Tree @HEAD (Download .tar.gz)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 | [![Build Status](https://travis-ci.org/RackSec/srslog.svg?branch=master)](https://travis-ci.org/RackSec/srslog) # srslog Go has a `syslog` package in the standard library, but it has the following shortcomings: 1. It doesn't have TLS support 2. [According to bradfitz on the Go team, it is no longer being maintained.](https://github.com/golang/go/issues/13449#issuecomment-161204716) I agree that it doesn't need to be in the standard library. So, I've followed Brad's suggestion and have made a separate project to handle syslog. This code was taken directly from the Go project as a base to start from. However, this _does_ have TLS support. # Usage Basic usage retains the same interface as the original `syslog` package. We only added to the interface where required to support new functionality. Switch from the standard library: ``` import( //"log/syslog" syslog "github.com/RackSec/srslog" ) ``` You can still use it for local syslog: ``` w, err := syslog.Dial("", "", syslog.LOG_ERR, "testtag") ``` Or to unencrypted UDP: ``` w, err := syslog.Dial("udp", "192.168.0.50:514", syslog.LOG_ERR, "testtag") ``` Or to unencrypted TCP: ``` w, err := syslog.Dial("tcp", "192.168.0.51:514", syslog.LOG_ERR, "testtag") ``` But now you can also send messages via TLS-encrypted TCP: ``` w, err := syslog.DialWithTLSCertPath("tcp+tls", "192.168.0.52:514", syslog.LOG_ERR, "testtag", "/path/to/servercert.pem") ``` And if you need more control over your TLS configuration : ``` pool := x509.NewCertPool() serverCert, err := ioutil.ReadFile("/path/to/servercert.pem") if err != nil { return nil, err } pool.AppendCertsFromPEM(serverCert) config := tls.Config{ RootCAs: pool, } w, err := DialWithTLSConfig(network, raddr, priority, tag, &config) ``` (Note that in both TLS cases, this uses a self-signed certificate, where the remote syslog server has the keypair and the client has only the public key.) And then to write log messages, continue like so: ``` if err != nil { log.Fatal("failed to connect to syslog:", err) } defer w.Close() w.Alert("this is an alert") w.Crit("this is critical") w.Err("this is an error") w.Warning("this is a warning") w.Notice("this is a notice") w.Info("this is info") w.Debug("this is debug") w.Write([]byte("these are some bytes")) ``` If you need further control over connection attempts, you can use the DialWithCustomDialer function. To continue with the DialWithTLSConfig example: ``` netDialer := &net.Dialer{Timeout: time.Second*5} // easy timeouts realNetwork := "tcp" // real network, other vars your dail func can close over dial := func(network, addr string) (net.Conn, error) { // cannot use "network" here as it'll simply be "custom" which will fail return tls.DialWithDialer(netDialer, realNetwork, addr, &config) } w, err := DialWithCustomDialer("custom", "192.168.0.52:514", syslog.LOG_ERR, "testtag", dial) ``` Your custom dial func can set timeouts, proxy connections, and do whatever else it needs before returning a net.Conn. # Generating TLS Certificates We've provided a script that you can use to generate a self-signed keypair: ``` pip install cryptography python script/gen-certs.py ``` That outputs the public key and private key to standard out. Put those into `.pem` files. (And don't put them into any source control. The certificate in the `test` directory is used by the unit tests, and please do not actually use it anywhere else.) # Running Tests Run the tests as usual: ``` go test ``` But we've also provided a test coverage script that will show you which lines of code are not covered: ``` script/coverage --html ``` That will open a new browser tab showing coverage information. # License This project uses the New BSD License, the same as the Go project itself. # Code of Conduct Please note that this project is released with a Contributor Code of Conduct. By participating in this project you agree to abide by its terms. |
Commit History @HEAD
0
»»
- Update changelog for 0.0~git20180709.a4725f0-1 release Arnaud Rebillout 3 years ago
- Update upstream source from tag 'upstream/0.0_git20180709.a4725f0' Arnaud Rebillout 3 years ago
- New upstream version 0.0~git20180709.a4725f0 Arnaud Rebillout 3 years ago
- Drop gbp.conf Arnaud Rebillout 3 years ago
- Add a watch file Arnaud Rebillout 3 years ago
- Merge branch 'lintian-fixes' into 'master' Jelmer Vernooij 4 years ago
- Set upstream metadata fields: Bug-Database, Bug-Submit, Repository, Repository-Browse. Debian Janitor 4 years ago
- Change priority extra to priority optional. Debian Janitor 4 years ago
- Set debhelper-compat version in Build-Depends. Debian Janitor 4 years ago
- Bump debhelper from old 9 to 12. Debian Janitor 4 years ago
- Use secure copyright file specification URI. Debian Janitor 4 years ago
- update debian/gitlab-ci.yml (using salsa.debian.org/go-team/ci/cmd/ci) Michael Stapelberg 6 years ago
- point Vcs-* urls to salsa.debian.org aviau 6 years ago
- update changelog Konstantinos Margaritis 6 years ago
- Replace golang-go with golang-any in Build-Depends, remove golang-go from Depends Konstantinos Margaritis 6 years ago
- Add me to uploaders Tim Potter 7 years ago
- Use a secure transport for the Vcs-Git and Vcs-Browser URL Paul Tagliamonte 7 years ago
- cleanup; install README Dmitry Smirnov 8 years ago
- ignore tests errors Dmitry Smirnov 8 years ago
- ITP bug #816889 assigned Dmitry Smirnov 8 years ago
- Initial commit Dmitry Smirnov 8 years ago
- Ignore quilt dir .pc via .gitignore Dmitry Smirnov 8 years ago
- Imported Upstream version 0.0~git20160120.0.259aed1 Dmitry Smirnov 8 years ago
0
»»