- Enhanced filtering, message filter accepts + and - now which means search words can be included and excluded.

- other textbased filters are now OrCombined, which means we can filter for different syslogtags for example at once. - time filter fully works now, so you can filter by timerange as well now.
2025-09-26 03:09:21 +02:00 · 2008-04-07 18:02:17 +02:00 · 2008-04-07 18:02:17 +02:00 · b13b4a177f
commit b13b4a177f
parent 5963b47e7b
6 changed files with 241 additions and 43 deletions
--- a/src/classes/logstream.class.php
+++ b/src/classes/logstream.class.php
@ -178,8 +178,6 @@ abstract class LogStream {
 	{
 		if ( isset($szFilters) && strlen($szFilters) > 0 )
 		{
-//			$this->_filters = array();
-
 			$tmpEntries = explode(" ", $szFilters);
 			foreach($tmpEntries as $myEntry) 
 			{
@ -234,6 +232,7 @@ abstract class LogStream {
 							$tmpTimeMode = DATEMODE_LASTX; 
 							break;
 						default:
+							echo "WTF - Unknown filter";
 							break;
 							// Unknown filter
 					}
@ -255,14 +254,30 @@ abstract class LogStream {
 							if ( strlen(trim($szValue)) == 0 ) 
 								continue;

+							if ( isset($this->_filters[$tmpKeyName][$iNum][FILTER_VALUE]) )
+							{
+								// Create new Filter!
+								$this->_filters[$tmpKeyName][][FILTER_TYPE] = $tmpFilterType;
+								$iNum = count($this->_filters[$tmpKeyName]) - 1;
+							}
+
+							// Set Filter Mode
+							$this->_filters[$tmpKeyName][$iNum][FILTER_MODE] = $this->SetFilterIncludeMode($szValue);
+
+							// Set Value
 							$this->_filters[$tmpKeyName][$iNum][FILTER_VALUE] = $szValue;
 						}
 					}
 					else
+					{
+						// Set Filter Mode
+						$this->_filters[$tmpKeyName][$iNum][FILTER_MODE] = $this->SetFilterIncludeMode($tmpArray[FILTER_TMP_VALUE]);
+						
+						// Set Filter value!
 						$this->_filters[$tmpKeyName][$iNum][FILTER_VALUE] = $tmpArray[FILTER_TMP_VALUE];
+					}
 					// ---

