initial commit

.github/workflows/build.yaml

@@ -0,0 +1,35 @@
+name: Build
+
+on:
+  - push
+  - pull_request
+
+jobs:
+  build:
+    name: Build ${{ matrix.os }} ${{ matrix.arch}}
+    strategy:
+      matrix:
+        arch:
+          - 386
+          - amd64
+          - arm64
+        os:
+          - darwin
+          - windows
+          - linux
+        exclude:
+          - os: darwin
+            arch: 386
+    runs-on: ubuntu-latest
+    container:
+      image: golang:1.21
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v2
+      - name: Set up user
+        run: |
+             useradd -m -g users testuser
+             chown -R testuser:users .
+      - name: Build for ${{ matrix.arch }} ${{ matrix.os }}
+        run: |
+             su -c "GOOS=${{ matrix.os }} GOARCH=${{ matrix.arch }} go build -v -o binary-${{ matrix.os }}-${{ matrix.arch }}" testuser

.github/workflows/release.yaml

@@ -0,0 +1,119 @@
+name: Build release
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+jobs:
+  release:
+    name: Create Release ${{ github.ref }}
+    runs-on: ubuntu-latest
+    outputs:
+      upload_url: ${{ steps.create_release.outputs.upload_url }}
+    steps:
+      - name: release
+        uses: actions/create-release@latest
+        id: create_release
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          draft: false
+          prerelease: false
+          release_name: ${{ github.ref }}
+          tag_name: ${{ github.ref }}
+
+  unix:
+    name: Build Unix-like Binaries
+    needs: release
+    strategy:
+      matrix:
+        arch:
+          - 386
+          - amd64
+          - arm64
+        os:
+          - darwin
+          - linux
+        exclude:
+          - os: darwin
+            arch: 386
+    runs-on: ubuntu-latest
+    container:
+      image: golang:1.21
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v2
+      - name: Set up user
+        run: |
+             useradd -m -g users testuser
+             chown -R testuser:users .
+      - name: Build for ${{ matrix.arch }} ${{ matrix.os }}
+        run: |
+             su -c "GOOS=${{ matrix.os }} GOARCH=${{ matrix.arch }} go build -v -o mini-syslog-receiver-${{ matrix.os }}-${{ matrix.arch }}" testuser
+      - name: Upload Assets
+        id: upload_try1
+        continue-on-error: true
+        uses: shogo82148/actions-upload-release-asset@v1
+        with:
+          asset_path: mini-syslog-receiver-${{ matrix.os }}-${{ matrix.arch }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          upload_url: ${{ needs.release.outputs.upload_url }}
+          overwrite: true
+      - name: Upload Assets (retry)
+        id: upload_try2
+        if: steps.upload_try1.outcome == 'failure'
+        continue-on-error: true
+        uses: shogo82148/actions-upload-release-asset@v1
+        with:
+          asset_path: mini-syslog-receiver-${{ matrix.os }}-${{ matrix.arch }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          upload_url: ${{ needs.release.outputs.upload_url }}
+          overwrite: true
+
+  windows:
+    name: Build Windows Binaries
+    needs: release
+    strategy:
+      matrix:
+        arch:
+          - 386
+          - amd64
+          - arm64
+        os:
+          - windows
+        exclude:
+          - os: darwin
+            arch: 386
+    runs-on: ubuntu-latest
+    container:
+      image: golang:1.21
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v2
+      - name: Set up user
+        run: |
+              useradd -m -g users testuser
+              chown -R testuser:users .
+      - name: Build for ${{ matrix.arch }} ${{ matrix.os }}
+        run: |
+              su -c "GOOS=${{ matrix.os }} GOARCH=${{ matrix.arch }} go build -v -o mini-syslog-receiver-${{ matrix.os }}-${{ matrix.arch }}.exe" testuser
+      - name: Upload Assets
+        id: upload_try1
+        continue-on-error: true
+        uses: shogo82148/actions-upload-release-asset@v1
+        with:
+          asset_path: mini-syslog-receiver-${{ matrix.os }}-${{ matrix.arch }}.exe
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          upload_url: ${{ needs.release.outputs.upload_url }}
+          overwrite: true
+      - name: Upload Assets (retry)
+        id: upload_try2
+        if: steps.upload_try1.outcome == 'failure'
+        continue-on-error: true
+        uses: shogo82148/actions-upload-release-asset@v1
+        with:
+          asset_path: mini-syslog-receiver-${{ matrix.os }}-${{ matrix.arch }}.exe
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          upload_url: ${{ needs.release.outputs.upload_url }}
+          overwrite: true

.gitignore

@@ -0,0 +1,3 @@
+mini-syslog-receiver.exe
+mini-syslog-receiver-*
+mini-syslog-receiver

LICENSE

@@ -0,0 +1,27 @@
+Copyright (c) 2024, DCSO Deutsche Cyber-Sicherheitsorganisation GmbH
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+* Redistributions of source code must retain the above copyright notice, this
+  list of conditions and the following disclaimer.
+
+* Redistributions in binary form must reproduce the above copyright notice,
+  this list of conditions and the following disclaimer in the documentation
+  and/or other materials provided with the distribution.
+
+* Neither the name of the DCSO Deutsche Cyber-Sicherheitsorganisation GmbH
+  nor the names of its contributors may be used to endorse or promote products
+  derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

