mirror of
https://github.com/rsyslog/loganalyzer.git
synced 2025-09-23 18:07:52 +02:00
Added support to filter for dynamic fields within the logstream database sources.
This was not possible yet. The filtering also has a secure end timer, which avoids that the timelimit hits the script.
This commit is contained in:
Andre Lorbach
parent
5faad8d2fd
commit
c4a8889a09
@ -258,6 +258,219 @@ abstract class LogStream {
|
||||
$this->_sortOrder = $newSortOrder;
|
||||
return SUCCESS;
|
||||
}
|
||||
|
||||
/**
|
||||
* Implementation of ApplyFilters which can be used by all LogStream Classes!
|
||||
* This function performs a check on the filters and actually triggers the
|
||||
* syslog parsers as well.
|
||||
*/
|
||||
public function ApplyFilters($myResults, &$arrProperitesOut)
|
||||
{
|
||||
// IF result was unsuccessfull, return success - nothing we can do here.
|
||||
if ( $myResults >= ERROR )
|
||||
return SUCCESS;
|
||||
|
||||
// Process all filters
|
||||
if ( $this->_filters != null )
|
||||
{
|
||||
// Evaluation default for now is true
|
||||
$bEval = true;
|
||||
|
||||
// Loop through set properties
|
||||
foreach( $arrProperitesOut as $propertyname => $propertyvalue )
|
||||
{
|
||||
// TODO: NOT SURE IF THIS WILL WORK ON NUMBERS AND OTHER TYPES RIGHT NOW
|
||||
if (
|
||||
array_key_exists($propertyname, $this->_filters) &&
|
||||
isset($propertyvalue) /* &&
|
||||
!(is_string($propertyvalue) && strlen($propertyvalue) <= 0) /* Negative because it only matters if the propvalure is a string*/
|
||||
)
|
||||
{
|
||||
// Extra var needed for number checks!
|
||||
$bIsOrFilter = false; // If enabled we need to check for numbereval later
|
||||
$bOrFilter = false;
|
||||
|
||||
// Found something to filter, so do it!
|
||||
foreach( $this->_filters[$propertyname] as $myfilter )
|
||||
{
|
||||
switch( $myfilter[FILTER_TYPE] )
|
||||
{
|
||||
case FILTER_TYPE_STRING:
|
||||
// Only filter if value is non zero
|
||||
if ( strlen($propertyvalue) > 0 && strlen($myfilter[FILTER_VALUE]) > 0 )
|
||||
{
|
||||
// If Syslog message, we have AND handling!
|
||||
if ( $propertyname == SYSLOG_MESSAGE )
|
||||
{
|
||||
// Include Filter
|
||||
if ( $myfilter[FILTER_MODE] & FILTER_MODE_INCLUDE )
|
||||
{
|
||||
if ( stripos($propertyvalue, $myfilter[FILTER_VALUE]) === false )
|
||||
$bEval = false;
|
||||
}
|
||||
// Exclude Filter
|
||||
else if ( $myfilter[FILTER_MODE] & FILTER_MODE_EXCLUDE )
|
||||
{
|
||||
if ( stripos($propertyvalue, $myfilter[FILTER_VALUE]) !== false )
|
||||
$bEval = false;
|
||||
}
|
||||
}
|
||||
// Otherwise we use OR Handling!
|
||||
else
|
||||
{
|
||||
// Include Filter
|
||||
if ( $myfilter[FILTER_MODE] & FILTER_MODE_INCLUDE )
|
||||
{
|
||||
|
||||
// Set isOrFilter to true in this case
|
||||
$bIsOrFilter = true;
|
||||
|
||||
if ( $myfilter[FILTER_MODE] & FILTER_MODE_SEARCHFULL )
|
||||
{
|
||||
if ( strtolower($propertyvalue) == strtolower($myfilter[FILTER_VALUE]) )
|
||||
$bOrFilter = true;
|
||||
}
|
||||
else
|
||||
{
|
||||
if ( stripos($propertyvalue, $myfilter[FILTER_VALUE]) !== false )
|
||||
$bOrFilter = true;
|
||||
}
|
||||
}
|
||||
// Exclude Filter - handeled with AND filtering!
|
||||
else if ( $myfilter[FILTER_MODE] & FILTER_MODE_EXCLUDE )
|
||||
{
|
||||
if ( $myfilter[FILTER_MODE] & FILTER_MODE_SEARCHFULL )
|
||||
{
|
||||
// if ( strtolower($propertyvalue) != strtolower($myfilter[FILTER_VALUE]) )
|
||||
if ( strtolower($propertyvalue) == strtolower($myfilter[FILTER_VALUE]) )
|
||||
$bEval = false;
|
||||
}
|
||||
else
|
||||
{
|
||||
// if ( stripos($propertyvalue, $myfilter[FILTER_VALUE]) === false )
|
||||
if ( stripos($propertyvalue, $myfilter[FILTER_VALUE]) !== false )
|
||||
$bEval = false;
|
||||
}
|
||||
}
|
||||
break;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
// Either filter value or property value was empty!
