new file mode 100644

@@ -0,0 +1,2 @@

+*~

+syslog-helper

new file mode 100644

@@ -0,0 +1,40 @@

+;; This Source Code Form is subject to the terms of the Mozilla Public

+;; License, v. 2.0. If a copy of the MPL was not distributed with this

+;; file, You can obtain one at http://mozilla.org/MPL/2.0/.

+

+(in-package #:syslog_helper)

+

+(defsynopsis ()

+  (flag :short-name "h" :long-name "help" :description "Show the help")

+  (stropt :short-name "s" :long-name "severity" :description "Show this syslog severity (or higher)"

+	  :default-value (format nil "~a" (encode-severity "debug")))

+  (stropt :short-name "f" :long-name "facility" :description "Show messages from comma-separated list of facilities"))

+

+(defun main ()

+  (declare (optimize (debug 3)))

+  (ql:quickload :swank)

+  (swank:create-server :port 5676 :dont-close t)

+  (make-context)

+  (cl-ansi-term:register-hook :before-printing

+			      (lambda ()

+				(handler-case (setf cl-ansi-term:*terminal-width*

+						    (cadr (get-term-size)))

+				  (osicat-posix:enotty (c) c nil))))

+  (if (getopt :long-name "help")

+      (help)

+      (let ((match-severity (parse-integer (or (getopt :long-name "severity")

+					       "7")))

+	    (match-facilities (split-sequence:split-sequence #\, (getopt :long-name "facility")

+							     :remove-empty-subseqs t)))

+	(when match-facilities

+	  (setf match-facilities

+		(loop for facility in match-facilities

+		   if (digit-char-p (elt facility 0)) collect (parse-integer facility)

+		   else collect (encode-facility (string-downcase facility)))))

+	(handler-case

+	    (with-simple-restart (abort "Exit")

+	      (loop

+		 (with-simple-restart (continue "Restart server")

+		   (start-syslog-server (main-loop match-severity match-facilities)))))

+	  #+sbcl (sb-sys:interactive-interrupt (c) c)))))

+

new file mode 100644

@@ -0,0 +1,21 @@

+;; This Source Code Form is subject to the terms of the Mozilla Public

+;; License, v. 2.0. If a copy of the MPL was not distributed with this

+;; file, You can obtain one at http://mozilla.org/MPL/2.0/.

+

+(in-package #:syslog_helper)

+

+(defun log-to-sqlite (db severity facility tag pid message host)

+  (let* ((query (dbi:prepare db "insert into messages (severity, facility, tag, pid, message, host) values (?,?,?,?,?,?)"))

+	 (result (dbi:execute query severity facility tag pid message host)))

+    result))

+

+(defun log-dnsquery-to-sqlite (db &key query-type query from)

+  (let* ((db-query (dbi:prepare db "insert into dns_query (query_type, request, requester) values (?,?,?)"))

+	 (result (dbi:execute db-query query-type query from)))

+    result))

+

+(defun log-dnsreply-to-sqlite (db &key query reply)

+  (let* ((db-query (dbi:prepare db "insert into dns_reply (query, reply) values (?,?)"))

+	 (result (dbi:execute db-query query reply)))

+    result))

+

new file mode 100644

@@ -0,0 +1,82 @@

+(in-package #:syslog_helper)

+

+(define-codecs facility ()

+  (0 "kernel")

+  (1 "user")

+  (2 "mail")

+  (3 "system")

+  (4 "security")

+  (5 "syslogd")

+  (6 "lpr")

+  (7 "nntp")

+  (8 "uucp")

+  (9 "clock")

+  (10 "auth")

+  (11 "ftp")

+  (12 "ntp")

+  (13 "audit")

+  (14 "alert")

+  (15 "clock1")

+  (16 "local0")

+  (17 "local1")

+  (18 "local2")

+  (19 "local3")

+  (20 "local4")

+  (21 "local5")

+  (22 "local6")

+  (23 "local7"))

+

+(define-codecs severity ()

+  (0 "emergency") ; system is unusable

+  (1 "alert")	; action must be taken immediately

+  (2 "critical") ; critical conditions

+  (3 "error")	   ; error conditions

+  (4 "warning")  ; warning conditions

+  (5 "notice") ; normal but significant condition

+  (6 "info")	; informational messages

+  (7 "debug"))	; debug-level messages

+

+(defun format-tag (tag-data)

