vz remote-server 514 # TCP +nc -u -vz remote-server 514 # UDP -# Monitor systemd-netlogd -journalctl -u systemd-netlogd -f +# Generate test log +logger -p user.info "Test from systemd-netlogd" + +# Enable debug logging temporarily +sudo kill -SIGUSR1 $(pidof systemd-netlogd) -# Enable debug logging +# Or persistently via systemd override sudo systemctl edit systemd-netlogd # Add: Environment=SYSTEMD_LOG_LEVEL=debug # Test TLS connectivity openssl s_client -connect server:6514 -CAfile /path/to/ca.pem -``` - ---- - -## 🔒 Security - -**systemd-netlogd runs with minimal privileges:** -- Dedicated `systemd-journal-netlog` system user (not root) -- Capability restrictions via systemd hardening -- Filesystem isolation and protection - -**Best Practices:** - -```ini -# ✅ DO: Use TLS for remote logging -Protocol=tls -TLSCertificateAuthMode=deny -# ✅ DO: Filter sensitive logs -ExcludeSyslogFacility=auth authpriv - -# ✅ DO: Use strong certificate validation -TLSServerCertificate=/etc/pki/tls/certs/ca-bundle.crt - -# ❌ DON'T: Use UDP/TCP over the internet (unencrypted) -# ❌ DON'T: Disable certificate validation in production -``` - -**Audit security posture:** -```bash -sudo systemd-analyze security systemd-netlogd.service -``` - ---- - -## 🐛 Troubleshooting - -
-❓ No logs being forwarded - -1. Check service status: - ```bash - sudo systemctl status systemd-netlogd - journalctl -u systemd-netlogd -n 50 - ``` - -2. Verify configuration: - ```bash - cat /etc/systemd/netlogd.conf - ``` - -3. Test network connectivity: - ```bash - nc -vz remote-server 514 # TCP - ping remote-server - ``` - -4. Check user exists: - ```bash - id systemd-journal-netlog - ``` - -
- -
-🔐 TLS connection failures - -1. Test TLS manually: - ```bash - openssl s_client -connect server:6514 -CAfile /path/to/ca.pem - ``` - -2. Check certificate validity: - ```bash - openssl x509 -in /path/to/ca.pem -noout -dates - ``` - -3. Try relaxed validation (testing only): - ```ini - TLSCertificateAuthMode=warn - ``` - -4. View SSL errors: - ```bash - journalctl -u systemd-netlogd | grep -i ssl - ``` - -
- -
-🚫 Connection refused - -1. Check firewall on remote server -2. Verify remote syslog server is running: - ```bash - sudo netstat -tuln | grep 514 - ``` -3. Test with netcat as simple receiver: - ```bash - nc -ul 514 # UDP - nc -l 514 # TCP - ``` - -
- -
-⚡ Performance issues / lag - -1. Check network latency: `ping remote-server` -2. Use UDP for highest throughput -3. Filter debug messages: `ExcludeSyslogLevel=debug info` -4. Increase send buffer: `SendBuffer=262144` -5. Check dropped packets: `netstat -su | grep drop` - -
- -**💡 Quick fixes:** -```bash -# Generate test log -logger -p user.info "Test from systemd-netlogd" - -# Enable debug mode -sudo kill -SIGUSR1 $(pidof systemd-netlogd) - -# Reset state (start from scratch) +# Reset state (re-forward from current journal position) sudo systemctl stop systemd-netlogd sudo rm /var/lib/systemd-netlogd/state sudo systemctl start systemd-netlogd ``` ---- +## Documentation -## 📚 Documentation +- **[Man page](doc/index.rst)** — full reference (`man systemd-netlogd`) +- **[FAQ](FAQ.md)** — common questions and answers +- **[ARCHITECTURE.md](ARCHITECTURE.md)** — internal design and data flow +- **[TESTING.md](TESTING.md)** — test suite and validation guide +- **[CONTRIBUTING.md](CONTRIBUTING.md)** — development setup and contribution guide +- **[SECURITY.md](SECURITY.md)** — security policy and vulnerability reporting +- **[CHANGELOG.md](CHANGELOG.md)** — release history +- **[examples/](examples/)** — production-ready configuration examples - - - - - - -
+## Contributing -### 📖 User Guides -- **[README.md](README.md)** *(this file)* -- **[FAQ.md](FAQ.md)** - Common questions -- **[examples/](examples/)** - 10+ configs -- **[Man Page](doc/index.rst)** - Full reference - - - -### 🔧 Developer Guides -- **[ARCHITECTURE.md](ARCHITECTURE.md)** - Internal design -- **[CONTRIBUTING.md](CONTRIBUTING.md)** - Dev setup -- **[TESTING.md](TESTING.md)** - Test guide - - - -### 📦 Example Configs -- [Basic UDP/TCP](examples/basic-udp.conf) -- [Production TLS](examples/tls-secure.conf) -- [Cloud Services](examples/cloud-papertrail.conf) -- [High Performance](examples/high-performance.conf) - -
- ---- - -## 🤝 Contributing - -We welcome contributions! - -**Quick Start:** -1. 🍴 Fork the repository -2. 🌿 Create feature branch: `git checkout -b feature/amazing-feature` -3. ✅ Add tests for new functionality -4. 💬 Commit with clear messages -5. 📫 Submit a pull request - -**Resources:** -- 📖 [CONTRIBUTING.md](CONTRIBUTING.md) - Full contribution guide -- 🏗️ [ARCHITECTURE.md](ARCHITECTURE.md) - Understand the codebase -- 🧪 [TESTING.md](TESTING.md) - Testing guide - -**Development:** ```bash -# Clone and setup git clone https://github.com/systemd/systemd-netlogd.git cd systemd-netlogd -make - -# Run tests +meson setup build +meson compile -C build meson test -C build -v - -# Build documentation -make -C doc ``` ---- - -## 💬 Getting Help - - - - - - - - -
- -### 📖 [FAQ](FAQ.md) -50+ questions answered - - - -### 🐛 [Issues](https://github.com/systemd/systemd-netlogd/issues) -Report bugs & request features - - - -### 💬 [Discussions](https://github.com/systemd/systemd-netlogd/discussions) -Ask questions & share tips - - - -### 📚 [Man Page](doc/index.rst) -Complete reference - -
