diff options
author | Gerald Combs <gerald@wireshark.org> | 2018-08-27 08:17:32 -0700 |
---|---|---|
committer | Anders Broman <a.broman58@gmail.com> | 2018-08-31 05:20:27 +0000 |
commit | 50b9da7bc2d43f83a57fdd1ff3a8c9186461d834 (patch) | |
tree | 0c6f820b6acef2f25ed4630d75f8a0995d57c6c8 /epan/dissectors/packet-syslog.c | |
parent | 94735eb2bc02f7d683e50cfda1e5d0735cf5f97f (diff) |
Add a systemd Journal Export Format parser and dissector.
Add a file parser and dissector that can handle the output of
`journalctl -o export`. From here we can add a systemd journal extcap
and possibly support for the JSON and binary formats.
Change-Id: I01576959b2c347ce7ac9aa57cdb5c119c81d61e9
Reviewed-on: https://code.wireshark.org/review/29311
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Diffstat (limited to 'epan/dissectors/packet-syslog.c')
-rw-r--r-- | epan/dissectors/packet-syslog.c | 90 |
1 files changed, 10 insertions, 80 deletions
diff --git a/epan/dissectors/packet-syslog.c b/epan/dissectors/packet-syslog.c index 6b7d74d453..f591af02eb 100644 --- a/epan/dissectors/packet-syslog.c +++ b/epan/dissectors/packet-syslog.c @@ -20,6 +20,8 @@ #include <epan/packet.h> #include <epan/strutil.h> +#include "packet-syslog.h" + #define UDP_PORT_SYSLOG 514 #define PRIORITY_MASK 0x0007 /* 0000 0111 */ @@ -31,15 +33,7 @@ void proto_register_syslog(void); /* The maximum number if priority digits to read in. */ #define MAX_DIGITS 3 -#define LEVEL_EMERG 0 -#define LEVEL_ALERT 1 -#define LEVEL_CRIT 2 -#define LEVEL_ERR 3 -#define LEVEL_WARNING 4 -#define LEVEL_NOTICE 5 -#define LEVEL_INFO 6 -#define LEVEL_DEBUG 7 -static const value_string short_lev[] = { +static const value_string short_level_vals[] = { { LEVEL_EMERG, "EMERG" }, { LEVEL_ALERT, "ALERT" }, { LEVEL_CRIT, "CRIT" }, @@ -51,31 +45,7 @@ static const value_string short_lev[] = { { 0, NULL } }; -#define FAC_KERN 0 -#define FAC_USER 1 -#define FAC_MAIL 2 -#define FAC_DAEMON 3 -#define FAC_AUTH 4 -#define FAC_SYSLOG 5 -#define FAC_LPR 6 -#define FAC_NEWS 7 -#define FAC_UUCP 8 -#define FAC_CRON 9 -#define FAC_AUTHPRIV 10 -#define FAC_FTP 11 -#define FAC_NTP 12 -#define FAC_LOGAUDIT 13 -#define FAC_LOGALERT 14 -#define FAC_CRON_SOL 15 -#define FAC_LOCAL0 16 -#define FAC_LOCAL1 17 -#define FAC_LOCAL2 18 -#define FAC_LOCAL3 19 -#define FAC_LOCAL4 20 -#define FAC_LOCAL5 21 -#define FAC_LOCAL6 22 -#define FAC_LOCAL7 23 -static const value_string short_fac[] = { +static const value_string short_facility_vals[] = { { FAC_KERN, "KERN" }, { FAC_USER, "USER" }, { FAC_MAIL, "MAIL" }, @@ -103,46 +73,6 @@ static const value_string short_fac[] = { { 0, NULL } }; -static const value_string long_lev[] = { - { LEVEL_EMERG, "EMERG - system is unusable" }, - { LEVEL_ALERT, "ALERT - action must be taken immediately" }, - { LEVEL_CRIT, "CRIT - critical conditions" }, - { LEVEL_ERR, "ERR - error conditions" }, - { LEVEL_WARNING, "WARNING - warning conditions" }, - { LEVEL_NOTICE, "NOTICE - normal but significant