From b5f8c632df92f51c86487efc7b280522ef837e34 Mon Sep 17 00:00:00 2001 From: "Kevin P. Fleming" Date: Thu, 9 Apr 2009 02:44:27 +0000 Subject: [PATCH] add a dedicated log channel for modules to be able report security-related events, so that they can be fed into external processes for analysis and possible mitigation efforts (inspired by this evening's Toronto Asterisk Users Group meeting and previous dicussions amongst various community members) git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@187269 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- apps/app_verbose.c | 4 +++- configs/logger.conf.sample | 2 ++ include/asterisk/logger.h | 13 ++++++++++++- main/logger.c | 9 +++++++-- 4 files changed, 24 insertions(+), 4 deletions(-) diff --git a/apps/app_verbose.c b/apps/app_verbose.c index b4c6a63849..f094dc1495 100644 --- a/apps/app_verbose.c +++ b/apps/app_verbose.c @@ -59,7 +59,7 @@ static char *app_log = "Log"; Level must be one of ERROR, WARNING, NOTICE, - DEBUG, VERBOSE or DTMF. + DEBUG, VERBOSE, DTMF or SECURITY. Output text message. @@ -146,6 +146,8 @@ static int log_exec(struct ast_channel *chan, void *data) lnum = __LOG_VERBOSE; } else if (!strcasecmp(args.level, "DTMF")) { lnum = __LOG_DTMF; + } else if (!strcasecmp(args.level, "SECURITY")) { + lnum = __LOG_SECURITY; } else if (!strcasecmp(args.level, "EVENT")) { lnum = __LOG_EVENT; } else { diff --git a/configs/logger.conf.sample b/configs/logger.conf.sample index a441ebd8f5..84edd57e6b 100644 --- a/configs/logger.conf.sample +++ b/configs/logger.conf.sample @@ -70,6 +70,7 @@ ; error ; verbose ; dtmf +; security ; ; Special filename "console" represents the system console ; @@ -89,6 +90,7 @@ console => notice,warning,error ;console => notice,warning,error,debug messages => notice,warning,error ;full => notice,warning,error,debug,verbose +security => security ;syslog keyword : This special keyword logs to syslog facility ; diff --git a/include/asterisk/logger.h b/include/asterisk/logger.h index 65448cfe44..1941accbc7 100644 --- a/include/asterisk/logger.h +++ b/include/asterisk/logger.h @@ -189,7 +189,18 @@ void ast_console_toggle_loglevel(int fd, int level, int state); #endif #define AST_LOG_DTMF __LOG_DTMF, _A_ -#define NUMLOGLEVELS 6 +#ifdef LOG_SECURITY +#undef LOG_SECURITY +#endif +#define __LOG_SECURITY 7 +#define LOG_SECURITY __LOG_SECURITY, _A_ + +#ifdef AST_LOG_SECURITY +#undef AST_LOG_SECURITY +#endif +#define AST_LOG_SECURITY __LOG_SECURITY, _A_ + +#define NUMLOGLEVELS 7 /*! * \brief Get the debug level for a file diff --git a/main/logger.c b/main/logger.c index 1635489081..79fb730d3f 100644 --- a/main/logger.c +++ b/main/logger.c @@ -162,7 +162,8 @@ static char *levels[] = { "WARNING", "ERROR", "VERBOSE", - "DTMF" + "DTMF", + "SECURITY", }; /*! \brief Colors used in the console for logging */ @@ -204,6 +205,8 @@ static int make_components(const char *s, int lineno) res |= (1 << __LOG_VERBOSE); else if (!strcasecmp(w, "dtmf")) res |= (1 << __LOG_DTMF); + else if (!strcasecmp(w, "security")) + res |= (1 << __LOG_SECURITY); else { fprintf(stderr, "Logfile Warning: Unknown keyword '%s' at line %d of logger.conf\n", w, lineno); } @@ -356,7 +359,7 @@ static void init_logger_chain(int locked) if (!(chan = ast_calloc(1, sizeof(*chan)))) return; chan->type = LOGTYPE_CONSOLE; - chan->logmask = 28; /*warning,notice,error */ + chan->logmask = (1 << __LOG_WARNING) | (1 << __LOG_NOTICE) | (1 << __LOG_ERROR); if (!locked) AST_RWLIST_WRLOCK(&logchannels); AST_RWLIST_INSERT_HEAD(&logchannels, chan, list); @@ -802,6 +805,8 @@ static char *handle_logger_show_channels(struct ast_cli_entry *e, int cmd, struc ast_cli(a->fd, "Debug "); if (chan->logmask & (1 << __LOG_DTMF)) ast_cli(a->fd, "DTMF "); + if (chan->logmask & (1 << __LOG_SECURITY)) + ast_cli(a->fd, "Security "); if (chan->logmask & (1 << __LOG_VERBOSE)) ast_cli(a->fd, "Verbose "); if (chan->logmask & (1 << __LOG_WARNING))