+  (if tag-data

+      (destructuring-bind (tag pid) tag-data

+	(format nil "[~a~:[~; ~:*~a~]]" tag pid))

+      "[untagged]"))

+

+(defgeneric handle-log-message (tag metadata message orig-line)

+  (:method (tag metadata message orig-line)

+    (declare (ignore tag metadata message))))

+

+(defmethod handle-log-message ((tag (eql :dnsmasq)) metadata message orig-line)

+  (let* ((parsed-query (smug:parse (.dnsmasq-query) message))

+	 (parsed-reply (unless parsed-query

+			 (smug:parse (.dnsmasq-reply) message))))

+    (dbi:with-connection (db :sqlite3 :database-name "/tmp/logs.db")

+      (when parsed-query

+	(apply #'log-dnsquery-to-sqlite db parsed-query))

+      (when parsed-reply

+	(apply #'log-dnsreply-to-sqlite db parsed-reply)))))

+

+(defun main-loop (match-severity match-facilities)

+  (declare (optimize (debug 3)))

+  (lambda (line)

+    (let ((host-info (format nil "~{~a~^.~}:~a "

+			     (map 'list #'identity usocket:*remote-host*)

+			     usocket:*remote-port*)))

+      (with-simple-restart (skip "skip this line")

+	(multiple-value-bind (facility severity tag-els timestamp message) (parse-syslog line)

+	  (destructuring-bind (tag pid) tag-els

+	    (dbi:with-connection (db :sqlite3 :database-name "/tmp/logs.db")

+	      (when (< severity 7)

+		(log-to-sqlite db severity facility tag pid message host-info)))

+	    (when (and (<= severity match-severity)

+		       (or (null match-facilities)

+			   (member facility match-facilities)))

+	      (cl-ansi-term:cat-print

+	       `((,(format nil "~11<<~a~>:~11@<~a>~>"

+			   (decode-facility facility)

+			   (decode-severity severity))

+		   ,(alexandria:make-keyword (string-upcase (decode-severity severity))))

+		 ,host-info

+		 (,(format-tag tag-els) :info)

+		 ,message)))))))))

+

new file mode 100644

@@ -0,0 +1,9 @@

+;;;; package.lisp

+

+;; This Source Code Form is subject to the terms of the Mozilla Public

+;; License, v. 2.0. If a copy of the MPL was not distributed with this

+;; file, You can obtain one at http://mozilla.org/MPL/2.0/.

+

+(defpackage #:syslog_helper

+  (:use :net.didierverna.clon #:cl))

+

new file mode 100644

@@ -0,0 +1,147 @@

+;; This Source Code Form is subject to the terms of the Mozilla Public

+;; License, v. 2.0. If a copy of the MPL was not distributed with this

+;; file, You can obtain one at http://mozilla.org/MPL/2.0/.

+

+(in-package #:syslog_helper)

+

+(defun .one-of (choices)

+  (apply #'smug:.or

+	 (mapcar #'smug:.string=

+		 choices)))

+

+(defun .numeric-in-range (&key (min 0) max (min-inclusive t) max-inclusive)

+  (let ((min-op (if min-inclusive #'<= #'<))

+	(max-op (if max-inclusive #'>= #'>)))

+    (smug:.let* ((num (smug:.first (smug:.map 'string (smug:.is #'digit-char-p)))))

+      (let ((num (parse-integer num)))

+	(if (and (funcall min-op min num)

+		 (if max

+		     (funcall max-op max num)

+		     t))

+	    (smug:.identity num)

+	    (smug:.fail))))))

+

+(defun .time ()

+  (flet ((.min-sec ()

+	     (.numeric-in-range :max 60))

+	   (.hour ()

+	     (.numeric-in-range :max 24)))

+    (smug:.let* ((hour (smug:.prog1 (.hour)

+				    (smug:.char= #\:)))

+		 (minute (smug:.prog1 (.min-sec)

+				      (smug:.char= #\:)))

+		 (second (.min-sec)))

+      (smug:.identity (format nil "~2,'0d:~2,'0d:~2,'0d" hour minute second)))))

+

+(defun .timestamp ()

+  (flet ((.month ()

+	   (.one-of '("Jan" "Feb" "Mar" "Apr" "May" "Jun"

+		      "Jul" "Aug" "Sep" "Oct" "Nov" "Dec")))

+	 (.day ()

+	   (.numeric-in-range :max 32)))

+    (smug:.let* ((month (smug:.prog1 (.month)

+				     (smug:.map 'list

+						(smug:.char= #\space))))

+		 (day (smug:.prog1 (.day)

+				   (smug:.map 'list

+					      (smug:.char= #\space))))

+		 (time (.time)))

+      (smug:.identity (format nil "~a ~a ~a" month day time)))))

+

+(defun .hostname ()

+  (smug:.prog1

+   (smug:.first

+    (smug:.map 'string

+	       (smug:.or (smug:.char= #\.)

