From a24552c165346f087e82a52807d134e3910387a8 Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Fri, 1 Jun 2018 17:15:07 +0200 Subject: log: Add support for audit logging This is implemented via a pseudo log level. The kernel ignores any other parameter, so reject those at evaluation stage. Audit logging is therefore simply a matter of: | log level audit Signed-off-by: Phil Sutter Signed-off-by: Pablo Neira Ayuso --- tests/py/any/log.t | 8 ++++++++ tests/py/any/log.t.json | 9 +++++++++ tests/py/any/log.t.payload | 4 ++++ 3 files changed, 21 insertions(+) (limited to 'tests') diff --git a/tests/py/any/log.t b/tests/py/any/log.t index d1b4ab62..f4ccaf05 100644 --- a/tests/py/any/log.t +++ b/tests/py/any/log.t @@ -15,10 +15,18 @@ log level warn;ok;log log level notice;ok log level info;ok log level debug;ok +log level audit;ok log level emerg group 2;fail log level alert group 2 prefix "log test2";fail +# log level audit must reject all other parameters +log level audit prefix "foo";fail +log level audit group 42;fail +log level audit snaplen 23;fail +log level audit queue-threshold 1337;fail +log level audit flags all;fail + log prefix aaaaa-aaaaaa group 2 snaplen 33;ok;log prefix "aaaaa-aaaaaa" group 2 snaplen 33 # TODO: Add an exception: 'queue-threshold' attribute needs 'group' attribute # The correct rule is log group 2 queue-threshold 2 diff --git a/tests/py/any/log.t.json b/tests/py/any/log.t.json index 9c89dff8..7bcc20e8 100644 --- a/tests/py/any/log.t.json +++ b/tests/py/any/log.t.json @@ -77,6 +77,15 @@ } ] +# log level audit +[ + { + "log": { + "level": "audit" + } + } +] + # log prefix aaaaa-aaaaaa group 2 snaplen 33 [ { diff --git a/tests/py/any/log.t.payload b/tests/py/any/log.t.payload index ffb914d2..1330445b 100644 --- a/tests/py/any/log.t.payload +++ b/tests/py/any/log.t.payload @@ -34,6 +34,10 @@ ip test-ip4 output ip test-ip4 output [ log level 7 ] +# log level audit +ip test-ip4 output + [ log level 8 ] + # log prefix aaaaa-aaaaaa group 2 snaplen 33 ip test-ip4 output [ log prefix aaaaa-aaaaaa group 2 snaplen 33 qthreshold 0 ] -- cgit v1.2.3