README.md

@@ -0,0 +1,132 @@
+# mini-syslog-receiver
+
+This is a small syslog server that can be used to receive syslog data for format
+discovery and gathering of example logs required to evaluate edge node input.
+
+It is a simple, portable binary that can be handed out to the data provider to
+test-drive their data taps (e.g. appliances that support syslog output, etc.)
+
+## Usage
+```
+$ ./mini-syslog-receiver -h
+NAME:
+   mini-syslog-receiver - receive and dump syslog data
+
+USAGE:
+   mini-syslog-receiver [global options] 
+
+GLOBAL OPTIONS:
+   --listen value, -l value   address to listen on (0.0.0.0 means all interfaces) (default: "0.0.0.0")
+   --port value, -p value     port to listen on (default: 514)
+   --sample value, -m value   sample up to <value> log entries, then exit (default: 1000)
+   --tcp, -t                  use TCP instead of UDP (default: false)
+   --tls, -s                  use TLS for TCP server (default: false)
+   --tls-key value            TLS key file to use for TCP/TLS server
+   --tls-chain value          TLS chain file to use for TCP/TLS server
+   --outfile value, -o value  file to write output to (print to console if empty)
+   --help, -h                 show help
+```
+
+The default (i.e. if no parameters are given) the tool will listen on all
+interfaces on port UDP/514 (the syslog default) and dump received data as JSON
+to the console it was started from. Note that on UNIX systems (e.g. Linux,
+macOS) this needs to be done with root privileges because we are opening a
+privileged port (< 1024)! On Windows machines the user will have to confirm a
+security popup if a privileged port is used.
+
+```
+$ sudo ./mini-syslog-receiver
+2024/01/08 14:04:53 using UDP 0.0.0.0:514
+```
+
+One can specify a high port to avoid this:
+
+```
+$ ./mini-syslog-receiver -p 10002
+2024/01/08 14:05:18 using UDP 0.0.0.0:10002
+```
+
+Use the `-o` parameter to write to a file:
+```
+$ ./mini-syslog-receiver -o out.json -p 10002 -t yes
+2024/01/08 14:07:21 using TCP 0.0.0.0:10002
+2024/01/08 14:07:21 writing to file out.json
+```
+
+For TLS, one also needs to specify a public/private key pair from a pair of
+files (`--tls-chain`/`--tls-key`). The files must contain PEM encoded data. The
+certificate file (`--tls-chain`) may contain intermediate certificates following
+the leaf certificate to form a certificate chain.
+
+```
+$ ./mini-syslog-receiver -p 10002 -t --tls --tls-key server-key.pem --tls-chain server-cert.pem 
+2024/01/08 16:32:11 using TCP/TLS 0.0.0.0:10002
+```
+
+You can use the `--sample`/`-m` option to limit the dump to a certain number of
+log items to avoid logging excessive log amounts:
+
+```
+$ ./mini-syslog-receiver -p 10002 -t -sample 2
+2024/01/08 16:38:22 using TCP 0.0.0.0:10002
+{"app_name":"someapp","client":"[::1]:58786","facility":1,"hostname":"EXAMPLE","message":"foobar","msg_id":"-","priority":13,"proc_id":"-","severity":5,"structured_data":"[timeQuality tzKnown=\"1\" isSynced=\"1\" syncAccuracy=\"961000\"]","timestamp":"2024-01-08T16:38:24.634075+01:00","tls_peer":"","version":1}
+{"app_name":"someapp","client":"[::1]:58798","facility":1,"hostname":"EXAMPLE","message":"foobar","msg_id":"-","priority":13,"proc_id":"-","severity":5,"structured_data":"[timeQuality tzKnown=\"1\" isSynced=\"1\" syncAccuracy=\"961000\"]","timestamp":"2024-01-08T16:38:24.928816+01:00","tls_peer":"","version":1}
+2024/01/08 16:38:24 sample limit of 2 log entries reached
+$
+```
+The default is to log 1000 log items. Set the value to 0 to enable unlimited
+logging.
+
+The server can be stopped at any time using Control-C.
+
+## Testing
+
+You can test whether the server works by logging manually into the server. Start
+it, e.g. like this for port 10002 TCP:
+
+```
+$ ./mini-syslog-receiver -o out.json -p 10002 -t yes
+2024/01/08 14:09:46 using TCP 0.0.0.0:10002
+2024/01/08 14:09:46 writing to file out.json
+```
+
+then log a message and observe the output:
+
+```
+$ logger -T -P 10002 -n localhost "foobar" 
+$ jq . < out.json
+{
+  "app_name": "someapp",
+  "client": "[::1]:54434",
+  "facility": 1,
+  "hostname": "EXAMPLE",
+  "message": "foobar",
+  "msg_id": "-",
+  "priority": 13,
+  "proc_id": "-",
+  "severity": 5,
+  "structured_data": "[timeQuality tzKnown=\"1\" isSynced=\"1\" syncAccuracy=\"614000\"]",
+  "timestamp": "2024-01-08T14:10:17.467904+01:00",
+  "tls_peer": "",
+  "version": 1
+}
+```
+
+## Distribution
+
+Please find the binaries in the release section:
+https://github.com/DCSO/mini-syslog-receiver/releases
+
+There are binaries for various combinations of operating system and
+architecture:
+
+* `mini-syslog-receiver-darwin-amd64` -- for macOS on Intel
+* `mini-syslog-receiver-darwin-arm64` -- for macOS on ARM (i.e. M1/M2/...)
+* `mini-syslog-receiver-windows-amd64` -- for 64-bit Windows (most common)
+* `mini-syslog-receiver-windows-i386` -- for 32-bit Windows (older platforms)
+* `mini-syslog-receiver-linux-amd64` -- for 64-bit Intel Linux
+* `mini-syslog-receiver-linux-i386` -- for 32-bit Intel Linux
+
+## Copyright
+
+Copyright (c) 2024, DCSO Deutsche Cyber-Sicherheitsorganisation GmbH

