Add option to skip message with certain syslog facilities

Closes: #120

README.md

@@ -103,7 +103,10 @@ Optional settings
         A boolean. Specifies whether to extract SYSLOG_STRUCTURED_DATA= from journal. Defaults to false.
 
     UseSysLogMsgId=
-          A boolean. Specifies whether to extract SYSLOG_MSGID= from journal. Defaults to false.
+        A boolean. Specifies whether to extract SYSLOG_MSGID= from journal. Defaults to false.
+
+    ExcludeSyslogFacility=
+        A list of strings. Specifies the syslog facilities to skip forwarding.
 
 **EXAMPLE**
 
@@ -116,13 +119,14 @@ Address=239.0.0.1:6000
 #LogFormat=rfc5424
 ```
 
-Example 2.UDP
+Example 2.UDP and skipping AUTH and AUTHPRIV messages
 
 ``` toml
 [Network]
 Address=192.168.8.101:514
 #Protocol=udp
 LogFormat=rfc3339
+ExcludeSyslogFacility=auth authpriv
 ```
 
 Example 3. Structured data

conf/netlogd.conf.in

@@ -16,3 +16,4 @@
 #KeepAliveProbes=
 #NoDelay=no
 #SendBuffer=
+#ExcludeSyslogFacility=

src/netlog/netlog-conf.c

@@ -4,6 +4,7 @@
 
 #include "conf-parser.h"
 #include "def.h"
+#include "extract-word.h"
 #include "in-addr-util.h"
 #include "netlog-conf.h"
 #include "parse-util.h"
@@ -197,6 +198,48 @@ int config_parse_namespace(const char *unit,
         return 0;
 }
 
+int config_parse_syslog_facility(const char *unit,
+                                 const char *filename,
+                                 unsigned line,
+                                 const char *section,
+                                 unsigned section_line,
+                                 const char *lvalue,
+                                 int ltype,
+                                 const char *rvalue,
+                                 void *data,
+                                 void *userdata) {
+        Manager *m = userdata;
+        uint32_t val = 0;
+        int r;
+
+        assert(filename);
+        assert(lvalue);
+        assert(rvalue);
+        assert(data);
+        assert(m);
+
+        for (const char *p = rvalue;;) {
+                _cleanup_free_ char *word = NULL;
+
+                r = extract_first_word(&p, &word, NULL, EXTRACT_QUOTES|EXTRACT_RELAX);
+                if (r < 0) {
+                        log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse %s= specifier '%s', ignoring: %m", lvalue, rvalue);
+                        return 0;
+                }
+                if (r == 0)
+                        break;
+
+                r = syslog_facility_from_string(word);
+                if (r < 0) {
+                        log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse syslog facility '%s', ignoring: %m", word);
+                } else
+                        val |= UINT32_C(1) << r;
+        }
+
+        m->excluded_syslog_facilities = val;
+        return 0;
+}
+
 int manager_parse_config_file(Manager *m) {
         int r;
 

src/netlog/netlog-conf.h

@@ -62,4 +62,15 @@ int config_parse_namespace(const char *unit,
                            void *data,
                            void *userdata);
 
+int config_parse_syslog_facility(const char *unit,
+                                 const char *filename,
+                                 unsigned line,
+                                 const char *section,
+                                 unsigned section_line,
+                                 const char *lvalue,
+                                 int ltype,
+                                 const char *rvalue,
+                                 void *data,
+                                 void *userdata);
+
 int manager_parse_config_file(Manager *m);

src/netlog/netlog-gperf.gperf

@@ -32,3 +32,4 @@ Network.KeepAliveIntervalSec,     config_parse_sec,                       0, off
 Network.KeepAliveProbes,          config_parse_unsigned,                  0, offsetof(Manager, keep_alive_cnt)
 Network.NoDelay,                  config_parse_bool,                      0, offsetof(Manager, no_delay)
 Network.SendBuffer,               config_parse_iec_size,                  0, offsetof(Manager, send_buffer)
+Network.ExcludeSyslogFacility,    config_parse_syslog_facility,           0, offsetof(Manager, excluded_syslog_facilities)

