tyler.durden/loganalyzer
1
0
Fork 0
mirror of https://github.com/rsyslog/loganalyzer.git synced 2025-09-26 11:19:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fixed filtering issue when string fields were empty

Browse Source
This commit is contained in:
Andre Lorbach 2008-09-18 13:25:07 +02:00
parent 5544b0e286
commit 3e2ea6c19a
2 changed files with 34 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/classes/logstreamdisk.class.php
View File

@ -770,6 +770,13 @@ class LogStreamDisk extends LogStream {
break; break;
} }
} }
else
{
// Either filter value or property value was empty!
// This means we have no match
$bEval = false;
}
break; break;
case FILTER_TYPE_NUMBER: case FILTER_TYPE_NUMBER:
$bIsOrFilter = true; // Default is set to TRUE $bIsOrFilter = true; // Default is set to TRUE

41
src/classes/msgparsers/msgparser.iis.class.php
View File

@ -63,11 +63,32 @@ class MsgParser_iis extends MsgParser {
{ {
global $content, $fields; global $content, $fields;
// $iSharpPos = strpos($szMsg, "#");
// if ( $iSharpPos !== false && $iSharpPos == 0 )
// return ERROR_MSG_SKIPMESSAGE;
// Special case here, if loglines start with #, they are comments and have to be skipped! // Special case here, if loglines start with #, they are comments and have to be skipped!
$iSharpPos = strpos($szMsg, "#"); if ( ($iSharpPos = strpos($szMsg, "#")) !== false && $iSharpPos == 0 )
if ( $iSharpPos !== false && $iSharpPos == 0 ) {
return ERROR_MSG_SKIPMESSAGE; // Only init fields then
// Set generic properties
$arrArguments[SYSLOG_DATE] = "";
$arrArguments[SYSLOG_HOST] = "";
// Set weblog specific properties!
$arrArguments[SYSLOG_WEBLOG_METHOD] = "";
$arrArguments[SYSLOG_WEBLOG_URL] = "";
$arrArguments[SYSLOG_WEBLOG_QUERYSTRING] = "";
$arrArguments[SYSLOG_WEBLOG_USER] = "";
$arrArguments[SYSLOG_WEBLOG_PVER] = "";
$arrArguments[SYSLOG_WEBLOG_USERAGENT] = "";
$arrArguments[SYSLOG_WEBLOG_REFERER] = "";
$arrArguments[SYSLOG_WEBLOG_STATUS] = "";
$arrArguments[SYSLOG_WEBLOG_BYTESSEND] = "";
// Set msg to whole logline
$arrArguments[SYSLOG_MESSAGE] = $szMsg;
}
// LogFormat: date time cs-method cs-uri-stem cs-uri-query cs-username c-ip cs-version cs(User-Agent) cs(Referer) sc-status sc-bytes // LogFormat: date time cs-method cs-uri-stem cs-uri-query cs-username c-ip cs-version cs(User-Agent) cs(Referer) sc-status sc-bytes
// Sample: 2008-09-17 00:15:24 GET /Include/MyStyleV2.css - - 208.111.154.249 HTTP/1.0 Mozilla/5.0+(X11;+U;+Linux+i686+(x86_64);+en-US;+rv:1.8.1.11)+Gecko/20080109+(Charlotte/0.9t;+http://www.searchme.com/support/) http://www.adiscon.com/Common/en/News/MWCon-2005-09-12.php 200 1812 // Sample: 2008-09-17 00:15:24 GET /Include/MyStyleV2.css - - 208.111.154.249 HTTP/1.0 Mozilla/5.0+(X11;+U;+Linux+i686+(x86_64);+en-US;+rv:1.8.1.11)+Gecko/20080109+(Charlotte/0.9t;+http://www.searchme.com/support/) http://www.adiscon.com/Common/en/News/MWCon-2005-09-12.php 200 1812
if ( preg_match('/([0-9]{4,4}-[0-9]{1,2}-[0-9]{1,2} [0-9]{1,2}:[0-9]{1,2}:[0-9]{1,2}) (.*?) (.|.*?) (.|.*?) (.|.*?) (.|.*?) (.|.*?) (.|.*?) (.|.*?) (.|.*?) (.|.*?)$/', $szMsg, $out ) ) if ( preg_match('/([0-9]{4,4}-[0-9]{1,2}-[0-9]{1,2} [0-9]{1,2}:[0-9]{1,2}:[0-9]{1,2}) (.*?) (.|.*?) (.|.*?) (.|.*?) (.|.*?) (.|.*?) (.|.*?) (.|.*?) (.|.*?) (.|.*?)$/', $szMsg, $out ) )
@ -81,17 +102,9 @@ class MsgParser_iis extends MsgParser {
// Set weblog specific properties! // Set weblog specific properties!
$arrArguments[SYSLOG_WEBLOG_METHOD] = $out[2]; $arrArguments[SYSLOG_WEBLOG_METHOD] = $out[2];
// $arrArguments[SYSLOG_WEBLOG_USER] = $out[3]; $arrArguments[SYSLOG_WEBLOG_URL] = $out[3];
if ( strpos($out[3], "?") === false ) $arrArguments[SYSLOG_WEBLOG_QUERYSTRING]= $out[4];
{ $arrArguments[SYSLOG_WEBLOG_USER] = $out[5];
$arrArguments[SYSLOG_WEBLOG_URL] = $out[3];
$arrArguments[SYSLOG_WEBLOG_QUERYSTRING]= "";
}
else
{
$arrArguments[SYSLOG_WEBLOG_URL] = substr( $out[6], 0, strpos($out[3], "?"));
$arrArguments[SYSLOG_WEBLOG_QUERYSTRING]= substr( $out[6], strpos($out[3], "?")+1 );
}
$arrArguments[SYSLOG_WEBLOG_PVER] = $out[7]; $arrArguments[SYSLOG_WEBLOG_PVER] = $out[7];
$arrArguments[SYSLOG_WEBLOG_USERAGENT] = $out[8]; $arrArguments[SYSLOG_WEBLOG_USERAGENT] = $out[8];
$arrArguments[SYSLOG_WEBLOG_REFERER] = $out[9]; $arrArguments[SYSLOG_WEBLOG_REFERER] = $out[9];