From c4a8889a095ff98804d38128b3197bf08920a5d4 Mon Sep 17 00:00:00 2001 From: Andre Lorbach Date: Mon, 27 Oct 2008 14:42:21 +0100 Subject: [PATCH] Added support to filter for dynamic fields within the logstream database sources. This was not possible yet. The filtering also has a secure end timer, which avoids that the timelimit hits the script. --- src/classes/logstream.class.php | 216 +++++++++++++++++- src/classes/logstreamdb.class.php | 102 +++++---- src/classes/logstreamdisk.class.php | 212 +---------------- src/classes/logstreampdo.class.php | 106 +++++---- .../msgparsers/msgparser.wireless.class.php | 66 +++--- 5 files changed, 371 insertions(+), 331 deletions(-) diff --git a/src/classes/logstream.class.php b/src/classes/logstream.class.php index e7efde4..e08773e 100644 --- a/src/classes/logstream.class.php +++ b/src/classes/logstream.class.php @@ -258,6 +258,219 @@ abstract class LogStream { $this->_sortOrder = $newSortOrder; return SUCCESS; } + + /** + * Implementation of ApplyFilters which can be used by all LogStream Classes! + * This function performs a check on the filters and actually triggers the + * syslog parsers as well. + */ + public function ApplyFilters($myResults, &$arrProperitesOut) + { + // IF result was unsuccessfull, return success - nothing we can do here. + if ( $myResults >= ERROR ) + return SUCCESS; + + // Process all filters + if ( $this->_filters != null ) + { + // Evaluation default for now is true + $bEval = true; + + // Loop through set properties + foreach( $arrProperitesOut as $propertyname => $propertyvalue ) + { + // TODO: NOT SURE IF THIS WILL WORK ON NUMBERS AND OTHER TYPES RIGHT NOW + if ( + array_key_exists($propertyname, $this->_filters) && + isset($propertyvalue) /* && + !(is_string($propertyvalue) && strlen($propertyvalue) <= 0) /* Negative because it only matters if the propvalure is a string*/ + ) + { + // Extra var needed for number checks! + $bIsOrFilter = false; // If enabled we need to check for numbereval later + $bOrFilter = false; + + // Found something to filter, so do it! + foreach( $this->_filters[$propertyname] as $myfilter ) + { + switch( $myfilter[FILTER_TYPE] ) + { + case FILTER_TYPE_STRING: + // Only filter if value is non zero + if ( strlen($propertyvalue) > 0 && strlen($myfilter[FILTER_VALUE]) > 0 ) + { + // If Syslog message, we have AND handling! + if ( $propertyname == SYSLOG_MESSAGE ) + { + // Include Filter + if ( $myfilter[FILTER_MODE] & FILTER_MODE_INCLUDE ) + { + if ( stripos($propertyvalue, $myfilter[FILTER_VALUE]) === false ) + $bEval = false; + } + // Exclude Filter + else if ( $myfilter[FILTER_MODE] & FILTER_MODE_EXCLUDE ) + { + if ( stripos($propertyvalue, $myfilter[FILTER_VALUE]) !== false ) + $bEval = false; + } + } + // Otherwise we use OR Handling! + else + { + // Include Filter + if ( $myfilter[FILTER_MODE] & FILTER_MODE_INCLUDE ) + { + + // Set isOrFilter to true in this case + $bIsOrFilter = true; + + if ( $myfilter[FILTER_MODE] & FILTER_MODE_SEARCHFULL ) + { + if ( strtolower($propertyvalue) == strtolower($myfilter[FILTER_VALUE]) ) + $bOrFilter = true; + } + else + { + if ( stripos($propertyvalue, $myfilter[FILTER_VALUE]) !