diff options
author | Gerald Combs <gerald@wireshark.org> | 2018-08-27 08:17:32 -0700 |
---|---|---|
committer | Anders Broman <a.broman58@gmail.com> | 2018-08-31 05:20:27 +0000 |
commit | 50b9da7bc2d43f83a57fdd1ff3a8c9186461d834 (patch) | |
tree | 0c6f820b6acef2f25ed4630d75f8a0995d57c6c8 /epan/dissectors/packet-syslog.h | |
parent | 94735eb2bc02f7d683e50cfda1e5d0735cf5f97f (diff) |
Add a systemd Journal Export Format parser and dissector.
Add a file parser and dissector that can handle the output of
`journalctl -o export`. From here we can add a systemd journal extcap
and possibly support for the JSON and binary formats.
Change-Id: I01576959b2c347ce7ac9aa57cdb5c119c81d61e9
Reviewed-on: https://code.wireshark.org/review/29311
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Diffstat (limited to 'epan/dissectors/packet-syslog.h')
-rw-r--r-- | epan/dissectors/packet-syslog.h | 104 |
1 files changed, 104 insertions, 0 deletions
diff --git a/epan/dissectors/packet-syslog.h b/epan/dissectors/packet-syslog.h new file mode 100644 index 0000000000..4a5bcf8662 --- /dev/null +++ b/epan/dissectors/packet-syslog.h @@ -0,0 +1,104 @@ +/* packet-syslog.h + * Routines for syslog message dissection + * + * Copyright 2000, Gerald Combs <gerald[AT]wireshark.org> + * + * Support for passing SS7 MSUs (from the Cisco ITP Packet Logging + * facility) to the MTP3 dissector by Abhik Sarkar <sarkar.abhik[AT]gmail.com> + * with some rework by Jeff Morriss <jeff.morriss.ws [AT] gmail.com> + * + * Wireshark - Network traffic analyzer + * By Gerald Combs <gerald[AT]wireshark.org> + * Copyright 1998 Gerald Combs + * + * SPDX-License-Identifier: GPL-2.0-or-later + */ + +#ifndef __PACKET_SYSLOG_H__ +#define __PACKET_SYSLOG_H__ + +#ifdef __cplusplus +extern "C" { +#endif /* __cplusplus */ + +/* Level / Priority */ +#define LEVEL_EMERG 0 +#define LEVEL_ALERT 1 +#define LEVEL_CRIT 2 +#define LEVEL_ERR 3 +#define LEVEL_WARNING 4 +#define LEVEL_NOTICE 5 +#define LEVEL_INFO 6 +#define LEVEL_DEBUG 7 + +static const value_string syslog_level_vals[] = { + { LEVEL_EMERG, "EMERG - system is unusable" }, + { LEVEL_ALERT, "ALERT - action must be taken immediately" }, + { LEVEL_CRIT, "CRIT - critical conditions" }, + { LEVEL_ERR, "ERR - error conditions" }, + { LEVEL_WARNING, "WARNING - warning conditions" }, + { LEVEL_NOTICE, "NOTICE - normal but significant condition" }, + { LEVEL_INFO, "INFO - informational" }, + { LEVEL_DEBUG, "DEBUG - debug-level messages" }, + { 0, NULL } +}; + +/* Facility */ +#define FAC_KERN 0 +#define FAC_USER 1 +#define FAC_MAIL 2 +#define FAC_DAEMON 3 +#define FAC_AUTH 4 +#define FAC_SYSLOG 5 +#define FAC_LPR 6 +#define FAC_NEWS 7 +#define FAC_UUCP 8 +#define FAC_CRON 9 +#define FAC_AUTHPRIV 10 +#define FAC_FTP 11 +#define FAC_NTP 12 +#define FAC_LOGAUDIT 13 +#define FAC_LOGALERT 14 +#define FAC_CRON_SOL 15 +#define FAC_LOCAL0 16 +#define FAC_LOCAL1 17 +#define FAC_LOCAL2 18 +#define FAC_LOCAL3 19 +#define FAC_LOCAL4 20 +#define FAC_LOCAL5 21 +#define FAC_LOCAL6 22 +#define FAC_LOCAL7 23 + +static const value_string syslog_facility_vals[] = { + { FAC_KERN, "KERN - kernel messages" }, + { FAC_USER, "USER - random user-level messages" }, + { FAC_MAIL, "MAIL - mail system" }, + { FAC_DAEMON, "DAEMON - system daemons" }, + { FAC_AUTH, "AUTH - security/authorization messages" }, + { FAC_SYSLOG, "SYSLOG - messages generated internally by syslogd" }, + { FAC_LPR, "LPR - line printer subsystem" }, + { FAC_NEWS, "NEWS - network news subsystem" }, + { FAC_UUCP, "UUCP - UUCP subsystem" }, + { FAC_CRON, "CRON - clock daemon (BSD, Linux)" }, + { FAC_AUTHPRIV, "AUTHPRIV - security/authorization messages (private)" }, + { FAC_FTP, "FTP - ftp daemon" }, + { FAC_NTP, "NTP - ntp subsystem" }, + { FAC_LOGAUDIT, "LOGAUDIT - log audit" }, + { FAC_LOGALERT, "LOGALERT - log alert" }, + { FAC_CRON_SOL, "CRON - clock daemon (Solaris)" }, + { FAC_LOCAL0, "LOCAL0 - reserved for local use" }, + { FAC_LOCAL1, "LOCAL1 - reserved for local use" }, + { FAC_LOCAL2, "LOCAL2 - reserved for local use" }, + { FAC_LOCAL3, "LOCAL3 - reserved for local use" }, + { FAC_LOCAL4, "LOCAL4 - reserved for local use" }, + { FAC_LOCAL5, "LOCAL5 - reserved for local use" }, + { FAC_LOCAL6, "LOCAL6 - reserved for local use" }, + { FAC_LOCAL7, "LOCAL7 - reserved for local use" }, + { 0, NULL } +}; + +#ifdef __cplusplus +} +#endif /* __cplusplus */ + +#endif // __PACKET_SYSLOG_H__ |