-
 					// Unset unused variables
 					if ( isset($tmpArray) ) 
 						unset($tmpArray);
@ -276,6 +291,7 @@ abstract class LogStream {
 					// No ":", so we treat it as message filter!
 					$this->_filters[SYSLOG_MESSAGE][][FILTER_TYPE] = FILTER_TYPE_STRING;
 					$iNum = count($this->_filters[SYSLOG_MESSAGE]) - 1;
+					$this->_filters[SYSLOG_MESSAGE][$iNum][FILTER_MODE] = $this->SetFilterIncludeMode($myEntry);
 					$this->_filters[SYSLOG_MESSAGE][$iNum][FILTER_VALUE] = $myEntry;
 				}
 			}
@ -298,31 +314,113 @@ abstract class LogStream {
 		{
 			// Evaluation default for now is true
 			$bEval = true;
-			
+
 			// Loop through set properties
 			foreach( $arrProperitesOut as $propertyname => $propertyvalue )
 			{
 				// TODO: NOT SURE IF THIS WILL WORK ON NUMBERS AND OTHER TYPES RIGHT NOW
-				if (array_key_exists($propertyname, $this->_filters) && strlen($propertyvalue) > 0 )
+				if (	
+						array_key_exists($propertyname, $this->_filters) && 
+						isset($propertyvalue) && 
+						!(is_string($propertyvalue) && strlen($propertyvalue) <= 0 ) /* Negative because it only matters if the propvalure is a string*/
+					)
 				{ 
+					// Extra var needed for number checks!
+					$bIsOrFilter = false; // If enabled we need to check for numbereval later
+					$bOrFilter = false;
+
 					// Found something to filter, so do it!
 					foreach( $this->_filters[$propertyname] as $myfilter ) 
 					{
 						switch( $myfilter[FILTER_TYPE] )
 						{
 							case FILTER_TYPE_STRING:
-								if ( stripos($propertyvalue, $myfilter[FILTER_VALUE]) === false ) 
-									$bEval = false;
+								// If Syslog message, we have AND handling!
+								if ( $propertyname == SYSLOG_MESSAGE )
+								{
+									// Include Filter
+									if ( $myfilter[FILTER_MODE] == FILTER_MODE_INCLUDE ) 
+									{
+										if ( stripos($propertyvalue, $myfilter[FILTER_VALUE]) === false ) 
+											$bEval = false;
+									}
+									// Exclude Filter
+									else if ( $myfilter[FILTER_MODE] == FILTER_MODE_EXCLUDE ) 
+									{
+										if ( stripos($propertyvalue, $myfilter[FILTER_VALUE]) !== false ) 
+											$bEval = false;
+									}
+								}
+								// Otherwise we use OR Handling!
+								else
+								{
+									$bIsOrFilter = true; // Set isOrFilter to true 
+									if ( stripos($propertyvalue, $myfilter[FILTER_VALUE]) !== false ) 
+										$bOrFilter = true;
+									break;
+								}
 								break;
 							case FILTER_TYPE_NUMBER:
+								$bIsOrFilter = true; // Set to true in any case!
+								if ( $myfilter[FILTER_VALUE] == $arrProperitesOut[$propertyname] ) 
+									$bOrFilter = true;
 								break;
 							case FILTER_TYPE_DATE:
+								// Get Log TimeStamp
+								$nLogTimeStamp = $arrProperitesOut[$propertyname][EVTIME_TIMESTAMP];
+
+								if ( $myfilter[FILTER_DATEMODE] == DATEMODE_LASTX ) 
+								{
+									// Get current timestamp
+									$nNowTimeStamp = time();
+
+									if		( $myfilter[FILTER_VALUE] == DATE_LASTX_HOUR )
+										$nLastXTime = 60 * 60; // One Hour!
+									else if	( $myfilter[FILTER_VALUE] == DATE_LASTX_12HOURS )
+										$nLastXTime = 60 * 60 * 12; // 12 Hours!
+									else if	( $myfilter[FILTER_VALUE] == DATE_LASTX_24HOURS )
+										$nLastXTime = 60 * 60 * 24; // 24 Hours!
+									else if	( $myfilter[FILTER_VALUE] == DATE_LASTX_7DAYS )
+										$nLastXTime = 60 * 60 * 24 * 7; // 7 days
+									else if	( $myfilter[FILTER_VALUE] == DATE_LASTX_31DAYS )
+										$nLastXTime = 60 * 60 * 24 * 31; // 31 days
+									else
+										// WTF default? 
+										$nLastXTime = 86400;
+									// If Nowtime + LastX is higher then the log timestamp, the this logline is to old for us.
+									if ( ($nNowTimeStamp - $nLastXTime) > $nLogTimeStamp )
+										$bEval = false;
+								}
+								else if ( $myfilter[FILTER_DATEMODE] == DATEMODE_RANGE_FROM ) 
+								{
+									// Get filter timestamp!
+ 									$nFromTimeStamp = GetTimeStampFromTimeString($myfilter[FILTER_VALUE]);
+									
+									// If logtime is smaller then FromTime, then the Event is outside of our scope!
+									if ( $nLogTimeStamp < $nFromTimeStamp )
+										$bEval = false;
+								}
+								else if ( $myfilter[FILTER_DATEMODE] == DATEMODE_RANGE_TO ) 
+								{
+									// Get filter timestamp!
+//									echo $myfilter[FILTER_VALUE];
+									$nToTimeStamp = GetTimeStampFromTimeString($myfilter[FILTER_VALUE]);
+									
+									// If logtime is smaller then FromTime, then the Event is outside of our scope!
+									if ( $nLogTimeStamp > $nToTimeStamp )
+										$bEval = false;
+								}
+
 								break;
 							default:
 								// TODO!
 								break;
 						}
 					}
+					
+					// If was number filter, we apply it the evaluation.
+					if ( $bIsOrFilter ) 
+						$bEval &= $bOrFilter;

