print-syslog.c revision 1.4
1/* 2 * Copyright (c) 1998-2004 Hannes Gredler <hannes@tcpdump.org> 3 * The TCPDUMP project 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that: (1) source code 7 * distributions retain the above copyright notice and this paragraph 8 * in its entirety, and (2) distributions including binary code include 9 * the above copyright notice and this paragraph in its entirety in 10 * the documentation or other materials provided with the distribution. 11 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND 12 * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT 13 * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 14 * FOR A PARTICULAR PURPOSE. 15 */ 16 17#include <sys/cdefs.h> 18#ifndef lint 19#if 0 20static const char rcsid[] _U_ = 21 "@(#) Header: /tcpdump/master/tcpdump/print-syslog.c,v 1.1 2004-10-29 11:42:53 hannes Exp "; 22#else 23__RCSID("$NetBSD: print-syslog.c,v 1.4 2013/12/31 17:33:31 christos Exp $"); 24#endif 25#endif 26 27#ifdef HAVE_CONFIG_H 28#include "config.h" 29#endif 30 31#include <tcpdump-stdinc.h> 32 33#include <stdio.h> 34#include <stdlib.h> 35 36#include "interface.h" 37#include "extract.h" 38 39/* 40 * tokenlists and #defines taken from Ethereal - Network traffic analyzer 41 * by Gerald Combs <gerald@ethereal.com> 42 */ 43 44#define SYSLOG_SEVERITY_MASK 0x0007 /* 0000 0000 0000 0111 */ 45#define SYSLOG_FACILITY_MASK 0x03f8 /* 0000 0011 1111 1000 */ 46#define SYSLOG_MAX_DIGITS 3 /* The maximum number if priority digits to read in. */ 47 48static const struct tok syslog_severity_values[] = { 49 { 0, "emergency" }, 50 { 1, "alert" }, 51 { 2, "critical" }, 52 { 3, "error" }, 53 { 4, "warning" }, 54 { 5, "notice" }, 55 { 6, "info" }, 56 { 7, "debug" }, 57 { 0, NULL }, 58}; 59 60static const struct tok syslog_facility_values[] = { 61 { 0, "kernel" }, 62 { 1, "user" }, 63 { 2, "mail" }, 64 { 3, "daemon" }, 65 { 4, "auth" }, 66 { 5, "syslog" }, 67 { 6, "lpr" }, 68 { 7, "news" }, 69 { 8, "uucp" }, 70 { 9, "cron" }, 71 { 10, "authpriv" }, 72 { 11, "ftp" }, 73 { 12, "ntp" }, 74 { 13, "security" }, 75 { 14, "console" }, 76 { 15, "cron" }, 77 { 16, "local0" }, 78 { 17, "local1" }, 79 { 18, "local2" }, 80 { 19, "local3" }, 81 { 20, "local4" }, 82 { 21, "local5" }, 83 { 22, "local6" }, 84 { 23, "local7" }, 85 { 0, NULL }, 86}; 87 88void 89syslog_print(register const u_char *pptr, register u_int len) 90{ 91 u_int16_t msg_off = 0; 92 u_int16_t pri = 0; 93 u_int16_t facility,severity; 94 95 /* extract decimal figures that are 96 * encapsulated within < > tags 97 * based on this decimal figure extract the 98 * severity and facility values 99 */ 100 101 TCHECK2(*pptr, 1); 102 if (*(pptr+msg_off) == '<') { 103 msg_off++; 104 TCHECK2(*(pptr+msg_off), 1); 105 while ( *(pptr+msg_off) >= '0' && 106 *(pptr+msg_off) <= '9' && 107 msg_off <= SYSLOG_MAX_DIGITS) { 108 pri = pri * 10 + (*(pptr+msg_off) - '0'); 109 msg_off++; 110 TCHECK2(*(pptr+msg_off), 1); 111 } 112 if (*(pptr+msg_off) != '>') { 113 printf("[|syslog]"); 114 return; 115 } 116 msg_off++; 117 } else { 118 printf("[|syslog]"); 119 return; 120 } 121 122 facility = (pri & SYSLOG_FACILITY_MASK) >> 3; 123 severity = pri & SYSLOG_SEVERITY_MASK; 124 125 if (vflag < 1 ) 126 { 127 printf("SYSLOG %s.%s, length: %u", 128 tok2str(syslog_facility_values, "unknown (%u)", facility), 129 tok2str(syslog_severity_values, "unknown (%u)", severity), 130 len); 131 return; 132 } 133 134 printf("SYSLOG, length: %u\n\tFacility %s (%u), Severity %s (%u)\n\tMsg: ", 135 len, 136 tok2str(syslog_facility_values, "unknown (%u)", facility), 137 facility, 138 tok2str(syslog_severity_values, "unknown (%u)", severity), 139 severity); 140 141 /* print the syslog text in verbose mode */ 142 for (; msg_off < len; msg_off++) { 143 TCHECK2(*(pptr+msg_off), 1); 144 safeputchar(*(pptr+msg_off)); 145 } 146 147 if (vflag > 1) 148 print_unknown_data(pptr,"\n\t",len); 149 150 return; 151 152trunc: 153 printf("[|syslog]"); 154} 155