search

troglobit / sysklogd

BSD syslog daemon with syslog()/syslogp() API replacement for Linux, RFC3164 + RFC5424
https://troglobit.com/sysklogd.html
Other
93 stars 20 forks source link

RFE: Add option to disable container detection #76

Closed opty77 closed 5 months ago

opty77 commented 5 months ago

Please add an option to disable container detection.

In LXC container I use it seems that kernel logging works reliably.

opty77 commented 5 months ago

E.g. -o:

diff -Naur a/sysklogd-2.5.2/src/syslogd.c b/sysklogd-2.5.2/src/syslogd.c
--- a/sysklogd-2.5.2/src/syslogd.c  2023-08-21 17:18:44.000000000 +0200
+++ b/sysklogd-2.5.2/src/syslogd.c  2024-05-30 15:16:14.482906110 +0200
@@ -136,6 +136,7 @@
 static uint64_t      sys_seqno = 0;    /* Last seen kernel log message */
 static int   sys_seqno_init;   /* Timestamp can be in the past, use 'now' after first read */
 static int   resolve = 1;      /* resolve hostname */
+static int   DetectContainer = 1;  /* enable container detection */
 static char      LocalHostName[MAXHOSTNAMELEN + 1]; /* our hostname */
 static char     *LocalDomain;               /* our local domain name */
 static char     *emptystring = "";
@@ -246,6 +247,9 @@
    size_t i;
    char *c;

+   if (!DetectContainer)
+       return 0;
+
    c = getenv("container");
    if (c) {
        for (i = 0; i < NELEMS(containers); i++) {
@@ -329,7 +333,7 @@
 int usage(int code)
 {
    printf("Usage:\n"
-          "  syslogd [-468AdFHKknsTtv?] [-a PEER] [-b NAME] [-f FILE] [-m INTERVAL]\n"
+          "  syslogd [-468AdFHKknosTtv?] [-a PEER] [-b NAME] [-f FILE] [-m INTERVAL]\n"
           "                             [-P PID_FILE] [-p SOCK_PATH] [-r SIZE[:NUM]]\n"
           "Options:\n"
           "  -4        Force IPv4 only\n"
@@ -365,6 +369,7 @@
           "  -k        Allow logging with facility 'kernel', otherwise remapped to 'user'\n"
           "  -m MINS   Interval between MARK messages, 0 to disable, default: 20 min\n"
           "  -n        Disable DNS query for every request\n"
+          "  -o        Disable container detection\n"
           "  -P FILE   File to store the process ID, default: %s\n"
           "  -p PATH   Path to UNIX domain socket, multiple -p create multiple sockets.\n"
           "            Default, if no -p argument is given: %s\n"
@@ -397,7 +402,7 @@
    char *ptr;
    int ch;

-   while ((ch = getopt(argc, argv, "468Aa:b:C:cdHFf:Kkm:nP:p:r:sTtv?")) != EOF) {
+   while ((ch = getopt(argc, argv, "468Aa:b:C:cdHFf:Kkm:noP:p:r:sTtv?")) != EOF) {
        switch ((char)ch) {
        case '4':
            family = PF_INET;
@@ -472,6 +477,10 @@
            resolve = 0;
            break;

+       case 'o':
+           DetectContainer = 0;
+           break;
+
        case 'P':
            PidFile = optarg;
            break;
opty77 commented 5 months ago

Hold on, an option (e.g. -E) to enforce kernel logging despite running in a container seems more flexible as one might still need container detection in some cases.

opty77 commented 5 months ago

Better late than never: It seems that in my case I just need to unset container before starting syslogd.

opty77 commented 5 months ago

Yeah, I can control container detection through (un)setting the container environment variable in /etc/default/syslogd so adding any option most probably doesn't make much sense but YMMV.