|
||||
// This means we have no match
|
||||
$bEval = false;
|
||||
}
|
||||
|
||||
break;
|
||||
case FILTER_TYPE_NUMBER:
|
||||
$bIsOrFilter = true; // Default is set to TRUE
|
||||
if ( is_numeric($arrProperitesOut[$propertyname]) )
|
||||
{
|
||||
if ( $myfilter[FILTER_MODE] & FILTER_MODE_INCLUDE )
|
||||
{
|
||||
if ( $myfilter[FILTER_VALUE] == $arrProperitesOut[$propertyname] )
|
||||
$bOrFilter = true;
|
||||
else
|
||||
$bOrFilter = false;
|
||||
}
|
||||
else if ( $myfilter[FILTER_MODE] & FILTER_MODE_EXCLUDE )
|
||||
{
|
||||
if ( $myfilter[FILTER_VALUE] == $arrProperitesOut[$propertyname] )
|
||||
$bOrFilter = false;
|
||||
else
|
||||
$bOrFilter = true;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
// If wanted, we treat this filter as a success!
|
||||
if ( GetConfigSetting("TreatNotFoundFiltersAsTrue", 0, CFGLEVEL_USER) == 1 )
|
||||
$bOrFilter = true;
|
||||
else
|
||||
$bOrFilter = false;
|
||||
}
|
||||
break;
|
||||
case FILTER_TYPE_DATE:
|
||||
// Get Log TimeStamp
|
||||
$nLogTimeStamp = $arrProperitesOut[$propertyname][EVTIME_TIMESTAMP];
|
||||
|
||||
if ( $myfilter[FILTER_DATEMODE] == DATEMODE_LASTX )
|
||||
{
|
||||
// Get current timestamp
|
||||
$nNowTimeStamp = time();
|
||||
|
||||
if ( $myfilter[FILTER_VALUE] == DATE_LASTX_HOUR )
|
||||
$nLastXTime = 60 * 60; // One Hour!
|
||||
else if ( $myfilter[FILTER_VALUE] == DATE_LASTX_12HOURS )
|
||||
$nLastXTime = 60 * 60 * 12; // 12 Hours!
|
||||
else if ( $myfilter[FILTER_VALUE] == DATE_LASTX_24HOURS )
|
||||
$nLastXTime = 60 * 60 * 24; // 24 Hours!
|
||||
else if ( $myfilter[FILTER_VALUE] == DATE_LASTX_7DAYS )
|
||||
$nLastXTime = 60 * 60 * 24 * 7; // 7 days
|
||||
else if ( $myfilter[FILTER_VALUE] == DATE_LASTX_31DAYS )
|
||||
$nLastXTime = 60 * 60 * 24 * 31; // 31 days
|
||||
else
|
||||
// WTF default?
|
||||
$nLastXTime = 86400;
|
||||
|
||||
// If Nowtime + LastX is higher then the log timestamp, the this logline is to old for us.
|
||||
if ( ($nNowTimeStamp - $nLastXTime) > $nLogTimeStamp )
|
||||
$bEval = false;
|
||||
}
|
||||
else if ( $myfilter[FILTER_DATEMODE] == DATEMODE_RANGE_FROM )
|
||||
{
|
||||
// Get filter timestamp!
|
||||
$nFromTimeStamp = GetTimeStampFromTimeString($myfilter[FILTER_VALUE]);
|
||||
|
||||
// If logtime is smaller then FromTime, then the Event is outside of our scope!
|
||||
if ( $nLogTimeStamp < $nFromTimeStamp )
|
||||
$bEval = false;
|
||||
}
|
||||
else if ( $myfilter[FILTER_DATEMODE] == DATEMODE_RANGE_TO )
|
||||
{
|
||||
// Get filter timestamp!
|
||||
// echo $myfilter[FILTER_VALUE];
|
||||
$nToTimeStamp = GetTimeStampFromTimeString($myfilter[FILTER_VALUE]);
|
||||
|
||||
// If logtime is smaller then FromTime, then the Event is outside of our scope!
|
||||
if ( $nLogTimeStamp > $nToTimeStamp )
|
||||
$bEval = false;
|
||||
}
|
||||
|
||||
break;
|
||||
default:
|
||||
// TODO!
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
// If was number filter, we apply it the evaluation.
|
||||
if ( $bIsOrFilter )
|
||||
$bEval &= $bOrFilter;
|
||||
|
||||
if ( !$bEval )
|
||||
{
|
||||
// unmatching filter, reset property array
|
||||
foreach ( $this->_arrProperties as $property )
|
||||
$arrProperitesOut[$property] = '';
|
||||
|
||||
// return error!
|
||||
return ERROR_FILTER_NOT_MATCH;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Reached this point means filters did match!
|
||||
return SUCCESS;
|
||||
}
|
||||
else // No filters at all means success!
|
||||
return SUCCESS;
|
||||
}
|
||||
|
||||
/*
|
||||
* --- PIRVATE HELPERS!
|
||||
*/
|
||||
|
||||
/**
|
||||
* Helper function to parse filters into a useful filter array we can work with.
|
||||
@ -815,7 +1028,8 @@ abstract class LogStream {
|
||||
// reached here means we failed to convert the facility!
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@ -210,67 +210,85 @@ class LogStreamDB extends LogStream {
|
||||
public function ReadNext(&$uID, &$arrProperitesOut, $bParseMessage = true)
|
||||
{
|
||||
// Helpers needed for DB Mapping
|
||||
global $content, $gl_starttime;
|
||||
global $dbmapping, $fields;
|
||||
$szTableType = $this->_logStreamConfigObj->DBTableType;
|
||||
|
||||
// define $ret
|
||||
$ret = SUCCESS;
|
||||
|
||||
// No buffer? then read from DB!
|
||||
if ( $this->bufferedRecords == null )
|
||||
$ret = $this->ReadNextRecordsFromDB($uID);
|
||||
else
|
||||
do
|
||||
{
|
||||
if ( !isset($this->bufferedRecords[$this->_currentRecordNum] ) )
|
||||
{
|
||||
// We need to load new records, so clear the old ones first!
