source: trunk/src/sh_log_parse_generic.c@ 557

Last change on this file since 557 was 481, checked in by katerina, 9 years ago

Enhancements and fixes for tickets #374, #375, #376, #377, #378, and #379.

File size: 2.4 KB
RevLine 
[301]1/**************************************
2 **
3 ** PARSER RULES
4 **
5 ** (a) must set record->host
6 ** (eventually to dummy value)
7 **
8 ** (b) must set record->prefix
9 ** (itoa(status))
10 **
11 **
12 **************************************/
13
14#include "config_xor.h"
15
16#ifdef USE_LOGFILE_MONITOR
17
18#undef FIL__
19#define FIL__ _("sh_log_parse_apache.c")
20
21#include <string.h>
22#include <time.h>
23
24/* Debian/Ubuntu: libpcre3-dev */
25#ifdef HAVE_PCRE_PCRE_H
26#include <pcre/pcre.h>
27#else
28#include <pcre.h>
29#endif
30
31#include "samhain.h"
32#include "sh_log_check.h"
33#include "sh_string.h"
34
35struct sh_fileinfo_generic {
36 pcre * line_regex;
37 int * line_ovector; /* captured substrings */
38 int line_ovecnum; /* how many captured */
39
40 int pos_host;
41 int pos_status;
42 int pos_time;
43 char * format_time;
44};
45
46static void default_time (struct sh_logrecord * record)
47{
[481]48 struct tm ts;
49 struct tm * ts_ptr;
[301]50 char tmp[80];
51 size_t len;
52
53 record->timestamp = time(NULL);
54
55#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_LOCALTIME_R)
[481]56 ts_ptr = localtime_r (&(record->timestamp), &ts);
[301]57#else
[481]58 ts_ptr = localtime(&(record->timestamp));
59 if (ts_ptr)
60 memcpy(&ts, ts_ptr, sizeof(struct tm));
[301]61#endif
[481]62 if (ts_ptr)
63 len = strftime(tmp, sizeof(tmp), _("%Y-%m-%dT%H:%M:%S"), &ts);
64 else
65 {
66 sl_strlcpy(tmp, _("1970-01-01T00:00:00"), sizeof(tmp));
67 len = strlen(tmp);
68 }
[301]69 record->timestr = sh_string_new_from_lchar(tmp, len);
70
71 return;
72}
73
74static void default_host (struct sh_logrecord * record)
75{
76 record->host = sh_string_new_from_lchar(sh.host.name, strlen(sh.host.name));
77 return;
78}
79
80sh_string * sh_read_shell (sh_string * record, struct sh_logfile * logfile)
81{
82 return sh_command_reader (record, logfile);
83}
84
85struct sh_logrecord * sh_parse_shell (sh_string * logline, void * fileinfo)
86{
87 (void) fileinfo;
88
89 if (logline)
90 {
91 struct sh_logrecord * record = SH_ALLOC(sizeof(struct sh_logrecord));
92
93 default_time(record);
94 default_host(record);
95
96 record->message = sh_string_new_from_lchar(sh_string_str(logline),
97 sh_string_len(logline));
98 record->pid = PID_INVALID;
99 return record;
100 }
101 return NULL;
102}
103
104void * sh_eval_fileinfo_generic(char * str)
105{
106 (void) str;
107
108 return NULL;
109}
110
111struct sh_logrecord * sh_parse_generic (sh_string * logline, void * fileinfo)
112{
113 (void) logline;
114 (void) fileinfo;
115
116 return NULL;
117}
118
119#endif
Note: See TracBrowser for help on using the repository browser.