- -**Before asking for help:** -1. ✅ Check the [FAQ](FAQ.md) -2. ✅ Search [existing issues](https://github.com/systemd/systemd-netlogd/issues) -3. ✅ Try [troubleshooting](#-troubleshooting) steps above -4. ✅ Enable debug logging: `Environment=SYSTEMD_LOG_LEVEL=debug` - ---- - -## 📄 License - -**LGPL-2.1-or-later** — Same license as systemd - -See [LICENSE](LICENSE) file for details. - ---- - -## 🌟 Acknowledgments - -- **Author**: [Susant Sahani](https://github.com/ssahani) -- **Contributors**: [See all contributors](https://github.com/systemd/systemd-netlogd/graphs/contributors) -- **Project**: Part of the systemd ecosystem - ---- - -
+See [CONTRIBUTING.md](CONTRIBUTING.md) for the full guide. -### ⭐ If you find systemd-netlogd useful, please star the repository! +## License -[![GitHub stars](https://img.shields.io/github/stars/systemd/systemd-netlogd?style=social)](https://github.com/systemd/systemd-netlogd/stargazers) +LGPL-2.1-or-later — same license as systemd. See [LICENSE.LGPL2.1](LICENSE.LGPL2.1). -**[Documentation](ARCHITECTURE.md)** • **[Examples](examples/)** • **[FAQ](FAQ.md)** • **[Contributing](CONTRIBUTING.md)** +## Author -
+Susant Sahani diff --git a/SECURITY.md b/SECURITY.md index 1218647..d3136fd 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -61,9 +61,9 @@ We will credit security researchers in our release notes unless they prefer to r When using TLS or DTLS for log transmission: -- **Always use certificate verification** in production (`CertificateAuthentication=deny`) -- Use `CertificateAuthentication=warn` only for testing -- Never use `CertificateAuthentication=allow` in production +- **Always use certificate verification** in production (`TLSCertificateAuthMode=deny`) +- Use `TLSCertificateAuthMode=warn` only for testing +- Never use `TLSCertificateAuthMode=allow` in production - Keep OpenSSL libraries up to date - Use certificates from trusted CAs diff --git a/TESTING.md b/TESTING.md index a91e23c..5995ad4 100644 --- a/TESTING.md +++ b/TESTING.md @@ -43,7 +43,7 @@ Tests RFC 3339 timestamp formatting: #### test-string-tables Tests string table conversions: - Protocol names (udp, tcp, tls, dtls) -- Log formats (rfc5424, rfc3339, rfc5425) +- Log formats (rfc5424, rfc3164, rfc5425) - Syslog facilities (kern, user, mail, etc.) - Syslog levels (emerg, alert, crit, etc.) diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..374c459 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,15 @@ +systemd-netlogd (1.4.5-1) unstable; urgency=medium + + * New upstream release. + * Add TLS and DTLS transport support. + * Add journal namespace and filtering support. + * Add structured data and message ID extraction. + * Add comprehensive test suite. + + -- Susant Sahani Mon, 20 Jan 2025 00:00:00 +0000 + +systemd-netlogd (1.4-1) unstable; urgency=medium + + * Initial release. + + -- Susant Sahani Tue, 14 May 2024 00:00:00 +0000 diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..b0b241a --- /dev/null +++ b/debian/control @@ -0,0 +1,32 @@ +Source: systemd-netlogd +Section: admin +Priority: optional +Maintainer: Susant Sahani +Build-Depends: debhelper-compat (= 13), + meson (>= 0.51), + ninja-build, + pkg-config, + libsystemd-dev (>= 230), + libcap-dev, + libssl-dev, + gperf, + python3-sphinx, + libcmocka-dev +Standards-Version: 4.6.2 +Homepage: https://github.com/systemd/systemd-netlogd +Rules-Requires-Root: no + +Package: systemd-netlogd +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, systemd (>= 230) +Pre-Depends: ${misc:Pre-Depends} +Description: Forward systemd journal entries to remote syslog servers + systemd-netlogd forwards messages from the systemd journal to remote + hosts over the network using the Syslog protocol (RFC 5424 and + RFC 3164). It supports unicast and multicast destinations with UDP, + TCP, TLS (RFC 5425), and DTLS (RFC 6012) transports. + . + It reads from the journal and forwards to the network sequentially + without local buffering or extra disk usage. It starts sending logs + when the network is up and stops when it goes down (uses sd-network), + and runs as the unprivileged systemd-journal-netlog user. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..33c29af --- /dev/null +++ b/debian/copyright @@ -0,0 +1,30 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: systemd-netlogd +Upstream-Contact: Susant Sahani +Source: https://github.com/systemd/systemd-netlogd + +Files: * +Copyright: 2016-2025 Susant Sahani +License: LGPL-2.1+ + +Files: src/share/* +Copyright: 2010-2025 Lennart Poettering and systemd contributors +License: LGPL-2.1+ + +License: LGPL-2.1+ + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + . + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + . + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, see + . + . + On Debian systems, the full text of the LGPL-2.1 can be found in + /usr/share/common-licenses/LGPL-2.1. diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..04a0b62 --- /dev/null +++ b/debian/rules @@ -0,0 +1,24 @@ +#!