diff --git a/doc/sudo_logsrvd.conf.man.in b/doc/sudo_logsrvd.conf.man.in index e7a4eb890..8993bfab9 100644 --- a/doc/sudo_logsrvd.conf.man.in +++ b/doc/sudo_logsrvd.conf.man.in @@ -16,7 +16,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.TH "SUDO_LOGSRVD.CONF" "@mansectform@" "April 14, 2021" "Sudo @PACKAGE_VERSION@" "File Formats Manual" +.TH "SUDO_LOGSRVD.CONF" "@mansectform@" "May 1, 2021" "Sudo @PACKAGE_VERSION@" "File Formats Manual" .nh .if n .ad l .SH "NAME" @@ -288,7 +288,7 @@ The default value is 30. relay_dir = path The directory in which log messages are temporarily stored before they are sent to the relay host. -Messages are stored in the wire format used by +Messages are stored in the wire format specified by sudo_logsrv.proto(@mansectform@) The default value is \fI@relay_dir@\fR. @@ -318,6 +318,11 @@ If multiple \fIrelay_host\fR lines are specified, the first available relay host will be used. .TP 10n +retry_interval = number +The number of seconds to wait after a connection error before making +a new attempt to forward a message to a relay host. +The default value is 30 seconds. +.TP 10n store_first = boolean If true, \fBsudo_logsrvd\fR @@ -812,6 +817,21 @@ Sudo log server configuration file # The default value is 30. #connect_timeout = 30 +# The directory to store messages in before they are sent to the relay. +# Messages are stored in wire format. +# The default value is /var/log/logsrvd-relay. +#relay_dir = /var/log/logsrvd-relay + +# The number of seconds to wait after a connection error before +# making a new attempt to forward a message to a relay host. +# The default value is 30. +#retry_interval = 30 + +# Whether to store the log before relaying it. If true, enable store +# and forward mode. If false, the client connection is immediately +# relayed. Defaults to false. +#store_first = true + # If true, enable the SO_KEEPALIVE socket option on relay connections. #tcp_keepalive = true diff --git a/doc/sudo_logsrvd.conf.mdoc.in b/doc/sudo_logsrvd.conf.mdoc.in index 529317bc9..16bf83d41 100644 --- a/doc/sudo_logsrvd.conf.mdoc.in +++ b/doc/sudo_logsrvd.conf.mdoc.in @@ -15,7 +15,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd April 14, 2021 +.Dd May 1, 2021 .Dt SUDO_LOGSRVD.CONF @mansectform@ .Os Sudo @PACKAGE_VERSION@ .Sh NAME @@ -250,7 +250,7 @@ The default value is 30. .It relay_dir = path The directory in which log messages are temporarily stored before they are sent to the relay host. -Messages are stored in the wire format used by +Messages are stored in the wire format specified by .Xr sudo_logsrv.proto @mansectform@ The default value is .Pa @relay_dir@ . @@ -278,6 +278,10 @@ protocol. If multiple .Em relay_host lines are specified, the first available relay host will be used. +.It retry_interval = number +The number of seconds to wait after a connection error before making +a new attempt to forward a message to a relay host. +The default value is 30 seconds. .It store_first = boolean If true, .Nm sudo_logsrvd @@ -744,6 +748,21 @@ Sudo log server configuration file # The default value is 30. #connect_timeout = 30 +# The directory to store messages in before they are sent to the relay. +# Messages are stored in wire format. +# The default value is /var/log/logsrvd-relay. +#relay_dir = /var/log/logsrvd-relay + +# The number of seconds to wait after a connection error before +# making a new attempt to forward a message to a relay host. +# The default value is 30. +#retry_interval = 30 + +# Whether to store the log before relaying it. If true, enable store +# and forward mode. If false, the client connection is immediately +# relayed. Defaults to false. +#store_first = true + # If true, enable the SO_KEEPALIVE socket option on relay connections. #tcp_keepalive = true diff --git a/examples/sudo_logsrvd.conf b/examples/sudo_logsrvd.conf index 9bf50ba5c..0ce0982b8 100644 --- a/examples/sudo_logsrvd.conf +++ b/examples/sudo_logsrvd.conf @@ -80,6 +80,21 @@ # The default value is 30. #connect_timeout = 30 +# The directory to store messages in before they are sent to the relay. +# Messages are stored in wire format. +# The default value is /var/log/logsrvd-relay. +#relay_dir = /var/log/logsrvd-relay + +# The number of seconds to wait after a connection error before +# making a new attempt to forward a message to a relay host. +# The default value is 30. +#retry_interval = 30 + +# Whether to store the log before relaying it. If true, enable store +# and forward mode. If false, the client connection is immediately +# relayed. Defaults to false. +#store_first = true + # If true, enable the SO_KEEPALIVE socket option on relay connections. #tcp_keepalive = true diff --git a/logsrvd/logsrvd.h b/logsrvd/logsrvd.h index 8bf29a2e9..f282b69ed 100644 --- a/logsrvd/logsrvd.h +++ b/logsrvd/logsrvd.h @@ -212,6 +212,7 @@ const char *logsrvd_conf_pid_file(void); struct timespec *logsrvd_conf_server_timeout(void); struct timespec *logsrvd_conf_relay_connect_timeout(void); struct timespec *logsrvd_conf_relay_timeout(void); +time_t logsrvd_conf_relay_retry_interval(void); #if defined(HAVE_OPENSSL) bool logsrvd_conf_server_tls_check_peer(void); SSL_CTX *logsrvd_server_tls_ctx(void); @@ -239,7 +240,7 @@ bool store_winsize_local(ChangeWindowSize *msg, uint8_t *buf, size_t len, struct bool store_suspend_local(CommandSuspend *msg, uint8_t *buf, size_t len, struct connection_closure *closure); /* logsrvd_queue.c */ -bool logsrvd_queue_enable(int timeout, struct sudo_event_base *evbase); +bool logsrvd_queue_enable(time_t timeout, struct sudo_event_base *evbase); bool logsrvd_queue_insert(struct connection_closure *closure); bool logsrvd_queue_scan(struct sudo_event_base *evbase); void logsrvd_queue_dump(void); diff --git a/logsrvd/logsrvd_conf.c b/logsrvd/logsrvd_conf.c index cf6c48602..e380cd7ac 100644 --- a/logsrvd/logsrvd_conf.c +++ b/logsrvd/logsrvd_conf.c @@ -119,6 +119,7 @@ static struct logsrvd_config { struct address_list_container relays; struct timespec connect_timeout; struct timespec timeout; + time_t retry_interval; char *relay_dir; bool tcp_keepalive; bool store_first; @@ -270,6 +271,12 @@ logsrvd_conf_relay_connect_timeout(void) return NULL; } +time_t +logsrvd_conf_relay_retry_interval(void) +{ + return logsrvd_config->relay.retry_interval; +} + #if defined(HAVE_OPENSSL) SSL_CTX * logsrvd_relay_tls_ctx(void) @@ -1225,6 +1232,7 @@ logsrvd_conf_alloc(void) config->relay.timeout.tv_sec = DEFAULT_SOCKET_TIMEOUT_SEC; config->relay.connect_timeout.tv_sec = DEFAULT_SOCKET_TIMEOUT_SEC; config->relay.tcp_keepalive = true; + config->relay.retry_interval = 30; if (!cb_relay_dir(config, _PATH_SUDO_RELAY_DIR, 0)) goto bad; #if defined(HAVE_OPENSSL) diff --git a/logsrvd/logsrvd_queue.c b/logsrvd/logsrvd_queue.c index 4adcfd7cb..98901b7a6 100644 --- a/logsrvd/logsrvd_queue.c +++ b/logsrvd/logsrvd_queue.c @@ -142,7 +142,7 @@ outgoing_queue_cb(int unused, int what, void *v) * The event will fire after the specified timeout elapses. */ bool -logsrvd_queue_enable(int timeout, struct sudo_event_base *evbase) +logsrvd_queue_enable(time_t timeout, struct sudo_event_base *evbase) { debug_decl(logsrvd_queue_enable, SUDO_DEBUG_UTIL); @@ -193,7 +193,8 @@ logsrvd_queue_insert(struct connection_closure *closure) closure->journal_path = NULL; TAILQ_INSERT_TAIL(&outgoing_journal_queue, oj, entries); - if (!logsrvd_queue_enable(30, closure->evbase)) + if (!logsrvd_queue_enable(logsrvd_conf_relay_retry_interval(), + closure->evbase)) debug_return_bool(false); debug_return_bool(true);