source: trunk/include/sh_log_check.h@ 228

Last change on this file since 228 was 186, checked in by katerina, 16 years ago

More fixes for log monitoring, and documentation update.
File size: 2.8 KB
Line 
1#ifndef SH_LOGCHECK_H
2#define SH_LOGCHECK_H
3
4#include <sys/types.h>
5#include <time.h>
6
7/* Convert a struct tm to unix timestamp with caching
8 */
9time_t conv_timestamp (struct tm * btime,
10 struct tm * old_tm, time_t * old_time);
11
12/* Definition of a log record entry, to be returned from parsing function.
13 */
14#define PID_INVALID 0
15struct sh_logrecord
16{
17 char * filename;
18 sh_string * host;
19 sh_string * timestr;
20 pid_t pid;
21 time_t timestamp;
22 sh_string * message;
23};
24
25#define SH_LOGFILE_MOVED (1<<0)
26#define SH_LOGFILE_REWIND (1<<1)
27
28struct sh_logfile
29{
30 FILE * fp;
31 int flags;
32 char * filename;
33 dev_t device_id;
34 ino_t inode;
35 fpos_t offset;
36
37 /* Info for the parser, e.g. a regular expression
38 */
39 void * fileinfo;
40
41 /* Callback function to read the next record
42 */
43 sh_string * (*get_record) (sh_string * record,
44 struct sh_logfile * logfile);
45
46 /* Callback function to parse the record into standard format
47 */
48 struct sh_logrecord * (*parse_record)(sh_string * logline, void * fileinfo);
49
50 struct sh_logfile * next;
51};
52
53/****************************************************************
54 **
55 ** Parsing and reading functions
56 **/
57
58/* Open file, position at stored offset. */
59int sh_open_for_reader (struct sh_logfile * logfile);
60
61/* Simple line reader. */
62sh_string * sh_default_reader (sh_string * record,
63 struct sh_logfile * logfile);
64
65/* Continued line reader. */
66sh_string * sh_cont_reader (sh_string * record,
67 struct sh_logfile * logfile, char * cont);
68
69/* Binary reader */
70sh_string * sh_binary_reader (void * s, size_t size, struct sh_logfile * logfile);
71
72/* Parses a syslog-style line. */
73struct sh_logrecord * sh_parse_syslog (sh_string * logline, void * fileinfo);
74
75/* Format info for apache log. */
76void * sh_eval_fileinfo_apache(char * str);
77
78/* Parses a apache-style line. */
79struct sh_logrecord * sh_parse_apache (sh_string * logline, void * fileinfo);
80
81/* Get a pacct record */
82sh_string * sh_read_pacct (sh_string * record, struct sh_logfile * logfile);
83
84/* Parses a pacct record. */
85struct sh_logrecord * sh_parse_pacct (sh_string * logline, void * fileinfo);
86
87/* Get a samba record */
88sh_string * sh_read_samba (sh_string * record, struct sh_logfile * logfile);
89
90/* Parses a samba record. */
91struct sh_logrecord * sh_parse_samba (sh_string * logline, void * fileinfo);
92
93
94/**
95*****************************************************************/
96
97int sh_get_hidepid();
98int sh_set_hidepid(const char *s);
99
100#define SH_MAX_LCODE_SIZE 16
101
102struct sh_logfile_type
103{
104 char code[SH_MAX_LCODE_SIZE];
105
106 /* read callback */
107 /*@null@*/sh_string * (*get_record) (sh_string * record,
108 struct sh_logfile * logfile);
109 /* parsing callback */
110 struct sh_logrecord * (*parse_record)(sh_string * logline, void * fileinfo);
111
112 /* evaluate fileinfo */
113 void * (*eval_fileinfo)(char * str);
114};
115
116
117#endif
Note: See TracBrowser for help on using the repository browser.