1146773Ssam/* 2146773Ssam * Copyright (c) 1998-2004 Hannes Gredler <hannes@tcpdump.org> 3146773Ssam * The TCPDUMP project 4146773Ssam * 5146773Ssam * Redistribution and use in source and binary forms, with or without 6146773Ssam * modification, are permitted provided that: (1) source code 7146773Ssam * distributions retain the above copyright notice and this paragraph 8146773Ssam * in its entirety, and (2) distributions including binary code include 9146773Ssam * the above copyright notice and this paragraph in its entirety in 10146773Ssam * the documentation or other materials provided with the distribution. 11146773Ssam * THIS SOFTWARE IS PROVIDED ``AS IS'' AND 12146773Ssam * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT 13146773Ssam * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 14146773Ssam * FOR A PARTICULAR PURPOSE. 15146773Ssam */ 16146773Ssam 17146773Ssam#ifndef lint 18146773Ssamstatic const char rcsid[] _U_ = 19190207Srpaulo "@(#) $Header: /tcpdump/master/tcpdump/print-syslog.c,v 1.1 2004-10-29 11:42:53 hannes Exp $"; 20146773Ssam#endif 21146773Ssam 22146773Ssam#ifdef HAVE_CONFIG_H 23146773Ssam#include "config.h" 24146773Ssam#endif 25146773Ssam 26146773Ssam#include <tcpdump-stdinc.h> 27146773Ssam 28146773Ssam#include <stdio.h> 29146773Ssam#include <stdlib.h> 30146773Ssam 31146773Ssam#include "interface.h" 32146773Ssam#include "extract.h" 33146773Ssam#include "addrtoname.h" 34146773Ssam 35146773Ssam/* 36146773Ssam * tokenlists and #defines taken from Ethereal - Network traffic analyzer 37146773Ssam * by Gerald Combs <gerald@ethereal.com> 38146773Ssam */ 39146773Ssam 40146773Ssam#define SYSLOG_SEVERITY_MASK 0x0007 /* 0000 0000 0000 0111 */ 41146773Ssam#define SYSLOG_FACILITY_MASK 0x03f8 /* 0000 0011 1111 1000 */ 42146773Ssam#define SYSLOG_MAX_DIGITS 3 /* The maximum number if priority digits to read in. */ 43146773Ssam 44146773Ssamstatic const struct tok syslog_severity_values[] = { 45146773Ssam { 0, "emergency" }, 46146773Ssam { 1, "alert" }, 47146773Ssam { 2, "critical" }, 48146773Ssam { 3, "error" }, 49146773Ssam { 4, "warning" }, 50146773Ssam { 5, "notice" }, 51146773Ssam { 6, "info" }, 52146773Ssam { 7, "debug" }, 53146773Ssam { 0, NULL }, 54146773Ssam}; 55146773Ssam 56146773Ssamstatic const struct tok syslog_facility_values[] = { 57146773Ssam { 0, "kernel" }, 58146773Ssam { 1, "user" }, 59146773Ssam { 2, "mail" }, 60146773Ssam { 3, "daemon" }, 61146773Ssam { 4, "auth" }, 62146773Ssam { 5, "syslog" }, 63146773Ssam { 6, "lpr" }, 64146773Ssam { 7, "news" }, 65146773Ssam { 8, "uucp" }, 66146773Ssam { 9, "cron" }, 67146773Ssam { 10, "authpriv" }, 68146773Ssam { 11, "ftp" }, 69146773Ssam { 12, "ntp" }, 70146773Ssam { 13, "security" }, 71146773Ssam { 14, "console" }, 72146773Ssam { 15, "cron" }, 73146773Ssam { 16, "local0" }, 74146773Ssam { 17, "local1" }, 75146773Ssam { 18, "local2" }, 76146773Ssam { 19, "local3" }, 77146773Ssam { 20, "local4" }, 78146773Ssam { 21, "local5" }, 79146773Ssam { 22, "local6" }, 80146773Ssam { 23, "local7" }, 81146773Ssam { 0, NULL }, 82146773Ssam}; 83146773Ssam 84146773Ssamvoid 85146773Ssamsyslog_print(register const u_char *pptr, register u_int len) 86146773Ssam{ 87146773Ssam u_int16_t msg_off = 0; 88146773Ssam u_int16_t pri = 0; 89146773Ssam u_int16_t facility,severity; 90146773Ssam 91146773Ssam /* extract decimal figures that are 92146773Ssam * encapsulated within < > tags 93146773Ssam * based on this decimal figure extract the 94146773Ssam * severity and facility values 95146773Ssam */ 96146773Ssam 97146773Ssam if (!TTEST2(*pptr, 1)) 98146773Ssam goto trunc; 99146773Ssam 100146773Ssam if (*(pptr+msg_off) == '<') { 101146773Ssam msg_off++; 102146773Ssam 103146773Ssam if (!TTEST2(*(pptr+msg_off), 1)) 104146773Ssam goto trunc; 105146773Ssam 106146773Ssam while ( *(pptr+msg_off) >= '0' && 107146773Ssam *(pptr+msg_off) <= '9' && 108146773Ssam msg_off <= SYSLOG_MAX_DIGITS) { 109146773Ssam 110146773Ssam if (!TTEST2(*(pptr+msg_off), 1)) 111146773Ssam goto trunc; 112146773Ssam 113146773Ssam pri = pri * 10 + (*(pptr+msg_off) - '0'); 114146773Ssam msg_off++; 115146773Ssam 116146773Ssam if (!TTEST2(*(pptr+msg_off), 1)) 117146773Ssam goto trunc; 118146773Ssam 119146773Ssam if (*(pptr+msg_off) == '>') 120146773Ssam msg_off++; 121146773Ssam } 122146773Ssam } else { 123146773Ssam printf("[|syslog]"); 124146773Ssam return; 125146773Ssam } 126146773Ssam 127146773Ssam facility = (pri & SYSLOG_FACILITY_MASK) >> 3; 128146773Ssam severity = pri & SYSLOG_SEVERITY_MASK; 129146773Ssam 130146773Ssam 131146773Ssam if (vflag < 1 ) 132146773Ssam { 133146773Ssam printf("SYSLOG %s.%s, length: %u", 134146773Ssam tok2str(syslog_facility_values, "unknown (%u)", facility), 135146773Ssam tok2str(syslog_severity_values, "unknown (%u)", severity), 136146773Ssam len); 137146773Ssam return; 138146773Ssam } 139146773Ssam 140146773Ssam printf("SYSLOG, length: %u\n\tFacility %s (%u), Severity %s (%u)\n\tMsg: ", 141146773Ssam len, 142146773Ssam tok2str(syslog_facility_values, "unknown (%u)", facility), 143146773Ssam facility, 144146773Ssam tok2str(syslog_severity_values, "unknown (%u)", severity), 145146773Ssam severity); 146146773Ssam 147146773Ssam /* print the syslog text in verbose mode */ 148146773Ssam for (; msg_off < len; msg_off++) { 149146773Ssam if (!TTEST2(*(pptr+msg_off), 1)) 150146773Ssam goto trunc; 151146773Ssam safeputchar(*(pptr+msg_off)); 152146773Ssam } 153146773Ssam 154146773Ssam if (vflag > 1) { 155146773Ssam if(!print_unknown_data(pptr,"\n\t",len)) 156146773Ssam return; 157146773Ssam } 158146773Ssam 159146773Ssam return; 160146773Ssam 161146773Ssamtrunc: 162146773Ssam printf("[|syslog]"); 163146773Ssam} 164