summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorPhil Sutter <phil@nwl.cc>2018-06-01 17:15:07 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2018-06-03 11:53:06 +0200
commita24552c165346f087e82a52807d134e3910387a8 (patch)
tree378f69e8fe6c10ac6fd0d111313c3b0ed14371d5 /src
parentefc8a83e943d54e0ca88548a0eaff056ad2a650d (diff)
log: Add support for audit logging
This is implemented via a pseudo log level. The kernel ignores any other parameter, so reject those at evaluation stage. Audit logging is therefore simply a matter of: | log level audit Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
-rw-r--r--src/evaluate.c4
-rw-r--r--src/parser_bison.y2
-rw-r--r--src/statement.c7
3 files changed, 10 insertions, 3 deletions
diff --git a/src/evaluate.c b/src/evaluate.c
index 4eb36e2d..33733c0e 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -2562,6 +2562,10 @@ static int stmt_evaluate_log(struct eval_ctx *ctx, struct stmt *stmt)
return stmt_error(ctx, stmt,
"flags and group are mutually exclusive");
}
+ if (stmt->log.level == LOGLEVEL_AUDIT &&
+ (stmt->log.flags & ~STMT_LOG_LEVEL || stmt->log.logflags))
+ return stmt_error(ctx, stmt,
+ "log level audit doesn't support any further options");
return 0;
}
diff --git a/src/parser_bison.y b/src/parser_bison.y
index b67dc69d..d13eaa66 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -2227,6 +2227,8 @@ level_type : string
$$ = LOG_INFO;
else if (!strcmp("debug", $1))
$$ = LOG_DEBUG;
+ else if (!strcmp("audit", $1))
+ $$ = LOGLEVEL_AUDIT;
else {
erec_queue(error(&@1, "invalid log level"),
state->msgs);
diff --git a/src/statement.c b/src/statement.c
index ff4c8eb6..4a646e06 100644
--- a/src/statement.c
+++ b/src/statement.c
@@ -220,7 +220,7 @@ struct stmt *objref_stmt_alloc(const struct location *loc)
return stmt;
}
-static const char *syslog_level[LOG_DEBUG + 1] = {
+static const char *syslog_level[LOGLEVEL_AUDIT + 1] = {
[LOG_EMERG] = "emerg",
[LOG_ALERT] = "alert",
[LOG_CRIT] = "crit",
@@ -229,11 +229,12 @@ static const char *syslog_level[LOG_DEBUG + 1] = {
[LOG_NOTICE] = "notice",
[LOG_INFO] = "info",
[LOG_DEBUG] = "debug",
+ [LOGLEVEL_AUDIT] = "audit"
};
const char *log_level(uint32_t level)
{
- if (level > LOG_DEBUG)
+ if (level > LOGLEVEL_AUDIT)
return "unknown";
return syslog_level[level];
@@ -243,7 +244,7 @@ int log_level_parse(const char *level)
{
int i;
- for (i = 0; i <= LOG_DEBUG; i++) {
+ for (i = 0; i <= LOGLEVEL_AUDIT; i++) {
if (syslog_level[i] &&
!strcmp(level, syslog_level[i]))
return i;