moby/daemon/logger/syslog/syslog.go
Mark Parker b7d802bbcc Add NILVALUE for STRUCTURED-DATA in RFC5424 logs
RFC 5424 (https://tools.ietf.org/html/rfc5424#section-6.2) requires that
STRUCTURED-DATA be present, either as NILVALUE (-) or as one or more
SD-ELEMENT items. Because Docker doesn't ever create any SD-ELEMENT items,
the format should output the NILVALUE instead. This resolves parsing issues
in various RFC 5424-compliant syslog servers.

Signed-off-by: Mark Parker <godefroi@gmail.com>
2017-02-02 15:16:14 -07:00

264 lines
6.8 KiB
Go

// Package syslog provides the logdriver for forwarding server logs to syslog endpoints.
package syslog
import (
"crypto/tls"
"errors"
"fmt"
"net"
"net/url"
"os"
"strconv"
"strings"
"time"
syslog "github.com/RackSec/srslog"
"github.com/Sirupsen/logrus"
"github.com/docker/docker/daemon/logger"
"github.com/docker/docker/daemon/logger/loggerutils"
"github.com/docker/docker/pkg/urlutil"
"github.com/docker/go-connections/tlsconfig"
)
const (
name = "syslog"
secureProto = "tcp+tls"
)
var facilities = map[string]syslog.Priority{
"kern": syslog.LOG_KERN,
"user": syslog.LOG_USER,
"mail": syslog.LOG_MAIL,
"daemon": syslog.LOG_DAEMON,
"auth": syslog.LOG_AUTH,
"syslog": syslog.LOG_SYSLOG,
"lpr": syslog.LOG_LPR,
"news": syslog.LOG_NEWS,
"uucp": syslog.LOG_UUCP,
"cron": syslog.LOG_CRON,
"authpriv": syslog.LOG_AUTHPRIV,
"ftp": syslog.LOG_FTP,
"local0": syslog.LOG_LOCAL0,
"local1": syslog.LOG_LOCAL1,
"local2": syslog.LOG_LOCAL2,
"local3": syslog.LOG_LOCAL3,
"local4": syslog.LOG_LOCAL4,
"local5": syslog.LOG_LOCAL5,
"local6": syslog.LOG_LOCAL6,
"local7": syslog.LOG_LOCAL7,
}
type syslogger struct {
writer *syslog.Writer
}
func init() {
if err := logger.RegisterLogDriver(name, New); err != nil {
logrus.Fatal(err)
}
if err := logger.RegisterLogOptValidator(name, ValidateLogOpt); err != nil {
logrus.Fatal(err)
}
}
// rsyslog uses appname part of syslog message to fill in an %syslogtag% template
// attribute in rsyslog.conf. In order to be backward compatible to rfc3164
// tag will be also used as an appname
func rfc5424formatterWithAppNameAsTag(p syslog.Priority, hostname, tag, content string) string {
timestamp := time.Now().Format(time.RFC3339)
pid := os.Getpid()
msg := fmt.Sprintf("<%d>%d %s %s %s %d %s - %s",
p, 1, timestamp, hostname, tag, pid, tag, content)
return msg
}
// The timestamp field in rfc5424 is derived from rfc3339. Whereas rfc3339 makes allowances
// for multiple syntaxes, there are further restrictions in rfc5424, i.e., the maximium
// resolution is limited to "TIME-SECFRAC" which is 6 (microsecond resolution)
func rfc5424microformatterWithAppNameAsTag(p syslog.Priority, hostname, tag, content string) string {
timestamp := time.Now().Format("2006-01-02T15:04:05.999999Z07:00")
pid := os.Getpid()
msg := fmt.Sprintf("<%d>%d %s %s %s %d %s - %s",
p, 1, timestamp, hostname, tag, pid, tag, content)
return msg
}
// New creates a syslog logger using the configuration passed in on
// the context. Supported context configuration variables are
// syslog-address, syslog-facility, syslog-format.
func New(info logger.Info) (logger.Logger, error) {
tag, err := loggerutils.ParseLogTag(info, loggerutils.DefaultTemplate)
if err != nil {
return nil, err
}
proto, address, err := parseAddress(info.Config["syslog-address"])
if err != nil {
return nil, err
}
facility, err := parseFacility(info.Config["syslog-facility"])
if err != nil {
return nil, err
}
syslogFormatter, syslogFramer, err := parseLogFormat(info.Config["syslog-format"], proto)
if err != nil {
return nil, err
}
var log *syslog.Writer
