dist/tcpdump/print-syslog.c

   1 /*      $NetBSD$        */
   2
   3 /*
   4  * Copyright (c) 1998-2004  Hannes Gredler <hannes@tcpdump.org>
   5  *      The TCPDUMP project
   6  *
   7  * Redistribution and use in source and binary forms, with or without
   8  * modification, are permitted provided that: (1) source code
   9  * distributions retain the above copyright notice and this paragraph
  10  * in its entirety, and (2) distributions including binary code include
  11  * the above copyright notice and this paragraph in its entirety in
  12  * the documentation or other materials provided with the distribution.
  13  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND
  14  * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT
  15  * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
  16  * FOR A PARTICULAR PURPOSE.
  17  */
  18
  19 #include <sys/cdefs.h>
  20 #ifndef lint
  21 #if 0
  22 static const char rcsid[] _U_ =
  23     "@(#) Header: /tcpdump/master/tcpdump/print-syslog.c,v 1.1 2004/10/29 11:42:53 hannes Exp";
  24 #else
  25 __RCSID("$NetBSD: tcpdump2rcsid.ex,v 1.1 2001/06/25 20:09:58 itojun Exp $");
  26 #endif
  27 #endif
  28
  29 #ifdef HAVE_CONFIG_H
  30 #include "config.h"
  31 #endif
  32
  33 #include <tcpdump-stdinc.h>
  34
  35 #include <stdio.h>
  36 #include <stdlib.h>
  37
  38 #include "interface.h"
  39 #include "extract.h"
  40 #include "addrtoname.h"
  41
  42 /*
  43  * tokenlists and #defines taken from Ethereal - Network traffic analyzer
  44  * by Gerald Combs <gerald@ethereal.com>
  45  */
  46
  47 #define SYSLOG_SEVERITY_MASK 0x0007  /* 0000 0000 0000 0111 */
  48 #define SYSLOG_FACILITY_MASK 0x03f8  /* 0000 0011 1111 1000 */
  49 #define SYSLOG_MAX_DIGITS 3 /* The maximum number if priority digits to read in. */
  50
  51 static const struct tok syslog_severity_values[] = {
  52   { 0,      "emergency" },
  53   { 1,      "alert" },
  54   { 2,      "critical" },
  55   { 3,      "error" },
  56   { 4,      "warning" },
  57   { 5,      "notice" },
  58   { 6,      "info" },
  59   { 7,      "debug" },
  60   { 0, NULL },
  61 };
  62
  63 static const struct tok syslog_facility_values[] = {
  64   { 0,     "kernel" },
  65   { 1,     "user" },
  66   { 2,     "mail" },
  67   { 3,     "daemon" },
  68   { 4,     "auth" },
  69   { 5,     "syslog" },
  70   { 6,     "lpr" },
  71   { 7,     "news" },
  72   { 8,     "uucp" },
  73   { 9,     "cron" },
  74   { 10,    "authpriv" },
  75   { 11,    "ftp" },
  76   { 12,    "ntp" },
  77   { 13,    "security" },
  78   { 14,    "console" },
  79   { 15,    "cron" },
  80   { 16,    "local0" },
  81   { 17,    "local1" },
  82   { 18,    "local2" },
  83   { 19,    "local3" },
  84   { 20,    "local4" },
  85   { 21,    "local5" },
  86   { 22,    "local6" },
  87   { 23,    "local7" },
  88   { 0, NULL },
  89 };
  90
  91 void
  92 syslog_print(register const u_char *pptr, register u_int len)
  93 {
  94     u_int16_t msg_off = 0;
  95     u_int16_t pri = 0;
  96     u_int16_t facility,severity;
  97
  98     /* extract decimal figures that are
  99      * encapsulated within < > tags
 100      * based on this decimal figure extract the
 101      * severity and facility values
 102      */
 103
 104     if (!TTEST2(*pptr, 1))
 105         goto trunc;
 106
 107     if (*(pptr+msg_off) == '<') {
 108         msg_off++;
 109
 110         if (!TTEST2(*(pptr+msg_off), 1))
 111             goto trunc;
 112
 113         while ( *(pptr+msg_off) >= '0' &&
 114                 *(pptr+msg_off) <= '9' &&
 115                 msg_off <= SYSLOG_MAX_DIGITS) {
 116
 117             if (!TTEST2(*(pptr+msg_off), 1))
 118                 goto trunc;
 119
 120             pri = pri * 10 + (*(pptr+msg_off) - '0');
 121             msg_off++;
 122
 123             if (!TTEST2(*(pptr+msg_off), 1))
 124                 goto trunc;
 125
 126         if (*(pptr+msg_off) == '>')
 127             msg_off++;
 128         }
 129     } else {
 130         printf("[|syslog]");
 131         return;
 132     }
 133
 134     facility = (pri & SYSLOG_FACILITY_MASK) >> 3;
 135     severity = pri & SYSLOG_SEVERITY_MASK;
 136
 137
 138     if (vflag < 1 )
 139     {
 140         printf("SYSLOG %s.%s, length: %u",
 141                tok2str(syslog_facility_values, "unknown (%u)", facility),
 142                tok2str(syslog_severity_values, "unknown (%u)", severity),
 143                len);
 144         return;
 145     }
 146
 147     printf("SYSLOG, length: %u\n\tFacility %s (%u), Severity %s (%u)\n\tMsg: ",
 148            len,
 149            tok2str(syslog_facility_values, "unknown (%u)", facility),
 150            facility,
 151            tok2str(syslog_severity_values, "unknown (%u)", severity),
 152            severity);
 153
 154     /* print the syslog text in verbose mode */
 155     for (; msg_off < len; msg_off++) {
 156         if (!TTEST2(*(pptr+msg_off), 1))
 157             goto trunc;
 158         safeputchar(*(pptr+msg_off));
 159     }
 160
 161     if (vflag > 1) {
 162         if(!print_unknown_data(pptr,"\n\t",len))
 163             return;
 164     }
 165
 166     return;
 167
 168 trunc:
 169         printf("[|syslog]");
 170 }