Syslog logger: replace unmaintained RackSec/srslog and some new optio…

…ns (#442) replace deprecated RackSec/srslog add new options like: hostname and programe name rename config format per formatter add new framer option
dmachard · Oct 30, 2023 · 39af990 · 39af990
1 parent 49151d6
commit 39af990
Show file tree

Hide file tree

Showing 10 changed files with 360 additions and 45 deletions.
diff --git a/Makefile b/Makefile
@@ -5,6 +5,7 @@ GO_LOGGER := 0.3.0
 GO_POWERDNS_PROTOBUF := 0.2.0
 GO_DNSTAP_PROTOBUF := 0.6.0
 GO_FRAMESTREAM := 0.6.0
+GO_CLIENTSYSLOG := 0.3.0
 
 BUILD_TIME := $(shell LANG=en_US date +"%F_%T_%z")
 COMMIT := $(shell git rev-parse --short HEAD)
@@ -33,6 +34,7 @@ dep:
 	@go get github.com/dmachard/go-powerdns-protobuf@v$(GO_POWERDNS_PROTOBUF)
 	@go get github.com/dmachard/go-dnstap-protobuf@v$(GO_DNSTAP_PROTOBUF)
 	@go get github.com/dmachard/go-framestream@v$(GO_FRAMESTREAM)
+	@go get github.com/dmachard/go-clientsyslog@v$(GO_CLIENTSYSLOG)
 	@go mod edit -go=$(GO_VERSION)
 	@go mod tidy
 

diff --git a/config.yml b/config.yml
@@ -396,20 +396,24 @@ multiplexer:
 #   transport: local
 #   # Remote address host:port
 #   remote-address: ""
+#   # Channel buffer size for incoming packets, number of packet before to drop it.
+#   chan-buffer-size: 65535
 #   # interval in second between retry reconnect
 #   retry-interval: 10
 #   # output text format, please refer to the top of this file to see all available directives
 #   text-format: "timestamp-rfc3339ns identity operation rcode queryip queryport family protocol length qname qtype latency"
 #   # output format: text|json|flat-json
 #   mode: text
-#   # enable tls
-#   tls-support: false
-#   # insecure skip verify
+#   # insecure mode, skip certificate verify
 #   tls-insecure: false
-#   # set syslog formatter between `unix` (default), `rfc3164` or `rfc5424` or `rfc5425`
-#   format: ""
-#   # Channel buffer size for incoming packets, number of packet before to drop it.
-#   chan-buffer-size: 65535
+#   # set syslog formatter between unix, rfc3164 (default) or rfc5424
+#   formatter: "rfc3164"
+#   # set syslog framer: `none` or `rfc5425`
+#   framer: "none"
+#   # set syslog hostname
+#   hostname: ""
+#   # set syslog program name
+#   app-name: ""
 #   # Syslog tag or MSGID
 #   tag: ""
 

diff --git a/dnsutils/config.go b/dnsutils/config.go
@@ -350,7 +350,10 @@ type Config struct {
 			Mode              string `yaml:"mode"`
 			TlsInsecure       bool   `yaml:"tls-insecure"`
 			TlsMinVersion     string `yaml:"tls-min-version"`
-			Format            string `yaml:"format"`
+			Formatter         string `yaml:"formatter"`
+			Framer            string `yaml:"framer"`
+			Hostname          string `yaml:"hostname"`
+			AppName           string `yaml:"app-name"`
 			ChannelBufferSize int    `yaml:"chan-buffer-size"`
 			Tag               string `yaml:"tag"`
 		} `yaml:"syslog"`
@@ -664,6 +667,10 @@ func (c *Config) SetDefault() {
 	c.Loggers.Syslog.TlsMinVersion = TLS_v12
 	c.Loggers.Syslog.ChannelBufferSize = 65535
 	c.Loggers.Syslog.Tag = ""
+	c.Loggers.Syslog.Framer = ""
+	c.Loggers.Syslog.Formatter = "rfc5424"
+	c.Loggers.Syslog.Hostname = ""
+	c.Loggers.Syslog.AppName = ""
 
 	c.Loggers.Fluentd.Enable = false
 	c.Loggers.Fluentd.RemoteAddress = LOCALHOST_IP

