- Timestamp:
- Sep 19, 2011, 8:27:45 PM (13 years ago)
- Location:
- trunk
- Files:
-
- 7 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/docs/Changelog
r356 r357 1 1 2.8.6: 2 * Fix problems with timestamp handling in logfile correlation 3 (problem reported by D. Dearmore) 2 4 * List the policy under which a directory/file is checked 3 5 * Option to use a textfile with a list of files for update -
trunk/src/sh_log_check.c
r349 r357 896 896 status = (int) sh_string_read(s, logfile->fp, 8192); 897 897 898 /* fprintf(stderr, "FIXME: %s\n", sh_string_str(s)); */899 900 898 /* restore old signal handler 901 899 */ … … 1106 1104 long offtime; 1107 1105 1108 1109 1106 /* timestamp - mktime is slooow, thus cache result 1110 1107 */ … … 1131 1128 timestamp = mktime(btime); 1132 1129 btime->tm_year = year_btime; 1133 1134 1130 *old_time = timestamp; 1135 1131 memcpy(old_tm, btime, sizeof(struct tm)); -
trunk/src/sh_log_correlate.c
r285 r357 57 57 { 58 58 struct sh_keep * keep = (struct sh_keep *) item; 59 59 60 if (!keep) 60 61 return; … … 125 126 while (count < keepcount && keep) 126 127 { 127 if ((now > keep->last) &&128 if ((now >= keep->last) && 128 129 ((unsigned long)(now - keep->last) <= keep->delay)) 129 130 { … … 163 164 SH_FREE(arr); 164 165 } 166 165 167 return res; 166 168 } … … 172 174 sh_string * label; /* label of match rule */ 173 175 pcre * rule; /* compiled regex for rule */ 176 time_t reported; /* last reported */ 174 177 struct sh_qeval * queue; /* assigned queue */ 175 178 struct sh_mkeep * next; … … 232 235 mkeep->queue = rqueue; 233 236 mkeep->label = sh_string_new_from_lchar(splits[0], strlen(splits[0])); 237 mkeep->reported = 0; 234 238 mkeep->next = mkeep_list; 235 239 mkeep_list = mkeep; … … 297 301 { 298 302 sh_string * alias; 299 SH_MUTEX_LOCK(mutex_thread_nolog); 300 sh_error_handle (mkeep->queue->severity, FIL__, __LINE__, 0, 301 MSG_LOGMON_COR, sh_string_str(mkeep->label), 302 val); 303 304 alias = mkeep->queue->alias; 305 if (alias) 303 time_t now = time(NULL); 304 305 if ((mkeep->reported < now) && 306 (60 < (now - mkeep->reported))) 306 307 { 307 sh_error_mail (sh_string_str(alias), 308 mkeep->queue->severity, FIL__, __LINE__, 0, 309 MSG_LOGMON_COR, sh_string_str(mkeep->label), 310 val); 308 mkeep->reported = now; 309 310 SH_MUTEX_LOCK(mutex_thread_nolog); 311 sh_error_handle (mkeep->queue->severity, FIL__, __LINE__, 0, 312 MSG_LOGMON_COR, sh_string_str(mkeep->label), 313 val); 314 315 alias = mkeep->queue->alias; 316 if (alias) 317 { 318 sh_error_mail (sh_string_str(alias), 319 mkeep->queue->severity, FIL__, __LINE__, 0, 320 MSG_LOGMON_COR, sh_string_str(mkeep->label), 321 val); 322 } 323 324 SH_MUTEX_UNLOCK(mutex_thread_nolog); 311 325 } 312 313 SH_MUTEX_UNLOCK(mutex_thread_nolog);314 326 } 315 327 mkeep = mkeep->next; -
trunk/src/sh_log_evalrule.c
r337 r357 885 885 if ( rule->flags & RFL_KEEP ) 886 886 { 887 DEBUG("debug: rule %d matches (keep) \n", count);887 DEBUG("debug: rule %d matches (keep), timestamp = %lu\n", count, timestamp); 888 888 sh_keep_add(rule->label, rule->delay, 889 889 timestamp == 0 ? time(NULL) : timestamp); -
trunk/src/sh_log_parse_apache.c
r326 r357 351 351 struct tm btime; 352 352 char * ptr = NULL; 353 354 memset(&btime, '\0', sizeof(struct tm)); 355 btime.tm_isdst = -1; 353 356 354 357 /* example: 01/Jun/2008:07:55:28 +0200 */ -
trunk/src/sh_log_parse_samba.c
r292 r357 76 76 77 77 memset(&btime, '\0', sizeof(struct tm)); 78 btime.tm_isdst = -1; 79 78 80 ptr = strptime(sh_string_str(logline), format_1, &btime); 79 81 -
trunk/src/sh_log_parse_syslog.c
r292 r357 95 95 96 96 memset(&btime, '\0', sizeof(struct tm)); 97 btime.tm_isdst = -1; 97 98 98 99 /* This is RFC 3164.
Note:
See TracChangeset
for help on using the changeset viewer.