 					if ( !$bEval ) 
 					{
@ -344,6 +442,31 @@ abstract class LogStream {
 	}


+	private function SetFilterIncludeMode(&$szValue)
+	{
+
+		// Set Filtermode
+		$pos = strpos($szValue, "+");
+		if ( $pos !== false && $pos == 0 )
+		{
+			//trunscate +
+			$szValue = substr( $szValue, 1);
+			return FILTER_MODE_INCLUDE;
+		}
+
+		$pos = strpos($szValue, "-");
+		if ( $pos !== false && $pos == 0 )
+		{
+			//trunscate -
+			$szValue = substr( $szValue, 1);
+			return FILTER_MODE_EXCLUDE;
+		}
+
+		// Default is include which means +
+		return FILTER_MODE_INCLUDE;
+	}
+
+
 }

 ?>
--- a/src/classes/logstreamlineparsersyslog.class.php
+++ b/src/classes/logstreamlineparsersyslog.class.php
@ -80,10 +80,21 @@ class LogStreamLineParsersyslog extends LogStreamLineParser {
 			$arrArguments[SYSLOG_SYSLOGTAG] = $out[3];
 			$arrArguments[SYSLOG_MESSAGE] = $out[4];
 		}
+		else if ( preg_match("/([0-9]{4,4}-[0-9]{1,2}-[0-9]{1,2}T[0-9]{1,2}:[0-9]{1,2}:[0-9]{1,2}\.[0-9]{1,6}\+[0-9]{1,2}:[0-9]{1,2}),(.*?)$/", $szLine, $out ) )
+		{
+			// Some kind of debug message or something ...
+			// Sample: 2008-03-28T15:17:05.480876+01:00,**NO MATCH**
+			$arrArguments[SYSLOG_DATE] = $this->GetEventTime($out[1]);
+			$arrArguments[SYSLOG_MESSAGE] = $out[2];
+		}
+
 		else
 		{
-			// TODO: Cannot Parse Syslog message with this pattern!
-			die ("wtf syslog - " . $arrArguments[SYSLOG_MESSAGE] );
+			if ( strlen($arrArguments[SYSLOG_MESSAGE]) > 0 ) 
+			{
+				// TODO: Cannot Parse Syslog message with this pattern!
+				die ("wtf syslog - '" . $arrArguments[SYSLOG_MESSAGE] . "'");
+			}
 		}
 		
 		// Return success!
--- a/src/classes/logstreamlineparserwinsyslog.class.php
+++ b/src/classes/logstreamlineparserwinsyslog.class.php
@ -46,24 +46,40 @@ class LogStreamLineParserwinsyslog extends LogStreamLineParser {
 		global $content; 

