void plog_handler(_SaganSigArgs *args )
{
pcap_t *bp;
struct bpf_program filtr;
char *iface=NULL;
char eb[PCAP_ERRBUF_SIZE];
char filterstr[128];
iface = config->plog_interface;
Sagan_Log(S_NORMAL, "");
Sagan_Log(S_NORMAL, "Initalizing Sagan syslog sniffer thread (PLOG)");
Sagan_Log(S_NORMAL, "Interface: %s", iface);
Sagan_Log(S_NORMAL, "Packet filter: \"%s\"", config->plog_filter);
Sagan_Log(S_NORMAL, "Log device: %s", config->plog_logdev);
if ( config->plog_promiscuous )
{
Sagan_Log(S_NORMAL, "Promiscuous is enabled.");
}
Sagan_Log(S_NORMAL, "");
if(iface == (char *)0)
{
if((iface = pcap_lookupdev(eb)) == (char *)0)
Sagan_Log(S_ERROR, "[%s, line %d] Cannot get device: %s", __FILE__, __LINE__, eb);
}
bp = pcap_open_live(iface,4096,config->plog_promiscuous,0,eb);
if(bp == (pcap_t *)0)
Sagan_Log(S_ERROR, "[%s, line %d] Cannot open interface %s: %s", __FILE__, __LINE__, iface, eb);
/* Apply user defined filter */
if(pcap_compile(bp,&filtr,config->plog_filter,1,0))
Sagan_Log(S_ERROR, "[%s, line %d] Cannot compile filter: %s", __FILE__, __LINE__, eb);
if(pcap_setfilter(bp,&filtr))
Sagan_Log(S_ERROR, "[%s, line %d] Cannot install filter in %s: %s", __FILE__, __LINE__, iface, eb);
/* wireup /dev/log; we can't use openlog() because these are going to be raw inputs */
if(wiredevlog(config))
{
Remove_Lock_File();
Sagan_Log(S_ERROR, "[%s, line %d] Cannot open %s (Syslog not using SOCK_DGRAM?)", __FILE__, __LINE__, config->plog_logdev);
}
/* endless loop */
(void)pcap_loop(bp,-1,logpkt, (u_char*)args);
pcap_close(bp);
exit(0);
}
void plog_handler(_SaganSigArgs *args )
{
pcap_t *bp;
struct bpf_program filtr;
char *iface=NULL;
char eb[PCAP_ERRBUF_SIZE];
char filterstr[128];
iface = config->plog_interface;
Sagan_Log(0, "");
Sagan_Log(0, "Initalizing Sagan syslog sniffer thread (PLOG)");
Sagan_Log(0, "Interface: %s", iface);
Sagan_Log(0, "UDP port to monitor: %d", config->plog_port);
Sagan_Log(0, "Log device: %s", config->plog_logdev);
Sagan_Log(0, "");
if(iface == (char *)0) {
if((iface = pcap_lookupdev(eb)) == (char *)0)
Sagan_Log(1, "[%s, line %d] Cannot get device: %s", __FILE__, __LINE__, eb);
}
bp = pcap_open_live(iface,4096,0,0,eb);
if(bp == (pcap_t *)0)
Sagan_Log(1, "[%s, line %d] Cannot open interface %s: %s", __FILE__, __LINE__, iface, eb);
/* compile and install our filter */
/* Port is configurable via int config->plog_port */
snprintf(filterstr, sizeof(filterstr), "udp port %d", config->plog_port);
if(pcap_compile(bp,&filtr,filterstr,1,0))
Sagan_Log(1, "[%s, line %d] Cannot compile filter: %s", __FILE__, __LINE__, eb);
if(pcap_setfilter(bp,&filtr))
Sagan_Log(1, "[%s, line %d] Cannot install filter in %s: %s", __FILE__, __LINE__, iface, eb);
/* wireup /dev/log; we can't use openlog() because these are going to be raw inputs */
if(wiredevlog(config)) {
Remove_Lock_File();
Sagan_Log(1, "[%s, line %d] Cannot open %s (Syslog not using SOCK_DGRAM?)", __FILE__, __LINE__, config->plog_logdev);
}
/* endless loop */
(void)pcap_loop(bp,-1,logpkt, (u_char*)args);
pcap_close(bp);
exit(0);
}