« back to all changes in this revision
Viewing changes to src/dnshistory.c
- browse files at revision 50
- compare with another revision
- download diff
- download tarball
- view history from revision 50
- Committer: steve at id
- Date: 2006-06-09 23:33:07 UTC
- Revision ID: steve@stedee.id.au-4cad37519afcba60683b45dee2a6fb5ea94d840b
Now working with iptables
- files modified:
- doc/dnshistory.1
added
removed
src/dnshistory.c
180
180
pcre *cmp_log_regexp_xferlog = NULL; /* FTP, xferlog format compiled RE */
181
181
pcre *cmp_log_regexp_squid = NULL; /* SQUID format compiled RE */
182
182
pcre *cmp_log_regexp_combined_enhanced = NULL; /* Enhanced Combined compiled RE */
183
pcre *cmp_log_regexp_iptables = NULL; /* syslog/linux-iptables compiled RE */
183
184
184
185
int log_type = 0; /* What type of log file is this? LOG_???? */
185
186
257
258
char *fgets_rtn = NULL; /* Return value from doing fgets. Check for end of file */
258
259
259
260
char str_address[NI_MAXHOST]; /* IP Addresses */
261
char str_address2[NI_MAXHOST]; /* IP Addresses for iptables lookups */
260
262
char str_previous_address[NI_MAXHOST]; /* Previous IP Addresses */
261
char str_fqdn[NI_MAXHOST]; /* Retrieved FQDN Address */
263
char str_fqdn[NI_MAXHOST] = ""; /* Retrieved FQDN Address */
264
char str_fqdn2[NI_MAXHOST] = ""; /* Retrieved FQDN Address for iptables lookups */
262
265
char *buf_ptr; /* Offset pointer into the file's buffer - used to print from other than the start */
263
266
264
267
char str_time[SIZE_DATE_TIME]; /* String to hold the current time out of the current log line */
413
416
position_address = LF_NCSA_ADDRESS;
414
417
position_datetime = LF_NCSA_DATE_TIME;
415
418
break;
419
case LOG_IPTABLES:
420
main_pcre.re_pcre = cmp_log_regexp_iptables;
421
strncpy(main_pcre.regular_expression, PATTERN_IPTABLES, MAX_RE_LENGTH);
422
position_address = LF_IPTABLES_ADDRESS_SRC;
423
position_datetime = LF_IPTABLES_DATE_TIME;
424
break;
416
425
default:
417
426
ERRVPRINT(VERBOSE0, "Unknown LOG Type Setting. Sorry.... : %d\n", log_type);
418
427
exit(1);
445
454
continue;
446
455
}
447
456
}
448
// int i;
449
// char tmp_str[9999];
450
// for (i=2; i<main_pcre.cp_substr_ret * 2; i+=2) {
451
// tmp_str[0] = '\0';
452
// strncat(tmp_str, buffer_primary + main_pcre.ovector[i], main_pcre.ovector[i + 1] - main_pcre.ovector[i]);
453
// VPRINT(VERBOSE0, "-- %s ", tmp_str);
454
// }
455
// VPRINT(VERBOSE0, "%s", "\n");
457
if (log_type == LOG_IPTABLES) {
458
main_pcre.cp_substr_ret = pcre_copy_substring(buffer_primary, main_pcre.ovector, main_pcre.ret,LF_IPTABLES_ADDRESS_DST , str_address2, BUFSIZE);
459
if (main_pcre.cp_substr_ret < 0) {
460
error_substring_extract(main_pcre.regular_expression, buffer_primary, position_address, main_pcre.cp_substr_ret, total_lines);
461
if (g_dorecombine == true) {
462
badlogline_flag = true;
463
} else {
464
continue;
465
}
466
}
467
}
456
468
}
457
469
458
470
if (g_dotranslate == true) {
474
486
475
487
retrieve_address(str_address, str_fqdn, str_time);
476
488
strncpy(str_previous_address, str_address, SIZE_ADDRESS);
489
490
if (log_type == LOG_IPTABLES) {
491
retrieve_address(str_address2, str_fqdn2, str_time);
492
}
477
493
}
478
if (str_fqdn[0] == '\0') {
479
/* No change, display line-in as line-out */
480
printf("%s", buffer_primary);
494
if (log_type == LOG_IPTABLES) {
495
if ((str_fqdn[0] == '\0') && (str_fqdn2[0] == '\0')) {
496
/* No change, display line-in as line-out */
497
printf("%s", buffer_primary);
498
} else {
499
if (str_fqdn[0] == '\0') {
500
buffer_tmp_output[0] = '\0';
501
strncat(buffer_tmp_output, buffer_primary, main_pcre.ovector[((LF_IPTABLES_ADDRESS_DST * 2) - 1) + 1]);
502
printf("%s", buffer_tmp_output);
503
printf("%s", str_fqdn2);
504
buffer_tmp_output[0] = '\0';
505
strcat(buffer_tmp_output, buffer_primary + main_pcre.ovector[((LF_IPTABLES_ADDRESS_DST * 2) + 1)]);
506
printf("%s", buffer_tmp_output);
507
} else {
508
buffer_tmp_output[0] = '\0';
509
