|
|
@ -0,0 +1,441 @@ |
|
|
|
From 9d9ea2cd70a369a7f665a322e6c53631e01a2570 Mon Sep 17 00:00:00 2001 |
|
|
|
From: Andreas Jaggi <andreas.jaggi@waterwave.ch> |
|
|
|
Date: Wed, 30 May 2018 22:15:36 +0200 |
|
|
|
Subject: ulogd: json: send messages to a remote host / unix socket |
|
|
|
|
|
|
|
Extend the JSON output plugin so that the generated JSON stream can be |
|
|
|
sent to a remote host via TCP/UDP or to a local unix socket. |
|
|
|
|
|
|
|
Signed-off-by: Andreas Jaggi <andreas.jaggi@waterwave.ch> |
|
|
|
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> |
|
|
|
---
|
|
|
|
output/ulogd_output_JSON.c | 291 +++++++++++++++++++++++++++++++++++++++++---- |
|
|
|
ulogd.conf.in | 11 ++ |
|
|
|
2 files changed, 281 insertions(+), 21 deletions(-) |
|
|
|
|
|
|
|
diff --git a/output/ulogd_output_JSON.c b/output/ulogd_output_JSON.c
|
|
|
|
index 4d8e3e9..6edfa90 100644
|
|
|
|
--- a/output/ulogd_output_JSON.c
|
|
|
|
+++ b/output/ulogd_output_JSON.c
|
|
|
|
@@ -20,10 +20,15 @@
|
|
|
|
|
|
|
|
#include <stdio.h> |
|
|
|
#include <stdlib.h> |
|
|
|
+#include <unistd.h>
|
|
|
|
#include <string.h> |
|
|
|
#include <time.h> |
|
|
|
#include <errno.h> |
|
|
|
#include <inttypes.h> |
|
|
|
+#include <sys/types.h>
|
|
|
|
+#include <sys/socket.h>
|
|
|
|
+#include <sys/un.h>
|
|
|
|
+#include <netdb.h>
|
|
|
|
#include <ulogd/ulogd.h> |
|
|
|
#include <ulogd/conffile.h> |
|
|
|
#include <jansson.h> |
|
|
|
@@ -36,6 +41,10 @@
|
|
|
|
#define ULOGD_JSON_DEFAULT_DEVICE "Netfilter" |
|
|
|
#endif |
|
|
|
|
|
|
|
+#define host_ce(x) (x->ces[JSON_CONF_HOST])
|
|
|
|
+#define port_ce(x) (x->ces[JSON_CONF_PORT])
|
|
|
|
+#define mode_ce(x) (x->ces[JSON_CONF_MODE])
|
|
|
|
+#define file_ce(x) (x->ces[JSON_CONF_FILENAME])
|
|
|
|
#define unlikely(x) __builtin_expect((x),0) |
|
|
|
|
|
|
|
struct json_priv { |
|
|
|
@@ -44,6 +53,15 @@ struct json_priv {
|
|
|
|
int usec_idx; |
|
|
|
long cached_gmtoff; |
|
|
|
char cached_tz[6]; /* eg +0200 */ |
|
|
|
+ int mode;
|
|
|
|
+ int sock;
|
|
|
|
+};
|
|
|
|
+
|
|
|
|
+enum json_mode {
|
|
|
|
+ JSON_MODE_FILE = 0,
|
|
|
|
+ JSON_MODE_TCP,
|
|
|
|
+ JSON_MODE_UDP,
|
|
|
|
+ JSON_MODE_UNIX
|
|
|
|
}; |
|
|
|
|
|
|
|
enum json_conf { |
|
|
|
@@ -53,6 +71,9 @@ enum json_conf {
|
|
|
|
JSON_CONF_EVENTV1, |
|
|
|
JSON_CONF_DEVICE, |
|
|
|
JSON_CONF_BOOLEAN_LABEL, |
|
|
|
+ JSON_CONF_MODE,
|
|
|
|
+ JSON_CONF_HOST,
|
|
|
|
+ JSON_CONF_PORT,
|
|
|
|
JSON_CONF_MAX |
|
|
|
}; |
|
|
|
|
|
|
|
@@ -95,15 +116,167 @@ static struct config_keyset json_kset = {
|
|
|
|
.options = CONFIG_OPT_NONE, |
|
|
|
.u = { .value = 0 }, |
|
|
|
}, |
|
|
|
+ [JSON_CONF_MODE] = {
|
|
|
|
+ .key = "mode",
|
|
|
|
+ .type = CONFIG_TYPE_STRING,
|
|
|
|
+ .options = CONFIG_OPT_NONE,
|
|
|
|
+ .u = { .string = "file" },
|
|
|
|
+ },
|
|
|
|
+ [JSON_CONF_HOST] = {
|
|
|
|
+ .key = "host",
|
|
|
|
+ .type = CONFIG_TYPE_STRING,
|
|
|
|
