1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
moby--moby/daemon/logger/syslog/syslog.go
David Calavera 4b98193bea Add support for syslog over TLS.
Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-01-11 12:25:34 -05:00

209 lines
4.8 KiB
Go

// +build linux
// Package syslog provides the logdriver for forwarding server logs to syslog endpoints.
package syslog
import (
"crypto/tls"
"errors"
"fmt"
"net"
"net/url"
"os"
"path"
"strconv"
"strings"
syslog "github.com/RackSec/srslog"
"github.com/Sirupsen/logrus"
"github.com/docker/docker/daemon/logger"
"github.com/docker/docker/daemon/logger/loggerutils"
"github.com/docker/docker/pkg/urlutil"
"github.com/docker/go-connections/tlsconfig"
)
const (
name = "syslog"
secureProto = "tcp+tls"
)
var facilities = map[string]syslog.Priority{
"kern": syslog.LOG_KERN,
"user": syslog.LOG_USER,
"mail": syslog.LOG_MAIL,
"daemon": syslog.LOG_DAEMON,
"auth": syslog.LOG_AUTH,
"syslog": syslog.LOG_SYSLOG,
"lpr": syslog.LOG_LPR,
"news": syslog.LOG_NEWS,
"uucp": syslog.LOG_UUCP,
"cron": syslog.LOG_CRON,
"authpriv": syslog.LOG_AUTHPRIV,
"ftp": syslog.LOG_FTP,
"local0": syslog.LOG_LOCAL0,
"local1": syslog.LOG_LOCAL1,
"local2": syslog.LOG_LOCAL2,
"local3": syslog.LOG_LOCAL3,
"local4": syslog.LOG_LOCAL4,
"local5": syslog.LOG_LOCAL5,
"local6": syslog.LOG_LOCAL6,
"local7": syslog.LOG_LOCAL7,
}
type syslogger struct {
writer *syslog.Writer
}
func init() {
if err := logger.RegisterLogDriver(name, New); err != nil {
logrus.Fatal(err)
}
if err := logger.RegisterLogOptValidator(name, ValidateLogOpt); err != nil {
logrus.Fatal(err)
}
}
// New creates a syslog logger using the configuration passed in on
// the context. Supported context configuration variables are
// syslog-address, syslog-facility, & syslog-tag.
func New(ctx logger.Context) (logger.Logger, error) {
tag, err := loggerutils.ParseLogTag(ctx, "{{.ID}}")
if err != nil {
return nil, err
}
proto, address, err := parseAddress(ctx.Config["syslog-address"])
if err != nil {
return nil, err
}
facility, err := parseFacility(ctx.Config["syslog-facility"])
if err != nil {
return nil, err
}
logTag := path.Base(os.Args[0]) + "/" + tag
var log *syslog.Writer
if proto == secureProto {
tlsConfig, tlsErr := parseTLSConfig(ctx.Config)
if tlsErr != nil {
return nil, tlsErr
}
log, err = syslog.DialWithTLSConfig(proto, address, facility, logTag, tlsConfig)
} else {
log, err = syslog.Dial(proto, address, facility, logTag)
}
if err != nil {
return nil, err
}
return &syslogger{
writer: log,
}, nil
}
func (s *syslogger) Log(msg *logger.Message) error {
if msg.Source == "stderr" {
return s.writer.Err(string(msg.Line))
}
return s.writer.Info(string(msg.Line))
}
func (s *syslogger) Close() error {
return s.writer.Close()
}
func (s *syslogger) Name() string {
return name
}
func parseAddress(address string) (string, string, error) {
if address == "" {
return "", "", nil
}
if !urlutil.IsTransportURL(address) {
return "", "", fmt.Errorf("syslog-address should be in form proto://address, got %v", address)
}
url, err := url.Parse(address)
if err != nil {
return "", "", err
}
// unix socket validation
if url.Scheme == "unix" {
if _, err := os.Stat(url.Path); err != nil {
return "", "", err
}
return url.Scheme, url.Path, nil
}
// here we process tcp|udp
host := url.Host
if _, _, err := net.SplitHostPort(host); err != nil {
if !strings.Contains(err.Error(), "missing port in address") {
return "", "", err
}
host = host + ":514"
}
return url.Scheme, host, nil
}
// ValidateLogOpt looks for syslog specific log options
// syslog-address, syslog-facility, & syslog-tag.
func ValidateLogOpt(cfg map[string]string) error {
for key := range cfg {
switch key {
case "syslog-address":
case "syslog-facility":
case "syslog-tag":
case "syslog-tls-ca-cert":
case "syslog-tls-cert":
case "syslog-tls-key":
case "syslog-tls-skip-verify":
case "tag":
default:
return fmt.Errorf("unknown log opt '%s' for syslog log driver", key)
}
}
if _, _, err := parseAddress(cfg["syslog-address"]); err != nil {
return err
}
if _, err := parseFacility(cfg["syslog-facility"]); err != nil {
return err
}
return nil
}
func parseFacility(facility string) (syslog.Priority, error) {
if facility == "" {
return syslog.LOG_DAEMON, nil
}
if syslogFacility, valid := facilities[facility]; valid {
return syslogFacility, nil
}
fInt, err := strconv.Atoi(facility)
if err == nil && 0 <= fInt && fInt <= 23 {
return syslog.Priority(fInt << 3), nil
}
return syslog.Priority(0), errors.New("invalid syslog facility")
}
func parseTLSConfig(cfg map[string]string) (*tls.Config, error) {
_, skipVerify := cfg["syslog-tls-skip-verify"]
opts := tlsconfig.Options{
CAFile: cfg["syslog-tls-ca-cert"],
CertFile: cfg["syslog-tls-cert"],
KeyFile: cfg["syslog-tls-key"],
InsecureSkipVerify: skipVerify,
}
return tlsconfig.Client(opts)
}