search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix typo
[prads.git] / src / output-plugins / log_stdout.c
blobbe14a96a26ed539a8601f39467394733bad87154
1 /* author: Kacper Wysocki <kwy@redpill-linpro.com> */
2 #include "../prads.h"
3 #include "../sys_func.h"
4 #include "../sig.h"
5 #include "../config.h"
6 #include "../cxt.h"
7 #include "log.h"
8 #include "log_stdout.h"
9
10 output_plugin p_stdout = {
11 .init = &init_output_stdout,
12 .arp = &stdout_arp,
13 .os = &stdout_os,
14 .service = &stdout_service,
15 .connection = NULL,
16 .denit = &end_log_stdout,
17 .data = NULL,
18 };
19
20 output_plugin *init_log_stdout()
21 {
22 return &p_stdout;
23 }
24
25 int init_output_stdout(output_plugin *p, const char *f, int flags)
26 {
27 if(flags & (CONFIG_CXWRITE | CONFIG_CONNECT)){
28 p->connection = &stdout_connection;
29 if(!(flags & CONFIG_VERBOSE)){
30 p->arp = NULL;
31 p->os = NULL;
32 p->service = NULL;
33 }
34 }
35 return 0;
36 }
37
38 int end_log_stdout (output_plugin *log)
39 {
40 return 0;
41 }
42
43
44 void stdout_arp (output_plugin *unused, asset *main)
45 {
46 static char ip_addr_s[INET6_ADDRSTRLEN];
47
48 if (memcmp(main->mac_addr, "\0\0\0\0\0\0", 6)) {
49 u_ntop(main->ip_addr, main->af, ip_addr_s);
50 printf("%s", ip_addr_s);
51 if (main->vlan != 0) printf(",[vlan:%u]", ntohs(main->vlan));
52 printf(",[arp:%s]",
53 hex2mac(main->mac_addr));
54 if(main->macentry) printf(",%s", main->macentry->vendor);
55 printf("\n");
56 }
57 fflush(0);
58 }
59
60 void stdout_os (output_plugin *unused, asset *main, os_asset *os, connection* c)
61 {
62 static char ip_addr_s[INET6_ADDRSTRLEN];
63 uint8_t tmp_ttl;
64
65 u_ntop(main->ip_addr, main->af, ip_addr_s);
66 printf("%s", ip_addr_s);
67 if (main->vlan != 0) printf(",[vlan:%u]", ntohs(main->vlan));
68
69 printf(",[");
70 if (os->detection == CO_SYN) printf("syn");
71 if (os->detection == CO_SYNACK) printf("synack");
72 if (os->detection == CO_ACK) printf("ack");
73 if (os->detection == CO_RST) printf("rst");
74 if (os->detection == CO_FIN) printf("fin");
75 if (os->detection == CO_UDP) printf("udp");
76 if (os->detection == CO_ICMP) printf("icmp");
77
78 printf(":");
79 if (os->raw_fp != NULL) {
80 printf("%s]", (char *)bdata(os->raw_fp));
81 } else {
82 bstring b = gen_fp_tcp(&os->fp, os->uptime, os->detection);
83 os->raw_fp = b;
84 printf("%s]", (char *)bdata(os->raw_fp));
85
86 if (os->fp.os != NULL) printf(",[%s", os->fp.os);
87 else printf(",[unknown");
88 if (os->fp.desc != NULL) printf(":%s]", os->fp.desc);
89 else printf(":unknown]");
90
91 if (os->fp.mss) printf(",[link:%s]",lookup_link(os->fp.mss,1));
92 }
93
94 if (os->uptime) printf(",[uptime:%dhrs]",os->uptime/360000);
95 if (os->ttl) {
96 tmp_ttl = normalize_ttl(os->ttl);
97 printf(",[distance:%d]",tmp_ttl - os->ttl);
98 }
99 printf("\n");
100 fflush(0);
101 }
102
103 void stdout_service (output_plugin* unused, asset *main, serv_asset *service, connection *c)