|
||||
$this->ResetBufferedRecords();
|
||||
|
||||
// Set new Record start, will be used in the SQL Statement!
|
||||
$this->_currentRecordStart = $this->_currentRecordNum; // + 1;
|
||||
|
||||
// Now read new ones
|
||||
// No buffer? then read from DB!
|
||||
if ( $this->bufferedRecords == null )
|
||||
$ret = $this->ReadNextRecordsFromDB($uID);
|
||||
|
||||
if ( !isset($this->bufferedRecords[$this->_currentRecordNum] ) )
|
||||
$ret = ERROR_NOMORERECORDS;
|
||||
}
|
||||
}
|
||||
|
||||
if ( $ret == SUCCESS )
|
||||
{
|
||||
// Init and set variables
|
||||
foreach ( $this->_arrProperties as $property )
|
||||
else
|
||||
{
|
||||
// Check if mapping exists
|
||||
if ( isset($dbmapping[$szTableType][$property]) )
|
||||
if ( !isset($this->bufferedRecords[$this->_currentRecordNum] ) )
|
||||
{
|
||||
// Copy property if available!
|
||||
$dbfieldname = $dbmapping[$szTableType][$property];
|
||||
if ( isset($this->bufferedRecords[$this->_currentRecordNum][$dbfieldname]) )
|
||||
// We need to load new records, so clear the old ones first!
|
||||
$this->ResetBufferedRecords();
|
||||
|
||||
// Set new Record start, will be used in the SQL Statement!
|
||||
$this->_currentRecordStart = $this->_currentRecordNum; // + 1;
|
||||
|
||||
// Now read new ones
|
||||
$ret = $this->ReadNextRecordsFromDB($uID);
|
||||
|
||||
if ( !isset($this->bufferedRecords[$this->_currentRecordNum] ) )
|
||||
$ret = ERROR_NOMORERECORDS;
|
||||
}
|
||||
}
|
||||
if ( $ret == SUCCESS )
|
||||
{
|
||||
// Init and set variables
|
||||
foreach ( $this->_arrProperties as $property )
|
||||
{
|
||||
// Check if mapping exists
|
||||
if ( isset($dbmapping[$szTableType][$property]) )
|
||||
{
|
||||
if ( isset($fields[$property]['FieldType']) && $fields[$property]['FieldType'] == FILTER_TYPE_DATE ) // Handle as date!
|
||||
$arrProperitesOut[$property] = GetEventTime( $this->bufferedRecords[$this->_currentRecordNum][$dbfieldname] );
|
||||
// Copy property if available!
|
||||
$dbfieldname = $dbmapping[$szTableType][$property];
|
||||
if ( isset($this->bufferedRecords[$this->_currentRecordNum][$dbfieldname]) )
|
||||
{
|
||||
if ( isset($fields[$property]['FieldType']) && $fields[$property]['FieldType'] == FILTER_TYPE_DATE ) // Handle as date!
|
||||
$arrProperitesOut[$property] = GetEventTime( $this->bufferedRecords[$this->_currentRecordNum][$dbfieldname] );
|
||||
else
|
||||
$arrProperitesOut[$property] = $this->bufferedRecords[$this->_currentRecordNum][$dbfieldname];
|
||||
}
|
||||
else
|
||||
$arrProperitesOut[$property] = $this->bufferedRecords[$this->_currentRecordNum][$dbfieldname];
|
||||
$arrProperitesOut[$property] = '';
|
||||
}
|
||||
else
|
||||
$arrProperitesOut[$property] = '';
|
||||
}
|
||||
else
|
||||
$arrProperitesOut[$property] = '';
|
||||
|
||||
// Run optional Message Parsers now
|
||||
if ( isset($arrProperitesOut[SYSLOG_MESSAGE]) )
|
||||
$this->_logStreamConfigObj->ProcessMsgParsers($arrProperitesOut[SYSLOG_MESSAGE], $arrProperitesOut);
|
||||
|
||||
// Set uID to the PropertiesOut! //DEBUG -> $this->_currentRecordNum;
|
||||
$uID = $arrProperitesOut[SYSLOG_UID] = $this->bufferedRecords[$this->_currentRecordNum][$dbmapping[$szTableType][SYSLOG_UID]];
|
||||
|
||||
// Increment $_currentRecordNum
|
||||
$this->_currentRecordNum++;
|
||||
}
|
||||
|
||||
// Run optional Message Parsers now
|
||||
if ( isset($arrProperitesOut[SYSLOG_MESSAGE]) )
|
||||
$this->_logStreamConfigObj->ProcessMsgParsers($arrProperitesOut[SYSLOG_MESSAGE], $arrProperitesOut);
|
||||
// Check how long we are running. If only two seconds of execution time are left, we abort further reading!
|
||||
$scriptruntime = intval(microtime_float() - $gl_starttime);
|
||||
if ( $scriptruntime > ($content['MaxExecutionTime']-2) )
|
||||
{
|
||||
// This may display a warning message, so the user knows we stopped reading records because of the script timeout.
|
||||
$content['logstream_warning'] = "false";
|
||||
$content['logstream_warning_details'] = $content['LN_WARNING_LOGSTREAMDISK_TIMEOUT'];
|
||||
$content['logstream_warning_code'] = ERROR_FILE_NOMORETIME;
|
||||
|
||||
// Return error code
|
||||
return ERROR_FILE_NOMORETIME;
|
||||
}
|
||||
|
||||
// Set uID to the PropertiesOut! //DEBUG -> $this->_currentRecordNum;
|
||||
$uID = $arrProperitesOut[SYSLOG_UID] = $this->bufferedRecords[$this->_currentRecordNum][$dbmapping[$szTableType][SYSLOG_UID]];
|
||||
|
||||
// Increment $_currentRecordNum
|
||||
$this->_currentRecordNum++;
|
||||
}
|
||||
// This additional filter check will take care on dynamic fields from the message parser!
