1 | #ifndef SH_LOGCHECK_H
|
---|
2 | #define SH_LOGCHECK_H
|
---|
3 |
|
---|
4 | #include <sys/types.h>
|
---|
5 | #include <time.h>
|
---|
6 |
|
---|
7 | /* Convert a struct tm to unix timestamp with caching
|
---|
8 | */
|
---|
9 | time_t conv_timestamp (struct tm * btime,
|
---|
10 | struct tm * old_tm, time_t * old_time);
|
---|
11 |
|
---|
12 | /* Definition of a log record entry, to be returned from parsing function.
|
---|
13 | */
|
---|
14 | #define PID_INVALID 0
|
---|
15 | struct sh_logrecord
|
---|
16 | {
|
---|
17 | char * filename;
|
---|
18 | sh_string * host;
|
---|
19 | sh_string * timestr;
|
---|
20 | pid_t pid;
|
---|
21 | time_t timestamp;
|
---|
22 | sh_string * message;
|
---|
23 | };
|
---|
24 |
|
---|
25 | #define SH_LOGFILE_MOVED (1<<0)
|
---|
26 | #define SH_LOGFILE_REWIND (1<<1)
|
---|
27 | #define SH_LOGFILE_PIPE (1<<2)
|
---|
28 | #define SH_LOGFILE_NOFILE (1<<3)
|
---|
29 |
|
---|
30 | struct sh_logfile
|
---|
31 | {
|
---|
32 | FILE * fp;
|
---|
33 | int flags;
|
---|
34 | char * filename;
|
---|
35 | dev_t device_id;
|
---|
36 | ino_t inode;
|
---|
37 | fpos_t offset;
|
---|
38 |
|
---|
39 | /* Info for the parser, e.g. a regular expression
|
---|
40 | */
|
---|
41 | void * fileinfo;
|
---|
42 |
|
---|
43 | /* Callback function to read the next record
|
---|
44 | */
|
---|
45 | sh_string * (*get_record) (sh_string * record,
|
---|
46 | struct sh_logfile * logfile);
|
---|
47 |
|
---|
48 | /* Callback function to parse the record into standard format
|
---|
49 | */
|
---|
50 | struct sh_logrecord * (*parse_record)(sh_string * logline, void * fileinfo);
|
---|
51 |
|
---|
52 | struct sh_logfile * next;
|
---|
53 | };
|
---|
54 |
|
---|
55 | /* Generic callback function to parse fileinfo.
|
---|
56 | */
|
---|
57 | void * sh_eval_fileinfo_generic(char * str);
|
---|
58 |
|
---|
59 | /* Generic parser info.
|
---|
60 | */
|
---|
61 | struct sh_logrecord * sh_parse_generic (sh_string * logline, void * fileinfo);
|
---|
62 |
|
---|
63 |
|
---|
64 | /****************************************************************
|
---|
65 | **
|
---|
66 | ** Parsing and reading functions
|
---|
67 | **/
|
---|
68 |
|
---|
69 | /* Open file, position at stored offset. */
|
---|
70 | int sh_open_for_reader (struct sh_logfile * logfile);
|
---|
71 |
|
---|
72 | /* Simple line reader for executed shell command */
|
---|
73 | sh_string * sh_command_reader (sh_string * record,
|
---|
74 | struct sh_logfile * logfile);
|
---|
75 |
|
---|
76 | /* Wrapper for sh_command_reader */
|
---|
77 | sh_string * sh_read_shell (sh_string * record, struct sh_logfile * logfile);
|
---|
78 |
|
---|
79 | /* Simple line reader. */
|
---|
80 | sh_string * sh_default_reader (sh_string * record,
|
---|
81 | struct sh_logfile * logfile);
|
---|
82 |
|
---|
83 | /* Continued line reader. */
|
---|
84 | sh_string * sh_cont_reader (sh_string * record,
|
---|
85 | struct sh_logfile * logfile, char * cont);
|
---|
86 |
|
---|
87 | /* Binary reader */
|
---|
88 | sh_string * sh_binary_reader (void * s, size_t size, struct sh_logfile * logfile);
|
---|
89 |
|
---|
90 | /* Parses a syslog-style line. */
|
---|
91 | struct sh_logrecord * sh_parse_syslog (sh_string * logline, void * fileinfo);
|
---|
92 |
|
---|
93 | /* Format info for apache log. */
|
---|
94 | void * sh_eval_fileinfo_apache(char * str);
|
---|
95 |
|
---|
96 | /* Parses a apache-style line. */
|
---|
97 | struct sh_logrecord * sh_parse_apache (sh_string * logline, void * fileinfo);
|
---|
98 |
|
---|
99 | /* Get a pacct record */
|
---|
100 | sh_string * sh_read_pacct (sh_string * record, struct sh_logfile * logfile);
|
---|
101 |
|
---|
102 | /* Parses a pacct record. */
|
---|
103 | struct sh_logrecord * sh_parse_pacct (sh_string * logline, void * fileinfo);
|
---|
104 |
|
---|
105 | /* Get a samba record */
|
---|
106 | sh_string * sh_read_samba (sh_string * record, struct sh_logfile * logfile);
|
---|
107 |
|
---|
108 | /* Parses a samba record. */
|
---|
109 | struct sh_logrecord * sh_parse_samba (sh_string * logline, void * fileinfo);
|
---|
110 |
|
---|
111 |
|
---|
112 | /**
|
---|
113 | *****************************************************************/
|
---|
114 |
|
---|
115 | int sh_get_hidepid();
|
---|
116 | int sh_set_hidepid(const char *s);
|
---|
117 |
|
---|
118 | #define SH_MAX_LCODE_SIZE 16
|
---|
119 |
|
---|
120 | struct sh_logfile_type
|
---|
121 | {
|
---|
122 | char code[SH_MAX_LCODE_SIZE];
|
---|
123 |
|
---|
124 | /* read callback */
|
---|
125 | /*@null@*/sh_string * (*get_record) (sh_string * record,
|
---|
126 | struct sh_logfile * logfile);
|
---|
127 | /* parsing callback */
|
---|
128 | struct sh_logrecord * (*parse_record)(sh_string * logline, void * fileinfo);
|
---|
129 |
|
---|
130 | /* evaluate fileinfo */
|
---|
131 | void * (*eval_fileinfo)(char * str);
|
---|
132 | };
|
---|
133 |
|
---|
134 |
|
---|
135 | #endif
|
---|