/usr/bin/make -f + +export DEB_BUILD_MAINT_OPTIONS = hardening=+all + +%: + dh $@ --buildsystem=meson + +override_dh_auto_configure: + meson setup obj-$(DEB_HOST_MULTIARCH) \ + --prefix=/usr/lib/systemd \ + --sysconfdir=/etc/systemd + +override_dh_auto_build: + meson compile -C obj-$(DEB_HOST_MULTIARCH) + +override_dh_auto_test: + meson test -C obj-$(DEB_HOST_MULTIARCH) -v + +override_dh_auto_install: + DESTDIR=$(CURDIR)/debian/systemd-netlogd \ + meson install -C obj-$(DEB_HOST_MULTIARCH) + +override_dh_auto_clean: + rm -rf obj-$(DEB_HOST_MULTIARCH) diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/debian/systemd-netlogd.postinst b/debian/systemd-netlogd.postinst new file mode 100755 index 0000000..b2904e6 --- /dev/null +++ b/debian/systemd-netlogd.postinst @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +#DEBHELPER# + +if [ "$1" = "configure" ]; then + adduser --quiet --system --group --no-create-home \ + --home / --shell /usr/sbin/nologin \ + --ingroup systemd-journal \ + systemd-journal-netlog 2>/dev/null || true +fi diff --git a/doc/index.rst b/doc/index.rst index 469a1ec..09e519d 100644 --- a/doc/index.rst +++ b/doc/index.rst @@ -23,74 +23,24 @@ Synopsis Description ----------- -**systemd-netlogd** is a lightweight, network-aware daemon for forwarding log messages from the **systemd journal** to remote hosts over the network using the **Syslog protocol** (RFC 5424 and RFC 3339). It supports unicast and multicast destinations, ensuring efficient log aggregation in distributed environments. +**systemd-netlogd** forwards log messages from the **systemd journal** to remote hosts over the network using the **Syslog protocol** (RFC 5424 and RFC 3164). It supports unicast and multicast destinations with UDP, TCP, TLS (RFC 5425), and DTLS (RFC 6012) transports. -Key features: +The daemon reads journal entries sequentially and transmits them without buffering or additional disk usage. It leverages ``sd-network`` to start forwarding when the network is up and pause when it goes down. It runs as the dedicated system user ``systemd-journal-netlog`` with minimal privileges. -- **Efficient forwarding**: Reads journal entries sequentially and transmits them one-by-one without buffering or additional disk usage. -- **Network integration**: Leverages ``sd-network`` to start forwarding when the network is up and pause when it's down. -- **Secure transports**: Supports UDP (default), TCP, TLS, and DTLS (RFC 6012 for datagram security). -- **Flexible output**: Formats logs as RFC 5424 (default), RFC 5425 (length-prefixed for TLS), or RFC 3339. -- **Isolation**: Runs as the dedicated system user ``systemd-journal-netlog`` with minimal privileges. -- **Filtering**: Exclude specific syslog facilities or levels; target specific journal namespaces. -- **Fault tolerant**: Automatic reconnection with cursor persistence ensures no message loss. - -This daemon is ideal for edge devices, servers, or cloud setups requiring centralized logging with minimal resource impact. - -**Typical Use Cases:** - -- Centralized logging for distributed systems -- Cloud log aggregation (Papertrail, Loggly, etc.) -- Security event monitoring and SIEM integration -- Compliance and audit log forwarding -- Edge device telemetry collection - -Installation ------------- - -Use your distribution's package manager: - -- **Ubuntu/Debian**: ``sudo apt install systemd-netlogd`` -- **Fedora/RHEL**: Available via COPR repositories (search for ``systemd-netlogd``). -- **Arch Linux**: Build from AUR (``systemd-netlogd-git``). - -For building from source, see the `GitHub repository `_. - -User Creation -------------- - -The daemon requires a dedicated system user. Create it manually: - -.. code-block:: console - - sudo useradd -r -d / -s /usr/sbin/nologin -g systemd-journal systemd-journal-netlog - -Or via ``sysusers.d`` (preferred): - -.. code-block:: ini - - # /etc/sysusers.d/systemd-netlogd.conf - # Type Name ID GECOS Home directory Shell - u systemd-journal-netlog - - / /bin/nologin - -Apply with: - -.. code-block:: console - - sudo systemd-sysusers - -Running the Service -------------------- +Options +------- -Enable and start via systemd: +**-h**, **--help** + Show help message and exit. -.. code-block:: console +**--version** + Show package version. - sudo systemctl daemon-reload - sudo systemctl enable --now systemd-netlogd.service +**--cursor=** *CURSOR* + Start at the specified journal cursor position. -- **Logs**: ``journalctl -u systemd-netlogd.service`` -- **Manual invocation**: ``sudo systemd-netlogd`` (for testing). +**--save-state** [=FILE] + Save uploaded cursors to FILE (default: ``/var/lib/systemd-netlogd/state``). Configuration ------------- @@ -113,23 +63,23 @@ Option Type Default Description ============================ ====== ============ ================================================================================================ ``Address=`` string *(required)* Destination (unicast ``IP:PORT`` or multicast ``GROUP:PORT``). See :manpage:`systemd.socket(5)`. ``Protocol=`` enum ``udp`` Transport protocol: ``udp``, ``tcp``, ``tls``, ``dtls``. -``LogFormat=`` enum ``rfc5424`` Message format: ``rfc5424`` (recommended), ``rfc5425`` (length-prefixed for TLS), ``rfc3339`` (legacy BSD syslog). +``LogFormat=`` enum ``rfc5424`` Message format: ``rfc5424`` (recommended), ``rfc5425`` (length-prefixed for TLS), ``rfc3164`` (legacy BSD syslog). ``Directory=`` path *system* Custom journal directory. Mutually exclusive with ``Namespace=``. ``Namespace=`` string *default* Journal