|
||||
} while ( $this->ApplyFilters($ret, $arrProperitesOut) != SUCCESS && $ret == SUCCESS );
|
||||
|
||||
// reached here means return result!
|
||||
return $ret;
|
||||
|
||||
@ -699,215 +699,5 @@ class LogStreamDisk extends LogStream {
|
||||
$this->_p_buffer = -1;
|
||||
}
|
||||
|
||||
/**
|
||||
* Implementation of ApplyFilters in the LogSTreamDisk Class.
|
||||
* This function performs a check on the filters and actually triggers the
|
||||
* syslog parsers as well.
|
||||
*/
|
||||
protected function ApplyFilters($myResults, &$arrProperitesOut)
|
||||
{
|
||||
// IF result was unsuccessfull, return success - nothing we can do here.
|
||||
if ( $myResults >= ERROR )
|
||||
return SUCCESS;
|
||||
|
||||
// Process all filters
|
||||
if ( $this->_filters != null )
|
||||
{
|
||||
// Evaluation default for now is true
|
||||
$bEval = true;
|
||||
|
||||
// Loop through set properties
|
||||
foreach( $arrProperitesOut as $propertyname => $propertyvalue )
|
||||
{
|
||||
// TODO: NOT SURE IF THIS WILL WORK ON NUMBERS AND OTHER TYPES RIGHT NOW
|
||||
if (
|
||||
array_key_exists($propertyname, $this->_filters) &&
|
||||
isset($propertyvalue) /* &&
|
||||
!(is_string($propertyvalue) && strlen($propertyvalue) <= 0) /* Negative because it only matters if the propvalure is a string*/
|
||||
)
|
||||
{
|
||||
// Extra var needed for number checks!
|
||||
$bIsOrFilter = false; // If enabled we need to check for numbereval later
|
||||
$bOrFilter = false;
|
||||
|
||||
// Found something to filter, so do it!
|
||||
foreach( $this->_filters[$propertyname] as $myfilter )
|
||||
{
|
||||
switch( $myfilter[FILTER_TYPE] )
|
||||
{
|
||||
case FILTER_TYPE_STRING:
|
||||
// Only filter if value is non zero
|
||||
if ( strlen($propertyvalue) > 0 && strlen($myfilter[FILTER_VALUE]) > 0 )
|
||||
{
|
||||
// If Syslog message, we have AND handling!
|
||||
if ( $propertyname == SYSLOG_MESSAGE )
|
||||
{
|
||||
// Include Filter
|
||||
if ( $myfilter[FILTER_MODE] & FILTER_MODE_INCLUDE )
|
||||
{
|
||||
if ( stripos($propertyvalue, $myfilter[FILTER_VALUE]) === false )
|
||||
$bEval = false;
|
||||
}
|
||||
// Exclude Filter
|
||||
else if ( $myfilter[FILTER_MODE] & FILTER_MODE_EXCLUDE )
|
||||
{
|
||||
if ( stripos($propertyvalue, $myfilter[FILTER_VALUE]) !== false )
|
||||
$bEval = false;
|
||||
}
|
||||
}
|
||||
// Otherwise we use OR Handling!
|
||||
else
|
||||
{
|
||||
// Include Filter
|
||||
if ( $myfilter[FILTER_MODE] & FILTER_MODE_INCLUDE )
|
||||
{
|
||||
|
||||
// Set isOrFilter to true in this case
|
||||
$bIsOrFilter = true;
|
||||
|
||||
if ( $myfilter[FILTER_MODE] & FILTER_MODE_SEARCHFULL )
|
||||
{
|
||||
if ( strtolower($propertyvalue) == strtolower($myfilter[FILTER_VALUE]) )
|
||||
$bOrFilter = true;
|
||||
}
|
||||
else
|
||||
{
|
||||
if ( stripos($propertyvalue, $myfilter[FILTER_VALUE]) !== false )
|
||||
$bOrFilter = true;
|
||||
}
|
||||
}
|
||||
// Exclude Filter - handeled with AND filtering!
|
||||
else if ( $myfilter[FILTER_MODE] & FILTER_MODE_EXCLUDE )
|
||||
{
|
||||
if ( $myfilter[FILTER_MODE] & FILTER_MODE_SEARCHFULL )
|
||||
{
|
||||
// if ( strtolower($propertyvalue) != strtolower($myfilter[FILTER_VALUE]) )
|
||||
if ( strtolower($propertyvalue) == strtolower($myfilter[FILTER_VALUE]) )
|
||||
$bEval = false;
|
||||
}
|
||||
else
|
||||
{
|
||||
// if ( stripos($propertyvalue, $myfilter[FILTER_VALUE]) === false )
|
||||
if ( stripos($propertyvalue, $myfilter[FILTER_VALUE]) !== false )
|
||||
$bEval = false;
|
||||
}
|
||||
}
|
||||
break;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
// Either filter value or property value was empty!
