From e3ee2782b7e91057291d3aa532758fa51aea2dcd Mon Sep 17 00:00:00 2001
From: Babak Farrokhi <babak@farrokhi.net>
Date: Sun, 25 Oct 2015 15:58:23 +0330
Subject: [PATCH] - CVS Logging - Update README

---
 README.md | 16 +++++++++++++---
 fsipd.c   | 28 +++++++++++++++++++++-------
 2 files changed, 34 insertions(+), 10 deletions(-)

diff --git a/README.md b/README.md
index 54f2233..e661ce4 100644
--- a/README.md
+++ b/README.md
@@ -2,8 +2,18 @@
 
 fsipd - Fake SIP Daemon
 
-fsipd is a minimal SIP honeypot. It listens on TCP/UDP 5060 and logs all incoming SIP requests along with SRC/DST Source and Port in CSV format or syslog.
+fsipd is a minimal SIP honeypot. It listens on TCP/UDP 5060 and logs all incoming SIP requests along with SRC/DST Source and Port in CSV format.
 
-NOTE: This program depends on [libpidutil](https://github.com/farrokhi/libpidutil)
+## LOG Format
 
-WARNING: This is a work in progress.
+Incoming packets are logged in CSV format in "fsipd.log". Log format is described below:
+
+`epoch, protocol, src ip, src port, "message"`
+
+example:
+
+`1445775973,UDP,127.0.0.1,50751,"INVITE"`
+
+## Dependencies
+
+This program depends on [libpidutil](https://github.com/farrokhi/libpidutil)
diff --git a/fsipd.c b/fsipd.c
index fb0b1de..c8b69b2 100644
--- a/fsipd.c
+++ b/fsipd.c
@@ -114,13 +114,27 @@ signal_handler(int sig)
 }
 
 void
-process_request(const struct sockaddr_in *sa, char *str)
+process_request(const struct sockaddr_in *sa, int type, char *str)
 {
-	/* TODO: change format to CSV */
+	char *s_types[] = {"TCP", "UDP", "RAW", "Unknown"};
+	char *ptype;
+
+	switch (type) {
+		case SOCK_STREAM:
+			ptype = s_types[0];
+			break;
+		case SOCK_DGRAM:
+			ptype = s_types[1];
+			break;
+		case SOCK_RAW:
+			ptype = s_types[2];
+		default:
+			ptype = s_types[3];;
+	}
 
 	chomp(str);
-	log_tsprintf(lfh, "sip: %s, sport: %d, payload: \"%s\"",
-	    inet_ntoa(sa->sin_addr), ntohs(sa->sin_port), str);
+	log_printf(lfh, "%ld,%s,%s,%d,\"%s\"",
+	    time(NULL), ptype, inet_ntoa(sa->sin_addr), ntohs(sa->sin_port), str);
 }
 
 /*
@@ -145,7 +159,7 @@ daemon_start()
 		err(EXIT_FAILURE, "Cannot open or create pidfile");
 	}
 	/* open a log file in current directory */
-	if ((lfh = log_open(NULL, 0644)) == NULL) {
+	if ((lfh = log_open("fsipd.log", 0644)) == NULL) {
 		err(EXIT_FAILURE, "Cannot open log file");
 	}
 	/* setup TCP socket */
@@ -270,7 +284,7 @@ tcp_handler(void *args)
 		}
 		bzero(str, sizeof(str));/* just in case */
 		fgets(str, sizeof(str), client);
-		process_request(&t_other, str);
+		process_request(&t_other, SOCK_STREAM, str);
 		fclose(client);
 	}
 	return (args);			/* mute the compiler warning */
@@ -287,7 +301,7 @@ udp_handler(void *args)
 	sa_len = sizeof(u_other);
 	while (1) {
 		if ((len = recvfrom(u_sockfd, str, sizeof(str), 0, (struct sockaddr *)&u_other, &sa_len)) > 0) {
-			process_request(&u_other, str);
+			process_request(&u_other, SOCK_DGRAM, str);
 		} 
 	}