src/netlog/netlog-manager.c

@@ -44,6 +44,35 @@ static const char *const log_format_table[_SYSLOG_TRANSMISSION_LOG_FORMAT_MAX] =
 
 DEFINE_STRING_TABLE_LOOKUP(log_format, int);
 
+static const char *const syslog_facility_table[_SYSLOG_FACILITY_MAX] = {
+        [SYSLOG_FACILITY_KERN]         = "kern",
+        [SYSLOG_FACILITY_USER]         = "user",
+        [SYSLOG_FACILITY_MAIL]         = "mail",
+        [SYSLOG_FACILITY_DAEMON]       = "daemon",
+        [SYSLOG_FACILITY_AUTH]         = "auth",
+        [SYSLOG_FACILITY_SYSLOG]       = "syslog",
+        [SYSLOG_FACILITY_LPR]          = "lpr",
+        [SYSLOG_FACILITY_NEWS]         = "news",
+        [SYSLOG_FACILITY_UUCP]         = "uucp",
+        [SYSLOG_FACILITY_CRON]         = "cron",
+        [SYSLOG_FACILITY_AUTHPRIV]     = "authpriv",
+        [SYSLOG_FACILITY_FTP]          = "ftp",
+        [SYSLOG_FACILITY_NTP]          = "ntp",
+        [SYSLOG_FACILITY_SECURITY]     = "security",
+        [SYSLOG_FACILITY_CONSOLE]      = "console",
+        [SYSLOG_FACILITY_SOLARIS_CRON] = "solaris-cron",
+        [SYSLOG_FACILITY_LOCAL0]       = "local0",
+        [SYSLOG_FACILITY_LOCAL1]       = "local1",
+        [SYSLOG_FACILITY_LOCAL2]       = "local2",
+        [SYSLOG_FACILITY_LOCAL3]       = "local3",
+        [SYSLOG_FACILITY_LOCAL4]       = "local4",
+        [SYSLOG_FACILITY_LOCAL5]       = "local5",
+        [SYSLOG_FACILITY_LOCAL6]       = "local6",
+        [SYSLOG_FACILITY_LOCAL7]       = "local7",
+};
+
+DEFINE_STRING_TABLE_LOOKUP(syslog_facility, int);
+
 typedef struct ParseFieldVec {
         const char *field;
         size_t field_len;
@@ -180,6 +209,10 @@ static int manager_read_journal_input(Manager *m) {
                 r = safe_atou(facility, &fac);
                 if (r < 0)
                         log_debug("Failed to parse syslog facility: %s", facility);
+                else if (fac < _SYSLOG_FACILITY_MAX && ((UINT32_C(1) << fac) & m->excluded_syslog_facilities)) {
+                        log_debug("Skipping message with excluded facility %s.", syslog_facility_to_string(fac));
+                        return 0;
+                }
 
                 if (fac >= LOG_NFACILITIES)
                         fac = JOURNAL_DEFAULT_FACILITY;

src/netlog/netlog-manager.h

@@ -29,6 +29,35 @@ typedef enum SysLogTransmissionLogFormat {
         _SYSLOG_TRANSMISSION_LOG_FORMAT_INVALID = -EINVAL,
 } SysLogTransmissionLogFormat;
 
+/* RFC 5424 Section 6.2.1 */
+typedef enum SysLogFacility {
+        SYSLOG_FACILITY_KERN         =  0,
+        SYSLOG_FACILITY_USER         =  1,
+        SYSLOG_FACILITY_MAIL         =  2,
+        SYSLOG_FACILITY_DAEMON       =  3,
+        SYSLOG_FACILITY_AUTH         =  4,
+        SYSLOG_FACILITY_SYSLOG       =  5,
+        SYSLOG_FACILITY_LPR          =  6,
+        SYSLOG_FACILITY_NEWS         =  7,
+        SYSLOG_FACILITY_UUCP         =  8,
+        SYSLOG_FACILITY_CRON         =  9,
+        SYSLOG_FACILITY_AUTHPRIV     = 10,
+        SYSLOG_FACILITY_FTP          = 11,
+        SYSLOG_FACILITY_NTP          = 12,
+        SYSLOG_FACILITY_SECURITY     = 13,
+        SYSLOG_FACILITY_CONSOLE      = 14,
+        SYSLOG_FACILITY_SOLARIS_CRON = 15,
+        SYSLOG_FACILITY_LOCAL0       = 16,
+        SYSLOG_FACILITY_LOCAL1       = 17,
+        SYSLOG_FACILITY_LOCAL2       = 18,
+        SYSLOG_FACILITY_LOCAL3       = 19,
+        SYSLOG_FACILITY_LOCAL4       = 20,
+        SYSLOG_FACILITY_LOCAL5       = 21,
+        SYSLOG_FACILITY_LOCAL6       = 22,
+        SYSLOG_FACILITY_LOCAL7       = 23,
+        _SYSLOG_FACILITY_MAX,
+} SysLogFacility;
+
 typedef struct Manager Manager;
 
 struct Manager {
@@ -58,6 +87,8 @@ struct Manager {
 
         char *server_name;
 
+        uint32_t excluded_syslog_facilities;
+
         /* journal  */
         int journal_watch_fd;
         int namespace_flags;
@@ -124,3 +155,6 @@ int protocol_from_string(const char *s) _pure_;
 
 const char *log_format_to_string(int v) _const_;
 int log_format_from_string(const char *s) _pure_;
+
+const char *syslog_facility_to_string(int v) _const_;
+int syslog_facility_from_string(const char *s) _pure_;