|
||||
// This means we have no match
|
||||
$bEval = false;
|
||||
}
|
||||
|
||||
break;
|
||||
case FILTER_TYPE_NUMBER:
|
||||
$bIsOrFilter = true; // Default is set to TRUE
|
||||
if ( is_numeric($arrProperitesOut[$propertyname]) )
|
||||
{
|
||||
if ( $myfilter[FILTER_MODE] & FILTER_MODE_INCLUDE )
|
||||
{
|
||||
if ( $myfilter[FILTER_VALUE] == $arrProperitesOut[$propertyname] )
|
||||
$bOrFilter = true;
|
||||
else
|
||||
$bOrFilter = false;
|
||||
}
|
||||
else if ( $myfilter[FILTER_MODE] & FILTER_MODE_EXCLUDE )
|
||||
{
|
||||
if ( $myfilter[FILTER_VALUE] == $arrProperitesOut[$propertyname] )
|
||||
$bOrFilter = false;
|
||||
else
|
||||
$bOrFilter = true;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
// If wanted, we treat this filter as a success!
|
||||
if ( GetConfigSetting("TreatNotFoundFiltersAsTrue", 0, CFGLEVEL_USER) == 1 )
|
||||
$bOrFilter = true;
|
||||
else
|
||||
$bOrFilter = false;
|
||||
}
|
||||
break;
|
||||
case FILTER_TYPE_DATE:
|
||||
// Get Log TimeStamp
|
||||
$nLogTimeStamp = $arrProperitesOut[$propertyname][EVTIME_TIMESTAMP];
|
||||
|
||||
if ( $myfilter[FILTER_DATEMODE] == DATEMODE_LASTX )
|
||||
{
|
||||
// Get current timestamp
|
||||
$nNowTimeStamp = time();
|
||||
|
||||
if ( $myfilter[FILTER_VALUE] == DATE_LASTX_HOUR )
|
||||
$nLastXTime = 60 * 60; // One Hour!
|
||||
else if ( $myfilter[FILTER_VALUE] == DATE_LASTX_12HOURS )
|
||||
$nLastXTime = 60 * 60 * 12; // 12 Hours!
|
||||
else if ( $myfilter[FILTER_VALUE] == DATE_LASTX_24HOURS )
|
||||
$nLastXTime = 60 * 60 * 24; // 24 Hours!
|
||||
else if ( $myfilter[FILTER_VALUE] == DATE_LASTX_7DAYS )
|
||||
$nLastXTime = 60 * 60 * 24 * 7; // 7 days
|
||||
else if ( $myfilter[FILTER_VALUE] == DATE_LASTX_31DAYS )
|
||||
$nLastXTime = 60 * 60 * 24 * 31; // 31 days
|
||||
else
|
||||
// WTF default?
|
||||
$nLastXTime = 86400;
|
||||
|
||||
// If Nowtime + LastX is higher then the log timestamp, the this logline is to old for us.
|
||||
if ( ($nNowTimeStamp - $nLastXTime) > $nLogTimeStamp )
|
||||
$bEval = false;
|
||||
}
|
||||
else if ( $myfilter[FILTER_DATEMODE] == DATEMODE_RANGE_FROM )
|
||||
{
|
||||
// Get filter timestamp!
|
||||
$nFromTimeStamp = GetTimeStampFromTimeString($myfilter[FILTER_VALUE]);
|
||||
|
||||
// If logtime is smaller then FromTime, then the Event is outside of our scope!
|
||||
if ( $nLogTimeStamp < $nFromTimeStamp )
|
||||
$bEval = false;
|
||||
}
|
||||
else if ( $myfilter[FILTER_DATEMODE] == DATEMODE_RANGE_TO )
|
||||
{
|
||||
// Get filter timestamp!
|
||||
// echo $myfilter[FILTER_VALUE];
|
||||
$nToTimeStamp = GetTimeStampFromTimeString($myfilter[FILTER_VALUE]);
|
||||
|
||||
// If logtime is smaller then FromTime, then the Event is outside of our scope!
|
||||
if ( $nLogTimeStamp > $nToTimeStamp )
|
||||
$bEval = false;
|
||||
}
|
||||
|
||||
break;
|
||||
default:
|
||||
// TODO!
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
// If was number filter, we apply it the evaluation.
|
||||
if ( $bIsOrFilter )
|
||||
$bEval &= $bOrFilter;
|
||||
|
||||
if ( !$bEval )
|
||||
{
|
||||
// unmatching filter, reset property array
|
||||
foreach ( $this->_arrProperties as $property )
|
||||
$arrProperitesOut[$property] = '';
|
||||
|
||||
// return error!
|
||||
return ERROR_FILTER_NOT_MATCH;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Reached this point means filters did match!
|
||||
return SUCCESS;
|
||||
}
|
||||
else // No filters at all means success!
|
||||
return SUCCESS;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
?>
|
||||
@ -240,69 +240,87 @@ class LogStreamPDO extends LogStream {
|
||||
public function ReadNext(&$uID, &$arrProperitesOut, $bParseMessage = true)
|
||||
{
|
||||
// Helpers needed for DB Mapping
|
||||
global $content, $gl_starttime;
|
||||
global $dbmapping, $fields;
|
||||
$szTableType = $this->_logStreamConfigObj->DBTableType;
|
||||
|
||||
// define $ret
|
||||
$ret = SUCCESS;
|
||||
|
||||
// No buffer? then read from DB!
|
||||
if ( $this->bufferedRecords == null )
|
||||
$ret = $this->ReadNextRecordsFromDB($uID);
|
||||
else
|
||||
do
|
||||
{
|
||||
if ( !isset($this->bufferedRecords[$this->_currentRecordNum] ) )
|
||||
{
|
||||
// We need to load new records, so clear the old ones first!