 		// Sample (WinSyslog/EventReporter): 2008-04-02,15:19:06,2008-04-02,15:19:06,127.0.0.1,16,5,EvntSLog: Performance counters for the RSVP (QoS RSVP) service were loaded successfully. 
-		if ( preg_match("/([0-9]{4,4}-[0-9]{1,2}-[0-9]{1,2},[0-9]{1,2}:[0-9]{1,2}:[0-9]{1,2}),([0-9]{4,4}-[0-9]{1,2}-[0-9]{1,2},[0-9]{1,2}:[0-9]{1,2}:[0-9]{1,2}),(.*?),([0-9]{1,2}),([0-9]{1,2}),(.*?)$/", $szLine, $out ) )
+		if ( preg_match("/([0-9]{4,4}-[0-9]{1,2}-[0-9]{1,2},[0-9]{1,2}:[0-9]{1,2}:[0-9]{1,2}),([0-9]{4,4}-[0-9]{1,2}-[0-9]{1,2},[0-9]{1,2}:[0-9]{1,2}:[0-9]{1,2}),(.*?),([0-9]{1,2}),([0-9]{1,2}),(.*?):(.*?)$/", $szLine, $out ) )
+		{
+			// Copy parsed properties!
+			$arrArguments[SYSLOG_DATE] = $this->GetEventTime($out[1]);
+			$arrArguments[SYSLOG_HOST] = $out[3];
+			$arrArguments[SYSLOG_FACILITY] = $out[4];
+			$arrArguments[SYSLOG_SEVERITY] = $out[5];
+			$arrArguments[SYSLOG_SYSLOGTAG] = $out[6];
+			$arrArguments[SYSLOG_MESSAGE] = $out[7];
+
+			// Expand SYSLOG_FACILITY and SYSLOG_SEVERITY
+			$arrArguments[SYSLOG_FACILITY_TEXT] = GetFacilityDisplayName( $arrArguments[SYSLOG_FACILITY] );
+			$arrArguments[SYSLOG_SEVERITY_TEXT] = GetSeverityDisplayName( $arrArguments[SYSLOG_SEVERITY] );
+		}
+		else if ( preg_match("/([0-9]{4,4}-[0-9]{1,2}-[0-9]{1,2},[0-9]{1,2}:[0-9]{1,2}:[0-9]{1,2}),([0-9]{4,4}-[0-9]{1,2}-[0-9]{1,2},[0-9]{1,2}:[0-9]{1,2}:[0-9]{1,2}),(.*?),([0-9]{1,2}),([0-9]{1,2}),(.*?)$/", $szLine, $out ) )
 		{
 			// Copy parsed properties!
 			$arrArguments[SYSLOG_DATE] = $this->GetEventTime($out[1]);
 			$arrArguments[SYSLOG_HOST] = $out[3];
-//			$arrArguments[SYSLOG_SYSLOGTAG] = $out[3];
 			$arrArguments[SYSLOG_FACILITY] = $out[4];
 			$arrArguments[SYSLOG_SEVERITY] = $out[5];
 			$arrArguments[SYSLOG_MESSAGE] = $out[6];

 			// Expand SYSLOG_FACILITY and SYSLOG_SEVERITY
-			$arrArguments[SYSLOG_FACILITY_TEXT] = $content['filter_facility_list'][$arrArguments[SYSLOG_FACILITY]]['DisplayName'];
-			$arrArguments[SYSLOG_SEVERITY_TEXT] = $content['filter_severity_list'][$arrArguments[SYSLOG_SEVERITY]]['DisplayName'];
+			$arrArguments[SYSLOG_FACILITY_TEXT] = GetFacilityDisplayName( $arrArguments[SYSLOG_FACILITY] );
+			$arrArguments[SYSLOG_SEVERITY_TEXT] = GetSeverityDisplayName( $arrArguments[SYSLOG_SEVERITY] );
 		}
 		else
 		{
-			// TODO: Cannot Parse Syslog message with this pattern!
-			die ("wtf winsyslog - " . $arrArguments[SYSLOG_MESSAGE] );
+			if ( strlen($arrArguments[SYSLOG_MESSAGE]) > 0 ) 
+			{
+				// TODO: Cannot Parse Syslog message with this pattern!
+				die ("wtf winsyslog - '" . $arrArguments[SYSLOG_MESSAGE] . "'");
+			}
 		}
 		
