From 99bf81257108350f013d38ba4f99c143a65cf376 Mon Sep 17 00:00:00 2001 From: yo Date: Sun, 10 Sep 2023 16:32:05 +0200 Subject: [PATCH] Add RSYSLOG_SyslogProtocol23Format timestamp format, bugfix zone name was printed in base64 --- libbsm.go | 76 ++++++++++++++++++++++++++++++++++++++++--------------- main.go | 9 ++++--- 2 files changed, 60 insertions(+), 25 deletions(-) diff --git a/libbsm.go b/libbsm.go index 9ea3e0e..85cd2d3 100644 --- a/libbsm.go +++ b/libbsm.go @@ -127,7 +127,7 @@ const ( // Display control PRT_ONELINE = 1 PRT_NORESOLVE_USER = 2 - PRT_TIMESTAMP = 4 + PRT_TIMESYSLOG23 = 4 PRT_JSON = 8 ) @@ -594,8 +594,8 @@ print_header32_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) */ func (h *Header32) Print(file *os.File, delimiter string, flags int) { var timeval string - if PRT_TIMESTAMP == flags&PRT_TIMESTAMP { - timeval = strconv.Itoa(int(h.S)) + if PRT_TIMESYSLOG23 == flags&PRT_TIMESYSLOG23 { + timeval = time.Unix((int64)(h.S), 0).Add(time.Millisecond * (time.Duration)(h.Msec)).Format("2006-01-02T15:04:05.000Z07:00") } else { t := time.Unix((int64)(h.S), 0) timeval = t.Format(time.UnixDate) @@ -607,20 +607,37 @@ func (h *Header32) Print(file *os.File, delimiter string, flags int) { } if flags&PRT_JSON == PRT_JSON { - printable := struct { - Size uint32 `json:"size"` // Record byte count - Version uint8 `json:"version"` // version # (uchar) - E_type string `json:"event_type"` // Event type - E_mod uint16 `json:"event_modifier"` // Event modifier - Ts string `json:"timestamp"` // Seconds of time converted to data/hour/DST - Msec uint32 `json:"msec"` // Milliseconds of time - }{ - Size: h.Size, - Version: h.Version, - E_type: evdesc, - E_mod: h.E_mod, - Ts: timeval, - Msec: h.Msec, + var printable interface{} + if PRT_TIMESYSLOG23 == flags&PRT_TIMESYSLOG23 { + printable = struct { + Size uint32 `json:"size"` // Record byte count + Version uint8 `json:"version"` // version # (uchar) + E_type string `json:"event_type"` // Event type + E_mod uint16 `json:"event_modifier"` // Event modifier + Ts string `json:"timestamp"` // Seconds of time converted to RSYSLOG_SyslogProtocol23Format + }{ + Size: h.Size, + Version: h.Version, + E_type: evdesc, + E_mod: h.E_mod, + Ts: timeval, + } + } else { + printable = struct { + Size uint32 `json:"size"` // Record byte count + Version uint8 `json:"version"` // version # (uchar) + E_type string `json:"event_type"` // Event type + E_mod uint16 `json:"event_modifier"` // Event modifier + Ts string `json:"timestamp"` // Seconds of time converted to data/hour/DST + Msec uint32 `json:"msec"` // Milliseconds of time + }{ + Size: h.Size, + Version: h.Version, + E_type: evdesc, + E_mod: h.E_mod, + Ts: timeval, + Msec: h.Msec, + } } j, err := json.Marshal(printable) @@ -2972,11 +2989,28 @@ func (z *ZoneName) LoadFromBinary(rdr *bufio.Reader) error { } func (z *ZoneName) Print(file *os.File, delimiter string, flags int) { - fmt.Fprintf(file, "zone%s%s", delimiter, z.Zone) - if 0 == (flags & PRT_ONELINE) { - fmt.Fprintf(file, "\n") + if flags&PRT_JSON == PRT_JSON { + printable := struct { + Name string `json:"name"` + }{ + Name: string(z.Zone), + } + j, err := json.Marshal(printable) + if err != nil { + // TODO + return + } + fmt.Fprintf(file, "\"zone\":") + fmt.Fprintf(file, "%s", j) + // ZoneName is always followed by something + fmt.Fprintf(file, ",") } else { - fmt.Fprintf(file, "%s", delimiter) + fmt.Fprintf(file, "zone%s%s", delimiter, z.Zone) + if 0 == (flags & PRT_ONELINE) { + fmt.Fprintf(file, "\n") + } else { + fmt.Fprintf(file, "%s", delimiter) + } } } diff --git a/main.go b/main.go index c51f0ac..89d6808 100644 --- a/main.go +++ b/main.go @@ -33,7 +33,7 @@ import ( ) const ( - version = "5.9.9a" + version = "5.9.9b" ) var ( @@ -48,12 +48,13 @@ func main() { var flags int var oneLine bool var noUserResolve bool - var timestamp bool + var syslog23 bool var json bool pflag.BoolVarP(&oneLine, "oneline", "l", false, "Prints the entire record on the same line. If this option is not specified, every token is displayed on a different line.") pflag.BoolVarP(&noUserResolve, "numeric", "n", false, "Do not convert user and group IDs to their names but leave in their numeric forms.") pflag.BoolVarP(&json, "json", "j", false, "Print compact json") + pflag.BoolVarP(&syslog23, "syslog23", "s", false, "Print time as \"2006-01-02T15:04:05.000Z07:00\", RFC339 with ms, also used on RSYSLOG_SyslogProtocol23Format. \"msec\" field will not be print in json output.") pflag.BoolVarP(&showVersion, "version", "V", false, "Show version then exit") pflag.Parse() @@ -68,8 +69,8 @@ func main() { if noUserResolve { flags = flags + PRT_NORESOLVE_USER } - if timestamp { - flags = flags + PRT_TIMESTAMP + if syslog23 { + flags = flags + PRT_TIMESYSLOG23 } if json { flags |= PRT_JSON