== false ) + $bOrFilter = true; + } + } + // Exclude Filter - handeled with AND filtering! + else if ( $myfilter[FILTER_MODE] & FILTER_MODE_EXCLUDE ) + { + if ( $myfilter[FILTER_MODE] & FILTER_MODE_SEARCHFULL ) + { +// if ( strtolower($propertyvalue) != strtolower($myfilter[FILTER_VALUE]) ) + if ( strtolower($propertyvalue) == strtolower($myfilter[FILTER_VALUE]) ) + $bEval = false; + } + else + { +// if ( stripos($propertyvalue, $myfilter[FILTER_VALUE]) === false ) + if ( stripos($propertyvalue, $myfilter[FILTER_VALUE]) !== false ) + $bEval = false; + } + } + break; + } + } + else + { + // Either filter value or property value was empty! + // This means we have no match + $bEval = false; + } + + break; + case FILTER_TYPE_NUMBER: + $bIsOrFilter = true; // Default is set to TRUE + if ( is_numeric($arrProperitesOut[$propertyname]) ) + { + if ( $myfilter[FILTER_MODE] & FILTER_MODE_INCLUDE ) + { + if ( $myfilter[FILTER_VALUE] == $arrProperitesOut[$propertyname] ) + $bOrFilter = true; + else + $bOrFilter = false; + } + else if ( $myfilter[FILTER_MODE] & FILTER_MODE_EXCLUDE ) + { + if ( $myfilter[FILTER_VALUE] == $arrProperitesOut[$propertyname] ) + $bOrFilter = false; + else + $bOrFilter = true; + } + } + else + { + // If wanted, we treat this filter as a success! + if ( GetConfigSetting("TreatNotFoundFiltersAsTrue", 0, CFGLEVEL_USER) == 1 ) + $bOrFilter = true; + else + $bOrFilter = false; + } + break; + case FILTER_TYPE_DATE: + // Get Log TimeStamp + $nLogTimeStamp = $arrProperitesOut[$propertyname][EVTIME_TIMESTAMP]; + + if ( $myfilter[FILTER_DATEMODE] == DATEMODE_LASTX ) + { + // Get current timestamp + $nNowTimeStamp = time(); + + if ( $myfilter[FILTER_VALUE] == DATE_LASTX_HOUR ) + $nLastXTime = 60 * 60; // One Hour! + else if ( $myfilter[FILTER_VALUE] == DATE_LASTX_12HOURS ) + $nLastXTime = 60 * 60 * 12; // 12 Hours! + else if ( $myfilter[FILTER_VALUE] == DATE_LASTX_24HOURS ) + $nLastXTime = 60 * 60 * 24; // 24 Hours! + else if ( $myfilter[FILTER_VALUE] == DATE_LASTX_7DAYS ) + $nLastXTime = 60 * 60 * 24 * 7; // 7 days + else if ( $myfilter[FILTER_VALUE] == DATE_LASTX_31DAYS ) + $nLastXTime = 60 * 60 * 24 * 31; // 31 days + else + // WTF default? + $nLastXTime = 86400; + + // If Nowtime + LastX is higher then the log timestamp, the this logline is to old for us. + if ( ($nNowTimeStamp - $nLastXTime) > $nLogTimeStamp ) + $bEval = false; + } + else if ( $myfilter[FILTER_DATEMODE] == DATEMODE_RANGE_FROM ) + { + // Get filter timestamp! + $nFromTimeStamp = GetTimeStampFromTimeString($myfilter[FILTER_VALUE]); + + // If logtime is smaller then FromTime, then the Event is outside of our scope! + if ( $nLogTimeStamp < $nFromTimeStamp ) + $bEval = false; + } + else if ( $myfilter[FILTER_DATEMODE] == DATEMODE_RANGE_TO ) + { + // Get filter timestamp! +// echo $myfilter[FILTER_VALUE]; + $nToTimeStamp = GetTimeStampFromTimeString($myfilter[FILTER_VALUE]); + + // If logtime is smaller then FromTime, then the Event is outside of our scope! + if ( $nLogTimeStamp > $nToTimeStamp ) + $bEval = false; + } + + break; + default: + // TODO! + break; + } + } + + // If was number filter, we apply it the evaluation. + if ( $bIsOrFilter ) + $bEval &= $bOrFilter; + + if ( !