 		// Return success!
--- a/src/include/constants_filters.php
+++ b/src/include/constants_filters.php
@ -45,6 +45,10 @@ define('FILTER_DATEMODE', 'datemode');
 define('FILTER_TYPE', 'filtertype');
 define('FILTER_DATEMODENAME', 'datemodename');
 define('FILTER_VALUE', 'value');
+define('FILTER_MODE', 'filtermode');
+define('FILTER_MODE_INCLUDE', 0);
+define('FILTER_MODE_EXCLUDE', 1);
+

 // Defines which kind of filters we have
 define('FILTER_TYPE_STRING', 0);
--- a/src/include/functions_filters.php
+++ b/src/include/functions_filters.php
@ -144,24 +144,24 @@ function InitFilterHelpers()


 	// Init Facility LIST
-	$content['filter_facility_list'][] = array( "ID" => SYSLOG_KERN, "DisplayName" => "SYSLOG_KERN", "selected" => "" );
-	$content['filter_facility_list'][] = array( "ID" => SYSLOG_USER, "DisplayName" => "SYSLOG_USER", "selected" => "" );
-	$content['filter_facility_list'][] = array( "ID" => SYSLOG_MAIL, "DisplayName" => "SYSLOG_MAIL", "selected" => "" );
-	$content['filter_facility_list'][] = array( "ID" => SYSLOG_DAEMON, "DisplayName" => "SYSLOG_DAEMON", "selected" => "" );
-	$content['filter_facility_list'][] = array( "ID" => SYSLOG_AUTH, "DisplayName" => "SYSLOG_AUTH", "selected" => "" );
-	$content['filter_facility_list'][] = array( "ID" => SYSLOG_SYSLOG, "DisplayName" => "SYSLOG_SYSLOG", "selected" => "" );
-	$content['filter_facility_list'][] = array( "ID" => SYSLOG_LPR, "DisplayName" => "SYSLOG_LPR", "selected" => "" );
-	$content['filter_facility_list'][] = array( "ID" => SYSLOG_NEWS, "DisplayName" => "SYSLOG_NEWS", "selected" => "" );
-	$content['filter_facility_list'][] = array( "ID" => SYSLOG_UUCP, "DisplayName" => "SYSLOG_UUCP", "selected" => "" );
-	$content['filter_facility_list'][] = array( "ID" => SYSLOG_CRON, "DisplayName" => "SYSLOG_CRON", "selected" => "" );
-	$content['filter_facility_list'][] = array( "ID" => SYSLOG_LOCAL0, "DisplayName" => "SYSLOG_LOCAL0", "selected" => "" );
-	$content['filter_facility_list'][] = array( "ID" => SYSLOG_LOCAL1, "DisplayName" => "SYSLOG_LOCAL1", "selected" => "" );
-	$content['filter_facility_list'][] = array( "ID" => SYSLOG_LOCAL2, "DisplayName" => "SYSLOG_LOCAL2", "selected" => "" );
-	$content['filter_facility_list'][] = array( "ID" => SYSLOG_LOCAL3, "DisplayName" => "SYSLOG_LOCAL3", "selected" => "" );
-	$content['filter_facility_list'][] = array( "ID" => SYSLOG_LOCAL4, "DisplayName" => "SYSLOG_LOCAL4", "selected" => "" );
-	$content['filter_facility_list'][] = array( "ID" => SYSLOG_LOCAL5, "DisplayName" => "SYSLOG_LOCAL5", "selected" => "" );
-	$content['filter_facility_list'][] = array( "ID" => SYSLOG_LOCAL6, "DisplayName" => "SYSLOG_LOCAL6", "selected" => "" );
-	$content['filter_facility_list'][] = array( "ID" => SYSLOG_LOCAL7, "DisplayName" => "SYSLOG_LOCAL7", "selected" => "" );
+	$content['filter_facility_list'][] = array( "ID" => SYSLOG_KERN, "DisplayName" => "KERN", "selected" => "" );
+	$content['filter_facility_list'][] = array( "ID" => SYSLOG_USER, "DisplayName" => "USER", "selected" => "" );
+	$content['filter_facility_list'][] = array( "ID" => SYSLOG_MAIL, "DisplayName" => "MAIL", "selected" => "" );
+	$content['filter_facility_list'][] = array( "ID" => SYSLOG_DAEMON, "DisplayName" => "DAEMON", "selected" => "" );
+	$content['filter_facility_list'][] = array( "ID" => SYSLOG_AUTH, "DisplayName" => "AUTH", "selected" => "" );
+	$content['filter_facility_list'][] = array( "ID" => SYSLOG_SYSLOG, "DisplayName" => "SYSLOG", "selected" => "" );
+	$content['filter_facility_list'][] = array( "ID" => SYSLOG_LPR, "DisplayName" => "LPR", "selected" => "" );
+	$content['filter_facility_list'][] = array( "ID" => SYSLOG_NEWS, "DisplayName" => "NEWS", "selected" => "" );
+	$content['filter_facility_list'][] = array( "ID" => SYSLOG_UUCP, "DisplayName" => "UUCP", "selected" => "" );
+	$content['filter_facility_list'][] = array( "ID" => SYSLOG_CRON, "DisplayName" => "CRON", "selected" => "" );
+	$content['filter_facility_list'][] = array( "ID" => SYSLOG_LOCAL0, "DisplayName" => "LOCAL0", "selected" => "" );
+	$content['filter_facility_list'][] = array( "ID" => SYSLOG_LOCAL1, "DisplayName" => "LOCAL1", "selected" => "" );
+	$content['filter_facility_list'][] = array( "ID" => SYSLOG_LOCAL2, "DisplayName" => "LOCAL2", "selected" => "" );
+	$content['filter_facility_list'][] = array( "ID" => SYSLOG_LOCAL3, "DisplayName" => "LOCAL3", "selected" => "" );
+	$content['filter_facility_list'][] = array( "ID" => SYSLOG_LOCAL4, "DisplayName" => "LOCAL4", "selected" => "" );
+	$content['filter_facility_list'][] = array( "ID" => SYSLOG_LOCAL5, "DisplayName" => "LOCAL5", "selected" => "" );
+	$content['filter_facility_list'][] = array( "ID" => SYSLOG_LOCAL6, "DisplayName" => "LOCAL6", "selected" => "" );
+	$content['filter_facility_list'][] = array( "ID" => SYSLOG_LOCAL7, "DisplayName" => "LOCAL7", "selected" => "" );