+			 (smug:.is #'alphanumericp))))

+   (smug:.char= #\space)))

+

+(defun .tag ()

+  (smug:.first

+   (smug:.prog1

+    (smug:.let* ((tag (smug:.optional (smug:.map 'string

+						 (smug:.is #'alphanumericp))))

+		 (process (smug:.optional

+			   (smug:.prog2 (smug:.char= #\[)

+					(smug:.map 'string (smug:.is #'digit-char-p))

+					(smug:.char= #\])))))

+      (if (> (length tag) 32)

+	  (smug:.fail)

+	  (smug:.identity (list (or tag "untagged")

+				(when process

+				  (parse-integer process))))))

+    (smug:.optional (smug:.char= #\:)))))

+

+(defun .dnsmasq-reply ()

+  (smug:.progn (smug:.optional (smug:.char= #\space))

+	       (.one-of '("cached " "reply " "/tmp/hosts/dhcp " "DHCP "))

+	       (smug:.let* ((query (smug:.prog1 (smug:.map 'string

+							   (smug:.or (smug:.char= #\-)

+								     (smug:.char= #\_)

+								     (smug:.char= #\.)

+								     (smug:.is #'alphanumericp)))

+						(smug:.string= " is ")))

+			    (reply (smug:.prog1 (smug:.map 'string (smug:.item))

+						(smug:.not (smug:.item)))))

+		 (smug:.identity (list :query query

+				       :reply reply)))))

+

+(defun .dnsmasq-query ()

+  (smug:.progn (smug:.optional (smug:.char= #\space))

+	       (smug:.string= "query")

+	       (smug:.let* ((query-type (smug:.prog2 (smug:.char= #\[)

+						     (smug:.map 'string (smug:.is #'upper-case-p))

+						     (smug:.char= #\])

+						     (smug:.char= #\space)))

+			    (query (smug:.prog1 (smug:.map 'string

+							       (smug:.or (smug:.char= #\-)

+									 (smug:.char= #\_)

+									 (smug:.char= #\.)

+									 (smug:.is #'alphanumericp)))

+						    (smug:.string= " from ")))

+			    (from (smug:.prog1 (smug:.map 'string (smug:.item))

+					       (smug:.not (smug:.item)))))

+		 (smug:.identity (list :query-type query-type

+				       :query query

+				       :from from)))))

+

+(defstruct (priority (:type vector))

+  facility severity)

+

+(defun extract-priority (line)

+  "Extract a priority from a syslog line and parse it into a severity/priority list"

+  (when (char= (elt line 0)

+	       #\<)

+    (multiple-value-bind (result end) (parse-integer line :start 1 :junk-allowed t)

+      (when (and (< end

+		    (length line))

+		 (char= (elt line end)

+			#\>))

+	(values (multiple-value-call #'vector

+		  (floor result 8))

+		(1+ end))))))

+

+(defun parse-syslog (line)

+  (multiple-value-bind (priority end-priority) (extract-priority line)

+    (let ((line (subseq line end-priority)))

+      (multiple-value-bind (timestamp ts-leftover) (smug:parse (smug:.optional (smug:.prog1 (.timestamp)

+											    (smug:.map 'list

+												       (smug:.char= #\space))))

+							       line)

+	(multiple-value-bind (hostname hn-leftover) (smug:parse (smug:.optional (.hostname)) ts-leftover)

+	  (multiple-value-bind (tag-els leftover) (smug:parse (.tag) hn-leftover)

+	    (handle-log-message (alexandria:make-keyword

+				 (string-upcase (car tag-els)))

+				(list :priority priority

+				      :timestamp timestamp

+				      :hostname hostname

+				      :tag-value (car tag-els)

+				      :tag-pid (cadr tag-els))

+				leftover

+				line)

+	    (values (priority-facility priority)

+		    (priority-severity priority)

+		    tag-els

+		    timestamp

+		    leftover)))))))

+

new file mode 100644

@@ -0,0 +1,20 @@

+;;;; syslog_helper.lisp

+

+;; This Source Code Form is subject to the terms of the Mozilla Public

+;; License, v. 2.0. If a copy of the MPL was not distributed with this

+;; file, You can obtain one at http://mozilla.org/MPL/2.0/.