$bEval ) + { + // unmatching filter, reset property array + foreach ( $this->_arrProperties as $property ) + $arrProperitesOut[$property] = ''; + + // return error! + return ERROR_FILTER_NOT_MATCH; + } + } + } + + // Reached this point means filters did match! + return SUCCESS; + } + else // No filters at all means success! + return SUCCESS; + } + + /* + * --- PIRVATE HELPERS! + */ /** * Helper function to parse filters into a useful filter array we can work with. @@ -815,7 +1028,8 @@ abstract class LogStream { // reached here means we failed to convert the facility! return -1; } + + } - ?> \ No newline at end of file diff --git a/src/classes/logstreamdb.class.php b/src/classes/logstreamdb.class.php index a72a411..3f11031 100644 --- a/src/classes/logstreamdb.class.php +++ b/src/classes/logstreamdb.class.php @@ -210,67 +210,85 @@ class LogStreamDB extends LogStream { public function ReadNext(&$uID, &$arrProperitesOut, $bParseMessage = true) { // Helpers needed for DB Mapping + global $content, $gl_starttime; global $dbmapping, $fields; $szTableType = $this->_logStreamConfigObj->DBTableType; // define $ret $ret = SUCCESS; - // No buffer? then read from DB! - if ( $this->bufferedRecords == null ) - $ret = $this->ReadNextRecordsFromDB($uID); - else + do { - if ( !isset($this->bufferedRecords[$this->_currentRecordNum] ) ) - { - // We need to load new records, so clear the old ones first! - $this->ResetBufferedRecords(); - - // Set new Record start, will be used in the SQL Statement! - $this->_currentRecordStart = $this->_currentRecordNum; // + 1; - - // Now read new ones + // No buffer? then read from DB! + if ( $this->bufferedRecords == null ) $ret = $this->ReadNextRecordsFromDB($uID); - - if ( !isset($this->bufferedRecords[$this->_currentRecordNum] ) ) - $ret = ERROR_NOMORERECORDS; - } - } - - if ( $ret == SUCCESS ) - { - // Init and set variables - foreach ( $this->_arrProperties as $property ) + else { - // Check if mapping exists - if ( isset($dbmapping[$szTableType][$property]) ) + if ( !isset($this->bufferedRecords[$this->_currentRecordNum] ) ) { - // Copy property if available! - $dbfieldname = $dbmapping[$szTableType][$property]; - if ( isset($this->bufferedRecords[$this->_currentRecordNum][$dbfieldname]) ) + // We need to load new records, so clear the old ones first! + $this->ResetBufferedRecords(); + + // Set new Record start, will be used in the SQL Statement! + $this->_currentRecordStart = $this->_currentRecordNum; // + 1; + + // Now read new ones + $ret = $this->ReadNextRecordsFromDB($uID); + + if ( !isset($this->bufferedRecords[$this->_currentRecordNum] ) ) + $ret = ERROR_NOMORERECORDS; + } + } + if ( $ret == SUCCESS ) + { + // Init and set variables + foreach ( $this->_arrProperties as $property ) + { + // Check if mapping exists + if ( isset($dbmapping[$szTableType][$property]) ) { - if ( isset($fields[$property]['FieldType']) && $fields[$property]['FieldType'] == FILTER_TYPE_DATE ) // Handle as date! - $arrProperitesOut[$property] = GetEventTime( $this->bufferedRecords[$this->_currentRecordNum][$dbfieldname] ); + // Copy property if available! + $dbfieldname = $dbmapping[$szTableType][$property]; + if ( isset($this->bufferedRecords[$this->_currentRecordNum][$dbfieldname]) ) + { + if ( isset($fields[$property]['FieldType']) && $fields[$property]['FieldType'] == FILTER_TYPE_DATE ) // Handle as