+ .options = CONFIG_OPT_NONE,
|
|
|
|
+ .u = { .string = "127.0.0.1" },
|
|
|
|
+ },
|
|
|
|
+ [JSON_CONF_PORT] = {
|
|
|
|
+ .key = "port",
|
|
|
|
+ .type = CONFIG_TYPE_STRING,
|
|
|
|
+ .options = CONFIG_OPT_NONE,
|
|
|
|
+ .u = { .string = "12345" },
|
|
|
|
+ },
|
|
|
|
}, |
|
|
|
}; |
|
|
|
|
|
|
|
+static void close_socket(struct json_priv *op) {
|
|
|
|
+ if (op->sock != -1) {
|
|
|
|
+ close(op->sock);
|
|
|
|
+ op->sock = -1;
|
|
|
|
+ }
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
+static int _connect_socket_unix(struct ulogd_pluginstance *pi)
|
|
|
|
+{
|
|
|
|
+ struct json_priv *op = (struct json_priv *) &pi->private;
|
|
|
|
+ struct sockaddr_un u_addr;
|
|
|
|
+ int sfd;
|
|
|
|
+
|
|
|
|
+ close_socket(op);
|
|
|
|
+
|
|
|
|
+ ulogd_log(ULOGD_DEBUG, "connecting to unix:%s\n",
|
|
|
|
+ file_ce(pi->config_kset).u.string);
|
|
|
|
+
|
|
|
|
+ sfd = socket(AF_UNIX, SOCK_STREAM, 0);
|
|
|
|
+ if (sfd == -1) {
|
|
|
|
+ return -1;
|
|
|
|
+ }
|
|
|
|
+ u_addr.sun_family = AF_UNIX;
|
|
|
|
+ strncpy(u_addr.sun_path, file_ce(pi->config_kset).u.string,
|
|
|
|
+ sizeof(u_addr.sun_path) - 1);
|
|
|
|
+ if (connect(sfd, (struct sockaddr *) &u_addr, sizeof(struct sockaddr_un)) == -1) {
|
|
|
|
+ close(sfd);
|
|
|
|
+ return -1;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ op->sock = sfd;
|
|
|
|
+
|
|
|
|
+ return 0;
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
+static int _connect_socket_net(struct ulogd_pluginstance *pi)
|
|
|
|
+{
|
|
|
|
+ struct json_priv *op = (struct json_priv *) &pi->private;
|
|
|
|
+ struct addrinfo hints;
|
|
|
|
+ struct addrinfo *result, *rp;
|
|
|
|
+ int sfd, s;
|
|
|
|
+
|
|
|
|
+ close_socket(op);
|
|
|
|
+
|
|
|
|
+ ulogd_log(ULOGD_DEBUG, "connecting to %s:%s\n",
|
|
|
|
+ host_ce(pi->config_kset).u.string,
|
|
|
|
+ port_ce(pi->config_kset).u.string);
|
|
|
|
+
|
|
|
|
+ memset(&hints, 0, sizeof(struct addrinfo));
|
|
|
|
+ hints.ai_family = AF_UNSPEC;
|
|
|
|
+ hints.ai_socktype = op->mode == JSON_MODE_UDP ? SOCK_DGRAM : SOCK_STREAM;
|
|
|
|
+ hints.ai_protocol = 0;
|
|
|
|
+ hints.ai_flags = 0;
|
|
|
|
+
|
|
|
|
+ s = getaddrinfo(host_ce(pi->config_kset).u.string,
|
|
|
|
+ port_ce(pi->config_kset).u.string, &hints, &result);
|
|
|
|
+ if (s != 0) {
|
|
|
|
+ ulogd_log(ULOGD_ERROR, "getaddrinfo: %s\n", gai_strerror(s));
|
|
|
|
+ return -1;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ for (rp = result; rp != NULL; rp = rp->ai_next) {
|
|
|
|
+ int on = 1;
|
|
|
|
+
|
|
|
|
+ sfd = socket(rp->ai_family, rp->ai_socktype,
|
|
|
|
+ rp->ai_protocol);
|
|
|
|
+ if (sfd == -1)
|
|
|
|
+ continue;
|
|
|
|
+
|
|
|
|
+ setsockopt(sfd, SOL_SOCKET, SO_REUSEADDR,
|
|
|
|
+ (char *) &on, sizeof(on));
|
|
|
|
+
|
|
|
|
+ if (connect(sfd, rp->ai_addr, rp->ai_addrlen) != -1)
|
|
|
|
+ break;
|
|
|
|
+
|
|
|
|
+ close(sfd);
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ freeaddrinfo(result);
