1 | #ifndef SH_LOGCHECK_H
|
---|
2 | #define SH_LOGCHECK_H
|
---|
3 |
|
---|
4 | #include <sys/types.h>
|
---|
5 | #include <time.h>
|
---|
6 |
|
---|
7 | /* Convert a struct tm to unix timestamp with caching
|
---|
8 | */
|
---|
9 | time_t conv_timestamp (struct tm * btime,
|
---|
10 | struct tm * old_tm, time_t * old_time);
|
---|
11 |
|
---|
12 | /* Definition of a log record entry, to be returned from parsing function.
|
---|
13 | */
|
---|
14 | #define PID_INVALID 0
|
---|
15 | struct sh_logrecord
|
---|
16 | {
|
---|
17 | char * filename;
|
---|
18 | sh_string * host;
|
---|
19 | sh_string * timestr;
|
---|
20 | pid_t pid;
|
---|
21 | time_t timestamp;
|
---|
22 | sh_string * message;
|
---|
23 | };
|
---|
24 |
|
---|
25 | #define SH_LOGFILE_MOVED (1<<0)
|
---|
26 | #define SH_LOGFILE_REWIND (1<<1)
|
---|
27 | #define SH_LOGFILE_PIPE (1<<2)
|
---|
28 |
|
---|
29 | struct sh_logfile
|
---|
30 | {
|
---|
31 | FILE * fp;
|
---|
32 | int flags;
|
---|
33 | char * filename;
|
---|
34 | dev_t device_id;
|
---|
35 | ino_t inode;
|
---|
36 | fpos_t offset;
|
---|
37 |
|
---|
38 | /* Info for the parser, e.g. a regular expression
|
---|
39 | */
|
---|
40 | void * fileinfo;
|
---|
41 |
|
---|
42 | /* Callback function to read the next record
|
---|
43 | */
|
---|
44 | sh_string * (*get_record) (sh_string * record,
|
---|
45 | struct sh_logfile * logfile);
|
---|
46 |
|
---|
47 | /* Callback function to parse the record into standard format
|
---|
48 | */
|
---|
49 | struct sh_logrecord * (*parse_record)(sh_string * logline, void * fileinfo);
|
---|
50 |
|
---|
51 | struct sh_logfile * next;
|
---|
52 | };
|
---|
53 |
|
---|
54 | /****************************************************************
|
---|
55 | **
|
---|
56 | ** Parsing and reading functions
|
---|
57 | **/
|
---|
58 |
|
---|
59 | /* Open file, position at stored offset. */
|
---|
60 | int sh_open_for_reader (struct sh_logfile * logfile);
|
---|
61 |
|
---|
62 | /* Simple line reader. */
|
---|
63 | sh_string * sh_default_reader (sh_string * record,
|
---|
64 | struct sh_logfile * logfile);
|
---|
65 |
|
---|
66 | /* Continued line reader. */
|
---|
67 | sh_string * sh_cont_reader (sh_string * record,
|
---|
68 | struct sh_logfile * logfile, char * cont);
|
---|
69 |
|
---|
70 | /* Binary reader */
|
---|
71 | sh_string * sh_binary_reader (void * s, size_t size, struct sh_logfile * logfile);
|
---|
72 |
|
---|
73 | /* Parses a syslog-style line. */
|
---|
74 | struct sh_logrecord * sh_parse_syslog (sh_string * logline, void * fileinfo);
|
---|
75 |
|
---|
76 | /* Format info for apache log. */
|
---|
77 | void * sh_eval_fileinfo_apache(char * str);
|
---|
78 |
|
---|
79 | /* Parses a apache-style line. */
|
---|
80 | struct sh_logrecord * sh_parse_apache (sh_string * logline, void * fileinfo);
|
---|
81 |
|
---|
82 | /* Get a pacct record */
|
---|
83 | sh_string * sh_read_pacct (sh_string * record, struct sh_logfile * logfile);
|
---|
84 |
|
---|
85 | /* Parses a pacct record. */
|
---|
86 | struct sh_logrecord * sh_parse_pacct (sh_string * logline, void * fileinfo);
|
---|
87 |
|
---|
88 | /* Get a samba record */
|
---|
89 | sh_string * sh_read_samba (sh_string * record, struct sh_logfile * logfile);
|
---|
90 |
|
---|
91 | /* Parses a samba record. */
|
---|
92 | struct sh_logrecord * sh_parse_samba (sh_string * logline, void * fileinfo);
|
---|
93 |
|
---|
94 |
|
---|
95 | /**
|
---|
96 | *****************************************************************/
|
---|
97 |
|
---|
98 | int sh_get_hidepid();
|
---|
99 | int sh_set_hidepid(const char *s);
|
---|
100 |
|
---|
101 | #define SH_MAX_LCODE_SIZE 16
|
---|
102 |
|
---|
103 | struct sh_logfile_type
|
---|
104 | {
|
---|
105 | char code[SH_MAX_LCODE_SIZE];
|
---|
106 |
|
---|
107 | /* read callback */
|
---|
108 | /*@null@*/sh_string * (*get_record) (sh_string * record,
|
---|
109 | struct sh_logfile * logfile);
|
---|
110 | /* parsing callback */
|
---|
111 | struct sh_logrecord * (*parse_record)(sh_string * logline, void * fileinfo);
|
---|
112 |
|
---|
113 | /* evaluate fileinfo */
|
---|
114 | void * (*eval_fileinfo)(char * str);
|
---|
115 | };
|
---|
116 |
|
---|
117 |
|
---|
118 | #endif
|
---|