source: trunk/include/sh_log_check.h@ 185

Last change on this file since 185 was 185, checked in by katerina, 16 years ago

Bugfixes for log monitoring, samba logfile parser.
File size: 2.9 KB
Line 
1#ifndef SH_LOGCHECK_H
2#define SH_LOGCHECK_H
3
4#include <sys/types.h>
5#include <time.h>
6
7/* Convert a struct tm to unix timestamp with caching
8 */
9time_t conv_timestamp (struct tm * btime,
10 struct tm * old_tm, time_t * old_time);
11
12/* Definition of a log record entry, to be returned from parsing function.
13 */
14#define PID_INVALID 0
15struct sh_logrecord
16{
17 char * filename;
18 sh_string * prefix; /* actually a string to group messages */
19 sh_string * host;
20 sh_string * timestr;
21 pid_t pid;
22 time_t timestamp;
23 sh_string * message;
24};
25
26#define SH_LOGFILE_MOVED (1<<0)
27#define SH_LOGFILE_REWIND (1<<1)
28
29struct sh_logfile
30{
31 FILE * fp;
32 int flags;
33 char * filename;
34 dev_t device_id;
35 ino_t inode;
36 fpos_t offset;
37
38 /* Info for the parser, e.g. a regular expression
39 */
40 void * fileinfo;
41
42 /* Callback function to read the next record
43 */
44 sh_string * (*get_record) (sh_string * record,
45 struct sh_logfile * logfile);
46
47 /* Callback function to parse the record into standard format
48 */
49 struct sh_logrecord * (*parse_record)(sh_string * logline, void * fileinfo);
50
51 struct sh_logfile * next;
52};
53
54/****************************************************************
55 **
56 ** Parsing and reading functions
57 **/
58
59/* Open file, position at stored offset. */
60int sh_open_for_reader (struct sh_logfile * logfile);
61
62/* Simple line reader. */
63sh_string * sh_default_reader (sh_string * record,
64 struct sh_logfile * logfile);
65
66/* Continued line reader. */
67sh_string * sh_cont_reader (sh_string * record,
68 struct sh_logfile * logfile, char * cont);
69
70/* Binary reader */
71sh_string * sh_binary_reader (void * s, size_t size, struct sh_logfile * logfile);
72
73/* Parses a syslog-style line. */
74struct sh_logrecord * sh_parse_syslog (sh_string * logline, void * fileinfo);
75
76/* Format info for apache log. */
77void * sh_eval_fileinfo_apache(char * str);
78
79/* Parses a apache-style line. */
80struct sh_logrecord * sh_parse_apache (sh_string * logline, void * fileinfo);
81
82/* Get a pacct record */
83sh_string * sh_read_pacct (sh_string * record, struct sh_logfile * logfile);
84
85/* Parses a pacct record. */
86struct sh_logrecord * sh_parse_pacct (sh_string * logline, void * fileinfo);
87
88/* Get a samba record */
89sh_string * sh_read_samba (sh_string * record, struct sh_logfile * logfile);
90
91/* Parses a samba record. */
92struct sh_logrecord * sh_parse_samba (sh_string * logline, void * fileinfo);
93
94
95/**
96*****************************************************************/
97
98int sh_get_hidepid();
99int sh_set_hidepid(const char *s);
100
101#define SH_MAX_LCODE_SIZE 16
102
103struct sh_logfile_type
104{
105 char code[SH_MAX_LCODE_SIZE];
106
107 /* read callback */
108 /*@null@*/sh_string * (*get_record) (sh_string * record,
109 struct sh_logfile * logfile);
110 /* parsing callback */
111 struct sh_logrecord * (*parse_record)(sh_string * logline, void * fileinfo);
112
113 /* evaluate fileinfo */
114 void * (*eval_fileinfo)(char * str);
115};
116
117
118#endif
Note: See TracBrowser for help on using the repository browser.