namespace filter: specific ID, ``*`` (all namespaces), or ``+ID`` (ID plus default namespace). ``ConnectionRetrySec=`` time ``30s`` Reconnect delay after connection failure (minimum 1s). See :manpage:`systemd.time(5)`. ``TLSCertificateAuthMode=`` enum ``deny`` Certificate validation: ``deny`` (strict, reject invalid), ``warn`` (log but continue), ``allow`` (accept all), ``no`` (disable). ``TLSServerCertificate=`` path *system* Path to PEM-encoded CA certificate or certificate bundle. Uses system CA store if not specified. -``KeepAlive=`` bool ``false`` Enable TCP keepalive probes (``SO_KEEPALIVE``). Detects dead connections. See :manpage:`socket(7)`. +``KeepAlive=`` bool ``false`` Enable TCP keepalive probes (``SO_KEEPALIVE``). See :manpage:`socket(7)`. ``KeepAliveTimeSec=`` sec ``7200`` Seconds of idle time before sending keepalive probes (``TCP_KEEPIDLE``). Only with ``KeepAlive=yes``. ``KeepAliveIntervalSec=`` sec ``75`` Interval between keepalive probes (``TCP_KEEPINTVL``). Only with ``KeepAlive=yes``. ``KeepAliveProbes=`` int ``9`` Number of unacknowledged probes before closing (``TCP_KEEPCNT``). Only with ``KeepAlive=yes``. -``SendBuffer=`` size *system* Socket send buffer size (``SO_SNDBUF``). Accepts K/M/G suffixes. Larger buffers improve burst handling. -``NoDelay=`` bool ``false`` Disable Nagle's algorithm (``TCP_NODELAY``). Reduces latency but increases packet count. See :manpage:`tcp(7)`. -``StructuredData=`` string – Static structured data appended to all messages. Format: ``[SD-ID@PEN field="value" ...]``. Useful for cloud services. +``SendBuffer=`` size *system* Socket send buffer size (``SO_SNDBUF``). Accepts K/M/G suffixes. +``NoDelay=`` bool ``false`` Disable Nagle's algorithm (``TCP_NODELAY``). See :manpage:`tcp(7)`. +``StructuredData=`` string – Static structured data for all messages. Format: ``[SD-ID@PEN field="value" ...]``. ``UseSysLogStructuredData=`` bool ``false`` Extract and use ``SYSLOG_STRUCTURED_DATA`` field from journal entries. -``UseSysLogMsgId=`` bool ``false`` Extract and use ``SYSLOG_MSGID`` field from journal entries for message identification. -``ExcludeSyslogFacility=`` list – Space-separated list of facilities to exclude from forwarding (e.g., ``auth authpriv`` to prevent credential leaks). -``ExcludeSyslogLevel=`` list – Space-separated list of log levels to exclude (e.g., ``debug info`` to reduce volume). +``UseSysLogMsgId=`` bool ``false`` Extract and use ``SYSLOG_MSGID`` field from journal entries. +``ExcludeSyslogFacility=`` list – Space-separated list of facilities to exclude (e.g., ``auth authpriv``). +``ExcludeSyslogLevel=`` list – Space-separated list of log levels to exclude (e.g., ``debug info``). ============================ ====== ============ ================================================================================================ **Facilities**: ``kern``, ``user``, ``mail``, ``daemon``, ``auth``, ``syslog``, ``lpr``, ``news``, ``uucp``, ``cron``, ``authpriv``, ``ftp``, ``ntp``, ``security``, ``console``, ``solaris-cron``, ``local0``–``local7``. @@ -147,34 +97,29 @@ UDP Multicast [Network] Address=239.0.0.1:6000 -Unicast UDP (RFC 3339) +Unicast UDP (RFC 3164) ^^^^^^^^^^^^^^^^^^^^^^ .. code-block:: ini [Network] Address=192.168.8.101:514 - LogFormat=rfc3339 + LogFormat=rfc3164 -Custom Structured Data -^^^^^^^^^^^^^^^^^^^^^^ +TLS with Certificate Validation +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. code-block:: ini [Network] - Address=192.168.8.101:514 - StructuredData=[1ab456b6-90bb-6578-abcd-5b734584aaaa@41058] - -TLS -^^^ - -.. code-block:: ini - - [Network] - Address=192.168.8.101:514 + Address=logs.example.com:6514 Protocol=tls LogFormat=rfc5425 TLSCertificateAuthMode=deny + TLSServerCertificate=/etc/pki/tls/certs/ca-bundle.crt + KeepAlive=yes + NoDelay=yes + ExcludeSyslogFacility=auth authpriv DTLS ^^^^ @@ -186,17 +131,6 @@ DTLS Protocol=dtls TLSCertificateAuthMode=warn -Extract Journal Metadata -^^^^^^^^^^^^^^^^^^^^^^^^ - -.. code-block:: ini - - [Network] - Address=192.168.8.101:514 - LogFormat=rfc5424 - UseSysLogStructuredData=yes - UseSysLogMsgId=yes - TCP with Filtering ^^^^^^^^^^^^^^^^^^ @@ -208,73 +142,20 @@ TCP with Filtering ExcludeSyslogFacility=auth authpriv ExcludeSyslogLevel=debug -Production TLS Setup -^^^^^^^^^^^^^^^^^^^^ - -Secure configuration for production use with strict certificate validation: +Structured Data +^^^^^^^^^^^^^^^ .. code-block:: ini [Network] - Address=logs.example.com:6514 - Protocol=tls - LogFormat=rfc5425 - TLSCertificateAuthMode=deny - TLSServerCertificate=/etc/pki/tls/certs/ca-bundle.crt - KeepAlive=yes - NoDelay=yes - ConnectionRetrySec=15 - ExcludeSyslogFacility=auth authpriv - -High-Performance UDP -^^^^^^^^^^^^^^^^^^^^ - -Optimized for high message volumes on local networks: - -.. code-block:: ini - - [Network] - Address=192.168.1.100:514 - Protocol=udp - LogFormat=rfc5424 - ExcludeSyslogLevel=debug - # Reduce retry interval for fast fail-over - ConnectionRetrySec=5 - -Cloud Service - Papertrail -^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Configuration for Papertrail cloud logging service: - -.. code-block:: ini - - [Network] - Address=logs7.papertrailapp.com:12345 - Protocol=tls - LogFormat=rfc5424 - TLSCertificateAuthMode=deny - KeepAlive=yes - NoDelay=yes - -Cloud Service - Loggly -^^^^^^^^^^^^^^^^^^^^^^^ - -Configuration for Loggly with customer token in structured data: - -.. code-block:: ini - - [Network] - Address=logs-01.loggly.com:6514 - Protocol=tls + Address=192.168.8.101:514 LogFormat=rfc5424 - StructuredData=[YOUR-CUSTOMER-TOKEN@41058] - TLSCertificateAuthMode=deny - KeepAlive=yes - -Multiple Namespaces -^^^^^^^^^^^^^^^^^^^ + StructuredData=[app@12345 env="production"] + UseSysLogStructuredData=yes + UseSysLogMsgId=yes -Forward logs from all journal namespaces: +Journal Namespaces +^^^^^^^^^^^^^^^^^^ .. code-block:: ini @@ -282,484 +163,72 @@ Forward logs from all journal namespaces: Address=192.168.1.100:514 Protocol=tcp Namespace=* - LogFormat=rfc5424 - -Using Structured Data and Message IDs -------------------------------------- - -Tag journal entries for extraction: - -.. code-block:: c - - #include - - int main(void) { - sd_journal_send( - "MESSAGE=%s", "Message to process", - "PRIORITY=%i", 4, // warning - "SYSLOG_FACILITY=%i", 1, // user - "SYSLOG_MSGID=%s", "1011", - "SYSLOG_STRUCTURED_DATA=%s", R"([exampleSDID@32473 iut="3" eventSource="Application"])", - NULL); - return 0; - } - -Compile: ``gcc example.c -lsystemd``. - -Security --------- - -**systemd-netlogd** runs with minimal privileges as the ``systemd-journal-netlog`` system user. - -Privilege Separation -^^^^^^^^^^^^^^^^^^^^ - -The daemon uses systemd's security features: - -- **User isolation**: Runs as dedicated ``systemd-journal-netlog`` user (not root) -- **Capability restrictions**: Limited to ``CAP_NET_BIND_SERVICE`` for privileged ports -- **No new privileges**: ``NoNewPrivileges=yes`` prevents privilege escalation -- **Filesystem protection**: ``ProtectSystem=strict``, ``ProtectHome=yes`` -- **Private temporary files**: ``PrivateTmp=yes`` - -Best Practices -^^^^^^^^^^^^^^ - -1. **Use TLS for remote logging**: Always use ``Protocol=tls`` when forwarding over untrusted networks. - -2. **Filter sensitive data**: Exclude authentication logs that may contain credentials: - - .. code-block:: ini - - ExcludeSyslogFacility=auth authpriv - -3. **Strict certificate validation**: Use ``TLSCertificateAuthMode=deny`` in production: - - .. code-block:: ini - - TLSCertificateAuthMode=deny - TLSServerCertificate=/path/to/ca.pem - -4. **Secure the remote server**: Protect the destination syslog server with firewall rules and access controls. - -5. **Audit service security**: Use systemd-analyze to review security posture: - - .. code-block:: console - - sudo systemd-analyze security systemd-netlogd.service - -Performance Tuning ------------------- - -Protocol Selection -^^^^^^^^^^^^^^^^^^ - -Choose the appropriate protocol for your use case: - -- **UDP**: Lowest overhead, use for high-volume logging on local networks. No delivery guarantee. -- **TCP**: Reliable delivery with connection overhead. Use when message loss is unacceptable. -- **TLS**: Encrypted TCP with highest overhead. Use for internet/untrusted networks. -- **DTLS**: Encrypted UDP with moderate overhead. Use for low-latency encrypted datagrams. - -Optimization Techniques -^^^^^^^^^^^^^^^^^^^^^^^ - -1. **Disable Nagle's algorithm** for low-latency forwarding: - - .. code-block:: ini - - Protocol=tcp - NoDelay=yes - -2. **Increase send buffer** for burst traffic: - - .. code-block:: ini - - SendBuffer=262144 # 256 KB - -3. **Filter verbose logs** to reduce volume: - - .. code-block:: ini - - ExcludeSyslogLevel=debug info - -4. **Reduce retry interval** for faster failover: - - .. code-block:: ini - - ConnectionRetrySec=5 - -5. **Use UDP for extreme volumes**: UDP has minimal overhead but no delivery guarantee. - -Rate Limiting -^^^^^^^^^^^^^ - -systemd-netlogd has built-in rate limiting (10 messages per 10 seconds by default) to prevent flooding. If the journal generates messages faster than the network can forward, backpressure occurs and journal reading pauses. - -Monitor performance with: - -.. code-block:: console - - journalctl -u systemd-netlogd -n 100 Signals ------- **SIGTERM**, **SIGINT** - Graceful shutdown. Closes connections, saves cursor state, and exits cleanly. + Graceful shutdown. Closes connections, saves cursor state, and exits. **SIGUSR1** - Increase log level to debug for troubleshooting. Send again to revert. + Toggle debug log level for troubleshooting. **SIGUSR2** Reserved for future use. -Example: - -.. code-block:: console - - # Enable debug logging temporarily - sudo kill -SIGUSR1 $(pidof systemd-netlogd) - - # View debug output - journalctl -u systemd-netlogd -f - Environment Variables --------------------- **SYSTEMD_LOG_LEVEL** Set log level: ``debug``, ``info``, ``notice``, ``warning``, ``err``, ``crit``, ``alert``, ``emerg``. - Override via systemd service: - - .. code-block:: console - - sudo systemctl edit systemd-netlogd - - Add: - - .. code-block:: ini - - [Service] - Environment=SYSTEMD_LOG_LEVEL=debug - **SYSTEMD_LOG_TARGET** Log destination: ``journal``, ``console``, ``journal+console``, ``kmsg``, ``syslog``. - Example: - - .. code-block:: ini - - [Service] - Environment=SYSTEMD_LOG_TARGET=journal+console - Exit Status ----------- **0** - Success. Daemon started and handled shutdown signal cleanly. + Success. **Non-zero** - Failure. Check ``journalctl -u systemd-netlogd`` for error