add a dedicated log channel for modules to be able report security-related events, so that they can be fed into external processes for analysis and possible mitigation efforts

(inspired by this evening's Toronto Asterisk Users Group meeting and previous dicussions amongst various community members) git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@187269 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2009-04-09 02:44:27 +00:00 · 2009-04-09 02:44:27 +00:00 · b5f8c632df
parent f57fddb5bb
commit b5f8c632df
4 changed files with 24 additions and 4 deletions
--- a/apps/app_verbose.c
+++ b/apps/app_verbose.c
@ -59,7 +59,7 @@ static char *app_log = "Log";
 		<syntax>
 			<parameter name="level">
 				<para>Level must be one of <literal>ERROR</literal>, <literal>WARNING</literal>, <literal>NOTICE</literal>,
-				<literal>DEBUG</literal>, <literal>VERBOSE</literal> or <literal>DTMF</literal>.</para>	
+				<literal>DEBUG</literal>, <literal>VERBOSE</literal>, <literal>DTMF</literal> or <literal>SECURITY</literal>.</para>	
 			</parameter>
 			<parameter name="message" required="true">
 				<para>Output text message.</para>
@ -146,6 +146,8 @@ static int log_exec(struct ast_channel *chan, void *data)
 		lnum = __LOG_VERBOSE;
 	} else if (!strcasecmp(args.level, "DTMF")) {
 		lnum = __LOG_DTMF;
+	} else if (!strcasecmp(args.level, "SECURITY")) {
+		lnum = __LOG_SECURITY;
 	} else if (!strcasecmp(args.level, "EVENT")) {
 		lnum = __LOG_EVENT;
 	} else {
--- a/configs/logger.conf.sample
+++ b/configs/logger.conf.sample
@ -70,6 +70,7 @@
 ;    error
 ;    verbose
 ;    dtmf
+;    security
 ;
 ; Special filename "console" represents the system console
 ;
@ -89,6 +90,7 @@ console => notice,warning,error
 ;console => notice,warning,error,debug
 messages => notice,warning,error
 ;full => notice,warning,error,debug,verbose
+security => security

 ;syslog keyword : This special keyword logs to syslog facility 
 ;
--- a/include/asterisk/logger.h
+++ b/include/asterisk/logger.h
@ -189,7 +189,18 @@ void ast_console_toggle_loglevel(int fd, int level, int state);
 #endif
 #define AST_LOG_DTMF    __LOG_DTMF, _A_

-#define NUMLOGLEVELS 6
+#ifdef LOG_SECURITY
+#undef LOG_SECURITY
+#endif
+#define __LOG_SECURITY  7
+#define LOG_SECURITY    __LOG_SECURITY, _A_
+
+#ifdef AST_LOG_SECURITY
+#undef AST_LOG_SECURITY
+#endif
+#define AST_LOG_SECURITY    __LOG_SECURITY, _A_
+
+#define NUMLOGLEVELS 7

 /*!
 * \brief Get the debug level for a file
--- a/main/logger.c
+++ b/main/logger.c
@ -162,7 +162,8 @@ static char *levels[] = {
 	"WARNING",
 	"ERROR",
 	"VERBOSE",
-	"DTMF"
+	"DTMF",
+	"SECURITY",
 };

 /*! \brief Colors used in the console for logging */
@ -204,6 +205,8 @@ static int make_components(const char *s, int lineno)
 			res |= (1 << __LOG_VERBOSE);
 		else if (!strcasecmp(w, "dtmf"))
 			res |= (1 << __LOG_DTMF);
+		else if (!strcasecmp(w, "security"))
+			res |= (1 << __LOG_SECURITY);
 		else {
 			fprintf(stderr, "Logfile Warning: Unknown keyword '%s' at line %d of logger.conf\n", w, lineno);
 		}
@ -356,7 +359,7 @@ static void init_logger_chain(int locked)
 		if (!(chan = ast_calloc(1, sizeof(*chan))))
 			return;
 		chan->type = LOGTYPE_CONSOLE;
-		chan->logmask = 28; /*warning,notice,error */
+		chan->logmask = (1 << __LOG_WARNING) | (1 << __LOG_NOTICE) | (1 << __LOG_ERROR);
 		if (!locked)
 			AST_RWLIST_WRLOCK(&logchannels);
 		AST_RWLIST_INSERT_HEAD(&logchannels, chan, list);
@ -802,6 +805,8 @@ static char *handle_logger_show_channels(struct ast_cli_entry *e, int cmd, struc
 			ast_cli(a->fd, "Debug ");
 		if (chan->logmask & (1 << __LOG_DTMF)) 
 			ast_cli(a->fd, "DTMF ");
+		if (chan->logmask & (1 << __LOG_SECURITY)) 
+			ast_cli(a->fd, "Security ");
 		if (chan->logmask & (1 << __LOG_VERBOSE)) 
 			ast_cli(a->fd, "Verbose ");
 		if (chan->logmask & (1 << __LOG_WARNING))