yo/libbsm
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add RSYSLOG_SyslogProtocol23Format timestamp format, bugfix zone name was printed in base64

Browse Source
This commit is contained in:
yo 2023-09-10 16:32:05 +02:00
parent 2f1fc7e526
commit 99bf812571
2 changed files with 60 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
libbsm.go
View File

@ -127,7 +127,7 @@ const (
// Display control // Display control
PRT_ONELINE = 1 PRT_ONELINE = 1
PRT_NORESOLVE_USER = 2 PRT_NORESOLVE_USER = 2
PRT_TIMESTAMP = 4 PRT_TIMESYSLOG23 = 4
PRT_JSON = 8 PRT_JSON = 8
) )
@ -594,8 +594,8 @@ print_header32_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags)
*/ */
func (h *Header32) Print(file *os.File, delimiter string, flags int) { func (h *Header32) Print(file *os.File, delimiter string, flags int) {
var timeval string var timeval string
if PRT_TIMESTAMP == flags&PRT_TIMESTAMP { if PRT_TIMESYSLOG23 == flags&PRT_TIMESYSLOG23 {
timeval = strconv.Itoa(int(h.S)) timeval = time.Unix((int64)(h.S), 0).Add(time.Millisecond * (time.Duration)(h.Msec)).Format("2006-01-02T15:04:05.000Z07:00")
} else { } else {
t := time.Unix((int64)(h.S), 0) t := time.Unix((int64)(h.S), 0)
timeval = t.Format(time.UnixDate) timeval = t.Format(time.UnixDate)
@ -607,20 +607,37 @@ func (h *Header32) Print(file *os.File, delimiter string, flags int) {
} }
if flags&PRT_JSON == PRT_JSON { if flags&PRT_JSON == PRT_JSON {
printable := struct { var printable interface{}
Size uint32 `json:"size"` // Record byte count if PRT_TIMESYSLOG23 == flags&PRT_TIMESYSLOG23 {
Version uint8 `json:"version"` // version # (uchar) printable = struct {
E_type string `json:"event_type"` // Event type Size uint32 `json:"size"` // Record byte count
E_mod uint16 `json:"event_modifier"` // Event modifier Version uint8 `json:"version"` // version # (uchar)
Ts string `json:"timestamp"` // Seconds of time converted to data/hour/DST E_type string `json:"event_type"` // Event type
Msec uint32 `json:"msec"` // Milliseconds of time E_mod uint16 `json:"event_modifier"` // Event modifier
}{ Ts string `json:"timestamp"` // Seconds of time converted to RSYSLOG_SyslogProtocol23Format
Size: h.Size, }{
Version: h.Version, Size: h.Size,
E_type: evdesc, Version: h.Version,
E_mod: h.E_mod, E_type: evdesc,
Ts: timeval, E_mod: h.E_mod,
Msec: h.Msec, Ts: timeval,
}
} else {
printable = struct {
Size uint32 `json:"size"` // Record byte count
Version uint8 `json:"version"` // version # (uchar)
E_type string `json:"event_type"` // Event type
E_mod uint16 `json:"event_modifier"` // Event modifier
Ts string `json:"timestamp"` // Seconds of time converted to data/hour/DST
Msec uint32 `json:"msec"` // Milliseconds of time
}{
Size: h.Size,
Version: h.Version,
E_type: evdesc,
E_mod: h.E_mod,
Ts: timeval,
Msec: h.Msec,
}
} }
j, err := json.Marshal(printable) j, err := json.Marshal(printable)
@ -2972,11 +2989,28 @@ func (z *ZoneName) LoadFromBinary(rdr *bufio.Reader) error {
} }
func (z *ZoneName) Print(file *os.File, delimiter string, flags int) { func (z *ZoneName) Print(file *os.File, delimiter string, flags int) {
fmt.Fprintf(file, "zone%s%s", delimiter, z.Zone) if flags&PRT_JSON == PRT_JSON {
if 0 == (flags & PRT_ONELINE) { printable := struct {
fmt.Fprintf(file, "\n") Name string `json:"name"`
}{
Name: string(z.Zone),
}
j, err := json.Marshal(printable)
if err != nil {
// TODO
return
}
fmt.Fprintf(file, "\"zone\":")
fmt.Fprintf(file, "%s", j)
// ZoneName is always followed by something
fmt.Fprintf(file, ",")
} else { } else {
fmt.Fprintf(file, "%s", delimiter) fmt.Fprintf(file, "zone%s%s", delimiter, z.Zone)
if 0 == (flags & PRT_ONELINE) {
fmt.Fprintf(file, "\n")
} else {
fmt.Fprintf(file, "%s", delimiter)
}
} }
} }

9
main.go
View File

@ -33,7 +33,7 @@ import (
) )
const ( const (
version = "5.9.9a" version = "5.9.9b"
) )
var ( var (
@ -48,12 +48,13 @@ func main() {
var flags int var flags int
var oneLine bool var oneLine bool
var noUserResolve bool var noUserResolve bool
var timestamp bool var syslog23 bool
var json bool var json bool
pflag.BoolVarP(&oneLine, "oneline", "l", false, "Prints the entire record on the same line. If this option is not specified, every token is displayed on a different line.") pflag.BoolVarP(&oneLine, "oneline", "l", false, "Prints the entire record on the same line. If this option is not specified, every token is displayed on a different line.")
pflag.BoolVarP(&noUserResolve, "numeric", "n", false, "Do not convert user and group IDs to their names but leave in their numeric forms.") pflag.BoolVarP(&noUserResolve, "numeric", "n", false, "Do not convert user and group IDs to their names but leave in their numeric forms.")
pflag.BoolVarP(&json, "json", "j", false, "Print compact json") pflag.BoolVarP(&json, "json", "j", false, "Print compact json")
pflag.BoolVarP(&syslog23, "syslog23", "s", false, "Print time as \"2006-01-02T15:04:05.000Z07:00\", RFC339 with ms, also used on RSYSLOG_SyslogProtocol23Format. \"msec\" field will not be print in json output.")
pflag.BoolVarP(&showVersion, "version", "V", false, "Show version then exit") pflag.BoolVarP(&showVersion, "version", "V", false, "Show version then exit")
pflag.Parse() pflag.Parse()
@ -68,8 +69,8 @@ func main() {
if noUserResolve { if noUserResolve {
flags = flags + PRT_NORESOLVE_USER flags = flags + PRT_NORESOLVE_USER
} }
if timestamp { if syslog23 {
flags = flags + PRT_TIMESTAMP flags = flags + PRT_TIMESYSLOG23
} }
if json { if json {
flags |= PRT_JSON flags |= PRT_JSON