> Everything is easy once you know how. Please supply us with the details
> of [scif traffic] and [convert to ascii]. I know it's all just various
> combinations of 1s and 0s, but I wouldn't call it "trivial". :-)
:READ SYSLOGD EXEC
/* be SECUSER for OPERATOR so you're getting its console traffic */
'CP SET CPCONIO IUCV' /* is this needed? */
'PIPE STARMSG | LOCATE 1.8 /00000008/' ,
'| SPEC /<6>/ N 9-* N | XLATE A2E' ,
'| SPEC /0000000000000000/ X2C N /0002020299999999/ X2C N' ,
'/0000000000000000/ X2C N 1-* N' ,
'| UDP 514'
Notes:
1: I forget if CPCONIO needs to be set or not!
In any case, SCIF traffic is prefixed with "8" by STARMSG,
so the 'LOCATE' eliminates any other traffic (eg: MSG, WNG).
2: The prefix "<6>" is a SYSLOG constant. You may wish to change it.
It means "kernel" facility (0) and "info" level or priority (6).
And this example does not throw a date stamp into the packets,
so is a poor implementation for the real world. (Linux SYSLOG
would fix this for you.) This example also does not supply
the expected-but-not-required formatting you usually see in
/var/log/messages. You'll recognize your VM traffic! ;-)
3: 'XLATE A2E' is cruddy!
It assumes codepage 500. Proper codepage to use is 1047
(with adjustments for "hat" and "not"). Real world would
slurp translations from SYSLOG TCPXLBIN and feed to XLATE.
4: Do a HELP PIPE UDP for details on the hex constants
in the 'SPEC' stage feeding it. "99999999" is the hex address
of the target SYSLOG server. Fill in your own IP addr in hex.
5: Linux SYSLOG will NOT receive remote traffic
unless launched with the '-r' option. SuSE and RedHat
of course have different ways of supplying that option.
6: This is in response to Alan's request, and is utterly untested.
-- R;
