srslog

package module
v0.0.0-...-aabac1d Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 24, 2023 License: BSD-3-Clause Imports: 10 Imported by: 0

README

Build Status

srslog

Go has a syslog package in the standard library, but it has the following shortcomings:

  1. It doesn't have TLS support
  2. According to bradfitz on the Go team, it is no longer being maintained.

I agree that it doesn't need to be in the standard library. So, I've followed Brad's suggestion and have made a separate project to handle syslog.

This code was taken directly from the Go project as a base to start from.

However, this does have TLS support.

Usage

Basic usage retains the same interface as the original syslog package. We only added to the interface where required to support new functionality.

Switch from the standard library:

import(
    //"log/syslog"
    syslog "github.com/RackSec/srslog"
)

You can still use it for local syslog:

w, err := syslog.Dial("", "", syslog.LOG_ERR, "testtag")

Or to unencrypted UDP:

w, err := syslog.Dial("udp", "192.168.0.50:514", syslog.LOG_ERR, "testtag")

Or to unencrypted TCP:

w, err := syslog.Dial("tcp", "192.168.0.51:514", syslog.LOG_ERR, "testtag")

But now you can also send messages via TLS-encrypted TCP:

w, err := syslog.DialWithTLSCertPath("tcp+tls", "192.168.0.52:514", syslog.LOG_ERR, "testtag", "/path/to/servercert.pem")

And if you need more control over your TLS configuration :

pool := x509.NewCertPool()
serverCert, err := ioutil.ReadFile("/path/to/servercert.pem")
if err != nil {
    return nil, err
}
pool.AppendCertsFromPEM(serverCert)
config := tls.Config{
    RootCAs: pool,
}

w, err := DialWithTLSConfig(network, raddr, priority, tag, &config)

(Note that in both TLS cases, this uses a self-signed certificate, where the remote syslog server has the keypair and the client has only the public key.)

And then to write log messages, continue like so:

if err != nil {
    log.Fatal("failed to connect to syslog:", err)
}
defer w.Close()

w.Alert("this is an alert")
w.Crit("this is critical")
w.Err("this is an error")
w.Warning("this is a warning")
w.Notice("this is a notice")
w.Info("this is info")
w.Debug("this is debug")
w.Write([]byte("these are some bytes"))

If you need further control over connection attempts, you can use the DialWithCustomDialer function. To continue with the DialWithTLSConfig example:

netDialer := &net.Dialer{Timeout: time.Second*5} // easy timeouts
realNetwork := "tcp" // real network, other vars your dail func can close over
dial := func(network, addr string) (net.Conn, error) {
    // cannot use "network" here as it'll simply be "custom" which will fail
    return tls.DialWithDialer(netDialer, realNetwork, addr, &config)
}

w, err := DialWithCustomDialer("custom", "192.168.0.52:514", syslog.LOG_ERR, "testtag", dial)

Your custom dial func can set timeouts, proxy connections, and do whatever else it needs before returning a net.Conn.

Generating TLS Certificates

We've provided a script that you can use to generate a self-signed keypair:

pip install cryptography
python script/gen-certs.py

That outputs the public key and private key to standard out. Put those into .pem files. (And don't put them into any source control. The certificate in the test directory is used by the unit tests, and please do not actually use it anywhere else.)

Running Tests

Run the tests as usual:

go test

But we've also provided a test coverage script that will show you which lines of code are not covered:

script/coverage --html

That will open a new browser tab showing coverage information.

License

This project uses the New BSD License, the same as the Go project itself.

Code of Conduct

Please note that this project is released with a Contributor Code of Conduct. By participating in this project you agree to abide by its terms.

Documentation

Index

Constants

This section is empty.

Variables

View Source
var ErrNilDialFunc = errors.New("srslog: nil DialFunc passed to DialWithCustomDialer")

ErrNilDialFunc is returned from DialWithCustomDialer when a nil DialFunc is passed, avoiding a nil pointer deference panic.