|
||||
$this->ResetBufferedRecords();
|
||||
|
||||
// Set new Record start, will be used in the SQL Statement!
|
||||
$this->_currentRecordStart = $this->_currentRecordNum; // + 1;
|
||||
|
||||
// Now read new ones
|
||||
// No buffer? then read from DB!
|
||||
if ( $this->bufferedRecords == null )
|
||||
$ret = $this->ReadNextRecordsFromDB($uID);
|
||||
//echo "!" . $ret . " " . $this->_currentRecordStart . "=" . $this->_currentRecordNum;
|
||||
|
||||
// Check if we found more records
|
||||
if ( !isset($this->bufferedRecords[$this->_currentRecordNum] ) )
|
||||
$ret = ERROR_NOMORERECORDS;
|
||||
}
|
||||
}
|
||||
|
||||
if ( $ret == SUCCESS )
|
||||
{
|
||||
// Init and set variables
|
||||
foreach ( $this->_arrProperties as $property )
|
||||
else
|
||||
{
|
||||
// Check if mapping exists
|
||||
if ( isset($dbmapping[$szTableType][$property]) )
|
||||
if ( !isset($this->bufferedRecords[$this->_currentRecordNum] ) )
|
||||
{
|
||||
// Copy property if available!
|
||||
$dbfieldname = $dbmapping[$szTableType][$property];
|
||||
if ( isset($this->bufferedRecords[$this->_currentRecordNum][$dbfieldname]) )
|
||||
// We need to load new records, so clear the old ones first!
|
||||
$this->ResetBufferedRecords();
|
||||
|
||||
// Set new Record start, will be used in the SQL Statement!
|
||||
$this->_currentRecordStart = $this->_currentRecordNum; // + 1;
|
||||
|
||||
// Now read new ones
|
||||
$ret = $this->ReadNextRecordsFromDB($uID);
|
||||
|
||||
// Check if we found more records
|
||||
if ( !isset($this->bufferedRecords[$this->_currentRecordNum] ) )
|
||||
$ret = ERROR_NOMORERECORDS;
|
||||
}
|
||||
}
|
||||
|
||||
if ( $ret == SUCCESS )
|
||||
{
|
||||
// Init and set variables
|
||||
foreach ( $this->_arrProperties as $property )
|
||||
{
|
||||
// Check if mapping exists
|
||||
if ( isset($dbmapping[$szTableType][$property]) )
|
||||
{
|
||||
if ( isset($fields[$property]['FieldType']) && $fields[$property]['FieldType'] == FILTER_TYPE_DATE ) // Handle as date!
|
||||
$arrProperitesOut[$property] = GetEventTime( $this->bufferedRecords[$this->_currentRecordNum][$dbfieldname] );
|
||||
// Copy property if available!
|
||||
$dbfieldname = $dbmapping[$szTableType][$property];
|
||||
if ( isset($this->bufferedRecords[$this->_currentRecordNum][$dbfieldname]) )
|
||||
{
|
||||
if ( isset($fields[$property]['FieldType']) && $fields[$property]['FieldType'] == FILTER_TYPE_DATE ) // Handle as date!
|
||||
$arrProperitesOut[$property] = GetEventTime( $this->bufferedRecords[$this->_currentRecordNum][$dbfieldname] );
|
||||
else
|
||||
$arrProperitesOut[$property] = $this->bufferedRecords[$this->_currentRecordNum][$dbfieldname];
|
||||
}
|
||||
else
|
||||
$arrProperitesOut[$property] = $this->bufferedRecords[$this->_currentRecordNum][$dbfieldname];
|
||||
$arrProperitesOut[$property] = '';
|
||||
}
|
||||
else
|
||||
$arrProperitesOut[$property] = '';
|
||||
}
|
||||
else
|
||||
$arrProperitesOut[$property] = '';
|
||||
|
||||
// Run optional Message Parsers now
|
||||
if ( isset($arrProperitesOut[SYSLOG_MESSAGE]) )
|
||||
$this->_logStreamConfigObj->ProcessMsgParsers($arrProperitesOut[SYSLOG_MESSAGE], $arrProperitesOut);
|
||||
|
||||
// Set uID to the PropertiesOut! //DEBUG -> $this->_currentRecordNum;
|
||||
$uID = $arrProperitesOut[SYSLOG_UID] = $this->bufferedRecords[$this->_currentRecordNum][$dbmapping[$szTableType][SYSLOG_UID]];
|
||||
|
||||
// Increment $_currentRecordNum
|
||||
$this->_currentRecordNum++;
|
||||
}
|
||||
|
||||
// Run optional Message Parsers now
|
||||
if ( isset($arrProperitesOut[SYSLOG_MESSAGE]) )
|
||||
$this->_logStreamConfigObj->ProcessMsgParsers($arrProperitesOut[SYSLOG_MESSAGE], $arrProperitesOut);
|
||||
// Check how long we are running. If only two seconds of execution time are left, we abort further reading!
|
||||
$scriptruntime = intval(microtime_float() - $gl_starttime);
|
||||
if ( $scriptruntime > ($content['MaxExecutionTime']-2) )
|
||||
{
|
||||
// This may display a warning message, so the user knows we stopped reading records because of the script timeout.