if proto == secureProto {
tlsConfig, tlsErr := parseTLSConfig(info.Config)
if tlsErr != nil {
return nil, tlsErr
}
log, err = syslog.DialWithTLSConfig(proto, address, facility, tag, tlsConfig)
} else {
log, err = syslog.Dial(proto, address, facility, tag)
}
if err != nil {
return nil, err
}
log.SetFormatter(syslogFormatter)
log.SetFramer(syslogFramer)
return &syslogger{
writer: log,
}, nil
}
func (s *syslogger) Log(msg *logger.Message) error {
line := string(msg.Line)
logger.PutMessage(msg)
if msg.Source == "stderr" {
return s.writer.Err(line)
}
return s.writer.Info(line)
}
func (s *syslogger) Close() error {
return s.writer.Close()
}
func (s *syslogger) Name() string {
return name
}
func parseAddress(address string) (string, string, error) {
if address == "" {
return "", "", nil
}
if !urlutil.IsTransportURL(address) {
return "", "", fmt.Errorf("syslog-address should be in form proto://address, got %v", address)
}
url, err := url.Parse(address)
if err != nil {
return "", "", err
}
// unix and unixgram socket validation
if url.Scheme == "unix" || url.Scheme == "unixgram" {
if _, err := os.Stat(url.Path); err != nil {
return "", "", err
}
return url.Scheme, url.Path, nil
}
// here we process tcp|udp
host := url.Host
if _, _, err := net.SplitHostPort(host); err != nil {
if !strings.Contains(err.Error(), "missing port in address") {
return "", "", err
}
host = host + ":514"
}
return url.Scheme, host, nil
}
// ValidateLogOpt looks for syslog specific log options
// syslog-address, syslog-facility.
func ValidateLogOpt(cfg map[string]string) error {
for key := range cfg {
switch key {
case "env":
case "labels":
case "syslog-address":
case "syslog-facility":
case "syslog-tls-ca-cert":
case "syslog-tls-cert":
case "syslog-tls-key":
case "syslog-tls-skip-verify":
case "tag":
case "syslog-format":
default:
return fmt.Errorf("unknown log opt '%s' for syslog log driver", key)
}
}
if _, _, err := parseAddress(cfg["syslog-address"]); err != nil {
return err
}
if _, err := parseFacility(cfg["syslog-facility"]); err != nil {
return err
}
if _, _, err := parseLogFormat(cfg["syslog-format"], ""); err != nil {
return err
}
return nil
}
func parseFacility(facility string) (syslog.Priority, error) {
if facility == "" {
return syslog.LOG_DAEMON, nil
}
if syslogFacility, valid := facilities[facility]; valid {
return syslogFacility, nil
}
fInt, err := strconv.Atoi(facility)
if err == nil && 0 <= fInt && fInt <= 23 {
return syslog.Priority(fInt << 3), nil
}
return syslog.Priority(0), errors.New("invalid syslog facility")
}
func parseTLSConfig(cfg map[string]string) (*tls.Config, error) {
_, skipVerify := cfg["syslog-tls-skip-verify"]
opts := tlsconfig.Options{
CAFile: cfg["syslog-tls-ca-cert"],
CertFile: cfg["syslog-tls-cert"],
KeyFile: cfg["syslog-tls-key"],
InsecureSkipVerify: skipVerify,
}
return tlsconfig.Client(opts)
}
func parseLogFormat(logFormat, proto string) (syslog.Formatter, syslog.Framer, error) {
switch logFormat {
case "":
return syslog.UnixFormatter, syslog.DefaultFramer, nil
case "rfc3164":
return syslog.RFC3164Formatter, syslog.DefaultFramer, nil
case "rfc5424":
if proto == secureProto {
return rfc5424formatterWithAppNameAsTag, syslog.RFC5425MessageLengthFramer, nil
}
return rfc5424formatterWithAppNameAsTag, syslog.DefaultFramer, nil
case "rfc5424micro":
if proto == secureProto {
return rfc5424microformatterWithAppNameAsTag, syslog.RFC5425MessageLengthFramer, nil
}
return rfc5424microformatterWithAppNameAsTag, syslog.DefaultFramer, nil
default:
return nil, nil, errors.New("Invalid syslog format")
}
}