Add a new AUDIT logging level (-5) between PANIC (-4) and NOLOG (shifted
to -6) across C++, PHP, and Perl loggers. AUDIT entries use code 'AUD'
and syslog priority LOG_NOTICE. They record who changed what, from where,
for monitors, filters, users, config, roles, groups, zones, states,
servers, storage, events, snapshots, control caps, and login/logout.
AUDIT entries have their own retention period (ZM_LOG_AUDIT_DATABASE_LIMIT,
default 1 year) separate from regular log pruning. The log pruning in
zmstats.pl and zmaudit.pl now excludes AUDIT rows from regular pruning
and prunes them independently.
Critical safety: the C++ termination logic is changed from
'if (level <= FATAL)' to 'if (level == FATAL || level == PANIC)' to
prevent AUDIT-level log calls from killing the process.
Includes db migration zm_update-1.39.1.sql to shift any stored NOLOG
config values from -5 to -6.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
GCC 12 incorrectly detects a format truncation.
src/zm_logger.cpp:86:39: warning: ‘%d’ directive output may be truncated writing between 1 and 11 bytes into a region of size 2 [-Wformat-truncation=]
86 | snprintf(code, sizeof(code), "DB%d", i);
| ^~
src/zm_logger.cpp:86:36: note: directive argument in the range [-2147483647, 9]
86 | snprintf(code, sizeof(code), "DB%d", i);
| ^~~~~~
Unfortunately the compilers can't emit Wformat warnings for variadic templates
and those can't be annotated with the format attribute.
Use a variadic function which can be annotated and thus warns on format string-args mismatches.
Ref 0796a2262e
With this we can ensure that no copy-construction of the SQL string takes place.
Regarding calling semantics: The pushed SQL string will be moved and cannot be reused.
Since we are now multi-threaded it can happen quite easily that a log message should be written to the DB on one thread while the other thread executes another query. Don't bail out immediately in the logging code, instead try to obtain the lock within 1s.
Remove calls to zmDBConnect from various places to avoid possible side-effects/double initialization.
The function should be called once from the main thread of the daemon.
Also split config loading into 2 steps: static and DB config loading. Load the static config before zmDBConnect is called so it has a chance to succeed.
With this commit a unified structure for includes is introduced.
The general rules:
* Only include what you need
* Include wherever possible in the cpp and forward-declare in the header
The includes are sorted in a local to global fashion. This means for the include order:
0. If cpp file: The corresponding h file and an empty line
1. Includes from the project sorted alphabetically
2. System/library includes sorted alphabetically
3. Conditional includes