strncat(buffer_tmp_output, buffer_primary, main_pcre.ovector[((position_address * 2) - 1) + 1]);
510
printf("%s", buffer_tmp_output);
511
printf("%s", str_fqdn);
512
printf(" DST=");
513
buffer_tmp_output[0] = '\0';
514
if (str_fqdn2[0] == '\0') {
515
strcat(buffer_tmp_output, buffer_primary + main_pcre.ovector[(LF_IPTABLES_ADDRESS_DST * 2)]);
516
} else {
517
printf("%s", str_fqdn2);
518
strcat(buffer_tmp_output, buffer_primary + main_pcre.ovector[((LF_IPTABLES_ADDRESS_DST * 2) + 1)]);
519
}
520
printf("%s", buffer_tmp_output);
521
}
522
}
481
523
} else {
482
/* Have a returned value. Displayed FQDN and rest of line minus IP Address. */
483
/* print before */
484
if (position_address > 1) {
524
if (str_fqdn[0] == '\0') {
525
/* No change, display line-in as line-out */
526
printf("%s", buffer_primary);
527
} else {
528
/* Have a returned value. Displayed FQDN and rest of line minus IP Address. */
529
/* print before */
530
if (position_address > 1) {
531
buffer_tmp_output[0] = '\0';
532
strncat(buffer_tmp_output, buffer_primary, main_pcre.ovector[((position_address * 2) - 1) + 1]);
533
printf("%s", buffer_tmp_output);
534
}
535
printf("%s", str_fqdn);
485
536
buffer_tmp_output[0] = '\0';
486
strncat(buffer_tmp_output, buffer_primary, main_pcre.ovector[((position_address * 2) - 1) + 1]);
537
strcat(buffer_tmp_output, buffer_primary + main_pcre.ovector[((position_address * 2) + 1)]);
487
538
printf("%s", buffer_tmp_output);
488
539
}
489
printf("%s", str_fqdn);
490
buffer_tmp_output[0] = '\0';
491
strcat(buffer_tmp_output, buffer_primary + main_pcre.ovector[((position_address * 2) + 1)]);
492
printf("%s", buffer_tmp_output);
493
540
}
494
541
} else if (g_dorecombine == true) {
495
542
if (log_type != LOG_CLF) {
622
669
add_address(str_address);
623
670
strncpy(str_previous_address, str_address, SIZE_ADDRESS);
624
671
}
672
if (log_type == LOG_IPTABLES) {
673
/* Don't exceed Maximum Number of threads! Stop and hold, once we get too many */
674
pthread_mutex_lock(&mutex_thread_count);
675
while (thread_count >= g_max_threads) {
676
VPRINT(VERBOSE2, "HOLDING: Exceeding Maximum Thread Count!: %d <= %d\n", g_max_threads, thread_count);
677
pthread_cond_wait(&cond_thread_count, &mutex_thread_count);
678
}
679
pthread_mutex_unlock(&mutex_thread_count);
680
add_address(str_address2);
681
}
625
682
}
626
683
}
627
684
835
892
case LOG_FTP:
836
893
strptime(str_time, DATE_TIME_XFERLOG_FORMAT, &time_rec);
837
894
break;
895
case LOG_IPTABLES:
896
strptime(str_time, DATE_TIME_IPTABLES_FORMAT, &time_rec);
897
break;
838
898
case LOG_SQUID:
839
899
temp_time_squid = strtoul(str_time, NULL, 10);
840
900
localtime_r(&temp_time_squid, &time_rec);
1918
1978
return (LOG_SQUID);
1919
1979
}
1920
1980
1981
rc = pcre_exec(cmp_log_regexp_iptables, NULL, buffer, buffer_length, 0, 0, ovector, OVECCOUNT);
1982
if (rc >= 0) {
1983
/* Matches against IPTABLES */
1984
VPRINT(VERBOSE1, "Using IPTABLES Log Format%s", "\n");
1985
return (LOG_IPTABLES);
1986
}
1987
1921
1988
VPRINT(VERBOSE1, "Unrecognised Log Format%s", "\n");
1922
1989
return (-1); /* Failed to match any, unknown format */
1923
1990
}
1941
2008
char log_regexp_xferlog[MAX_RE_LENGTH] = PATTERN_XFERLOG;
1942
2009
char log_regexp_squid[MAX_RE_LENGTH] = PATTERN_SQUID;
1943
2010
char log_regexp_combined_enhanced[MAX_RE_LENGTH] = PATTERN_COMBINED_ENHANCED;
2011
char log_regexp_iptables[MAX_RE_LENGTH] = PATTERN_IPTABLES;
1944
2012
1945
2013
const char *error; /* RE error pointer, offset */
1946
2014
int erroffset; /* RE error value */
1972
2040
if (cmp_log_regexp_squid == NULL) {
1973
2041
re_compile_failed(erroffset, error, log_regexp_squid);
1974
2042
}
2043
2044
/* SYSLOG/IPTABLES LOG */
2045
cmp_log_regexp_iptables = pcre_compile(log_regexp_iptables, 0, &error, &erroffset, NULL);
2046
VPRINT(VERBOSE2, "PCRE: Compile PATTERN_IPTABLES%s", "\n")
2047
if (cmp_log_regexp_iptables == NULL) {
2048
re_compile_failed(erroffset, error, log_regexp_iptables);
2049
}
1975
2050
}
1976
2051
1977
2052
Loggerhead is a web-based interface for Breezy
Version: 2.0.1