include syslog sender in data

2018-07-22 22:20:27 -07:00 · 2018-07-22 22:20:27 -07:00 · 285a2efdff
commit 285a2efdff
parent 9f1305b72b
2 changed files with 15 additions and 9 deletions
--- a/src/elasticsearch-template.json
+++ b/src/elasticsearch-template.json
@ -49,6 +49,9 @@
                "src_addr": {
                    "type": "ip"
                },
+                "endpoint": {
+                    "type": "ip"
+                },
                "src_city": {
                    "type": "keyword"
                },
--- a/src/server.c
+++ b/src/server.c
@ -7,7 +7,7 @@
 #include <time.h>
 #include <assert.h>
 #include <pthread.h>
-
+#include <arpa/inet.h>
 #include <json-c/json.h>

 #include "helpers.h"
@ -151,7 +151,7 @@ void bufwatch_cleanup() {
 }


-int handle_message(char* msg) {
+int handle_message(char* msg, struct sockaddr_in* sender) {
    /*TODO should we check that msg[size_recvd] == \0 ?
    printf("From host %s src port %d got message %.*s\n",
           inet_ntoa(my_peer_addr.sin_addr), ntohs(my_peer_addr.sin_port), size_recvd, msg);*/
@ -200,6 +200,11 @@ int handle_message(char* msg) {
            add_strfield(jobj, "date", time_now);
            add_strfield(jobj, "log_date", date_formtted);
            add_strfield(jobj, "app", result.application);
+
+            char sender_ip[64]; // 40
+            inet_ntop(AF_INET, &sender->sin_addr, sender_ip, sizeof(sender_ip));
+            add_strfield(jobj, "endpoint", sender_ip);
+
            pfdata_to_json(&fwdata, jobj);
            const char* json_msg = json_object_to_json_string(jobj);
            // printf("%s\n", json_msg);
@ -235,11 +240,8 @@ int run_server(int port, char* url) {
    setsockopt(sock_fd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one));

    /*Bind socket*/
-    struct sockaddr_in my_addr, my_peer_addr;
-    memset(&my_addr, 0, sizeof(my_addr));
-    my_addr.sin_family = AF_INET;
-    my_addr.sin_addr.s_addr = INADDR_ANY;
-    my_addr.sin_port = htons(port); /*host to network endianess for a short - converts a *s*hort from the *h*ost's to *n*etwork's endianness*/
+    struct sockaddr_in peer_addr;
+    struct sockaddr_in my_addr = {AF_INET, htons(port), (struct in_addr){INADDR_ANY}};
    if (bind(sock_fd, (struct sockaddr*)&my_addr, sizeof(struct sockaddr_in)) < 0)
        panic("bind failed");

@ -253,12 +255,13 @@ int run_server(int port, char* url) {
                                   msg,                             /* buffer */
                                   sizeof(msg),                     /* buffer length */
                                   0,                               /* no flags */
-                                   (struct sockaddr*)&my_peer_addr, /* who’s sending */
+                                   (struct sockaddr*)&peer_addr,    /* who's sending */
                                   &addrlen                         /* length of buffer to receive peer info */
                                   )) < 0) {
            if (running) panic("recvfrom");
            else break; /*sock was closed by exit signal*/
        }
+
        assert(size_recvd < sizeof(msg));  /*messages can't be longer than our buffer. TODO if they are longer we should
        dump it and wait until the next loop. if the next buffer is some portion of a too-long message, we can expect
        the various parsing below to fail.*/
@ -267,7 +270,7 @@ int run_server(int port, char* url) {
        msg[size_recvd] = '\0'; /*We receive 1 full string at a time*/
        /*printf("\nGot message: %s\n", msg);*/

-        handle_message(msg);
+        handle_message(msg, &peer_addr);

        printf(".");
        fflush(stdout);