debian/0000755000000000000000000000000012232327062007165 5ustar debian/manpages0000644000000000000000000000002611340677147010714 0ustar debian/daemonlogger.1 debian/patches/0000755000000000000000000000000011513304027010611 5ustar debian/patches/01-rollover0000644000000000000000000000171711513304027012624 0ustar Fix rollover inconsistencies. Patch based on patch from Javier Fernández-Sanguino Peña. Author: Chris Taylor --- a/README +++ b/README @@ -8,7 +8,7 @@ This is a libpcap-based program. It has 1) It sniffs packets and spools them straight to the disk and can daemonize itself for background packet logging. By default the file rolls over when -1 GB of data is logged. +2 GB of data is logged. 2) It sniffs packets and rewrites them to a second interface, essentially acting as a soft tap. It can also do this in daemon mode. --- a/daemonlogger.c +++ b/daemonlogger.c @@ -1221,7 +1221,7 @@ int parse_cmd_line(int argc, char *argv[ if(endptr == optarg) { fprintf(stderr, "Bad rollover size, defaulting to 2GB\n"); - rollsize = GIGABYTE; + rollsize = 2*GIGABYTE; } } else debian/patches/00-dumbnet0000644000000000000000000000235011513302343012406 0ustar Patches configure scripts to fix dependencies on libdnet in order to be compatible with the debian distributed libraries. Updated 12JAN10, thanks to Javier Fernández-Sanguino Peña . Author: Chris Taylor --- a/daemonlogger.c +++ b/daemonlogger.c @@ -103,7 +103,7 @@ #include #include #include -#include +#include #include #include #include --- a/configure.in +++ b/configure.in @@ -134,17 +134,18 @@ if test "$GCC" = yes ; then CFLAGS="$CFLAGS -g -O0 -Wall" fi -LDFLAGS="${LDFLAGS} `dnet-config --libs`" -CFLAGS="${CFLAGS} `dnet-config --cflags`" +LDFLAGS="${LDFLAGS} `dumbnet-config --libs`" +CFLAGS="${CFLAGS} `dumbnet-config --cflags`" LDNET="" -AC_CHECK_LIB(dnet, intf_open,, LDNET="no") +AC_CHECK_LIB(dumbnet, intf_open,, LDNET="no") echo "LDFLAGS set to $LDFLAGS" echo "CFLAGS set to $CFLAGS" if test "$LDNET" = "no"; then echo - echo " ERROR! Libdnet library/headers not found, go get it from" + echo " ERROR! Libdumbnet library/headers not found, go get it from" echo " http://libdnet.sourceforge.net" + echo " (in Debian systems, install the libdumbnet-dev package)" exit fi debian/patches/series0000644000000000000000000000003011513303631012017 0ustar 00-dumbnet 01-rollover debian/daemonlogger.10000644000000000000000000000551011340677147011726 0ustar .TH DAEMONLOGGER 1 "December 08, 2009" .SH NAME daemonlogger \- simple network logger and soft tap daemon .SH SYNOPSIS .B daemonlogger [Options] .SH DESCRIPTION daemonlogger is a simple network packet logger and soft tap daemon. It is able to log packets to file or mirror to another interface. .SH OPTIONS .SS \-\-help Show summary of options. .SS \-v Show version of program. .SS \-c Log packets and exit. .SS \-d Run as a daemon. .SS \-f Load bpf filter from file. .SS \-F Flush the pcap buffer for each packet. .SS \-g Set group to . .SS \-u Set user to . .SS \-i Set interface to grab data from to . .SS \-l Set log directory to . .SS \-m Generate number of log files and exit. .SS \-n Set ouput file prefix to . .SS \-o Disable logging, instead mirror traffic from \-i to \-o . .SS \-p Set PID filename to . .SS \-P Set PID path to . .SS \-r Activate ringbuffer mode. .SS \-R Read packets from .SS \-s Automatically roll over the log file after . .SS \-S Set number of bytes per packet to capture to . .SS \-t Rollover the log file on time intervals. Append an 'm' to rollover on minute boundaries, 'h' to rollover on hour boundaries and 'd' to rollover on day boundaries. If no interval selector is used then the default rollover interval is in seconds. For example, "\-t 60" rolls the log file over every 60 seconds and "\-t 2h" rolls the log file over every two hours at the top of the hour. In the case of minute/hour/day-based rollovers, the will round to the next highest hour. For example, if the program is told to rollover every 2 hours and is started 38 minutes into the current hour it will add 2 to the current hour and rollover as scheduled at the top of the hour at + 2. If the program was started at 13:38 it would roll over the logfile at 15:00. .SS \-T Chroot daemonlogger to .SS \-z Select log file pruning behavior. Omitting this switch results in the default mode being used where the oldest log file in the logging directory is pruned. Setting the \-z switch changes the behavior so that Daemonlogger will prune the oldest file from its current instantiation and leave files from older runs in the same logging directory alone .SH RESOURCES The daemonlogger README can be found at /usr/share/doc/daemonlogger/README.gz .br The daemonlogger homepage can be found at .SH AUTHOR daemonlogger was written by Martin Roesch . .PP This manual page was written by Chris Taylor , for the