source: trunk/src/sh_log_parse_generic.c@ 335

Last change on this file since 335 was 301, checked in by katerina, 14 years ago

Add missing file.

File size: 2.3 KB
Line 
1/**************************************
2 **
3 ** PARSER RULES
4 **
5 ** (a) must set record->host
6 ** (eventually to dummy value)
7 **
8 ** (b) must set record->prefix
9 ** (itoa(status))
10 **
11 **
12 **************************************/
13
14#include "config_xor.h"
15
16#ifdef USE_LOGFILE_MONITOR
17
18#undef FIL__
19#define FIL__ _("sh_log_parse_apache.c")
20
21#include <string.h>
22#include <time.h>
23
24/* Debian/Ubuntu: libpcre3-dev */
25#ifdef HAVE_PCRE_PCRE_H
26#include <pcre/pcre.h>
27#else
28#include <pcre.h>
29#endif
30
31#include "samhain.h"
32#include "sh_log_check.h"
33#include "sh_string.h"
34
35struct sh_fileinfo_generic {
36 pcre * line_regex;
37 int * line_ovector; /* captured substrings */
38 int line_ovecnum; /* how many captured */
39
40 int pos_host;
41 int pos_status;
42 int pos_time;
43 char * format_time;
44};
45
46static void default_time (struct sh_logrecord * record)
47{
48 struct tm ts;
49 struct tm * ts_p;
50 char tmp[80];
51 size_t len;
52
53 record->timestamp = time(NULL);
54
55#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_LOCALTIME_R)
56 ts_p = localtime_r (&(record->timestamp), &ts);
57#else
58 ts_p = localtime (&(record->timestamp));
59 memcpy(&ts, ts_p, sizeof(struct tm));
60#endif
61 len = strftime(tmp, sizeof(tmp), _("%Y-%m-%dT%H:%M:%S"), &ts);
62
63 record->timestr = sh_string_new_from_lchar(tmp, len);
64
65 return;
66}
67
68static void default_host (struct sh_logrecord * record)
69{
70 record->host = sh_string_new_from_lchar(sh.host.name, strlen(sh.host.name));
71 return;
72}
73
74sh_string * sh_read_shell (sh_string * record, struct sh_logfile * logfile)
75{
76 return sh_command_reader (record, logfile);
77}
78
79struct sh_logrecord * sh_parse_shell (sh_string * logline, void * fileinfo)
80{
81 (void) fileinfo;
82
83 if (logline)
84 {
85 struct sh_logrecord * record = SH_ALLOC(sizeof(struct sh_logrecord));
86
87 default_time(record);
88 default_host(record);
89
90 record->message = sh_string_new_from_lchar(sh_string_str(logline),
91 sh_string_len(logline));
92 record->pid = PID_INVALID;
93 return record;
94 }
95 return NULL;
96}
97
98void * sh_eval_fileinfo_generic(char * str)
99{
100 (void) str;
101
102 return NULL;
103}
104
105struct sh_logrecord * sh_parse_generic (sh_string * logline, void * fileinfo)
106{
107 (void) logline;
108 (void) fileinfo;
109
110 return NULL;
111}
112
113#endif
Note: See TracBrowser for help on using the repository browser.