mirror of https://github.com/tstack/lnav
parent
c52240a25d
commit
8bb034eeeb
@ -0,0 +1,76 @@
|
||||
{
|
||||
"$schema": "https://lnav.org/schemas/format-v1.schema.json",
|
||||
"pcap_log": {
|
||||
"json": true,
|
||||
"description": "pcap log format",
|
||||
"mime-types": [
|
||||
"application/vnd.tcpdump.pcap"
|
||||
],
|
||||
"multiline": false,
|
||||
"line-format": [
|
||||
{ "field": "time" },
|
||||
" ",
|
||||
{
|
||||
"field": "source",
|
||||
"min-width": 15,
|
||||
"align": "right"
|
||||
},
|
||||
" → ",
|
||||
{
|
||||
"field": "destination",
|
||||
"min-width": 15,
|
||||
"align": "left"
|
||||
},
|
||||
" ",
|
||||
{
|
||||
"field": "protocol",
|
||||
"min-width": 7,
|
||||
"align": "left"
|
||||
},
|
||||
" ",
|
||||
{
|
||||
"field": "length",
|
||||
"min-width": 4,
|
||||
"align": "right"
|
||||
},
|
||||
" ",
|
||||
{ "field": "info" }
|
||||
],
|
||||
"level": {
|
||||
"warning": "^6291456$",
|
||||
"error": "^8388608$"
|
||||
},
|
||||
"timestamp-field": "time",
|
||||
"level-pointer": "/_ws_expert__ws_expert_severity$",
|
||||
"body-field": "info",
|
||||
"hide-extra": true,
|
||||
"value": {
|
||||
"source": {
|
||||
"kind": "string",
|
||||
"foreign-key": true,
|
||||
"collate": "ipaddress",
|
||||
"identifier": true
|
||||
},
|
||||
"destination": {
|
||||
"kind": "string",
|
||||
"foreign-key": true,
|
||||
"collate": "ipaddress",
|
||||
"identifier": true
|
||||
},
|
||||
"protocol": {
|
||||
"kind": "string",
|
||||
"identifier": true
|
||||
},
|
||||
"length": {
|
||||
"kind": "integer"
|
||||
},
|
||||
"info": {
|
||||
"kind": "string"
|
||||
},
|
||||
"layers": {
|
||||
"kind": "json",
|
||||
"hidden": true
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
@ -0,0 +1,129 @@
|
||||
/**
|
||||
* Copyright (c) 2021, Timothy Stack
|
||||
*
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions are met:
|
||||
*
|
||||
* * Redistributions of source code must retain the above copyright notice, this
|
||||
* list of conditions and the following disclaimer.
|
||||
* * Redistributions in binary form must reproduce the above copyright notice,
|
||||
* this list of conditions and the following disclaimer in the documentation
|
||||
* and/or other materials provided with the distribution.
|
||||
* * Neither the name of Timothy Stack nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ''AS IS'' AND ANY
|
||||
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
||||
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
||||
* DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY
|
||||
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
||||
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
|
||||
* ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*
|
||||
* @file pcap_manager.cc
|
||||
*/
|
||||
|
||||
#include "config.h"
|
||||
|
||||
#include <vector>
|
||||
#include <thread>
|
||||
|
||||
#include <unistd.h>
|
||||
|
||||
#include "pcap_manager.hh"
|
||||
#include "lnav_util.hh"
|
||||
#include "line_buffer.hh"
|
||||
|
||||
namespace pcap_manager {
|
||||
|
||||
Result<convert_result, std::string>
|
||||
convert(const std::string &filename)
|
||||
{
|
||||
log_info("attempting to convert pcap file -- %s", filename.c_str());
|
||||
|
||||
auto outfile = TRY(open_temp_file(
|
||||
ghc::filesystem::temp_directory_path() / "lnav.pcap.XXXXXX"));
|
||||
ghc::filesystem::remove(outfile.first);
|
||||
auto err_pipe = TRY(auto_pipe::for_child_fd(STDERR_FILENO));
|
||||
auto child = TRY(lnav::pid::from_fork());
|
||||
|
||||
err_pipe.after_fork(child.in());
|
||||
if (child.in_child()) {
|
||||
auto dev_null = open("/dev/null", O_RDONLY);
|
||||
|
||||
dup2(dev_null, STDIN_FILENO);
|
||||
dup2(outfile.second, STDOUT_FILENO);
|
||||
|
||||
const char *args[] = {
|
||||
"tshark",
|