 	$iCount = count($content['filter_facility_list']);
@ -180,14 +180,14 @@ function InitFilterHelpers()
 //		$filters['filter_severity'] = SYSLOG_NOTICE;

 	// Init Severity LIST
-	$content['filter_severity_list'][] = array( "ID" => SYSLOG_EMERG, "DisplayName" => "SYSLOG_EMERG", "selected" => "" );
-	$content['filter_severity_list'][] = array( "ID" => SYSLOG_ALERT, "DisplayName" => "SYSLOG_ALERT", "selected" => "" );
-	$content['filter_severity_list'][] = array( "ID" => SYSLOG_CRIT, "DisplayName" => "SYSLOG_CRIT", "selected" => "" );
-	$content['filter_severity_list'][] = array( "ID" => SYSLOG_ERR, "DisplayName" => "SYSLOG_ERR", "selected" => "" );
-	$content['filter_severity_list'][] = array( "ID" => SYSLOG_WARNING, "DisplayName" => "SYSLOG_WARNING", "selected" => "" );
-	$content['filter_severity_list'][] = array( "ID" => SYSLOG_NOTICE, "DisplayName" => "SYSLOG_NOTICE", "selected" => "" );
-	$content['filter_severity_list'][] = array( "ID" => SYSLOG_INFO, "DisplayName" => "SYSLOG_INFO", "selected" => "" );
-	$content['filter_severity_list'][] = array( "ID" => SYSLOG_DEBUG, "DisplayName" => "SYSLOG_DEBUG", "selected" => "" );
+	$content['filter_severity_list'][] = array( "ID" => SYSLOG_EMERG, "DisplayName" => "EMERG", "selected" => "" );
+	$content['filter_severity_list'][] = array( "ID" => SYSLOG_ALERT, "DisplayName" => "ALERT", "selected" => "" );
+	$content['filter_severity_list'][] = array( "ID" => SYSLOG_CRIT, "DisplayName" => "CRIT", "selected" => "" );
+	$content['filter_severity_list'][] = array( "ID" => SYSLOG_ERR, "DisplayName" => "ERR", "selected" => "" );
+	$content['filter_severity_list'][] = array( "ID" => SYSLOG_WARNING, "DisplayName" => "WARNING", "selected" => "" );
+	$content['filter_severity_list'][] = array( "ID" => SYSLOG_NOTICE, "DisplayName" => "NOTICE", "selected" => "" );
+	$content['filter_severity_list'][] = array( "ID" => SYSLOG_INFO, "DisplayName" => "INFO", "selected" => "" );
+	$content['filter_severity_list'][] = array( "ID" => SYSLOG_DEBUG, "DisplayName" => "DEBUG", "selected" => "" );

