source: tags/4.1.0/include/sh_log_check.h

Last change on this file was 276, checked in by katerina, 10 years ago

Fix for bugs in log monitoring (tickets #196, #199), and allow shell command monitoring (ticket #197).

File size: 3.5 KB
Line 
1#ifndef SH_LOGCHECK_H
2#define SH_LOGCHECK_H
3
4#include <sys/types.h>
5#include <time.h>
6
7/* Convert a struct tm to unix timestamp with caching
8 */
9time_t conv_timestamp (struct tm * btime, 
10                       struct tm * old_tm, time_t * old_time);
11
12/* Definition of a log record entry, to be returned from parsing function.
13 */
14#define PID_INVALID 0
15struct sh_logrecord
16{
17  char      * filename;
18  sh_string * host;
19  sh_string * timestr;
20  pid_t       pid;
21  time_t      timestamp;
22  sh_string * message;
23};
24
25#define SH_LOGFILE_MOVED  (1<<0)
26#define SH_LOGFILE_REWIND (1<<1)
27#define SH_LOGFILE_PIPE   (1<<2)
28#define SH_LOGFILE_NOFILE (1<<3)
29
30struct sh_logfile
31{
32  FILE * fp;
33  int    flags;
34  char * filename;
35  dev_t  device_id;
36  ino_t  inode;
37  fpos_t offset;
38
39  /* Info for the parser, e.g. a regular expression
40   */
41  void * fileinfo;
42
43  /* Callback function to read the next record
44   */
45  sh_string *           (*get_record)  (sh_string * record, 
46                                        struct sh_logfile * logfile);
47
48  /* Callback function to parse the record into standard format
49   */
50  struct sh_logrecord * (*parse_record)(sh_string * logline, void * fileinfo);
51
52  struct sh_logfile * next;
53};
54
55/* Generic callback function to parse fileinfo.
56 */
57void * sh_eval_fileinfo_generic(char * str);
58
59/* Generic parser info.
60 */
61struct sh_logrecord * sh_parse_generic (sh_string * logline, void * fileinfo);
62
63
64/****************************************************************
65 **
66 ** Parsing and reading functions
67 **/
68
69/* Open file, position at stored offset. */
70int sh_open_for_reader (struct sh_logfile * logfile);
71
72/* Simple line reader for executed shell command   */ 
73sh_string * sh_command_reader (sh_string * record, 
74                               struct sh_logfile * logfile);
75
76/* Wrapper for sh_command_reader */
77sh_string * sh_read_shell (sh_string * record, struct sh_logfile * logfile);
78
79/* Parses a shell command reply. */
80struct sh_logrecord * sh_parse_shell (sh_string * logline, void * fileinfo);
81
82/* Simple line reader.   */ 
83sh_string * sh_default_reader (sh_string * record, 
84                               struct sh_logfile * logfile);
85
86/* Continued line reader.   */ 
87sh_string * sh_cont_reader (sh_string * record, 
88                            struct sh_logfile * logfile, char * cont);
89
90/* Binary reader */
91sh_string * sh_binary_reader (void * s, size_t size, struct sh_logfile * logfile);
92
93/* Parses a syslog-style line. */
94struct sh_logrecord * sh_parse_syslog (sh_string * logline, void * fileinfo);
95
96/* Format info for apache log. */
97void * sh_eval_fileinfo_apache(char * str);
98
99/* Parses a apache-style line. */
100struct sh_logrecord * sh_parse_apache (sh_string * logline, void * fileinfo);
101
102/* Get a pacct record */
103sh_string * sh_read_pacct (sh_string * record, struct sh_logfile * logfile);
104
105/* Parses a pacct record. */
106struct sh_logrecord * sh_parse_pacct (sh_string * logline, void * fileinfo);
107
108/* Get a samba record */
109sh_string * sh_read_samba (sh_string * record, struct sh_logfile * logfile);
110
111/* Parses a samba record. */
112struct sh_logrecord * sh_parse_samba (sh_string * logline, void * fileinfo);
113
114
115/**
116*****************************************************************/
117
118int sh_get_hidepid();
119int sh_set_hidepid(const char *s);
120
121#define SH_MAX_LCODE_SIZE 16
122
123struct sh_logfile_type
124{
125  char code[SH_MAX_LCODE_SIZE];
126
127  /* read callback */
128  /*@null@*/sh_string * (*get_record)  (sh_string * record,
129                                        struct sh_logfile * logfile);
130  /* parsing callback */
131  struct sh_logrecord * (*parse_record)(sh_string * logline, void * fileinfo);
132
133  /* evaluate fileinfo */
134  void * (*eval_fileinfo)(char * str); 
135};
136
137
138#endif
Note: See TracBrowser for help on using the repository browser.