Debian project (but may be used by others). debian/source/0000755000000000000000000000000011340677147010500 5ustar debian/source/format0000644000000000000000000000001411340677147011706 0ustar 3.0 (quilt) debian/compat0000644000000000000000000000000211745052726010375 0ustar 9 debian/README.source0000644000000000000000000000042411340677147011357 0ustar There are no special requirements needed to build daemonlogger from source. It uses the quilt patch system, which you can find information about on Debian systems at '/usr/share/doc/quilt/README.source.' -- Chris Taylor Tue, 08 Dec 2009 19:27:46 -0700 debian/docs0000644000000000000000000000001711340677147010051 0ustar README AUTHORS debian/rules0000755000000000000000000000054312232270617010252 0ustar #!/usr/bin/make -f %: dh $@ override_dh_auto_configure: ln -sf /usr/share/misc/config.guess . ln -sf /usr/share/misc/config.sub . autoreconf -fi dh_auto_configure override_dh_auto_clean: dh_auto_clean rm -rf autom4te.cache rm -f config.sub config.guess configure config.log aclocal.m4 config.h.in Makefile.in override_dh_install: dh_install debian/control0000644000000000000000000000155712232326532010601 0ustar Source: daemonlogger Section: net Priority: optional Maintainer: Chris Taylor Homepage: http://www.snort.org/users/roesch/Site/Daemonlogger/Daemonlogger.html Build-Depends: debhelper (>= 9), libpcap-dev, libdumbnet-dev, autoconf, autotools-dev, automake Standards-Version: 3.9.4 Package: daemonlogger Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Description: simple network packet logger and soft tap daemon DaemonLogger is a simple packet logger and soft tap daemon that is incredibly useful for network security analysts. . It is capable of operating in two modes: sniffing packets and logging them directly to disk (files are automatically rolled over after a set size), or in a "soft-tap" mode where it mirrors packets on another interface. . Daemonlogger can be run either in the foreground or in the background as a daemon. debian/copyright0000644000000000000000000001154512232326701011125 0ustar This package was debianized by Chris Taylor on Tue, 21 Aug 2007 10:59:09 +0200. It was downloaded from Upstream Author: Martin Roesch Copyright: © 2006-2007 Sourcefire Inc License: This Daemonlogger software is the copyrighted work of Sourcefire, Inc. (C) 2007 Sourcefire, Inc. All Rights Reserved. This program is free software; you may use, redistribute and/or modify this software only under the terms and conditions of the GNU General Public License as published by the Free Software Foundation; Version 2 with the clarifications and exceptions described below. If you wish to embed this Daemonlogger technology into proprietary software, we sell alternative licenses (contact snort-license@sourcefire.com). Note that the GPL requires that any work that contains or is derived from any GPL licensed work also must be distributed under the GPL. However, there exists no definition of what is a "derived work." To avoid misunderstandings, we consider an application to constitute a "derivative work" for the purpose of this license if it does any of the following: - Integrates source code from Daemonlogger. - Includes Daemonlogger copyrighted data files. - Integrates/includes/aggregates Daemonlogger into a proprietary executable installer, such as those produced by InstallShield. - Links to a library or executes a program that does any of the above where the linked output is not available under the GPL. The term " Daemonlogger " should be taken to also include any portions or derived works of Daemonlogger. This list is not exclusive, but is just meant to clarify our interpretation of derived works with some common examples. These restrictions only apply when you actually redistribute Daemonlogger. For example, nothing stops you from writing and selling a proprietary front-end to Daemonlogger. Just distribute it by itself, and point people to http://www.snort.org/dl to download Daemonlogger. We don't consider these to be added restrictions on top of the GPL, but just a clarification of how we interpret "derived works" as it applies to our GPL-licensed Snort product. This is similar to the way Linus Torvalds has announced his interpretation of how "derived works" applies to Linux kernel modules. Our interpretation refers only to Daemonlogger - we don't speak for any other GPL products. If you have any questions about the GPL licensing restrictions on using Daemonlogger in non-GPL works, we would be happy to help. As mentioned above, we also offer alternative license to integrate Daemonlogger into proprietary applications and appliances. These contracts can generally include a perpetual license as well as providing for priority support and updates as well as helping to fund the continued development of Daemonlogger