source: trunk/src/sh_log_parse_generic.c@ 588

Last change on this file since 588 was 588, checked in by katerina, 30 hours ago

Fix for ticket #476 (move logfile monitoring module from PCRE to PCRE2).
File size: 2.5 KB
RevLine 
[301]1/**************************************
2 **
3 ** PARSER RULES
4 **
5 ** (a) must set record->host
6 ** (eventually to dummy value)
7 **
8 ** (b) must set record->prefix
9 ** (itoa(status))
10 **
11 **
12 **************************************/
13
14#include "config_xor.h"
15
16#ifdef USE_LOGFILE_MONITOR
17
18#undef FIL__
19#define FIL__ _("sh_log_parse_apache.c")
20
21#include <string.h>
22#include <time.h>
23
[588]24/* Debian/Ubuntu: libpcre2-dev */
25#define PCRE2_CODE_UNIT_WIDTH 8
26#ifdef HAVE_PCRE2_PCRE2_H
27#include <pcre2/pcre2.h>
[301]28#else
[588]29#include <pcre2.h>
[301]30#endif
31
32#include "samhain.h"
33#include "sh_log_check.h"
34#include "sh_string.h"
35
36struct sh_fileinfo_generic {
[588]37 pcre2_code * line_regex;
38 pcre2_match_data * line_match_data; /* captured substrings */
39 int line_ovecnum; /* how many captured */
[301]40
41 int pos_host;
42 int pos_status;
43 int pos_time;
44 char * format_time;
45};
46
47static void default_time (struct sh_logrecord * record)
48{
[481]49 struct tm ts;
50 struct tm * ts_ptr;
[301]51 char tmp[80];
52 size_t len;
53
54 record->timestamp = time(NULL);
55
56#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_LOCALTIME_R)
[481]57 ts_ptr = localtime_r (&(record->timestamp), &ts);
[301]58#else
[481]59 ts_ptr = localtime(&(record->timestamp));
60 if (ts_ptr)
61 memcpy(&ts, ts_ptr, sizeof(struct tm));
[301]62#endif
[481]63 if (ts_ptr)
64 len = strftime(tmp, sizeof(tmp), _("%Y-%m-%dT%H:%M:%S"), &ts);
65 else
66 {
67 sl_strlcpy(tmp, _("1970-01-01T00:00:00"), sizeof(tmp));
68 len = strlen(tmp);
69 }
[301]70 record->timestr = sh_string_new_from_lchar(tmp, len);
71
72 return;
73}
74
75static void default_host (struct sh_logrecord * record)
76{
77 record->host = sh_string_new_from_lchar(sh.host.name, strlen(sh.host.name));
78 return;
79}
80
81sh_string * sh_read_shell (sh_string * record, struct sh_logfile * logfile)
82{
83 return sh_command_reader (record, logfile);
84}
85
86struct sh_logrecord * sh_parse_shell (sh_string * logline, void * fileinfo)
87{
88 (void) fileinfo;
89
90 if (logline)
91 {
92 struct sh_logrecord * record = SH_ALLOC(sizeof(struct sh_logrecord));
93
94 default_time(record);
95 default_host(record);
96
97 record->message = sh_string_new_from_lchar(sh_string_str(logline),
98 sh_string_len(logline));
99 record->pid = PID_INVALID;
100 return record;
101 }
102 return NULL;
103}
104
105void * sh_eval_fileinfo_generic(char * str)
106{
107 (void) str;
108
109 return NULL;
110}
111
112struct sh_logrecord * sh_parse_generic (sh_string * logline, void * fileinfo)
113{
114 (void) logline;
115 (void) fileinfo;
116
117 return NULL;
118}
119
120#endif
Note: See TracBrowser for help on using the repository browser.