diff --git a/README.md b/README.md index d8e43c9..d7e9ef1 100644 --- a/README.md +++ b/README.md @@ -11,14 +11,12 @@ occurs, this program doesn't depend on any cryptographic libraries. It's a simple, single-threaded, standalone C program. It uses `poll()` to trap multiple clients at a time. - - ## Usage Usage information is printed with `-h`. ``` -Usage: endlessh [-vh] [-d MS] [-f CONFIG] [-l LEN] [-m LIMIT] [-p PORT] +Usage: endlessh [-vhs] [-d MS] [-f CONFIG] [-l LEN] [-m LIMIT] [-p PORT] -4 Bind to IPv4 only -6 Bind to IPv6 only -d INT Message millisecond delay [10000] @@ -27,7 +25,8 @@ Usage: endlessh [-vh] [-d MS] [-f CONFIG] [-l LEN] [-m LIMIT] [-p PORT] -l INT Maximum banner line length (3-255) [32] -m INT Maximum number of clients [4096] -p INT Listening port [2222] - -v Print diagnostics to standard output (repeatable) + -s Print diagnostics to syslog instead of standard output + -v Print diagnostics (repeatable) ``` Argument order matters. The configuration file is loaded when the `-f` @@ -36,7 +35,8 @@ configuration file. By default no log messages are produced. The first `-v` enables basic logging and a second `-v` enables debugging logging (noisy). All log -messages are sent to standard output. +messages are sent to standard output by default. `-s` causes them to be +sent to syslog. endlessh -v >endlessh.log 2>endlessh.err diff --git a/endlessh.1 b/endlessh.1 index 8e3068d..43834df 100644 --- a/endlessh.1 +++ b/endlessh.1 @@ -1,4 +1,4 @@ -.Dd $Mdocdate: April 12 2019 $ +.Dd $Mdocdate: January 29 2020 $ .Dt ENDLESSH 1 .Os .Sh NAME @@ -6,7 +6,7 @@ .Nd An SSH tarpit .Sh SYNOPSIS .Nm endless -.Op Fl 46chvV +.Op Fl 46chsvV .Op Fl d Ar delay .Op Fl f Ar config .Op Fl l Ar max banner length @@ -55,9 +55,12 @@ Maximum number of clients. Default: 4096 Set the listening port. By default .Nm listens on port 2222. +.It Fl s +Print diagnostics to syslog. By default +.Nm +prints them to standard output. .It Fl v -Print diagnostics to standard output. Can be specified -numerous times to increase verbosity. +Print diagnostics. Can be specified up to twice to increase verbosity. .It Fl V Causes .Nm diff --git a/endlessh.c b/endlessh.c index b3e7657..f59e20e 100644 --- a/endlessh.c +++ b/endlessh.c @@ -24,6 +24,7 @@ #include #include #include +#include #define ENDLESSH_VERSION 1.0 @@ -84,6 +85,26 @@ logstdio(enum loglevel level, const char *format, ...) } } +static void +logsyslog(enum loglevel level, const char *format, ...) +{ + static const int prio_map[] = { LOG_NOTICE, LOG_INFO, LOG_DEBUG }; + + if (loglevel >= level) { + int save = errno; + + /* Output the log message */ + va_list ap; + va_start(ap, format); + char buf[256]; + vsnprintf(buf, sizeof buf, format, ap); + va_end(ap); + syslog(prio_map[level], "%s", buf); + + errno = save; + } +} + struct { long long connects; long long milliseconds; @@ -620,7 +641,7 @@ main(int argc, char **argv) config_load(&config, config_file, 1); int option; - while ((option = getopt(argc, argv, "46d:f:hl:m:p:vV")) != -1) { + while ((option = getopt(argc, argv, "46d:f:hl:m:p:svV")) != -1) { switch (option) { case '4': config_set_bind_family(&config, "4", 1); @@ -655,6 +676,9 @@ main(int argc, char **argv) case 'p': config_set_port(&config, optarg, 1); break; + case 's': + logmsg = logsyslog; + break; case 'v': if (loglevel < log_debug) loglevel++; @@ -674,8 +698,15 @@ main(int argc, char **argv) exit(EXIT_FAILURE); } - /* Set output (log) to line buffered */ - setvbuf(stdout, 0, _IOLBF, 0); + if (logmsg == logsyslog) { + /* Prepare the syslog */ + const char *prog = strrchr(argv[0], '/'); + prog = prog ? prog + 1 : argv[0]; + openlog(prog, LOG_PID, LOG_DAEMON); + } else { + /* Set output (log) to line buffered */ + setvbuf(stdout, 0, _IOLBF, 0); + } /* Log configuration */ config_log(&config); @@ -806,4 +837,7 @@ main(int argc, char **argv) fifo_destroy(fifo); statistics_log_totals(0); + + if (logmsg == logsyslog) + closelog(); }