|
||||
$content['logstream_warning'] = "false";
|
||||
$content['logstream_warning_details'] = $content['LN_WARNING_LOGSTREAMDISK_TIMEOUT'];
|
||||
$content['logstream_warning_code'] = ERROR_FILE_NOMORETIME;
|
||||
|
||||
// Return error code
|
||||
return ERROR_FILE_NOMORETIME;
|
||||
}
|
||||
|
||||
// Set uID to the PropertiesOut! //DEBUG -> $this->_currentRecordNum;
|
||||
$uID = $arrProperitesOut[SYSLOG_UID] = $this->bufferedRecords[$this->_currentRecordNum][$dbmapping[$szTableType][SYSLOG_UID]];
|
||||
|
||||
// Increment $_currentRecordNum
|
||||
$this->_currentRecordNum++;
|
||||
}
|
||||
// This additional filter check will take care on dynamic fields from the message parser!
|
||||
} while ( $this->ApplyFilters($ret, $arrProperitesOut) != SUCCESS && $ret == SUCCESS );
|
||||
|
||||
// reached here means return result!
|
||||
return $ret;
|
||||
|
||||
@ -36,6 +36,7 @@ class MsgParser_wireless extends MsgParser {
|
||||
public $_ClassDescription = 'Custom logfile parser for wireless access points.';
|
||||
public $_ClassHelpArticle = "";
|
||||
public $_ClassRequiredFields = array (
|
||||
"net_host" => array (", ", "FieldID" => "net_host", "FieldDefine" => "SYSLOG_NET_HOST", "FieldCaption" => "Hostname", "FieldType" => 0, "FieldAlign" => "left", "SearchField" => "net_host", "DefaultWidth" => 100, "SearchOnline" => 0, "Trunscate" => 0, "Sortable" => 0),
|
||||
"net_bytesrecieved" => array ( "FieldID" => "net_bytesrecieved", "FieldDefine" => "SYSLOG_NET_BYTESRECIEVED", "FieldCaption" => "Bytes recieved", "FieldType" => 1, "FieldAlign" => "left", "SearchField" => "net_bytesrecieved", "DefaultWidth" => 80, "SearchOnline" => 0, "Trunscate" => 0, "Sortable" => 0),
|
||||
"net_bytessend" => array (", ", "FieldID" => "net_bytessend", "FieldDefine" => "SYSLOG_NET_BYTESSEND", "FieldCaption" => "Bytes send", "FieldType" => 1, "FieldAlign" => "left", "SearchField" => "net_bytessend", "DefaultWidth" => 80, "SearchOnline" => 0, "Trunscate" => 0, "Sortable" => 0 ),
|
||||
"net_interface" => array (", ", "FieldID" => "net_interface", "FieldDefine" => "SYSLOG_NET_INTERFACE", "FieldCaption" => "Interface", "FieldType" => 0, "FieldAlign" => "center", "SearchField" => "net_interface", "DefaultWidth" => 75, "SearchOnline" => 0, "Trunscate" => 0, "Sortable" => 0),
|
||||
@ -76,32 +77,32 @@ class MsgParser_wireless extends MsgParser {
|
||||
// Sample: Oct 14 21:05:52 script,info INICIO; Madrid-arturosoria ;wlan1 ;00:1F:3A:66:70:09 ;192.168.10.117 ;24Mbps ;36Mbps ;15:50:56 ;00:00:00.080 ;-80dBm@1Mbps ;21 ;78 ;43351,126437 ;2959,377
|
||||
if ( preg_match('/(.*?);(.|.*?);(.|.*?);(.|.*?);(.|.*?);(.|.*?);(.|.*?);(.|.*?);(.|.*?);(.|.*?);(.|.*?);(.|.*?);(.|.*?)$/', $szMsg, $out) )
|
||||
{
|
||||
$arrArguments[SYSLOG_HOST] = $out[1];
|
||||
$arrArguments[SYSLOG_NET_HOST] = trim($out[1]);
|
||||
|
||||
// Set wlan log specific properties!
|
||||
$arrArguments[SYSLOG_NET_INTERFACE] = trim($out[2]);
|
||||
$arrArguments[SYSLOG_NET_MAC_ADDRESS] = trim($out[3]);
|
||||
$arrArguments[SYSLOG_NET_LASTIP] = trim($out[4]);
|
||||
$arrArguments[SYSLOG_NET_RXRATE] = trim($out[5]);
|
||||
$arrArguments[SYSLOG_NET_TXRATE] = trim($out[6]);
|
||||
$arrArguments[SYSLOG_NET_UPTIME] = trim($out[7]);
|
||||
$arrArguments[SYSLOG_NET_LASTACTIVITY] = trim($out[8]);
|
||||
$arrArguments[SYSLOG_NET_SIGNALSTRENGTH] = trim($out[9]);
|
||||
$arrArguments[SYSLOG_NET_INTERFACE] = trim($out[2]);
|
||||
$arrArguments[SYSLOG_NET_MAC_ADDRESS] = trim($out[3]);
|
||||
$arrArguments[SYSLOG_NET_LASTIP] = trim($out[4]);
|
||||
$arrArguments[SYSLOG_NET_RXRATE] = trim($out[5]);
|
||||
$arrArguments[SYSLOG_NET_TXRATE] = trim($out[6]);
|
||||
$arrArguments[SYSLOG_NET_UPTIME] = trim($out[7]);
|
||||
$arrArguments[SYSLOG_NET_LASTACTIVITY] = trim($out[8]);
|
||||
$arrArguments[SYSLOG_NET_SIGNALSTRENGTH]= trim($out[9]);
|
||||
|
||||
// Number based fields
|
||||
$arrArguments[SYSLOG_NET_SIGNALTONOISE] = $out[10];
|
||||
$arrArguments[SYSLOG_NET_TXCCQ] = $out[11];
|
||||
$arrArguments[SYSLOG_NET_SIGNALTONOISE] = trim($out[10]);
|
||||
$arrArguments[SYSLOG_NET_TXCCQ] = trim($out[11]);
|
||||
|
||||
// Set msg to whole logline
|
||||
$arrArguments[SYSLOG_MESSAGE] = $out[0];
|
||||
$arrArguments[SYSLOG_MESSAGE] = trim($out[0]);
|
||||
|
||||
// Get additional parameters!
