257
258
char *fgets_rtn = NULL; /* Return value from doing fgets. Check for end of file */
259
260
char str_address[NI_MAXHOST]; /* IP Addresses */
261
char str_address2[NI_MAXHOST]; /* IP Addresses for iptables lookups */
260
262
char str_previous_address[NI_MAXHOST]; /* Previous IP Addresses */
261
char str_fqdn[NI_MAXHOST]; /* Retrieved FQDN Address */
263
char str_fqdn[NI_MAXHOST] = ""; /* Retrieved FQDN Address */
264
char str_fqdn2[NI_MAXHOST] = ""; /* Retrieved FQDN Address for iptables lookups */
262
265
char *buf_ptr; /* Offset pointer into the file's buffer - used to print from other than the start */
264
267
char str_time[SIZE_DATE_TIME]; /* String to hold the current time out of the current log line */
413
416
position_address = LF_NCSA_ADDRESS;
414
417
position_datetime = LF_NCSA_DATE_TIME;
420
main_pcre.re_pcre = cmp_log_regexp_iptables;
421
strncpy(main_pcre.regular_expression, PATTERN_IPTABLES, MAX_RE_LENGTH);
422
position_address = LF_IPTABLES_ADDRESS_SRC;
423
position_datetime = LF_IPTABLES_DATE_TIME;
417
426
ERRVPRINT(VERBOSE0, "Unknown LOG Type Setting. Sorry.... : %d\n", log_type);
449
// char tmp_str[9999];
450
// for (i=2; i<main_pcre.cp_substr_ret * 2; i+=2) {
451
// tmp_str[0] = '\0';
452
// strncat(tmp_str, buffer_primary + main_pcre.ovector[i], main_pcre.ovector[i + 1] - main_pcre.ovector[i]);
453
// VPRINT(VERBOSE0, "-- %s ", tmp_str);
455
// VPRINT(VERBOSE0, "%s", "\n");
457
if (log_type == LOG_IPTABLES) {
458
main_pcre.cp_substr_ret = pcre_copy_substring(buffer_primary, main_pcre.ovector, main_pcre.ret,LF_IPTABLES_ADDRESS_DST , str_address2, BUFSIZE);
459
if (main_pcre.cp_substr_ret < 0) {
460
error_substring_extract(main_pcre.regular_expression, buffer_primary, position_address, main_pcre.cp_substr_ret, total_lines);
461
if (g_dorecombine == true) {
462
badlogline_flag = true;
458
470
if (g_dotranslate == true) {
475
487
retrieve_address(str_address, str_fqdn, str_time);
476
488
strncpy(str_previous_address, str_address, SIZE_ADDRESS);
490
if (log_type == LOG_IPTABLES) {
491
retrieve_address(str_address2, str_fqdn2, str_time);
478
if (str_fqdn[0] == '\0') {
479
/* No change, display line-in as line-out */
480
printf("%s", buffer_primary);
494
if (log_type == LOG_IPTABLES) {
495
if ((str_fqdn[0] == '\0') && (str_fqdn2[0] == '\0')) {
496
/* No change, display line-in as line-out */
497
printf("%s", buffer_primary);
499
if (str_fqdn[0] == '\0') {
500
buffer_tmp_output[0] = '\0';
501
strncat(buffer_tmp_output, buffer_primary, main_pcre.ovector[((LF_IPTABLES_ADDRESS_DST * 2) - 1) + 1]);
502
printf("%s", buffer_tmp_output);
503
printf("%s", str_fqdn2);
504
buffer_tmp_output[0] = '\0';
505
strcat(buffer_tmp_output, buffer_primary + main_pcre.ovector[((LF_IPTABLES_ADDRESS_DST * 2) + 1)]);
506
printf("%s", buffer_tmp_output);
508
buffer_tmp_output[0] = '\0';
509
strncat(buffer_tmp_output, buffer_primary, main_pcre.ovector[((position_address * 2) - 1) + 1]);
510
printf("%s", buffer_tmp_output);
511
printf("%s", str_fqdn);
513
buffer_tmp_output[0] = '\0';
514
if (str_fqdn2[0] == '\0') {
515
strcat(buffer_tmp_output, buffer_primary + main_pcre.ovector[(LF_IPTABLES_ADDRESS_DST * 2)]);
517
printf("%s", str_fqdn2);
518
strcat(buffer_tmp_output, buffer_primary + main_pcre.ovector[((LF_IPTABLES_ADDRESS_DST * 2) + 1)]);
520
printf("%s", buffer_tmp_output);
482
/* Have a returned value. Displayed FQDN and rest of line minus IP Address. */
484
if (position_address > 1) {
524
if (str_fqdn[0] == '\0') {
525
/* No change, display line-in as line-out */
526
printf("%s", buffer_primary);
528
/* Have a returned value. Displayed FQDN and rest of line minus IP Address. */
530
if (position_address > 1) {
531
buffer_tmp_output[0] = '\0';
532
strncat(buffer_tmp_output, buffer_primary, main_pcre.ovector[((position_address * 2) - 1) + 1]);
533
printf("%s", buffer_tmp_output);
535
printf("%s", str_fqdn);
485
536
buffer_tmp_output[0] = '\0';
486
strncat(buffer_tmp_output, buffer_primary, main_pcre.ovector[((position_address * 2) - 1) + 1]);
537
strcat(buffer_tmp_output, buffer_primary + main_pcre.ovector[((position_address * 2) + 1)]);
487
538
printf("%s", buffer_tmp_output);
489
printf("%s", str_fqdn);
490
buffer_tmp_output[0] = '\0';
491
strcat(buffer_tmp_output, buffer_primary + main_pcre.ovector[((position_address * 2) + 1)]);
492
printf("%s", buffer_tmp_output);
494
541
} else if (g_dorecombine == true) {
495
542
if (log_type != LOG_CLF) {
622
669
add_address(str_address);
623
670
strncpy(str_previous_address, str_address, SIZE_ADDRESS);
672
if (log_type == LOG_IPTABLES) {
673
/* Don't exceed Maximum Number of threads! Stop and hold, once we get too many */
674
pthread_mutex_lock(&mutex_thread_count);
675
while (thread_count >= g_max_threads) {
676
VPRINT(VERBOSE2, "HOLDING: Exceeding Maximum Thread Count!: %d <= %d\n", g_max_threads, thread_count);
677
pthread_cond_wait(&cond_thread_count, &mutex_thread_count);
679
pthread_mutex_unlock(&mutex_thread_count);
680
add_address(str_address2);
1918
1978
return (LOG_SQUID);
1981
rc = pcre_exec(cmp_log_regexp_iptables, NULL, buffer, buffer_length, 0, 0, ovector, OVECCOUNT);
1983
/* Matches against IPTABLES */
1984
VPRINT(VERBOSE1, "Using IPTABLES Log Format%s", "\n");
1985
return (LOG_IPTABLES);
1921
1988
VPRINT(VERBOSE1, "Unrecognised Log Format%s", "\n");
1922
1989
return (-1); /* Failed to match any, unknown format */
1972
2040
if (cmp_log_regexp_squid == NULL) {
1973
2041
re_compile_failed(erroffset, error, log_regexp_squid);
2044
/* SYSLOG/IPTABLES LOG */
2045
cmp_log_regexp_iptables = pcre_compile(log_regexp_iptables, 0, &error, &erroffset, NULL);
2046
VPRINT(VERBOSE2, "PCRE: Compile PATTERN_IPTABLES%s", "\n")
2047
if (cmp_log_regexp_iptables == NULL) {
2048
re_compile_failed(erroffset, error, log_regexp_iptables);