messages. - -Common exit conditions: - -- Configuration file parse errors -- Unable to open journal -- Network initialization failures -- Permission denied (user/group issues) - -State Persistence ------------------ - -The daemon maintains state in ``/var/lib/systemd-netlogd/state`` to track the last successfully forwarded journal entry (cursor). This ensures: - -- **No message loss** on daemon restart -- **Replay prevention** - doesn't re-send old messages -- **Resume from last position** after network outages - -The state file format: - -.. code-block:: ini - - # This is private data. Do not parse. - LAST_CURSOR=s=abc123def456... - -To start from scratch: - -.. code-block:: console - - sudo systemctl stop systemd-netlogd - sudo rm /var/lib/systemd-netlogd/state - sudo systemctl start systemd-netlogd + Failure. Check ``journalctl -u systemd-netlogd`` for details. Files ----- **/etc/systemd/netlogd.conf** - Main configuration file. See ``[Network]`` section options above. + Main configuration file. **/etc/systemd/netlogd.conf.d/\*.conf** - Drop-in configuration snippets. Processed in lexicographic order. Use for environment-specific overrides. + Drop-in configuration snippets. **/lib/systemd/system/systemd-netlogd.service** - Systemd service unit file. Contains security hardening directives. + Systemd service unit file. **/var/lib/systemd-netlogd/state** - Persistent state file storing journal cursor position. Ensures no message loss across restarts. + Persistent cursor state file. **/usr/lib/systemd/systemd-netlogd** Main daemon binary. -Troubleshooting ---------------- - -No Logs Being Forwarded -^^^^^^^^^^^^^^^^^^^^^^^^ - -1. **Check service status**: - - .. code-block:: console - - sudo systemctl status systemd-netlogd - journalctl -u systemd-netlogd -n 50 - -2. **Verify network connectivity**: - - .. code-block:: console - - nc -vz remote-server 514 # TCP - nc -u -vz remote-server 514 # UDP - -3. **Check configuration**: - - .. code-block:: console - - cat /etc/systemd/netlogd.conf - -4. **Verify user exists**: - - .. code-block:: console - - id systemd-journal-netlog - -TLS/DTLS Connection Failures -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -1. **Test TLS connectivity manually**: - - .. code-block:: console - - openssl s_client -connect server:6514 -CAfile /path/to/ca.pem - -2. **Check certificate validity**: - - .. code-block:: console - - openssl x509 -in /path/to/ca.pem -noout -dates -issuer -subject - -3. **Try relaxed validation for testing**: - - .. code-block:: ini - - TLSCertificateAuthMode=warn # or 'allow' for self-signed certs - -4. **View SSL errors**: - - .. code-block:: console - - journalctl -u systemd-netlogd | grep -i ssl - -Connection Refused Errors -^^^^^^^^^^^^^^^^^^^^^^^^^^ - -1. **Check firewall** on remote server: - - .. code-block:: console - - # On remote server - sudo firewall-cmd --list-all - sudo iptables -L -n | grep 514 - -2. **Verify remote syslog server is running**: - - .. code-block:: console - - # On remote server - sudo netstat -tuln | grep 514 - -3. **Test with netcat** as simple receiver: - - .. code-block:: console - - # Start receiver - nc -ul 514 # UDP - nc -l 514 # TCP - -4. **Generate test log**: - - .. code-block:: console - - logger -p user.info "Test message from systemd-netlogd" - -Performance Issues / Message Lag -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -1. **Check network latency**: - - .. code-block:: console - - ping remote-server - -2. **Monitor journal lag**: - - .. code-block:: console - - journalctl -u systemd-netlogd | grep "cursor" - -3. **Disable rate limiting** (if needed): - - Rate limiting is hardcoded at 10 messages per 10 seconds. For high volumes, consider: - - - Using UDP instead of TCP - - Filtering debug messages with ``ExcludeSyslogLevel=debug info`` - - Increasing network send buffer with ``SendBuffer=262144`` - -4. **Check for dropped packets** (UDP only): - - .. code-block:: console - - netstat -su | grep -i drop - -Debug Mode -^^^^^^^^^^ - -Enable verbose logging: - -.. code-block:: console - - sudo systemctl edit systemd-netlogd - -Add: - -.. code-block:: ini - - [Service] - Environment=SYSTEMD_LOG_LEVEL=debug - StandardOutput=journal+console - -Restart and view output: - -.. code-block:: console - - sudo systemctl restart systemd-netlogd - journalctl -u systemd-netlogd -f - -Testing Configuration -^^^^^^^^^^^^^^^^^^^^^ - -1. **Validate configuration syntax**: - - .. code-block:: console - - sudo systemd-netlogd --test # If supported - -2. **Start receiver** on destination: - - .. code-block:: console - - # Simple UDP receiver - nc -ul 514 - - # Or use socat for more features - socat UDP4-RECVFROM:514,fork - - -3. **Generate test messages**: - - .. code-block:: console - - # Info message - logger -p user.info "Test info message" - - # Warning message - logger -p user.warning "Test warning message" - - # With structured data - systemd-cat -t myapp -p info <<< "Test from systemd-cat" - -Notes ------ - -- **Zero buffering**: systemd-netlogd reads the journal sequentially without local caching. This minimizes disk usage but means log forwarding speed is limited by network bandwidth. - -- **Cursor persistence**: The journal cursor is saved to ``/var/lib/systemd-netlogd/state`` after successful forwarding. This