|
||||
if ( preg_match('/(.|.*?[0-9]{1,12}.*?),(.|.*?[0-9]{1,12}.*?);(.|.*?[0-9]{1,12}.*?),(.|.*?[0-9]{1,12}.*?)$/', $out[12], $out2) )
|
||||
{
|
||||
$arrArguments[SYSLOG_NET_BYTESRECIEVED] = $out2[1];
|
||||
$arrArguments[SYSLOG_NET_BYTESSEND] = $out2[2];
|
||||
$arrArguments[SYSLOG_NET_PACKETSRECIEVED] = $out2[3];
|
||||
$arrArguments[SYSLOG_NET_PACKETSSEND] = $out2[4];
|
||||
$arrArguments[SYSLOG_NET_BYTESRECIEVED] = trim($out2[1]);
|
||||
$arrArguments[SYSLOG_NET_BYTESSEND] = trim($out2[2]);
|
||||
$arrArguments[SYSLOG_NET_PACKETSRECIEVED] = trim($out2[3]);
|
||||
$arrArguments[SYSLOG_NET_PACKETSSEND] = trim($out2[4]);
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -144,33 +145,32 @@ class MsgParser_wireless extends MsgParser {
|
||||
|
||||
// Set generic properties
|
||||
$arrArguments[SYSLOG_DATE] = GetEventTime($out[1] . " " . $out[2]);
|
||||
$arrArguments[SYSLOG_HOST] = $out[6];
|
||||
// $arrArguments[SYSLOG_DATE] = GetEventTime($out[4]);
|
||||
$arrArguments[SYSLOG_NET_HOST] = trim($out[6]);
|
||||
|
||||
// Set wlan log specific properties!
|
||||
$arrArguments[SYSLOG_NET_INTERFACE] = trim($out[7]);
|
||||
$arrArguments[SYSLOG_NET_MAC_ADDRESS] = trim($out[8]);
|
||||
$arrArguments[SYSLOG_NET_LASTIP] = trim($out[9]);
|
||||
$arrArguments[SYSLOG_NET_RXRATE] = trim($out[10]);
|
||||
$arrArguments[SYSLOG_NET_TXRATE] = trim($out[11]);
|
||||
$arrArguments[SYSLOG_NET_UPTIME] = trim($out[12]);
|
||||
$arrArguments[SYSLOG_NET_LASTACTIVITY] = trim($out[13]);
|
||||
$arrArguments[SYSLOG_NET_SIGNALSTRENGTH] = trim($out[14]);
|
||||
$arrArguments[SYSLOG_NET_INTERFACE] = trim($out[7]);
|
||||
$arrArguments[SYSLOG_NET_MAC_ADDRESS] = trim($out[8]);
|
||||
$arrArguments[SYSLOG_NET_LASTIP] = trim($out[9]);
|
||||
$arrArguments[SYSLOG_NET_RXRATE] = trim($out[10]);
|
||||
$arrArguments[SYSLOG_NET_TXRATE] = trim($out[11]);
|
||||
$arrArguments[SYSLOG_NET_UPTIME] = trim($out[12]);
|
||||
$arrArguments[SYSLOG_NET_LASTACTIVITY] = trim($out[13]);
|
||||
$arrArguments[SYSLOG_NET_SIGNALSTRENGTH]= trim($out[14]);
|
||||
|
||||
// Number based fields
|
||||
$arrArguments[SYSLOG_NET_SIGNALTONOISE] = $out[15];
|
||||
$arrArguments[SYSLOG_NET_TXCCQ] = $out[16];
|
||||
$arrArguments[SYSLOG_NET_SIGNALTONOISE] = trim($out[15]);
|
||||
$arrArguments[SYSLOG_NET_TXCCQ] = trim($out[16]);
|
||||
|
||||
// Set msg to whole logline
|
||||
$arrArguments[SYSLOG_MESSAGE] = $out[0];
|
||||
$arrArguments[SYSLOG_MESSAGE] = trim($out[0]);
|
||||
|
||||
// Get additional parameters!
|
||||
if ( preg_match('/(.|.*?[0-9]{1,12}.*?),(.|.*?[0-9]{1,12}.*?);(.|.*?[0-9]{1,12}.*?),(.|.*?[0-9]{1,12}.*?)$/', $out[17], $out2) )
|
||||
{
|
||||
$arrArguments[SYSLOG_NET_BYTESRECIEVED] = $out2[1];
|
||||
$arrArguments[SYSLOG_NET_BYTESSEND] = $out2[2];
|
||||
$arrArguments[SYSLOG_NET_PACKETSRECIEVED] = $out2[3];
|
||||
$arrArguments[SYSLOG_NET_PACKETSSEND] = $out2[4];
|
||||
$arrArguments[SYSLOG_NET_BYTESRECIEVED] = trim($out2[1]);
|
||||
$arrArguments[SYSLOG_NET_BYTESSEND] = trim($out2[2]);
|
||||
$arrArguments[SYSLOG_NET_PACKETSRECIEVED] = trim($out2[3]);
|
||||
$arrArguments[SYSLOG_NET_PACKETSSEND] = trim($out2[4]);
|
||||
}
|
||||
else
|
||||
{
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user