Functions

func DefaultFormatter

func DefaultFormatter(p Priority, hostname, tag, content string) string

DefaultFormatter is the original format supported by the Go syslog package, and is a non-compliant amalgamation of 3164 and 5424 that is intended to maximize compatibility.

func DefaultFramer

func DefaultFramer(in string) string

DefaultFramer does nothing, since there is no framing to apply. This is the original behavior of the Go syslog package, and is also typically used for UDP syslog.

func RFC3164Formatter

func RFC3164Formatter(p Priority, hostname, tag, content string) string

RFC3164Formatter provides an RFC 3164 compliant message.

func RFC5424Formatter

func RFC5424Formatter(p Priority, hostname, tag, content string) string

RFC5424Formatter provides an RFC 5424 compliant message.

func RFC5425MessageLengthFramer

func RFC5425MessageLengthFramer(in string) string

RFC5425MessageLengthFramer prepends the message length to the front of the provided message, as defined in RFC 5425.

func UnixFormatter

func UnixFormatter(p Priority, hostname, tag, content string) string

UnixFormatter omits the hostname, because it is only used locally.

Types

type DialFunc

type DialFunc func(string, string) (net.Conn, error)

DialFunc is the function signature to be used for a custom dialer callback with DialWithCustomDialer

type Formatter

type Formatter func(p Priority, hostname, tag, content string) string

Formatter is a type of function that takes the consituent parts of a syslog message and returns a formatted string. A different Formatter is defined for each different syslog protocol we support.

type Framer

type Framer func(in string) string

Framer is a type of function that takes an input string (typically an already-formatted syslog message) and applies "message framing" to it. We have different framers because different versions of the syslog protocol and its transport requirements define different framing behavior.

type Priority

type Priority int

Priority is a combination of the syslog facility and severity. For example, LOG_ALERT | LOG_FTP sends an alert severity message from the FTP facility. The default severity is LOG_EMERG; the default facility is LOG_KERN.

const (

	// From /usr/include/sys/syslog.h.
	// These are the same on Linux, BSD, and OS X.
	LOG_EMERG Priority = iota
	LOG_ALERT
	LOG_CRIT
	LOG_ERR
	LOG_WARNING
	LOG_NOTICE
	LOG_INFO
	LOG_DEBUG
)
const (

	// From /usr/include/sys/syslog.h.
	// These are the same up to LOG_FTP on Linux, BSD, and OS X.
	LOG_KERN Priority = iota << 3
	LOG_USER
	LOG_MAIL
	LOG_DAEMON
	LOG_AUTH
	LOG_SYSLOG
	LOG_LPR
	LOG_NEWS
	LOG_UUCP
	LOG_CRON
	LOG_AUTHPRIV
	LOG_FTP

	LOG_LOCAL0
	LOG_LOCAL1
	LOG_LOCAL2
	LOG_LOCAL3
	LOG_LOCAL4
	LOG_LOCAL5
	LOG_LOCAL6
	LOG_LOCAL7
)

type Writer

type Writer struct {
	// contains filtered or unexported fields
}

A Writer is a connection to a syslog server.

func Dial

func Dial(network, raddr string, priority Priority, tag string) (*Writer, error)

Dial establishes a connection to a log daemon by connecting to address raddr on the specified network. Each write to the returned Writer sends a log message with the given facility, severity and tag. If network is empty, Dial will connect to the local syslog server.

func DialWithCustomDialer

func DialWithCustomDialer(network, raddr string, priority Priority, tag string, customDial DialFunc) (*Writer, error)

DialWithCustomDialer establishes a connection by calling customDial. Each write to the returned Writer sends a log message with the given facility, severity and tag. Network must be "custom" in order for this package to use customDial. While network and raddr will be passed to customDial, it is allowed for customDial to ignore them. If customDial is nil, this function returns ErrNilDialFunc.

func DialWithTLSCert

func DialWithTLSCert(network, raddr string, priority Priority, tag string, serverCert []byte) (*Writer, error)

DialWIthTLSCert establishes a secure connection to a log daemon by connecting to address raddr on the specified network. It uses serverCert to load a TLS certificate and configure the secure connection.

func DialWithTLSCertPath

func DialWithTLSCertPath(network, raddr string, priority Priority, tag, certPath string) (*Writer, error)

DialWithTLSCertPath establishes a secure connection to a log daemon by connecting to address raddr on the specified network. It uses certPath to load TLS certificates and configure the secure connection.

func DialWithTLSConfig

func DialWithTLSConfig(network, raddr string, priority Priority, tag string, tlsConfig *tls.Config) (*Writer, error)

DialWithTLSConfig establishes a secure connection to a log daemon by connecting to address raddr on the specified network. It uses tlsConfig to configure the secure connection.

func New

func New(priority Priority, tag string) (w *Writer, err error)

New establishes a new connection to the system log daemon. Each write to the returned Writer sends a log message with the given priority and prefix.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL