Add RSYSLOG_SyslogProtocol23Format timestamp format, bugfix zone name was printed in base64

2023-09-10 16:32:05 +02:00 · 2023-09-10 16:32:05 +02:00 · 99bf812571
commit 99bf812571
parent 2f1fc7e526
2 changed files with 60 additions and 25 deletions
--- a/libbsm.go
+++ b/libbsm.go
@ -127,7 +127,7 @@ const (
 	// Display control
 	PRT_ONELINE        = 1
 	PRT_NORESOLVE_USER = 2
-	PRT_TIMESTAMP      = 4
+	PRT_TIMESYSLOG23   = 4
 	PRT_JSON           = 8
 )

@ -594,8 +594,8 @@ print_header32_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags)
 */
 func (h *Header32) Print(file *os.File, delimiter string, flags int) {
 	var timeval string
-	if PRT_TIMESTAMP == flags&PRT_TIMESTAMP {
-		timeval = strconv.Itoa(int(h.S))
+	if PRT_TIMESYSLOG23 == flags&PRT_TIMESYSLOG23 {
+		timeval = time.Unix((int64)(h.S), 0).Add(time.Millisecond * (time.Duration)(h.Msec)).Format("2006-01-02T15:04:05.000Z07:00")
 	} else {
 		t := time.Unix((int64)(h.S), 0)
 		timeval = t.Format(time.UnixDate)
@ -607,20 +607,37 @@ func (h *Header32) Print(file *os.File, delimiter string, flags int) {
 	}

 	if flags&PRT_JSON == PRT_JSON {
-		printable := struct {
-			Size    uint32 `json:"size"`           // Record byte count
-			Version uint8  `json:"version"`        // version # (uchar)
-			E_type  string `json:"event_type"`     // Event type
-			E_mod   uint16 `json:"event_modifier"` // Event modifier
-			Ts      string `json:"timestamp"`      // Seconds of time converted to data/hour/DST
-			Msec    uint32 `json:"msec"`           // Milliseconds of time
-		}{
-			Size:    h.Size,
-			Version: h.Version,
-			E_type:  evdesc,
-			E_mod:   h.E_mod,
-			Ts:      timeval,
-			Msec:    h.Msec,
+		var printable interface{}
+		if PRT_TIMESYSLOG23 == flags&PRT_TIMESYSLOG23 {
+			printable = struct {
+				Size    uint32 `json:"size"`           // Record byte count
+				Version uint8  `json:"version"`        // version # (uchar)
+				E_type  string `json:"event_type"`     // Event type
+				E_mod   uint16 `json:"event_modifier"` // Event modifier
+				Ts      string `json:"timestamp"`      // Seconds of time converted to RSYSLOG_SyslogProtocol23Format
+			}{
+				Size:    h.Size,
+				Version: h.Version,
+				E_type:  evdesc,
+				E_mod:   h.E_mod,
+				Ts:      timeval,
+			}
+		} else {
+			printable = struct {
+				Size    uint32 `json:"size"`           // Record byte count
+				Version uint8  `json:"version"`        // version # (uchar)
+				E_type  string `json:"event_type"`     // Event type
+				E_mod   uint16 `json:"event_modifier"` // Event modifier
+				Ts      string `json:"timestamp"`      // Seconds of time converted to data/hour/DST
+				Msec    uint32 `json:"msec"`           // Milliseconds of time
+			}{
+				Size:    h.Size,
+				Version: h.Version,
+				E_type:  evdesc,
+				E_mod:   h.E_mod,
+				Ts:      timeval,
+				Msec:    h.Msec,
+			}
 		}

 		j, err := json.Marshal(printable)
@ -2972,11 +2989,28 @@ func (z *ZoneName) LoadFromBinary(rdr *bufio.Reader) error {
 }

 func (z *ZoneName) Print(file *os.File, delimiter string, flags int) {
-	fmt.Fprintf(file, "zone%s%s", delimiter, z.Zone)
-	if 0 == (flags & PRT_ONELINE) {
-		fmt.Fprintf(file, "\n")
+	if flags&PRT_JSON == PRT_JSON {
+		printable := struct {
+			Name   string `json:"name"`
+		}{
+			Name:   string(z.Zone),
+		}
+		j, err := json.Marshal(printable)
+		if err != nil {
+			// TODO
+			return
+		}
+		fmt.Fprintf(file, "\"zone\":")
+		fmt.Fprintf(file, "%s", j)
+		// ZoneName is always followed by something
+		fmt.Fprintf(file, ",")
 	} else {
-		fmt.Fprintf(file, "%s", delimiter)
+		fmt.Fprintf(file, "zone%s%s", delimiter, z.Zone)
+		if 0 == (flags & PRT_ONELINE) {
+			fmt.Fprintf(file, "\n")
+		} else {
+			fmt.Fprintf(file, "%s", delimiter)
+		}
 	}
 }

--- a/main.go
+++ b/main.go
@ -33,7 +33,7 @@ import (
 )

 const (
-	version = "5.9.9a"
+	version = "5.9.9b"
 )

 var (
@ -48,12 +48,13 @@ func main() {
 	var flags int
 	var oneLine bool
 	var noUserResolve bool
-	var timestamp bool
+	var syslog23 bool
 	var json bool

 	pflag.BoolVarP(&oneLine, "oneline", "l", false, "Prints the entire record on the same line. If this option is not specified, every token is displayed on a different line.")
 	pflag.BoolVarP(&noUserResolve, "numeric", "n", false, "Do not convert user and group IDs to their names but leave in their numeric forms.")
 	pflag.BoolVarP(&json, "json", "j", false, "Print compact json")
+	pflag.BoolVarP(&syslog23, "syslog23", "s", false, "Print time as \"2006-01-02T15:04:05.000Z07:00\", RFC339 with ms, also used on RSYSLOG_SyslogProtocol23Format. \"msec\" field will not be print in json output.")
 	pflag.BoolVarP(&showVersion, "version", "V", false, "Show version then exit")

 	pflag.Parse()
@ -68,8 +69,8 @@ func main() {
 	if noUserResolve {
 		flags = flags + PRT_NORESOLVE_USER
 	}
-	if timestamp {
-		flags = flags + PRT_TIMESTAMP
+	if syslog23 {
+		flags = flags + PRT_TIMESYSLOG23
 	}
 	if json {
 		flags |= PRT_JSON