condition" }, - { LEVEL_INFO, "INFO - informational" }, - { LEVEL_DEBUG, "DEBUG - debug-level messages" }, - { 0, NULL } -}; - -static const value_string long_fac[] = { - { FAC_KERN, "KERN - kernel messages" }, - { FAC_USER, "USER - random user-level messages" }, - { FAC_MAIL, "MAIL - mail system" }, - { FAC_DAEMON, "DAEMON - system daemons" }, - { FAC_AUTH, "AUTH - security/authorization messages" }, - { FAC_SYSLOG, "SYSLOG - messages generated internally by syslogd" }, - { FAC_LPR, "LPR - line printer subsystem" }, - { FAC_NEWS, "NEWS - network news subsystem" }, - { FAC_UUCP, "UUCP - UUCP subsystem" }, - { FAC_CRON, "CRON - clock daemon (BSD, Linux)" }, - { FAC_AUTHPRIV, "AUTHPRIV - security/authorization messages (private)" }, - { FAC_FTP, "FTP - ftp daemon" }, - { FAC_NTP, "NTP - ntp subsystem" }, - { FAC_LOGAUDIT, "LOGAUDIT - log audit" }, - { FAC_LOGALERT, "LOGALERT - log alert" }, - { FAC_CRON_SOL, "CRON - clock daemon (Solaris)" }, - { FAC_LOCAL0, "LOCAL0 - reserved for local use" }, - { FAC_LOCAL1, "LOCAL1 - reserved for local use" }, - { FAC_LOCAL2, "LOCAL2 - reserved for local use" }, - { FAC_LOCAL3, "LOCAL3 - reserved for local use" }, - { FAC_LOCAL4, "LOCAL4 - reserved for local use" }, - { FAC_LOCAL5, "LOCAL5 - reserved for local use" }, - { FAC_LOCAL6, "LOCAL6 - reserved for local use" }, - { FAC_LOCAL7, "LOCAL7 - reserved for local use" }, - { 0, NULL } -}; - static gint proto_syslog = -1; static gint hf_syslog_level = -1; static gint hf_syslog_facility = -1; @@ -296,8 +226,8 @@ dissect_syslog(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _ if (mtp3_tvb == NULL) { if (pri >= 0) { col_add_fstr(pinfo->cinfo, COL_INFO, "%s.%s: %s", - val_to_str_const(fac, short_fac, "UNKNOWN"), - val_to_str_const(lev, short_lev, "UNKNOWN"), msg_str); + val_to_str_const(fac, short_facility_vals, "UNKNOWN"), + val_to_str_const(lev, short_level_vals, "UNKNOWN"), msg_str); } else { col_add_str(pinfo->cinfo, COL_INFO, msg_str); } @@ -307,8 +237,8 @@ dissect_syslog(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _ if (pri >= 0) { ti = proto_tree_add_protocol_format(tree, proto_syslog, tvb, 0, -1, "Syslog message: %s.%s: %s", - val_to_str_const(fac, short_fac, "UNKNOWN"), - val_to_str_const(lev, short_lev, "UNKNOWN"), msg_str); + val_to_str_const(fac, short_facility_vals, "UNKNOWN"), + val_to_str_const(lev, short_level_vals, "UNKNOWN"), msg_str); } else { ti = proto_tree_add_protocol_format(tree, proto_syslog, tvb, 0, -1, "Syslog message: (unknown): %s", msg_str); @@ -349,12 +279,12 @@ void proto_register_syslog(void) static hf_register_info hf[] = { { &hf_syslog_facility, { "Facility", "syslog.facility", - FT_UINT8, BASE_DEC, VALS(long_fac), FACILITY_MASK, + FT_UINT8, BASE_DEC, VALS(syslog_facility_vals), FACILITY_MASK, "Message facility", HFILL } }, { &hf_syslog_level, { "Level", "syslog.level", - FT_UINT8, BASE_DEC, VALS(long_lev), PRIORITY_MASK, + FT_UINT8, BASE_DEC, VALS(syslog_level_vals), PRIORITY_MASK, "Message level", HFILL } }, { &hf_syslog_msg, |