From 527abd30dae78be20a36f0330059f0e314a76fde Mon Sep 17 00:00:00 2001 From: Andre Lorbach Date: Mon, 1 Sep 2008 16:39:18 +0200 Subject: [PATCH] Started implementing msg parsers --- src/classes/logstreamlineparser.class.php | 2 +- .../logstreamlineparsersyslog.class.php | 2 +- .../logstreamlineparserwinsyslog.class.php | 2 +- src/classes/msgparser.class.php | 60 ++++++++++++ .../msgparsers/msgparser.eventlog.class.php | 93 +++++++++++++++++++ src/include/constants_errors.php | 1 + 6 files changed, 157 insertions(+), 3 deletions(-) create mode 100644 src/classes/msgparser.class.php create mode 100644 src/classes/msgparsers/msgparser.eventlog.class.php diff --git a/src/classes/logstreamlineparser.class.php b/src/classes/logstreamlineparser.class.php index ea1d4ce..deef7cf 100644 --- a/src/classes/logstreamlineparser.class.php +++ b/src/classes/logstreamlineparser.class.php @@ -57,4 +57,4 @@ abstract class LogStreamLineParser { } -?> +?> \ No newline at end of file diff --git a/src/classes/logstreamlineparsersyslog.class.php b/src/classes/logstreamlineparsersyslog.class.php index 7d66b12..8827da3 100644 --- a/src/classes/logstreamlineparsersyslog.class.php +++ b/src/classes/logstreamlineparsersyslog.class.php @@ -135,4 +135,4 @@ class LogStreamLineParsersyslog extends LogStreamLineParser { } -?> +?> \ No newline at end of file diff --git a/src/classes/logstreamlineparserwinsyslog.class.php b/src/classes/logstreamlineparserwinsyslog.class.php index c3b8996..93c3a5b 100644 --- a/src/classes/logstreamlineparserwinsyslog.class.php +++ b/src/classes/logstreamlineparserwinsyslog.class.php @@ -105,4 +105,4 @@ class LogStreamLineParserwinsyslog extends LogStreamLineParser { } -?> +?> \ No newline at end of file diff --git a/src/classes/msgparser.class.php b/src/classes/msgparser.class.php new file mode 100644 index 0000000..bb4696b --- /dev/null +++ b/src/classes/msgparser.class.php @@ -0,0 +1,60 @@ + www.phplogcon.org <- * + * ----------------------------------------------------------------- * + * LogStream MSGParser abstract basic class * + * * + * All directives are explained within this file * + * + * Copyright (C) 2008 Adiscon GmbH. + * + * This file is part of phpLogCon. + * + * PhpLogCon is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * PhpLogCon is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with phpLogCon. If not, see . + * + * A copy of the GPL can be found in the file "COPYING" in this + * distribution. + ********************************************************************* +*/ + +// --- Avoid directly accessing this file! +if ( !defined('IN_PHPLOGCON') ) +{ + die('Hacking attempt'); + exit; +} +// --- + +// --- Basic Includes +require_once($gl_root_path . 'classes/enums.class.php'); +require_once($gl_root_path . 'include/constants_errors.php'); +require_once($gl_root_path . 'include/constants_logstream.php'); +// --- + + +abstract class MsgParser{ +// protected $_arrProperties = null; + + /** + * ParseLine + * + * @param arrArguments array in&out: properties of interest. There can be no guarantee the logstream can actually deliver them. + * @return integer Error stat + */ + public abstract function ParseMsg($szMsg, &$arrArguments); + +} + +?> \ No newline at end of file diff --git a/src/classes/msgparsers/msgparser.eventlog.class.php b/src/classes/msgparsers/msgparser.eventlog.class.php new file mode 100644 index 0000000..f3bd444 --- /dev/null +++ b/src/classes/msgparsers/msgparser.eventlog.class.php @@ -0,0 +1,93 @@ + www.phplogcon.org <- * + * ----------------------------------------------------------------- * + * EventLog MSG Parser is used to split EventLog fields if found + * in the msg + * * + * All directives are explained within this file * + * + * Copyright (C) 2008 Adiscon GmbH. + * + * This file is part of phpLogCon. + * + * PhpLogCon is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * PhpLogCon is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with phpLogCon. If not, see . + * + * A copy of the GPL can be found in the file "COPYING" in this + * distribution. + ********************************************************************* +*/ + +// --- Avoid directly accessing this file! +if ( !defined('IN_PHPLOGCON') ) +{ + die('Hacking attempt'); + exit; +} +// --- + +// --- Basic Includes +require_once($gl_root_path . 'classes/enums.class.php'); +require_once($gl_root_path . 'include/constants_errors.php'); +require_once($gl_root_path . 'include/constants_logstream.php'); +// --- + + +class MsgParserEventLog extends MsgParser { +// protected $_arrProperties = null; + + // Constructor + public function LogStreamLineParserwinsyslog() { + return; // Nothing + } + + /** + * ParseLine + * + * @param arrArguments array in&out: properties of interest. There can be no guarantee the logstream can actually deliver them. + * @return integer Error stat + */ + public function ParseMsg($szMsg, &$arrArguments) + { + global $content; + + // Set IUT Property first! + $arrArguments[SYSLOG_MESSAGETYPE] = IUT_Syslog; + +/* + // Sample (WinSyslog/EventReporter): 2008-04-02,15:19:06,2008-04-02,15:19:06,127.0.0.1,16,5,EvntSLog: Performance counters for the RSVP (QoS RSVP) service were loaded successfully. + if ( preg_match("/([0-9]{4,4}-[0-9]{1,2}-[0-9]{1,2},[0-9]{1,2}:[0-9]{1,2}:[0-9]{1,2}),([0-9]{4,4}-[0-9]{1,2}-[0-9]{1,2},[0-9]{1,2}:[0-9]{1,2}:[0-9]{1,2}),(.*?),([0-9]{1,2}),([0-9]{1,2}),(.*?):(.*?)$/", $szMsg, $out ) ) + { + // Copy parsed properties! + $arrArguments[SYSLOG_DATE] = GetEventTime($out[1]); + $arrArguments[SYSLOG_HOST] = $out[3]; + $arrArguments[SYSLOG_FACILITY] = $out[4]; + $arrArguments[SYSLOG_SEVERITY] = $out[5]; + $arrArguments[SYSLOG_SYSLOGTAG] = $out[6]; + $arrArguments[SYSLOG_MESSAGE] = $out[7]; + } + else +*/ + { + // return no match in this case! + return ERROR_MSG_NOMATCH; + } + + // If we reached this position, return success! + return SUCCESS; + } +} + +?> \ No newline at end of file diff --git a/src/include/constants_errors.php b/src/include/constants_errors.php index f3e1361..6323849 100644 --- a/src/include/constants_errors.php +++ b/src/include/constants_errors.php @@ -59,6 +59,7 @@ define('ERROR_DB_INVALIDDBMAPPING', 14); define('ERROR_DB_INVALIDDBDRIVER', 16); define('ERROR_DB_TABLENOTFOUND', 17); +define('ERROR_MSG_NOMATCH', 18); ?>