lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Wed, 13 Jul 2011 17:51:41 -0700
From:	Joe Perches <joe@...ches.com>
To:	david@...g.hm
Cc:	linux-kernel <linux-kernel@...r.kernel.org>
Subject: Re: best way to handle multi-line kernel messages

On Wed, 2011-07-13 at 17:30 -0700, david@...g.hm wrote:
> a query was made on the rsyslog mailing list about the possibility of 
> rsyslog handling kernel messages better. Currently each line of logs is a 
> separate log entry (and as log entries traverse networks there are thigns 
> taht can cause them to get re-ordered). It would be nice to be able to 
> combine multi-line logs into one log entry.
> 
> The problem is figuring out how to tell when one log entry finishes and 
> the next starts.
> 
> >From examining logs it looks like follow-up lines are frequently (but not 
> always) indented with some form of whitespace (this indentation taking 
> place after the timestamp if that's enabled)
> but this is not consistantly the case.

No, not at all.  Most follow-on lines are pr_cont.

> I suspect that there is not currently any good way for something to really 
> tell when one log entry has finished and another is starting,

There isn't.

> but I wanted 
> to ask here if there is anything that I should be able to rely on (with 
> the thought that fixing log messages that don't work that way coudl be 
> somethign for -janitors or newbes to work on)

you'll have to implement something like:

pr_start(&cookie);
pr_multi_<level>(cookie, fmt, ...);
pr_multi_cont(cookie, fmt, ...);
pr_end(cookie);

> or is this a completely hopeless task that people receiving logs should 
> not even try to do?

There really aren't _that_ many places where
multiple calls to printk/pr_level are made.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