technology. Please email snort-license@sourcefire.com for further information. If you received these files with a written license agreement or contract stating terms other than the terms above, then that alternative license agreement takes precedence over these comments. Source is provided to this software because we believe users have a right to know exactly what a program is going to do before they run it. This also allows you to audit the software for security holes. Source code also allows you to port Daemonlogger to new platforms, fix bugs, and add new features. You are highly encouraged to send your changes to roesch@sourcefire.com for possible incorporation into the main distribution. By sending these changes to Sourcefire or one of the Sourcefire-moderated mailing lists or forums, you are granting to Sourcefire, Inc. the unlimited, perpetual, non-exclusive right to reuse, modify, and/or relicense the code. Daemonlogger will always be available Open Source, but this is important because the inability to relicense code has caused devastating problems for other Free Software projects (such as KDE and NASM). We also occasionally relicense the code to third parties as discussed above. If you wish to specify special license conditions of your contributions, just say so when you send them. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; including without limitation any implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details at http://www.gnu.org/copyleft/gpl.html, or in the COPYING file included with Daemonlogger. On Debian systems, the complete text of the GNU General Public License can be be found in the file `/usr/share/common-licenses/GPL-2'. The Debian packaging is © 2007-2013, Chris Taylor and is licensed under the GPL, see above. debian/changelog0000644000000000000000000000647612232326724011060 0ustar daemonlogger (1.2.1-8) unstable; urgency=low * debian/rules thanks to Hideki Yamane. - specify "-fi" option to autoconf, it re-generates some files, then fix FTBFS (Closes: #724160, #724046) * Bump standards-version. * Update dates in debian/copyright. -- Chris Taylor Thu, 24 Oct 2013 19:13:24 +0000 daemonlogger (1.2.1-7) unstable; urgency=low * Bump compat to 9. * Bump build-dep on debhelper. * Bump standards-version. * Remove build-dep on quilt. -- Chris Taylor Sun, 22 Apr 2012 19:02:51 +0000 daemonlogger (1.2.1-6) unstable; urgency=low * Update 00-dumbnet patch (Closes: #608620). * Removed patch 01-makefile. * Created patch 01-rollover (Closes: #608619). - Patch from Javier Fernández-Sanguino Peña. - Fixes rollover inconsistencies. * Bump standards-version. -- Chris Taylor Wed, 12 Jan 2011 10:34:55 +0000 daemonlogger (1.2.1-5) unstable; urgency=low * Use system config.{sub,guess} in build. (Closes: #560261). * Don't use quilt in debian/rules. (Closes: #561393). * Build-depend on automake. -- Chris Taylor Wed, 16 Dec 2009 21:56:12 +0000 daemonlogger (1.2.1-4) unstable; urgency=low * Updated debian/copyright. * Fixed formatting in debian/README.source. * Updated my email address. * Used minimal dh7 instead of cdbs. * Updated depends. - Removed build-depend on cdbs. - Build-depend on debhelper (>= 7.0.50~). * Renamed files in debian/ - debian/daemonlogger.docs is now debian/docs - debian/daemonlogger.manpages is now debian/manpages. * Updated patch file headers. -- Chris Taylor Wed, 09 Dec 2009 03:30:50 +0000 daemonlogger (1.2.1-3) unstable; urgency=low * Fixed a typo in debian/rules. * Updated package to source format 3.0 * Fixed formatting in manpage. -- Chris Taylor Fri, 13 Nov 2009 13:24:55 +0000 daemonlogger (1.2.1-2) unstable; urgency=low * Bump standards-version. * Update debian/watch. * Add debian/README.source. * Remove debian/watch. -- Chris Taylor Wed, 19 Aug 2009 01:11:13 +0000 daemonlogger (1.2.1-1) unstable; urgency=low * New upstream release. * Bumped standards-version. * Removed patch 01-docs and rename 02-makefile to 01-makefile. * Added descriptions to quilt patches. * Fixed copyright symbols in debian/copyright. * Added build dependency on autotools-dev. -- Chris Taylor Tue, 19 May 2009 21:13:46 +0000 daemonlogger (1.2.0-1) unstable; urgency=low * New upstream release. * Bump standards-version to fix lintian warning. * Fix quilt patches to support new source format 3.0 (Closes: #485341) * Updated manpage to include new features in this release. -- Chris Taylor Sun, 31 Aug 2008 20:15:17 +0000 daemonlogger (1.0.1-1) unstable; urgency=low * Patched configure scripts in 00-dumbnet to fix dependencies on libdnet to be compatible with the debian distributed libraries. * Patched makefile CFLAGS in 02-makefile * Wrote manpage for daemonlogger as upstream does not provide one. * Patched README in 01-docs to remove erroneous statement. * Initial release (Closes: #439008) -- Chris Taylor Tue, 13 Nov 2007 20:40:09 +0200