diff --git a/docs/_examples/use-case-23.yml b/docs/_examples/use-case-23.yml
@@ -0,0 +1,24 @@
+global:
+  trace:
+    verbose: true
+
+multiplexer:
+  collectors:
+    - name: tap
+      dnstap:
+        listen-ip: 0.0.0.0
+        listen-port: 6000
+
+  loggers:
+    - name: syslog
+      syslog:
+        transport: tcp+tls
+        remote-address: "127.0.0.1:6514"
+        mode: text
+        tls-insecure: true
+        formatter: "rfc5424"
+        framer: "rfc5425"
+
+  routes:
+    - from: [ tap ]
+      to: [ syslog ]
diff --git a/docs/examples.md b/docs/examples.md
@@ -8,6 +8,7 @@ You will find below some examples of configurations to manage your DNS logs.
   - [x] [Transform DNSTap as input to JSON format as output](./_examples/use-case-3.yml)
   - [x] [Relays DNSTap stream to multiple remote destination without decoding](./_examples/use-case-12.yml)
   - [x] [Aggregate several DNSTap stream and forward it to the same file](./_examples/use-case-7.yml)
+  - [x] [Send to syslog TLS](./_examples/use-case-23.yml)
 
 - Capture DNS traffic from PowerDNS products
   - [x] [Capture multiple PowerDNS streams](./_examples/use-case-8.yml)

diff --git a/docs/loggers/logger_syslog.md b/docs/loggers/logger_syslog.md
@@ -5,7 +5,7 @@ Syslog logger to local syslog system or remote one.
 
 * local or remote server
 * custom text format
-* supported format: text, json
+* supported format: text, json or flat-json
 * tls support
 
 Options:
@@ -14,12 +14,15 @@ Options:
 * `transport`: (string) Transport to use to a remote log daemon or local one. local|tcp|udp|unix|tcp+tls
 * `remote-address`: (string) Remote address host:port
 * `retry-interval`: (integer) interval in second between retry reconnect
+* `chan-buffer-size`: (integer) channel buffer size used on incoming dns message, number of messages before to drop it.
 * `mode`: (string) output format: text, json, or flat-json
-* `text-format`: (string) output text format, please refer to the default text format to see all available directives, use this parameter if you want a specific format
-* `tls-insecure`: (boolean) insecure skip verify
+* `text-format`: (string) output text format, please refer to the default text format to see all available [directives](../configuration.md#custom-text-format), use this parameter if you want a specific format
+* `tls-insecure`: (boolean) insecure mode, skip certificate verify
 * `tls-min-version`: (string) min tls version, default to 1.2
-* `format`: (string) Set syslog formatter between `unix` (default), [`rfc3164`](https://www.rfc-editor.org/rfc/)rfc3164 or [`rfc5424`](https://www.rfc-editor.org/rfc/rfc5424) or [`rfc5425`](https://www.rfc-editor.org/rfc/rfc5425)
-* `chan-buffer-size`: (integer) channel buffer size used on incoming dns message, number of messages before to drop it.
+* `formattter`: (string) Set syslog formatter between `unix`, `rfc3164` or `rfc5424` (default)
+* `framer`: (string) Set syslog framer: `none` or `rfc5425`
+* `hostname`: (string) Set syslog hostname
+* `app-name`: (string) Set syslog program name
 * `tag`: (string) syslog tag or MSGID
 
 Default values:
@@ -30,12 +33,15 @@ syslog:
   facility: DAEMON
   transport: local
   remote-address: ""
+  chan-buffer-size: 65535
   retry-interval: 10
   text-format: ""
   mode: text
   tls-insecure: false
   tls-min-version: 1.2
-  format: ""
-  chan-buffer-size: 65535
+  formatter: "rfc3164"
+  framer: ""
+  hostname: ""
+  app-name: ""
   tag: ""
 ```
diff --git a/go.mod b/go.mod
@@ -3,7 +3,6 @@ module github.com/dmachard/go-dnscollector
 go 1.21
 
 require (
-	github.com/RackSec/srslog v0.0.0-20180709174129-a4725f04ec91
 	github.com/Shopify/sarama v1.38.1
 	github.com/cilium/ebpf v0.12.2
 	github.com/dmachard/go-dnstap-protobuf v0.6.0
@@ -48,6 +47,7 @@ require (
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/deepmap/oapi-codegen v1.12.4 // indirect
 	github.com/dennwc/varint v1.0.0 // indirect
+	github.com/dmachard/go-clientsyslog v0.3.0 // indirect
 	github.com/dustin/go-humanize v1.0.0 // indirect
 	github.com/eapache/go-resiliency v1.3.0 // indirect
 	github.com/eapache/go-xerial-snappy v0.0.0-20230111030713-bf00bc1b83b6 // indirect