diff --git a/admin/syslog-ng/Makefile b/admin/syslog-ng/Makefile index c78b1ba1e..06a7f9402 100644 --- a/admin/syslog-ng/Makefile +++ b/admin/syslog-ng/Makefile @@ -1,26 +1,33 @@ -include $(TOPDIR)/rules.mk +include $(TOPDIR)/rules.mk PKG_NAME:=syslog-ng -PKG_VERSION:=3.17.2 -PKG_RELEASE:=2 +PKG_VERSION:=3.19.1 +PKG_RELEASE:=1 PKG_MAINTAINER:=W. Michael Petullo +PKG_LICENSE:=LGPL-2.1+ +PKG_LICENSE_FILES:=COPYING +PKG_CPE_ID:=cpe:/a:balabit:syslog-ng PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/balabit/syslog-ng/releases/download/$(PKG_NAME)-$(PKG_VERSION)/ -PKG_HASH:=73601f7ca13c6b534318d5b0648ec1833aa9ca0516d6c3f90085b090d548c50b +PKG_HASH:=5cf931a9d7bead0e6d9a2c65eee8f6005a005878f59aa280f3c4294257ed5178 +PKG_BUILD_PARALLEL:=1 PKG_INSTALL:=1 +PKG_CONFIG_DEPENDS:= \ + CONFIG_IPV6 \ + include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/nls.mk define Package/syslog-ng SECTION:=admin CATEGORY:=Administration - DEPENDS:=+libpcre +glib2 +libopenssl +libuuid +libcurl + DEPENDS:=+libpcre +glib2 +libopenssl +libpthread +librt +zlib +libdbi +psmisc +libjson-c +libcurl +libuuid TITLE:=A powerful syslog daemon - URL:=http://www.balabit.com/network-security/syslog-ng/opensource-logging-system/ + URL:=https://www.syslog-ng.com/products/open-source-log-management/ endef define Package/syslog-ng/description @@ -32,6 +39,7 @@ endef define Package/syslog-ng/conffiles /etc/syslog-ng.conf /etc/syslog-ng.d/ +/etc/scl.conf endef define Build/Configure @@ -39,55 +47,59 @@ define Build/Configure $(Build/Configure/Default) endef -CONFIGURE_ARGS += \ - $(call autoconf_bool,CONFIG_IPV6,ipv6) \ - --disable-dependency-tracking \ - --disable-amqp \ - --disable-tcp-wrapper \ - --disable-glibtest \ - --disable-mongodb \ - --disable-java \ - --disable-json \ - --disable-python \ - --disable-spoof-source \ - --disable-sql \ - --disable-linux-caps \ - --disable-smtp \ - --disable-redis \ - --enable-prce \ - -TARGET_CPPFLAGS += \ - -I$(STAGING_DIR)/usr/include/eventlog +CONFIGURE_ARGS += \ + $(call autoconf_bool,CONFIG_IPV6,ipv6) \ + --disable-tcp-wrapper \ + --disable-spoof-source \ + --disable-sql \ + --disable-linux-caps \ + --with-jsonc=system \ + --enable-json=yes \ + --enable-http=yes \ + --disable-smtp \ + --disable-redis \ + --disable-dependency-tracking \ + --disable-python \ + --disable-java \ + --disable-java-modules \ + --with-librabbitmq-client=no \ + --with-mongoc=no CONFIGURE_VARS += \ - LIBDBI_CFLAGS="-I$(STAGING_DIR)/usr/include" + LIBDBI_CFLAGS="-I$(STAGING_DIR)/usr/include" define Package/syslog-ng/install - $(INSTALL_DIR) $(1)/usr/lib - $(MAKE) -C $(PKG_BUILD_DIR) \ - install-sbinPROGRAMS install-libLTLIBRARIES \ - install-moduleLTLIBRARIES DESTDIR="$(1)" + cd $(PKG_BUILD_DIR); make DESTDIR=$(1) install + + $(call libtool_remove_files,$(1)) # This removes .la files in folder (including subfolders) /usr/lib + rm -rf $(1)/usr/lib/pkgconfig \ + $(1)/usr/lib/*.a \ + $(1)/usr/include \ + $(1)/var + $(INSTALL_DIR) $(1)/etc/init.d $(INSTALL_BIN) ./files/syslog-ng.init $(1)/etc/init.d/syslog-ng + $(INSTALL_DIR) $(1)/etc/syslog-ng.d $(INSTALL_DATA) ./files/syslog-ng.conf $(1)/etc - $(INSTALL_DIR) $(1)/etc/syslog-ng.d/ - $(call libtool_remove_files,$(1)) touch $(1)/etc/syslog-ng.d/.keep endef +define Package/syslog-ng/postinst +#!/bin/sh + +[ -n "$$IPKG_INSTROOT" ] || { +/etc/init.d/syslog-ng enable +/etc/init.d/syslog-ng restart +} +endef + define Package/syslog-ng/prerm - #!/bin/sh - # check if we are on real system - if [ -z "$${IPKG_INSTROOT}" ]; then - # wish we had pidof unconditionally - pid=$(ps | grep syslog | grep -v grep | awk '{ print $$1; }') - [ -n "$$pid" ] && /etc/init.d/syslog-ng stop - [ "$${PKG_UPGRADE}" != "1" ] && { - echo "Removing rc.d symlink for syslog-ng" - /etc/init.d/syslog-ng disable - } - fi - exit 0 +#!/bin/sh + +[ -n "$$IPKG_INSTROOT" ] || { +/etc/init.d/syslog-ng disable +/etc/init.d/syslog-ng stop +} endef $(eval $(call BuildPackage,syslog-ng)) diff --git a/admin/syslog-ng/files/syslog-ng.conf b/admin/syslog-ng/files/syslog-ng.conf index c1b36c7dc..c6f5c42bf 100644 --- a/admin/syslog-ng/files/syslog-ng.conf +++ b/admin/syslog-ng/files/syslog-ng.conf @@ -1,17 +1,26 @@ -@version: 3.17 +############################################################################# +# OpenWrt syslog-ng.conf specific file +# which collects all local logs into a single file called /var/log/messages. +# More details about these settings can be found here: +# https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.16/release-notes/global-options + +@version: 3.19 +@include "scl.conf" +@include "/etc/syslog-ng.d/" # Put any customization files in this directory options { - chain_hostnames(no); + chain_hostnames(no); # Enable or disable the chained hostname format. create_dirs(yes); - flush_lines(0); - keep_hostname(yes); - log_fifo_size(256); - log_msg_size(1024); - stats_freq(0); - flush_lines(0); - use_fqdn(no); + keep_hostname(yes); # Enable or disable hostname rewriting. + log_fifo_size(256); # The number of messages that the output queue can store. + log_msg_size(1024); # Maximum length of a message in bytes. + stats_freq(0); # The period between two STATS messages (sent by syslog-ng, containing statistics about dropped logs) in seconds. + flush_lines(0); # How many lines are flushed to a destination at a time. + use_fqdn(no); # Add Fully Qualified Domain Name instead of short hostname. }; +# syslog-ng gets messages from syslog-ng (internal) and from /dev/log + source src { internal(); unix-dgram("/dev/log"); @@ -21,6 +30,19 @@ source net { udp(ip(0.0.0.0) port(514)); }; +source s_network { + default-network-drivers( + # NOTE: TLS support + # + # the default-network-drivers() source driver opens the TLS + # enabled ports as well, however without an actual key/cert + # pair they will not operate and syslog-ng would display a + # warning at startup. + # + #tls(key-file("/path/to/ssl-private-key") cert-file("/path/to/ssl-cert")) + ); +}; + source kernel { file("/proc/kmsg" program_override("kernel")); }; @@ -34,8 +56,7 @@ log { source(net); source(kernel); destination(messages); -}; - -# put any customization files in this directory -@include "/etc/syslog-ng.d/" + # uncomment this line to open port 514 to receive messages + #source(s_network); +}; diff --git a/admin/syslog-ng/patches/001-fix-compat-getent-musl.patch b/admin/syslog-ng/patches/001-fix-compat-getent-musl.patch deleted file mode 100644 index 5df826385..000000000 --- a/admin/syslog-ng/patches/001-fix-compat-getent-musl.patch +++ /dev/null @@ -1,446 +0,0 @@ -diff --git a/configure.ac b/configure.ac -index 94f950c76..e3bda0599 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -783,6 +783,7 @@ AC_CHECK_FUNCS(strdup \ - strcasestr \ - memrchr \ - localtime_r \ -+ getprotobynumber_r \ - gmtime_r \ - strnlen \ - strtok_r) -diff --git a/lib/compat/CMakeLists.txt b/lib/compat/CMakeLists.txt -index 4fa05d7e0..95fcb0e0d 100644 ---- a/lib/compat/CMakeLists.txt -+++ b/lib/compat/CMakeLists.txt -@@ -10,7 +10,8 @@ set(COMPAT_HEADERS - compat/openssl_support.h - compat/pcre.h - compat/getent.h -- compat/getent-bb.h -+ compat/getent-sun.h -+ compat/getent-generic.h - PARENT_SCOPE) - - set(COMPAT_SOURCES -@@ -24,7 +25,8 @@ set(COMPAT_SOURCES - compat/strnlen.c - compat/time.c - compat/openssl_support.c -- compat/getent.c -+ compat/getent-sun.c -+ compat/getent-generic.c - PARENT_SCOPE) - - add_test_subdirectory(tests) -diff --git a/lib/compat/Makefile.am b/lib/compat/Makefile.am -index e5c1f4e56..8d5010558 100644 ---- a/lib/compat/Makefile.am -+++ b/lib/compat/Makefile.am -@@ -13,9 +13,10 @@ compatinclude_HEADERS = \ - lib/compat/string.h \ - lib/compat/time.h \ - lib/compat/openssl_support.h \ -- lib/compat/pcre.h \ -- lib/compat/getent.h \ -- lib/compat/getent-bb.h -+ lib/compat/pcre.h \ -+ lib/compat/getent.h \ -+ lib/compat/getent-sun.h \ -+ lib/compat/getent-generic.h - - compat_sources = \ - lib/compat/getutent.c \ -@@ -28,6 +29,7 @@ compat_sources = \ - lib/compat/strnlen.c \ - lib/compat/time.c \ - lib/compat/openssl_support.c \ -- lib/compat/getent.c -+ lib/compat/getent-sun.c \ -+ lib/compat/getent-generic.c - - include lib/compat/tests/Makefile.am -diff --git a/lib/compat/getent-generic.c b/lib/compat/getent-generic.c -new file mode 100644 -index 000000000..f75d1cc0a ---- /dev/null -+++ b/lib/compat/getent-generic.c -@@ -0,0 +1,150 @@ -+/* -+ * Copyright (c) 2017 Balabit -+ * -+ * This library is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU Lesser General Public -+ * License as published by the Free Software Foundation; either -+ * version 2.1 of the License, or (at your option) any later version. -+ * -+ * This library is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ * Lesser General Public License for more details. -+ * -+ * You should have received a copy of the GNU Lesser General Public -+ * License along with this library; if not, write to the Free Software -+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA -+ * -+ * As an additional exemption you are allowed to compile & link against the -+ * OpenSSL libraries as published by the OpenSSL project. See the file -+ * COPYING for details. -+ * -+ */ -+ -+#include "compat/getent-generic.h" -+ -+#ifndef SYSLOG_NG_HAVE_GETPROTOBYNUMBER_R -+ -+#include -+#include -+ -+G_LOCK_DEFINE_STATIC(getproto); -+ -+/* this code does not support proto aliases, as we wouldn't be using -+ * them anyway. Should we ever want to support it, we would need to -+ * suballocate @buf and store all of the aliases in the same character -+ * array. -+ */ -+static void -+_extract_protoent_fields(struct protoent *dst, struct protoent *src, char *buf, size_t buflen) -+{ -+ g_strlcpy(buf, src->p_name, buflen); -+ dst->p_name = buf; -+ dst->p_aliases = NULL; -+ dst->p_proto = src->p_proto; -+} -+ -+int -+_compat_generic__getprotobynumber_r(int proto, -+ struct protoent *result_buf, char *buf, -+ size_t buflen, struct protoent **result) -+{ -+ struct protoent *pe; -+ -+ G_LOCK(getproto); -+ pe = getprotobynumber(proto); -+ -+ if (pe) -+ { -+ _extract_protoent_fields(result_buf, pe, buf, buflen); -+ *result = result_buf; -+ errno = 0; -+ } -+ -+ G_UNLOCK(getproto); -+ return errno; -+} -+ -+int -+_compat_generic__getprotobyname_r(const char *name, -+ struct protoent *result_buf, char *buf, -+ size_t buflen, struct protoent **result) -+{ -+ struct protoent *pe; -+ -+ G_LOCK(getproto); -+ pe = getprotobyname(name); -+ -+ if (pe) -+ { -+ _extract_protoent_fields(result_buf, pe, buf, buflen); -+ *result = result_buf; -+ errno = 0; -+ } -+ -+ G_UNLOCK(getproto); -+ return errno; -+} -+ -+G_LOCK_DEFINE_STATIC(getserv); -+ -+/* this code does not support service aliases or using the s_proto field, as -+ * we wouldn't be using them anyway. Should we ever want to support it, we -+ * would need to suballocate @buf and store all of the aliases in the same -+ * character array. -+ */ -+static void -+_extract_servent_fields(struct servent *dst, struct servent *src, char *buf, size_t buflen) -+{ -+ g_strlcpy(buf, src->s_name, buflen); -+ dst->s_name = buf; -+ dst->s_aliases = NULL; -+ dst->s_port = src->s_port; -+ /* we don't support s_proto */ -+ dst->s_proto = NULL; -+} -+ -+ -+int -+_compat_generic__getservbyport_r(int port, const char *proto, -+ struct servent *result_buf, char *buf, -+ size_t buflen, struct servent **result) -+{ -+ struct servent *se; -+ -+ G_LOCK(getserv); -+ se = getservbyport(port, proto); -+ -+ if (se) -+ { -+ _extract_servent_fields(result_buf, se, buf, buflen); -+ *result = result_buf; -+ errno = 0; -+ } -+ -+ G_UNLOCK(getserv); -+ return errno; -+} -+ -+int -+_compat_generic__getservbyname_r(const char *name, const char *proto, -+ struct servent *result_buf, char *buf, -+ size_t buflen, struct servent **result) -+{ -+ struct servent *se; -+ -+ G_LOCK(getserv); -+ se = getservbyname(name, proto); -+ -+ if (se) -+ { -+ _extract_servent_fields(result_buf, se, buf, buflen); -+ *result = result_buf; -+ errno = 0; -+ } -+ -+ G_UNLOCK(getserv); -+ return errno; -+} -+ -+#endif -diff --git a/lib/compat/getent-generic.h b/lib/compat/getent-generic.h -new file mode 100644 -index 000000000..cc95a2646 ---- /dev/null -+++ b/lib/compat/getent-generic.h -@@ -0,0 +1,54 @@ -+/* -+ * Copyright (c) 2017 Balabit -+ * -+ * This library is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU Lesser General Public -+ * License as published by the Free Software Foundation; either -+ * version 2.1 of the License, or (at your option) any later version. -+ * -+ * This library is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ * Lesser General Public License for more details. -+ * -+ * You should have received a copy of the GNU Lesser General Public -+ * License along with this library; if not, write to the Free Software -+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA -+ * -+ * As an additional exemption you are allowed to compile & link against the -+ * OpenSSL libraries as published by the OpenSSL project. See the file -+ * COPYING for details. -+ * -+ */ -+ -+#ifndef COMPAT_GETENT_GENERIC_H_INCLUDED -+#define COMPAT_GETENT_GENERIC_H_INCLUDED -+ -+#include "compat/compat.h" -+ -+#ifndef SYSLOG_NG_HAVE_GETPROTOBYNUMBER_R -+ -+#include -+#include -+#include -+#include -+ -+int _compat_generic__getprotobynumber_r(int proto, -+ struct protoent *result_buf, char *buf, -+ size_t buflen, struct protoent **result); -+ -+int _compat_generic__getprotobyname_r(const char *name, -+ struct protoent *result_buf, char *buf, -+ size_t buflen, struct protoent **result); -+ -+int _compat_generic__getservbyport_r(int port, const char *proto, -+ struct servent *result_buf, char *buf, -+ size_t buflen, struct servent **result); -+ -+int _compat_generic__getservbyname_r(const char *name, const char *proto, -+ struct servent *result_buf, char *buf, -+ size_t buflen, struct servent **result); -+ -+#endif -+ -+#endif -diff --git a/lib/compat/getent.c b/lib/compat/getent-sun.c -similarity index 63% -rename from lib/compat/getent.c -rename to lib/compat/getent-sun.c -index bb9b5b431..dce676f2f 100644 ---- a/lib/compat/getent.c -+++ b/lib/compat/getent-sun.c -@@ -21,40 +21,45 @@ - * - */ - --#if defined(sun) || defined(__sun) -+#include "compat/getent-sun.h" - --#include "compat/getent-bb.h" -+#if defined(sun) || defined(__sun) - #include - --int bb__getprotobynumber_r(int proto, -- struct protoent *result_buf, char *buf, -- size_t buflen, struct protoent **result) -+int -+_compat_sun__getprotobynumber_r(int proto, -+ struct protoent *result_buf, char *buf, -+ size_t buflen, struct protoent **result) - { - *result = getprotobynumber_r(proto, result_buf, buf, buflen); - return (*result ? NULL : errno); - } - --int bb__getprotobyname_r(const char *name, -- struct protoent *result_buf, char *buf, -- size_t buflen, struct protoent **result) -+int -+_compat_sun__getprotobyname_r(const char *name, -+ struct protoent *result_buf, char *buf, -+ size_t buflen, struct protoent **result) - { - *result = getprotobyname_r(name, result_buf, buf, buflen); - return (*result ? NULL : errno); - } - --int bb__getservbyport_r(int port, const char *proto, -- struct servent *result_buf, char *buf, -- size_t buflen, struct servent **result) -+int -+_compat_sun__getservbyport_r(int port, const char *proto, -+ struct servent *result_buf, char *buf, -+ size_t buflen, struct servent **result) - { - *result = getservbyport_r(port, proto, result_buf, buf, buflen); - return (*result ? NULL : errno); - } - --int bb__getservbyname_r(const char *name, const char *proto, -- struct servent *result_buf, char *buf, -- size_t buflen, struct servent **result) -+int -+_compat_sun__getservbyname_r(const char *name, const char *proto, -+ struct servent *result_buf, char *buf, -+ size_t buflen, struct servent **result) - { - *result = getservbyname_r(name, proto, result_buf, buf, buflen); - return (*result ? NULL : errno); - } -+ - #endif -diff --git a/lib/compat/getent-bb.h b/lib/compat/getent-sun.h -similarity index 53% -rename from lib/compat/getent-bb.h -rename to lib/compat/getent-sun.h -index 15aa2f5e5..fc1eccd2c 100644 ---- a/lib/compat/getent-bb.h -+++ b/lib/compat/getent-sun.h -@@ -21,8 +21,10 @@ - * - */ - --#ifndef GETENT_BB_H_INCLUDED --#define GETENT_BB_H_INCLUDED -+#ifndef COMPAT_GETENT_SUN_H_INCLUDED -+#define COMPAT_GETENT_SUN_H_INCLUDED -+ -+#include "compat/compat.h" - - #if defined(sun) || defined(__sun) - -@@ -31,21 +33,21 @@ - #include - #include - --int bb__getprotobynumber_r(int proto, -- struct protoent *result_buf, char *buf, -- size_t buflen, struct protoent **result); -+int _compat_sun__getprotobynumber_r(int proto, -+ struct protoent *result_buf, char *buf, -+ size_t buflen, struct protoent **result); - --int bb__getprotobyname_r(const char *name, -- struct protoent *result_buf, char *buf, -- size_t buflen, struct protoent **result); -+int _compat_sun__getprotobyname_r(const char *name, -+ struct protoent *result_buf, char *buf, -+ size_t buflen, struct protoent **result); - --int bb__getservbyport_r(int port, const char *proto, -- struct servent *result_buf, char *buf, -- size_t buflen, struct servent **result); -+int _compat_sun__getservbyport_r(int port, const char *proto, -+ struct servent *result_buf, char *buf, -+ size_t buflen, struct servent **result); - --int bb__getservbyname_r(const char *name, const char *proto, -- struct servent *result_buf, char *buf, -- size_t buflen, struct servent **result); -+int _compat_sun__getservbyname_r(const char *name, const char *proto, -+ struct servent *result_buf, char *buf, -+ size_t buflen, struct servent **result); - - #endif - -diff --git a/lib/compat/getent.h b/lib/compat/getent.h -index 09a9f73d6..01c3deb6d 100644 ---- a/lib/compat/getent.h -+++ b/lib/compat/getent.h -@@ -21,22 +21,28 @@ - * - */ - --#ifndef GETENT_COMPAT_H_INCLUDED --#define GETENT_COMPAT_H_INCLUDED -+#ifndef COMPAT_GETENT_H_INCLUDED -+#define COMPAT_GETENT_H_INCLUDED - --#include --#include --#include --#include -+#include "compat/compat.h" - --#if defined(sun) || defined(__sun) -+#ifndef SYSLOG_NG_HAVE_GETPROTOBYNUMBER_R - --#define getprotobynumber_r bb__getprotobynumber_r --#define getprotobyname_r bb__getprotobyname_r --#define getservbyport_r bb__getservbyport_r --#define getservbyname_r bb__getservbyname_r -+#define getprotobynumber_r _compat_generic__getprotobynumber_r -+#define getprotobyname_r _compat_generic__getprotobyname_r -+#define getservbyport_r _compat_generic__getservbyport_r -+#define getservbyname_r _compat_generic__getservbyname_r - --#include "getent-bb.h" -+#include "getent-generic.h" - --#endif // Solaris -+#elif defined(sun) || defined(__sun) -+ -+#define getprotobynumber_r _compat_sun__getprotobynumber_r -+#define getprotobyname_r _compat_sun__getprotobyname_r -+#define getservbyport_r _compat_sun__getservbyport_r -+#define getservbyname_r _compat_sun__getservbyname_r -+ -+#include "getent-sun.h" -+ -+#endif - #endif