||||
"-T", "ek",
|
||||
"-P",
|
||||
"-V",
|
||||
"-t", "ad",
|
||||
"-r", filename.c_str(),
|
||||
nullptr,
|
||||
};
|
||||
|
||||
execvp("tshark", (char **) args);
|
||||
if (errno == ENOENT) {
|
||||
fprintf(stderr,
|
||||
"pcap support requires 'tshark' v3+ to be installed\n");
|
||||
} else {
|
||||
fprintf(stderr,
|
||||
"failed to execute 'tshark' -- %s\n",
|
||||
strerror(errno));
|
||||
}
|
||||
_exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
auto error_queue = std::make_shared<std::vector<std::string>>();
|
||||
std::thread err_reader([err = std::move(err_pipe.read_end()), error_queue, child_pid=child.in()]() mutable {
|
||||
line_buffer lb;
|
||||
file_range pipe_range;
|
||||
bool done = false;
|
||||
|
||||
lb.set_fd(err);
|
||||
while (!done) {
|
||||
auto load_res = lb.load_next_line(pipe_range);
|
||||
|
||||
if (load_res.isErr()) {
|
||||
done = true;
|
||||
} else {
|
||||
auto li = load_res.unwrap();
|
||||
|
||||
pipe_range = li.li_file_range;
|
||||
if (li.li_file_range.empty()) {
|
||||
done = true;
|
||||
} else {
|
||||
lb.read_range(li.li_file_range).then([error_queue, child_pid](auto sbr) {
|
||||
auto line_str = string_fragment(sbr.get_data(),
|
||||
0,
|
||||
sbr.length());
|
||||
line_str.trim("\n");
|
||||
if (error_queue->size() < 5) {
|
||||
error_queue->emplace_back(line_str.to_string());
|
||||
}
|
||||
|
||||
log_debug("pcap[%d]: %.*s",
|
||||
child_pid, line_str.length(), line_str.data());
|
||||
});
|
||||
}
|
||||
}
|
||||
}
|
||||
});
|
||||
err_reader.detach();
|
||||
|
||||
log_info("started tshark %d to process file", child.in());
|
||||
|
||||
return Ok(convert_result{
|
||||
std::move(child), auto_fd(outfile.second), error_queue,
|
||||
});
|
||||
}
|
||||
|
||||
}
|
@ -0,0 +1,55 @@
|
||||
/**
|
||||
* Copyright (c) 2021, Timothy Stack
|
||||
*
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions are met:
|
||||
*
|
||||
* * Redistributions of source code must retain the above copyright notice, this
|
||||
* list of conditions and the following disclaimer.
|
||||
* * Redistributions in binary form must reproduce the above copyright notice,
|
||||
* this list of conditions and the following disclaimer in the documentation
|
||||
* and/or other materials provided with the distribution.
|
||||
* * Neither the name of Timothy Stack nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ''AS IS'' AND ANY
|
||||
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
||||
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
||||
* DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY
|
||||
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
||||
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
|
||||
* ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*
|
||||
* @file pcap_manager.hh
|
||||
*/
|
||||
|
||||
#ifndef lnav_pcap_manager_hh
|
||||
#define lnav_pcap_manager_hh
|
||||
|
||||
#include <string>
|
||||
#include <vector>
|
||||
|
||||
#include "base/result.h"
|
||||
#include "base/auto_pid.hh"
|
||||
#include "auto_fd.hh"
|
||||
|
||||
namespace pcap_manager {
|
||||
|
||||
struct convert_result {
|
||||
auto_pid<process_state::RUNNING> cr_child;
|
||||
auto_fd cr_destination;
|
||||
std::shared_ptr<std::vector<std::string>> cr_error_queue;
|
||||
};
|
||||
|
||||
Result<convert_result, std::string>
|
||||
convert(const std::string& filename);
|
||||
|
||||
}
|
||||
|
||||
#endif
|
Binary file not shown.
Binary file not shown.
@ -0,0 +1,3 @@
|
||||
{"ts": "2013-09-06T20:00:48.124817Z", "@fields": { "lvl": "TRACE", "msg": "trace test"}}
|
||||
{"ts": "2013-09-06T20:00:49.124817Z", "@fields": { "lvl": "INFO", "msg": "Starting up service"}}
|
||||
{"ts": "2013-09-06T22:00:49.124817Z", "@fields": { "lvl": "INFO", "msg":
|
Loading…
Reference in New Issue