ensures no message loss across daemon restarts or network outages. - -- **Automatic reconnection**: The daemon automatically reconnects when network becomes available or after ``ConnectionRetrySec`` delay on connection failures. - -- **Rate limiting**: Built-in rate limiting (10 messages per 10 seconds) prevents flooding. If the journal produces messages faster than the network can forward, backpressure occurs. - -- **Single destination**: Currently supports forwarding to one destination only. Use rsyslog or syslog-ng as an intermediary for multi-destination forwarding. - -- **No client certificates**: TLS/DTLS currently supports server certificate validation only. Client certificate authentication is not supported. - See Also -------- -**System Configuration:** - :manpage:`systemd.socket(5)`, :manpage:`systemd.time(5)`, :manpage:`systemd.service(5)`, :manpage:`systemd.unit(5)` - -**Network and Security:** - :manpage:`socket(7)`, :manpage:`tcp(7)`, :manpage:`ip(7)`, :manpage:`ssl(7)` - -**systemd Components:** - :manpage:`systemd-journald.service(8)`, :manpage:`journalctl(1)`, :manpage:`systemd-journal-remote.service(8)`, :manpage:`systemd-journal-upload.service(8)`, :manpage:`sd-journal(3)` - -**RFCs and Standards:** - - `RFC 5424 `_ - The Syslog Protocol - - `RFC 5425 `_ - Transport Layer Security (TLS) Transport Mapping for Syslog - - `RFC 3339 `_ - Date and Time on the Internet: Timestamps - - `RFC 6012 `_ - Datagram Transport Layer Security (DTLS) Transport Mapping for Syslog - -**Project Resources:** - - GitHub: https://github.com/systemd/systemd-netlogd - - Documentation: https://github.com/systemd/systemd-netlogd/blob/main/README.md - - Architecture: https://github.com/systemd/systemd-netlogd/blob/main/ARCHITECTURE.md - - Contributing: https://github.com/systemd/systemd-netlogd/blob/main/CONTRIBUTING.md - - Testing: https://github.com/systemd/systemd-netlogd/blob/main/TESTING.md - - FAQ: https://github.com/systemd/systemd-netlogd/blob/main/FAQ.md +:manpage:`systemd-journald.service(8)`, :manpage:`journalctl(1)`, :manpage:`systemd-journal-remote.service(8)`, :manpage:`systemd.socket(5)`, :manpage:`systemd.time(5)`, :manpage:`socket(7)`, :manpage:`tcp(7)` -**Related Tools:** - - rsyslog: https://www.rsyslog.com/ - - syslog-ng: https://www.syslog-ng.com/ - - journalctl: :manpage:`journalctl(1)` +`RFC 5424 `_ (The Syslog Protocol), +`RFC 3164 `_ (BSD Syslog Protocol), +`RFC 5425 `_ (TLS Transport Mapping for Syslog), +`RFC 3339 `_ (Date and Time on the Internet), +`RFC 6012 `_ (DTLS Transport Mapping for Syslog) Author ------ Susant Sahani -Contributors: See GitHub commit history at https://github.com/systemd/systemd-netlogd/graphs/contributors - Reporting Bugs -------------- -Report bugs to the GitHub issue tracker: -https://github.com/systemd/systemd-netlogd/issues - -Please include: - -- systemd-netlogd version (``systemd-netlogd --version``) -- Operating system and version -- Configuration file contents -- Relevant log output from ``journalctl -u systemd-netlogd`` -- Steps to reproduce the issue - -Colophon --------- - -This page is part of the **systemd-netlogd** project (version 1.4.5). - -systemd-netlogd is licensed under the GNU Lesser General Public License (LGPL) version 2.1 or later, the same license as systemd. - -For license information, see the LICENSE file in the source distribution or visit: -https://www.gnu.org/licenses/lgpl-2.1.html +Report bugs at https://github.com/systemd/systemd-netlogd/issues diff --git a/examples/development.conf b/examples/development.conf index 05aaee4..df3e392 100644 --- a/examples/development.conf +++ b/examples/development.conf @@ -7,7 +7,7 @@ Address=127.0.0.1:514 Protocol=udp # Use legacy format for easier reading -LogFormat=rfc3339 +LogFormat=rfc3164 # Fast retry for development iteration ConnectionRetrySec=5 diff --git a/src/netlog/netlog-manager.c b/src/netlog/netlog-manager.c index e56ac33..f0ec1d9 100644 --- a/src/netlog/netlog-manager.c +++ b/src/netlog/netlog-manager.c @@ -30,7 +30,7 @@ DEFINE_STRING_TABLE_LOOKUP(protocol, SysLogTransmissionProtocol); static const char *const log_format_table[_SYSLOG_TRANSMISSION_LOG_FORMAT_MAX] = { [SYSLOG_TRANSMISSION_LOG_FORMAT_RFC_5424] = "rfc5424", [SYSLOG_TRANSMISSION_LOG_FORMAT_RFC_5425] = "rfc5425", - [SYSLOG_TRANSMISSION_LOG_FORMAT_RFC_3339] = "rfc3339", + [SYSLOG_TRANSMISSION_LOG_FORMAT_RFC_3164] = "rfc3164", }; DEFINE_STRING_TABLE_LOOKUP(log_format, SysLogTransmissionLogFormat); diff --git a/src/netlog/netlog-manager.h b/src/netlog/netlog-manager.h index 148b1fb..1b82595 100644 --- a/src/netlog/netlog-manager.h +++ b/src/netlog/netlog-manager.h @@ -24,7 +24,7 @@ typedef enum SysLogTransmissionProtocol { typedef enum SysLogTransmissionLogFormat { SYSLOG_TRANSMISSION_LOG_FORMAT_RFC_5424 = 1 << 0, - SYSLOG_TRANSMISSION_LOG_FORMAT_RFC_3339 = 1 << 1, + SYSLOG_TRANSMISSION_LOG_FORMAT_RFC_3164 = 1 << 1, SYSLOG_TRANSMISSION_LOG_FORMAT_RFC_5425 = 1 << 2, _SYSLOG_TRANSMISSION_LOG_FORMAT_MAX, _SYSLOG_TRANSMISSION_LOG_FORMAT_INVALID = -EINVAL, diff --git a/src/netlog/netlog-network.c b/src/netlog/netlog-network.c index 4bbb148..b82fe22 100644 --- a/src/netlog/netlog-network.c +++ b/src/netlog/netlog-network.c @@ -115,7 +115,7 @@ int manager_push_to_network(Manager *m, if (m->log_format == SYSLOG_TRANSMISSION_LOG_FORMAT_RFC_5424 || m->log_format == SYSLOG_TRANSMISSION_LOG_FORMAT_RFC_5425) r = format_rfc5424(m, severity, facility, identifier, message, hostname, pid, tv, syslog_structured_data, syslog_msgid); else - r = format_rfc3339(m, severity, facility, identifier, message, hostname, pid, tv); + r = format_rfc3164(m, severity, facility, identifier, message, hostname, pid, tv); if (r < 0) return r; diff --git a/src/netlog/netlog-protocol.c b/src/netlog/netlog-protocol.c index 2cf246c..3369115 100644 --- a/src/netlog/netlog-protocol.c +++ b/src/netlog/netlog-protocol.c @@ -194,7 +194,7 @@ static void set_priority_field(int severity, int facility, char *header_priority IOVEC_SET_STRING(iov[(*n)++], header_priority); } -int format_rfc3339(Manager *m, +int format_rfc3164(Manager *m, int severity, int facility, const char *identifier, @@ -211,7 +211,7 @@ int format_rfc3339(Manager *m, assert(m); assert(message); - /* RFC3339 format: timestamp hostname identifier[pid]: message */ + /* RFC3164 format: timestamp hostname identifier[pid]: message */ set_priority_field(severity, facility, header_priority, sizeof(header_priority), iov, &n); set_timestamp_field(tv, header_time, sizeof(header_time), iov, &n); diff --git a/src/netlog/netlog-protocol.h b/src/netlog/netlog-protocol.h index 8b5622b..9e42faa 100644 --- a/src/netlog/netlog-protocol.h +++ b/src/netlog/netlog-protocol.h @@ -8,5 +8,5 @@ int protocol_send(Manager *m, struct iovec *iovec, unsigned n_iovec); void format_rfc3339_timestamp(const struct timeval *tv, char *header_time, size_t header_size); int format_rfc5424(Manager *m, int severity, int facility, const char *identifier, const char *message, const char *hostname, const char *pid, const struct timeval *tv, const char *syslog_structured_data, const char *syslog_msgid); -int format_rfc3339(Manager *m, int severity, int facility, const char *identifier, const char *message, const char *hostname, +int format_rfc3164(Manager *m, int severity, int facility, const char *identifier, const char *message, const char *hostname, const char *pid, const struct timeval *tv); diff --git a/src/netlog/systemd-netlogd.c b/src/netlog/systemd-netlogd.c index ebd2246..c1a3802 100644 --- a/src/netlog/systemd-netlogd.c +++ b/src/netlog/systemd-netlogd.c @@ -66,7 +66,7 @@ static int setup_cursor_state_file(Manager *m, uid_t uid, gid_t gid) { static void help(void) { printf("%s ..\n\n" "Forwards messages from the journal to other hosts over the network using the syslog\n" - "RFC 5424 or RFC3339 format in both unicast and multicast addresses.\n\n" + "RFC 5424 or RFC 3164 format in both unicast and multicast addresses.\n\n" " -h --help Show this help\n" " --version Show package version\n" " --cursor=CURSOR Start at the specified cursor\n" diff --git a/systemd-netlogd.spec b/systemd-netlogd.spec index 27cff0b..f8edc2d 100644 --- a/systemd-netlogd.spec +++ b/systemd-netlogd.spec @@ -5,10 +5,10 @@ Summary: Forwards messages from the journal to other hosts over the netwo License: LGPL-2.1-or-later AND GPL-2.0-only URL: https://github.com/systemd/systemd-netlogd -Source0: %{URL}/archive/v%{version}.tar.gz +Source0: %{URL}/archive/v%{version}/systemd-netlogd-%{version}.tar.gz BuildRequires: gcc -BuildRequires: meson >= 0.43 +BuildRequires: meson >= 0.51 BuildRequires: ninja-build BuildRequires: gperf BuildRequires: libcap-devel @@ -27,7 +27,7 @@ Requires(postun): systemd %description Forwards messages from the journal to other hosts over the network -using the Syslog Protocol (RFC 5424 and RFC 3339). It can be configured +using the Syslog Protocol (RFC 5424 and RFC 3164). It can be configured to send messages to both unicast and multicast addresses. systemd-netlogd runs with its own user systemd-journal-netlog. It starts @@ -67,7 +67,7 @@ getent passwd systemd-journal-netlog >/dev/null || \ %files %license LICENSE.LGPL2.1 LICENSE.GPL2 -%doc README.md CONTRIBUTING.md ARCHITECTURE.md TESTING.md FAQ.md +%doc README.md CONTRIBUTING.md ARCHITECTURE.md TESTING.md FAQ.md CHANGELOG.md SECURITY.md %doc examples/ %config(noreplace) %{_sysconfdir}/systemd/netlogd.conf %{_prefix}/lib/systemd/systemd-netlogd diff --git a/tests/test-string-tables.c b/tests/test-string-tables.c index 26022eb..15e7d34 100644 --- a/tests/test-string-tables.c +++ b/tests/test-string-tables.c @@ -28,11 +28,11 @@ static void test_protocol_string_table(void **state) { /* Test log format string table conversions */ static void test_log_format_string_table(void **state) { assert_string_equal(log_format_to_string(SYSLOG_TRANSMISSION_LOG_FORMAT_RFC_5424), "rfc5424"); - assert_string_equal(log_format_to_string(SYSLOG_TRANSMISSION_LOG_FORMAT_RFC_3339), "rfc3339"); + assert_string_equal(log_format_to_string(SYSLOG_TRANSMISSION_LOG_FORMAT_RFC_3164), "rfc3164"); assert_string_equal(log_format_to_string(SYSLOG_TRANSMISSION_LOG_FORMAT_RFC_5425), "rfc5425"); assert_int_equal(log_format_from_string("rfc5424"), SYSLOG_TRANSMISSION_LOG_FORMAT_RFC_5424); - assert_int_equal(log_format_from_string("rfc3339"), SYSLOG_TRANSMISSION_LOG_FORMAT_RFC_3339); + assert_int_equal(log_format_from_string("rfc3164"), SYSLOG_TRANSMISSION_LOG_FORMAT_RFC_3164); assert_int_equal(log_format_from_string("rfc5425"), SYSLOG_TRANSMISSION_LOG_FORMAT_RFC_5425); /* Test invalid format - returns -1 when not found */