 	$iCount = count($content['filter_severity_list']);
 	for ( $i = 0; $i < $iCount; $i++ )
@ -213,4 +213,48 @@ function FillDateRangeArray($sourcearray, $szArrayListName, $szFilterName) // $c
 	}
 }

+function GetFacilityDisplayName( $nFacilityID )
+{
+	global $content;
+
+	foreach( $content['filter_facility_list'] as $myfacility )
+	{
+		if ( $myfacility['ID'] == $nFacilityID )
+			return $myfacility['DisplayName'];
+	}
+
+	// Default 
+	return "Unknown Facility";
+}
+
+function GetSeverityDisplayName( $nSeverityID )
+{
+	global $content;
+
+	foreach( $content['filter_severity_list'] as $myseverity )
+	{
+		if ( $myseverity['ID'] == $nSeverityID )
+			return $myseverity['DisplayName'];
+	}
+
+	// Default 
+	return "Unknown Severity";
+}
+
+function GetTimeStampFromTimeString($szTimeString)
+{
+	//Sample: 2008-4-1T00:00:00
+	if ( preg_match("/([0-9]{4,4})-([0-9]{1,2})-([0-9]{1,2})T([0-9]{1,2}):([0-9]{1,2}):([0-9]{1,2})$/", $szTimeString, $out) )
+	{
+		// return new timestamp
+		return mktime($out[4], $out[5], $out[6], $out[2], $out[3], $out[1]);
+	}
+	else
+	{
+		//WTF?
+		die ("WTF GetTimeStampFromTimeString " . $szTimeString);
+		return 0;
+	}
+}
+
 ?>
--- a/src/index.php
+++ b/src/index.php
@ -105,7 +105,7 @@ if ( isset($_POST['search']) )
 														$filters['filter_daterange_from_day'] . "T00:00:00 ";
 				$content['searchstr'] .= "dateto:" .	$filters['filter_daterange_to_year'] . "-" . 
 														$filters['filter_daterange_to_month'] . "-" . 
-														$filters['filter_daterange_to_day'] . "T00:00:00 ";
+														$filters['filter_daterange_to_day'] . "T23:59:59 ";

 			}
 			else if ( $filters['filter_datemode'] == DATEMODE_LASTX )
@ -113,7 +113,7 @@ if ( isset($_POST['search']) )
 				if ( isset($_POST['filter_daterange_last_x']) ) 
 				{
 					$filters['filter_daterange_last_x'] = intval($_POST['filter_daterange_last_x']);
-					$content['searchstr'] .= "datefrom:" .	$filters['filter_daterange_last_x'] . " ";
+					$content['searchstr'] .= "datelastx:" .	$filters['filter_daterange_last_x'] . " ";
 				}
 			}
 		}