|
|
|
|
+
|
|
|
|
+ if (rp == NULL) {
|
|
|
|
+ return -1;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ op->sock = sfd;
|
|
|
|
+
|
|
|
|
+ return 0;
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
+static int _connect_socket(struct ulogd_pluginstance *pi)
|
|
|
|
+{
|
|
|
|
+ struct json_priv *op = (struct json_priv *) &pi->private;
|
|
|
|
+
|
|
|
|
+ if (op->mode == JSON_MODE_UNIX)
|
|
|
|
+ return _connect_socket_unix(pi);
|
|
|
|
+ else
|
|
|
|
+ return _connect_socket_net(pi);
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
+static int json_interp_socket(struct ulogd_pluginstance *upi, char *buf, int buflen)
|
|
|
|
+{
|
|
|
|
+ struct json_priv *opi = (struct json_priv *) &upi->private;
|
|
|
|
+ int ret = 0;
|
|
|
|
+
|
|
|
|
+ if (opi->sock != -1)
|
|
|
|
+ ret = send(opi->sock, buf, buflen, MSG_NOSIGNAL);
|
|
|
|
+ free(buf);
|
|
|
|
+ if (ret != buflen) {
|
|
|
|
+ ulogd_log(ULOGD_ERROR, "Failure sending message: %s\n",
|
|
|
|
+ strerror(errno));
|
|
|
|
+ if (ret == -1 || opi->sock == -1)
|
|
|
|
+ return _connect_socket(upi);
|
|
|
|
+ else
|
|
|
|
+ return ULOGD_IRET_ERR;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ return ULOGD_IRET_OK;
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
+static int json_interp_file(struct ulogd_pluginstance *upi, char *buf)
|
|
|
|
+{
|
|
|
|
+ struct json_priv *opi = (struct json_priv *) &upi->private;
|
|
|
|
+
|
|
|
|
+ fprintf(opi->of, "%s", buf);
|
|
|
|
+ free(buf);
|
|
|
|
+
|
|
|
|
+ if (upi->config_kset->ces[JSON_CONF_SYNC].u.value != 0)
|
|
|
|
+ fflush(opi->of);
|
|
|
|
+
|
|
|
|
+ return ULOGD_IRET_OK;
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
#define MAX_LOCAL_TIME_STRING 38 |
|
|
|
|
|
|
|
static int json_interp(struct ulogd_pluginstance *upi) |
|
|
|
{ |
|
|
|
struct json_priv *opi = (struct json_priv *) &upi->private; |
|
|
|
unsigned int i; |
|
|
|
+ char *buf;
|
|
|
|
+ int buflen;
|
|
|
|
json_t *msg; |
|
|
|
|
|
|
|
msg = json_object(); |
|
|
|
@@ -218,34 +391,65 @@ static int json_interp(struct ulogd_pluginstance *upi)
|
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
- json_dumpf(msg, opi->of, 0);
|
|
|
|
- fprintf(opi->of, "\n");
|
|
|
|
|
|
|
|
+ buf = json_dumps(msg, 0);
|
|
|
|
json_decref(msg); |
|
|
|
+ if (buf == NULL) {
|
|
|
|
+ ulogd_log(ULOGD_ERROR, "Could not create message\n");
|
|
|
|
+ return ULOGD_IRET_ERR;
|
|
|
|
+ }
|
|
|
|
+ buflen = strlen(buf);
|
|
|
|
+ buf = realloc(buf, sizeof(char)*(buflen+2));
|
|
|
|
+ if (buf == NULL) {
|
|
|
|
+ ulogd_log(ULOGD_ERROR, "Could not create message\n");
|
|
|
|
+ return ULOGD_IRET_ERR;
|
|
|
|
+ }
|
|
|
|
+ strncat(buf, "\n", 1);
|
|
|
|
+ buflen++;
|
|
|
|
|
|
|
|
- if (upi->config_kset->ces[JSON_CONF_SYNC].u.value != 0)
|
|
|
|
- fflush(opi->of);
|
|
|
|
+ if (opi->mode == JSON_MODE_FILE)
|
|
|
|
+ return json_interp_file(upi, buf);
|
|
|
|
+ else
|
|