+

+(in-package #:syslog_helper)

+

+(defvar *zxcv* *debug-io*

+  "Where to send debug output: only used during development")

+

+(defun start-syslog-server (handler &key (port 514))

+  (usocket:socket-server "0.0.0.0" port

+			 (lambda (buffer)

+			   (declare (type (simple-array (unsigned-byte 8) *) buffer))

+			   (funcall handler (babel:octets-to-string buffer))

+			   (vector))

+			 nil

+			 :protocol :datagram))

+

new file mode 100644

@@ -0,0 +1,32 @@

+;;;; syslog_helper.asd

+

+;; This Source Code Form is subject to the terms of the Mozilla Public

+;; License, v. 2.0. If a copy of the MPL was not distributed with this

+;; file, You can obtain one at http://mozilla.org/MPL/2.0/.

+

+(asdf:defsystem #:syslog_helper

+  :description "A syslog server that prints incoming logs prettily and writes them to a db"

+  :author "Edward Langeley"

+  :license "MPLv2"

+  :depends-on (#:alexandria

+	       #:cffi

+	       #:cl-ansi-term

+	       #:cl-dbi

+	       #:dbd-sqlite3

+	       #:fwoar.lisputils

+	       #:net.didierverna.clon

+	       #:osicat

+	       #:positional-lambda

+	       #:serapeum

+	       #:smug

+	       #:swank

+	       #:usocket)

+  :serial t

+  :components ((:file "package")

+	       (:file "utils")

+	       (:file "parser")

+	       (:file "db-write")

+	       (:file "syslog-server")

+	       (:file "log-handler")

+	       (:file "client")))

+

new file mode 100644

@@ -0,0 +1,52 @@

+;; This Source Code Form is subject to the terms of the Mozilla Public

+;; License, v. 2.0. If a copy of the MPL was not distributed with this

+;; file, You can obtain one at http://mozilla.org/MPL/2.0/.

+

+(in-package #:syslog_helper)

+

+(cffi:defcstruct winsize

+  (ws_row :unsigned-short)

+  (ws_col :unsigned-short)

+  (ws_xpixel :unsigned-short)

+  (ws_ypixel :unsigned-short))

+

+(defun get-term-size ()

+  (flet ((ioctl-gwinsz (fd)

+	   (cffi:with-foreign-object (ptr '(:pointer (:struct winsize)))

+	     (let* ((res (osicat-posix:ioctl fd osicat-posix:tiocgwinsz ptr)))

+	       (if (= res 0)

+		   (cffi:with-foreign-slots ((ws_row ws_col) ptr (:struct winsize))

+		     (list ws_row ws_col))

+		   (format t "~&error~%"))))))

+    (loop with err = nil

+       for x from 0 to 2

+       for res = (handler-case (ioctl-gwinsz x)

+		   (osicat-posix:enotty (c) (setf err c)))

+       finally (if err

+		   (error err)

+		   (return res)))))

+

+(eval-when (:compile-toplevel :load-toplevel :execute)

+  (defun symbol-concat (start end)

+    (serapeum:concat

+     (symbol-name start)

+     (symbol-name end))))

+

+(defmacro define-codecs (name () &body mappings)

+  `(progn

+     (defun ,(intern (symbol-concat '#:decode- name)) (,name)

+       (ecase ,name

+	 ,@mappings))

+     (defun ,(intern (symbol-concat '#:encode- name)) (,name)

+       (string-case:string-case ((string-downcase ,name))

+	 ,@(mapcar #'reverse mappings)))))

+

+(cl-ansi-term:update-style-sheet

+ '((:emergency :black :b-red :bold)

+   (:alert :black :b-red)

+   (:critical :red :bold)

+   (:error :red)

+   (:warning :yellow :bold)

+   (:notice :yellow)

+   (:info :green)))

+