source: trunk/src/sh_log_parse_generic.c@ 425

Last change on this file since 425 was 362, checked in by katerina, 13 years ago

Fix for ticket #267 (Multiple compiler warnings with gcc 4.6.1).

File size: 2.2 KB
Line 
1/**************************************
2 **
3 ** PARSER RULES
4 **
5 ** (a) must set record->host
6 ** (eventually to dummy value)
7 **
8 ** (b) must set record->prefix
9 ** (itoa(status))
10 **
11 **
12 **************************************/
13
14#include "config_xor.h"
15
16#ifdef USE_LOGFILE_MONITOR
17
18#undef FIL__
19#define FIL__ _("sh_log_parse_apache.c")
20
21#include <string.h>
22#include <time.h>
23
24/* Debian/Ubuntu: libpcre3-dev */
25#ifdef HAVE_PCRE_PCRE_H
26#include <pcre/pcre.h>
27#else
28#include <pcre.h>
29#endif
30
31#include "samhain.h"
32#include "sh_log_check.h"
33#include "sh_string.h"
34
35struct sh_fileinfo_generic {
36 pcre * line_regex;
37 int * line_ovector; /* captured substrings */
38 int line_ovecnum; /* how many captured */
39
40 int pos_host;
41 int pos_status;
42 int pos_time;
43 char * format_time;
44};
45
46static void default_time (struct sh_logrecord * record)
47{
48 struct tm ts;
49 char tmp[80];
50 size_t len;
51
52 record->timestamp = time(NULL);
53
54#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_LOCALTIME_R)
55 localtime_r (&(record->timestamp), &ts);
56#else
57 memcpy(&ts, localtime(&(record->timestamp)), sizeof(struct tm));
58#endif
59 len = strftime(tmp, sizeof(tmp), _("%Y-%m-%dT%H:%M:%S"), &ts);
60
61 record->timestr = sh_string_new_from_lchar(tmp, len);
62
63 return;
64}
65
66static void default_host (struct sh_logrecord * record)
67{
68 record->host = sh_string_new_from_lchar(sh.host.name, strlen(sh.host.name));
69 return;
70}
71
72sh_string * sh_read_shell (sh_string * record, struct sh_logfile * logfile)
73{
74 return sh_command_reader (record, logfile);
75}
76
77struct sh_logrecord * sh_parse_shell (sh_string * logline, void * fileinfo)
78{
79 (void) fileinfo;
80
81 if (logline)
82 {
83 struct sh_logrecord * record = SH_ALLOC(sizeof(struct sh_logrecord));
84
85 default_time(record);
86 default_host(record);
87
88 record->message = sh_string_new_from_lchar(sh_string_str(logline),
89 sh_string_len(logline));
90 record->pid = PID_INVALID;
91 return record;
92 }
93 return NULL;
94}
95
96void * sh_eval_fileinfo_generic(char * str)
97{
98 (void) str;
99
100 return NULL;
101}
102
103struct sh_logrecord * sh_parse_generic (sh_string * logline, void * fileinfo)
104{
105 (void) logline;
106 (void) fileinfo;
107
108 return NULL;
109}
110
111#endif
Note: See TracBrowser for help on using the repository browser.