|
|
+ return json_interp_socket(upi, buf, buflen);
|
|
|
|
+}
|
|
|
|
|
|
|
|
- return ULOGD_IRET_OK;
|
|
|
|
+static void reopen_file(struct ulogd_pluginstance *upi)
|
|
|
|
+{
|
|
|
|
+ struct json_priv *oi = (struct json_priv *) &upi->private;
|
|
|
|
+ FILE *old = oi->of;
|
|
|
|
+
|
|
|
|
+ ulogd_log(ULOGD_NOTICE, "JSON: reopening logfile\n");
|
|
|
|
+ oi->of = fopen(upi->config_kset->ces[0].u.string, "a");
|
|
|
|
+ if (!oi->of) {
|
|
|
|
+ ulogd_log(ULOGD_ERROR, "can't open JSON "
|
|
|
|
+ "log file: %s\n",
|
|
|
|
+ strerror(errno));
|
|
|
|
+ oi->of = old;
|
|
|
|
+ } else {
|
|
|
|
+ fclose(old);
|
|
|
|
+ }
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
+static void reopen_socket(struct ulogd_pluginstance *upi)
|
|
|
|
+{
|
|
|
|
+ ulogd_log(ULOGD_NOTICE, "JSON: reopening socket\n");
|
|
|
|
+ if (_connect_socket(upi) < 0) {
|
|
|
|
+ ulogd_log(ULOGD_ERROR, "can't open JSON "
|
|
|
|
+ "socket: %s\n",
|
|
|
|
+ strerror(errno));
|
|
|
|
+ }
|
|
|
|
} |
|
|
|
|
|
|
|
static void sighup_handler_print(struct ulogd_pluginstance *upi, int signal) |
|
|
|
{ |
|
|
|
struct json_priv *oi = (struct json_priv *) &upi->private; |
|
|
|
- FILE *old = oi->of;
|
|
|
|
|
|
|
|
switch (signal) { |
|
|
|
case SIGHUP: |
|
|
|
- ulogd_log(ULOGD_NOTICE, "JSON: reopening logfile\n");
|
|
|
|
- oi->of = fopen(upi->config_kset->ces[0].u.string, "a");
|
|
|
|
- if (!oi->of) {
|
|
|
|
- ulogd_log(ULOGD_ERROR, "can't open JSON "
|
|
|
|
- "log file: %s\n",
|
|
|
|
- strerror(errno));
|
|
|
|
- oi->of = old;
|
|
|
|
- } else {
|
|
|
|
- fclose(old);
|
|
|
|
- }
|
|
|
|
+ if (oi->mode == JSON_MODE_FILE)
|
|
|
|
+ reopen_file(upi);
|
|
|
|
+ else
|
|
|
|
+ reopen_socket(upi);
|
|
|
|
break; |
|
|
|
default: |
|
|
|
break; |
|
|
|
@@ -255,6 +459,8 @@ static void sighup_handler_print(struct ulogd_pluginstance *upi, int signal)
|
|
|
|
static int json_configure(struct ulogd_pluginstance *upi, |
|
|
|
struct ulogd_pluginstance_stack *stack) |
|
|
|
{ |
|
|
|
+ struct json_priv *op = (struct json_priv *) &upi->private;
|
|
|
|
+ char *mode_str = mode_ce(upi->config_kset).u.string;
|
|
|
|
int ret; |
|
|
|
|
|
|
|
ret = ulogd_wildcard_inputkeys(upi); |
|
|
|
@@ -265,13 +471,25 @@ static int json_configure(struct ulogd_pluginstance *upi,
|
|
|
|
if (ret < 0) |
|
|
|
return ret; |
|
|
|
|
|
|
|
+ if (!strcasecmp(mode_str, "udp")) {
|
|
|
|
+ op->mode = JSON_MODE_UDP;
|
|
|
|
+ } else if (!strcasecmp(mode_str, "tcp")) {
|
|
|
|
+ op->mode = JSON_MODE_TCP;
|
|
|
|
+ } else if (!strcasecmp(mode_str, "unix")) {
|
|
|
|
+ op->mode = JSON_MODE_UNIX;
|
|
|
|
+ } else if (!strcasecmp(mode_str, "file")) {
|
|
|
|
+ op->mode = JSON_MODE_FILE;
|
|
|
|
+ } else {
|
|
|
|
+ ulogd_log(ULOGD_ERROR, "unknown mode '%s'\n", mode_str);
|
|
|
|
+ return -EINVAL;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
return 0; |
|
|
|
} |
|
|
|
|
|
|
|