104 {
105 static char ip_addr_s[INET6_ADDRSTRLEN];
106 uint8_t tmp_ttl;
107
108 u_ntop(main->ip_addr, main->af, ip_addr_s);
109 printf("%s", ip_addr_s);
110 if (main->vlan != 0) printf(",[vlan:%u]", ntohs(main->vlan));
111
112 if (service->role == SC_SERVER) {
113 printf(",[service:%s:%u:%u]",
114 (char *)bdata(service->application),
115 ntohs(service->port),service->proto);
116 } else {
117 printf(",[client:%s:%u:%u]",
118 (char*)bdata(service->application),
119 ntohs(service->port),service->proto);
120 }
121 if (service->ttl) {
122 tmp_ttl = normalize_ttl(service->ttl);
123 printf(",[distance:%d]",tmp_ttl - service->ttl);
124 }
125 printf("\n");
126 fflush(0);
127 }
128
129 void stdout_excessive(connection *cxt)
130 {
131 static char src_s[INET6_ADDRSTRLEN];
132 static char dst_s[INET6_ADDRSTRLEN];
133 if(!inet_ntop(cxt->af, (cxt->af == AF_INET6? (void*) &cxt->s_ip : (void*) cxt->s_ip.s6_addr32), src_s, INET6_ADDRSTRLEN))
134 perror("inet_ntop");
135 if(!inet_ntop(cxt->af, (cxt->af == AF_INET6? (void*) &cxt->d_ip : (void*) cxt->d_ip.s6_addr32), dst_s, INET6_ADDRSTRLEN))
136 perror("inet_ntop");
137 printf("conn[%4lu] %s:%u -> %s:%u\n", cxt->cxid,
138 src_s, ntohs(cxt->s_port),
139 dst_s, ntohs(cxt->d_port));
140 }
141
142 void stdout_connection (output_plugin *plugin, connection *cxt, int outputmode)
143 {
144 char stime[80], ltime[80];
145 time_t tot_time;
146 static char src_s[INET6_ADDRSTRLEN];
147 static char dst_s[INET6_ADDRSTRLEN];
148 if(outputmode == CX_EXCESSIVE){
149 stdout_excessive(cxt);
150 return;
151 }
152 FILE *fd = stdout;
153 strftime(stime, 80, "%F %H:%M:%S", gmtime(&cxt->start_time));
154 strftime(ltime, 80, "%F %H:%M:%S", gmtime(&cxt->last_pkt_time));
155 tot_time = cxt->last_pkt_time - cxt->start_time;
156
157 fprintf(fd, "%ld%09ju|%s|%s|%ld|%hhu|",
158 cxt->start_time, cxt->cxid, stime, ltime, tot_time,
159 cxt->proto);
160 if(!inet_ntop(cxt->af, (cxt->af == AF_INET6? (void*) &cxt->s_ip : (void*) cxt->s_ip.s6_addr32), src_s, INET6_ADDRSTRLEN))
161 perror("inet_ntop");
162 if(!inet_ntop(cxt->af, (cxt->af == AF_INET6? (void*) &cxt->d_ip : (void*) cxt->d_ip.s6_addr32), dst_s, INET6_ADDRSTRLEN))
163 perror("inet_ntop");
164 fprintf(fd, "%s|%u|%s|%u|",
165 src_s, ntohs(cxt->s_port),
166 dst_s, ntohs(cxt->d_port));
167 fprintf(fd, "%ju|%ju|",
168 cxt->s_total_pkts, cxt->s_total_bytes);
169 fprintf(fd, "%ju|%ju|%u|%u",
170 cxt->d_total_pkts, cxt->d_total_bytes,
171 cxt->s_tcpFlags, cxt->d_tcpFlags);
172 // hack to distinguish output paths
173 char *o = NULL;
174 switch (outputmode) {
175 case CX_EXPIRE:
176 o="[expired]";
177 break;
178 case CX_ENDED:
179 o="[ended]";
180 break;
181 case CX_NEW:
182 o="[New]";
183 break;
184 }
185 if(o) fprintf(fd, "|%s", o);
186 fprintf(fd, "\n");
187 }
188
189
PRADS is a Passive Real-time Asset Detection System. It passively listen to network traffic and gathers information on hosts and services it sees on the network.