source: trunk/src/sh_log_parse_generic.c

Last change on this file was 481, checked in by katerina, 6 years ago

Enhancements and fixes for tickets #374, #375, #376, #377, #378, and #379.

File size: 2.4 KB
Line 
1/**************************************
2 **
3 ** PARSER RULES
4 **
5 ** (a) must set record->host
6 **     (eventually to dummy value)
7 **
8 ** (b) must set record->prefix
9 **     (itoa(status))
10 **
11 **
12 **************************************/
13
14#include "config_xor.h"
15
16#ifdef USE_LOGFILE_MONITOR
17
18#undef  FIL__
19#define FIL__  _("sh_log_parse_apache.c")
20
21#include <string.h>
22#include <time.h>
23
24/* Debian/Ubuntu: libpcre3-dev */
25#ifdef HAVE_PCRE_PCRE_H
26#include <pcre/pcre.h>
27#else
28#include <pcre.h>
29#endif
30
31#include "samhain.h"
32#include "sh_log_check.h"
33#include "sh_string.h"
34
35struct sh_fileinfo_generic {
36  pcre * line_regex;
37  int  * line_ovector;         /* captured substrings     */
38  int    line_ovecnum;         /* how many captured       */
39 
40  int    pos_host;
41  int    pos_status;
42  int    pos_time;
43  char * format_time;
44};
45
46static void default_time (struct sh_logrecord * record)
47{
48  struct tm   ts;
49  struct tm * ts_ptr;
50  char   tmp[80];
51  size_t len;
52
53  record->timestamp = time(NULL);
54 
55#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_LOCALTIME_R)
56  ts_ptr = localtime_r (&(record->timestamp), &ts);
57#else
58  ts_ptr = localtime(&(record->timestamp));
59  if (ts_ptr)
60    memcpy(&ts, ts_ptr, sizeof(struct tm));
61#endif
62  if (ts_ptr)
63    len = strftime(tmp, sizeof(tmp), _("%Y-%m-%dT%H:%M:%S"), &ts);
64  else
65    {
66      sl_strlcpy(tmp, _("1970-01-01T00:00:00"), sizeof(tmp));
67      len = strlen(tmp);
68    } 
69  record->timestr   = sh_string_new_from_lchar(tmp, len);
70
71  return;
72}
73
74static void default_host (struct sh_logrecord * record)
75{
76  record->host      = sh_string_new_from_lchar(sh.host.name, strlen(sh.host.name));
77  return;
78}
79
80sh_string * sh_read_shell (sh_string * record, struct sh_logfile * logfile)
81{
82  return sh_command_reader (record, logfile);
83}
84
85struct sh_logrecord * sh_parse_shell (sh_string * logline, void * fileinfo)
86{
87  (void) fileinfo;
88
89  if (logline)
90    {
91      struct sh_logrecord * record = SH_ALLOC(sizeof(struct sh_logrecord));
92
93      default_time(record);
94      default_host(record);
95
96      record->message   = sh_string_new_from_lchar(sh_string_str(logline), 
97                                                   sh_string_len(logline));
98      record->pid       = PID_INVALID;
99      return record;
100    }
101  return NULL;
102}
103
104void * sh_eval_fileinfo_generic(char * str)
105{
106  (void) str;
107
108  return NULL;
109}
110
111struct sh_logrecord * sh_parse_generic (sh_string * logline, void * fileinfo)
112{
113  (void) logline;
114  (void) fileinfo;
115
116  return NULL;
117}
118
119#endif
Note: See TracBrowser for help on using the repository browser.