-static int json_init(struct ulogd_pluginstance *upi)
|
|
|
|
+static int json_init_file(struct ulogd_pluginstance *upi)
|
|
|
|
{ |
|
|
|
struct json_priv *op = (struct json_priv *) &upi->private; |
|
|
|
- unsigned int i;
|
|
|
|
|
|
|
|
op->of = fopen(upi->config_kset->ces[0].u.string, "a"); |
|
|
|
if (!op->of) { |
|
|
|
@@ -280,6 +498,27 @@ static int json_init(struct ulogd_pluginstance *upi)
|
|
|
|
return -1; |
|
|
|
} |
|
|
|
|
|
|
|
+ return 0;
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
+static int json_init_socket(struct ulogd_pluginstance *upi)
|
|
|
|
+{
|
|
|
|
+ struct json_priv *op = (struct json_priv *) &upi->private;
|
|
|
|
+
|
|
|
|
+ if (host_ce(upi->config_kset).u.string == NULL)
|
|
|
|
+ return -1;
|
|
|
|
+ if (port_ce(upi->config_kset).u.string == NULL)
|
|
|
|
+ return -1;
|
|
|
|
+
|
|
|
|
+ op->sock = -1;
|
|
|
|
+ return _connect_socket(upi);
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
+static int json_init(struct ulogd_pluginstance *upi)
|
|
|
|
+{
|
|
|
|
+ struct json_priv *op = (struct json_priv *) &upi->private;
|
|
|
|
+ unsigned int i;
|
|
|
|
+
|
|
|
|
/* search for time */ |
|
|
|
op->sec_idx = -1; |
|
|
|
op->usec_idx = -1; |
|
|
|
@@ -293,15 +532,25 @@ static int json_init(struct ulogd_pluginstance *upi)
|
|
|
|
|
|
|
|
*op->cached_tz = '\0'; |
|
|
|
|
|
|
|
- return 0;
|
|
|
|
+ if (op->mode == JSON_MODE_FILE)
|
|
|
|
+ return json_init_file(upi);
|
|
|
|
+ else
|
|
|
|
+ return json_init_socket(upi);
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
+static void close_file(FILE *of) {
|
|
|
|
+ if (of != stdout)
|
|
|
|
+ fclose(of);
|
|
|
|
} |
|
|
|
|
|
|
|
static int json_fini(struct ulogd_pluginstance *pi) |
|
|
|
{ |
|
|
|
struct json_priv *op = (struct json_priv *) &pi->private; |
|
|
|
|
|
|
|
- if (op->of != stdout)
|
|
|
|
- fclose(op->of);
|
|
|
|
+ if (op->mode == JSON_MODE_FILE)
|
|
|
|
+ close_file(op->of);
|
|
|
|
+ else
|
|
|
|
+ close_socket(op);
|
|
|
|
|
|
|
|
return 0; |
|
|
|
} |
|
|
|
diff --git a/ulogd.conf.in b/ulogd.conf.in
|
|
|
|
index 62222db..99cfc24 100644
|
|
|
|
--- a/ulogd.conf.in
|
|
|
|
+++ b/ulogd.conf.in
|
|
|
|
@@ -213,6 +213,17 @@ sync=1
|
|
|
|
# Uncomment the following line to use JSON v1 event format that |
|
|
|
# can provide better compatility with some JSON file reader. |
|
|
|
#eventv1=1 |
|
|
|
+# Uncomment the following lines to send the JSON logs to a remote host via UDP
|
|
|
|
+#mode="udp"
|
|
|
|
+#host="192.0.2.10"
|
|
|
|
+#port="10210"
|
|
|
|
+# Uncomment the following lines to send the JSON logs to a remote host via TCP
|
|
|
|
+#mode="tcp"
|
|
|
|
+#host="192.0.2.10"
|
|
|
|
+#port="10210"
|
|
|
|
+# Uncomment the following lines to send the JSON logs to a local unix socket
|
|
|
|
+#mode="unix"
|
|
|
|
+#file="/var/run/ulogd.socket"
|
|
|
|
|
|
|
|
[pcap1] |
|
|
|
#default file is /var/log/ulogd.pcap |
|
|
|
--
|
|
|
|
cgit v1.2.1 |
|
|
|
|