Search
j0ke.net Open Build Service
>
Projects
>
GFS
>
net-snmp
> net-snmp-5.3.0.1_tcpwrapper_log_severity.patch
Sign Up
|
Log In
Username
Password
Cancel
Overview
Repositories
Revisions
Requests
Users
Advanced
Attributes
Meta
File net-snmp-5.3.0.1_tcpwrapper_log_severity.patch of Package net-snmp (Revision 2)
Currently displaying revision
2
,
show latest
Index: agent/snmp_agent.c =================================================================== --- agent/snmp_agent.c.orig +++ agent/snmp_agent.c @@ -791,9 +791,20 @@ char *addr_string = NULL; #ifdef USE_LIBWRAP char *tcpudpaddr, *name; + short not_log_connection; - name = netsnmp_ds_get_string(NETSNMP_DS_LIBRARY_ID, + name = netsnmp_ds_get_string(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_APPTYPE); + + /* not_log_connection will be 1 if we should skip the messages */ + not_log_connection = netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID, + NETSNMP_DS_AGENT_DONT_LOG_TCPWRAPPERS_CONNECTS); + + /* + * handle the error case + * default to logging the messages + */ + if (not_log_connection == SNMPERR_GENERR) not_log_connection = 0; #endif /* @@ -824,7 +835,9 @@ *xp = '\0'; if (hosts_ctl(name, STRING_UNKNOWN, sbuf, STRING_UNKNOWN)) { - snmp_log(allow_severity, "Connection from %s\n", addr_string); + if (!not_log_connection) { + snmp_log(allow_severity, "Connection from %s\n", addr_string); + } } else { snmp_log(deny_severity, "Connection from %s REFUSED\n", addr_string); @@ -839,7 +852,9 @@ if (0 == strncmp(addr_string, "callback", 8)) ; else if (hosts_ctl(name, STRING_UNKNOWN, STRING_UNKNOWN, STRING_UNKNOWN)){ - snmp_log(allow_severity, "Connection from <UNKNOWN> (%s)\n", addr_string); + if (!not_log_connection) { + snmp_log(allow_severity, "Connection from <UNKNOWN> (%s)\n", addr_string); + }; addr_string = strdup("<UNKNOWN>"); } else { snmp_log(deny_severity, "Connection from <UNKNOWN> (%s) REFUSED\n", addr_string); Index: agent/agent_read_config.c =================================================================== --- agent/agent_read_config.c.orig +++ agent/agent_read_config.c @@ -255,6 +255,9 @@ netsnmp_ds_register_config(ASN_BOOLEAN, app, "leave_pidfile", NETSNMP_DS_APPLICATION_ID, NETSNMP_DS_AGENT_LEAVE_PIDFILE); + netsnmp_ds_register_config(ASN_BOOLEAN, app, "dontLogTCPWrappersConnects", + NETSNMP_DS_APPLICATION_ID, + NETSNMP_DS_AGENT_DONT_LOG_TCPWRAPPERS_CONNECTS); netsnmp_init_handler_conf(); #include "agent_module_dot_conf.h" Index: include/net-snmp/agent/ds_agent.h =================================================================== --- include/net-snmp/agent/ds_agent.h.orig +++ include/net-snmp/agent/ds_agent.h @@ -18,6 +18,7 @@ #define NETSNMP_DS_AGENT_NO_CACHING 8 /* 1 = disable netsnmp_cache */ #define NETSNMP_DS_AGENT_STRICT_DISMAN 9 /* 1 = "correct" object ordering */ #define NETSNMP_DS_AGENT_DONT_RETAIN_NOTIFICATIONS 10 /* 1 = disable trap logging */ +#define NETSNMP_DS_AGENT_DONT_LOG_TCPWRAPPERS_CONNECTS 12 /* 1 = disable logging */ #define NETSNMP_DS_APP_DONT_LOG NETSNMP_DS_AGENT_DONT_RETAIN_NOTIFICATIONS /* compat */ /* WARNING: The trap receiver uses DS flags and must not conflict with Index: man/snmpd.conf.5.def =================================================================== --- man/snmpd.conf.5.def.orig +++ man/snmpd.conf.5.def @@ -1348,6 +1348,11 @@ this module will convert all getbulk requests to getnext requests before the final module receives it. .RE +.IP "dontLogTCPWrappersConnects" +If the \fBsnmpd\fR was compiled with TCP Wrapper support, it +logs every connection made to the agent. This setting disables +the log messages for accepted connections. Denied connections will +still be logged. .IP "Figuring out module names" To figure out which modules you can inject things into, run \fBsnmpwalk\fR on the \fCnsModuleTable\fR which will give