go.mod

@@ -0,0 +1,16 @@
+module github.com/DCSO/mini-syslog-receiver
+
+go 1.20
+
+require (
+	github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
+	github.com/gonutz/w32 v1.0.0 // indirect
+	github.com/gonutz/w32/v2 v2.2.2 // indirect
+	github.com/gonutz/wui v2.2.0+incompatible // indirect
+	github.com/gonutz/wui/v2 v2.8.1 // indirect
+	github.com/mcuadros/go-syslog v2.3.0+incompatible // indirect
+	github.com/russross/blackfriday/v2 v2.1.0 // indirect
+	github.com/urfave/cli/v2 v2.27.1 // indirect
+	github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect
+	gopkg.in/mcuadros/go-syslog.v2 v2.3.0 // indirect
+)

go.sum

@@ -0,0 +1,21 @@
+github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
+github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/gonutz/check v1.2.0/go.mod h1:J5ndBcNQd4fv3I+Moevk4PXZoyXRamwwclm6dDgAuyA=
+github.com/gonutz/w32 v1.0.0 h1:3t1z6ZfkFvirjFYBx9pHeHBuKoN/VBVk9yHb/m2Ll/k=
+github.com/gonutz/w32 v1.0.0/go.mod h1:Rc/YP5K9gv0FW4p6X9qL3E7Y56lfMflEol1fLElfMW4=
+github.com/gonutz/w32/v2 v2.2.2 h1:y6Y337TpuCXjYdFTq5p5NmcujEdAQiTB43kisovMk+0=
+github.com/gonutz/w32/v2 v2.2.2/go.mod h1:MgtHx0AScDVNKyB+kjyPder4xIi3XAcHS6LDDU2DmdE=
+github.com/gonutz/wui v2.2.0+incompatible h1:iHQavamxVsn7kw7VaO+ooE7eAnwmDDPbz2Q59WRXrz0=
+github.com/gonutz/wui v2.2.0+incompatible/go.mod h1:cpEPmIh19mpxkcho2qMHLX16gVteB1aee8g11887kyE=
+github.com/gonutz/wui/v2 v2.8.1 h1:F1V+1OC/Ze9bQYY2WTOmgkGdSFN+rQAUs+vW5MzXrXI=
+github.com/gonutz/wui/v2 v2.8.1/go.mod h1:4twV9Ka+OwAr7Fy12YSJuAy5e4u8uTHk4YbxFyguheo=
+github.com/mcuadros/go-syslog v2.3.0+incompatible h1:Ik9STW64dlJsZ8he50wp+KHOCg81MbV2AIbc2YWlXdM=
+github.com/mcuadros/go-syslog v2.3.0+incompatible/go.mod h1:uHzRFDR7XR9xFFSxBTwJh0KLkCOUloPilcBi9uVcWs0=
+github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
+github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/urfave/cli/v2 v2.27.1 h1:8xSQ6szndafKVRmfyeUMxkNUJQMjL1F2zmsZ+qHpfho=
+github.com/urfave/cli/v2 v2.27.1/go.mod h1:8qnjx1vcq5s2/wpsqoZFndg2CE5tNFyrTvS6SinrnYQ=
+github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 h1:bAn7/zixMGCfxrRTfdpNzjtPYqr8smhKouy9mxVdGPU=
+github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673/go.mod h1:N3UwUGtsrSj3ccvlPHLoLsHnpR27oXr4ZE984MbSER8=
+gopkg.in/mcuadros/go-syslog.v2 v2.3.0 h1:kcsiS+WsTKyIEPABJBJtoG0KkOS6yzvJ+/eZlhD79kk=
+gopkg.in/mcuadros/go-syslog.v2 v2.3.0/go.mod h1:l5LPIyOOyIdQquNg+oU6Z3524YwrcqEm0aKH+5zpt2U=