date! + $arrProperitesOut[$property] = GetEventTime( $this->bufferedRecords[$this->_currentRecordNum][$dbfieldname] ); + else + $arrProperitesOut[$property] = $this->bufferedRecords[$this->_currentRecordNum][$dbfieldname]; + } else - $arrProperitesOut[$property] = $this->bufferedRecords[$this->_currentRecordNum][$dbfieldname]; + $arrProperitesOut[$property] = ''; } else $arrProperitesOut[$property] = ''; } - else - $arrProperitesOut[$property] = ''; + + // Run optional Message Parsers now + if ( isset($arrProperitesOut[SYSLOG_MESSAGE]) ) + $this->_logStreamConfigObj->ProcessMsgParsers($arrProperitesOut[SYSLOG_MESSAGE], $arrProperitesOut); + + // Set uID to the PropertiesOut! //DEBUG -> $this->_currentRecordNum; + $uID = $arrProperitesOut[SYSLOG_UID] = $this->bufferedRecords[$this->_currentRecordNum][$dbmapping[$szTableType][SYSLOG_UID]]; + + // Increment $_currentRecordNum + $this->_currentRecordNum++; } - // Run optional Message Parsers now - if ( isset($arrProperitesOut[SYSLOG_MESSAGE]) ) - $this->_logStreamConfigObj->ProcessMsgParsers($arrProperitesOut[SYSLOG_MESSAGE], $arrProperitesOut); + // Check how long we are running. If only two seconds of execution time are left, we abort further reading! + $scriptruntime = intval(microtime_float() - $gl_starttime); + if ( $scriptruntime > ($content['MaxExecutionTime']-2) ) + { + // This may display a warning message, so the user knows we stopped reading records because of the script timeout. + $content['logstream_warning'] = "false"; + $content['logstream_warning_details'] = $content['LN_WARNING_LOGSTREAMDISK_TIMEOUT']; + $content['logstream_warning_code'] = ERROR_FILE_NOMORETIME; + + // Return error code + return ERROR_FILE_NOMORETIME; + } - // Set uID to the PropertiesOut! //DEBUG -> $this->_currentRecordNum; - $uID = $arrProperitesOut[SYSLOG_UID] = $this->bufferedRecords[$this->_currentRecordNum][$dbmapping[$szTableType][SYSLOG_UID]]; - - // Increment $_currentRecordNum - $this->_currentRecordNum++; - } + // This additional filter check will take care on dynamic fields from the message parser! + } while ( $this->ApplyFilters($ret, $arrProperitesOut) != SUCCESS && $ret == SUCCESS ); // reached here means return result! return $ret; diff --git a/src/classes/logstreamdisk.class.php b/src/classes/logstreamdisk.class.php index b46fe83..d773769 100644 --- a/src/classes/logstreamdisk.class.php +++ b/src/classes/logstreamdisk.class.php @@ -699,215 +699,5 @@ class LogStreamDisk extends LogStream { $this->_p_buffer = -1; } - /** - * Implementation of ApplyFilters in the LogSTreamDisk Class. - * This function performs a check on the filters and actually triggers the - * syslog parsers as well. - */ - protected function ApplyFilters($myResults, &$arrProperitesOut) - { - // IF result was unsuccessfull, return success - nothing we can do here. - if ( $myResults >= ERROR ) - return SUCCESS; - - // Process all filters - if ( $this->_filters != null ) - { - // Evaluation default for now is true - $bEval = true; - - // Loop through set properties - foreach( $arrProperitesOut as $propertyname => $propertyvalue ) - { - // TODO: NOT SURE IF THIS WILL WORK ON NUMBERS AND OTHER TYPES RIGHT NOW - if ( - array_key_exists($propertyname, $this->_filters) && - isset($propertyvalue) /* && - !(is_string($propertyvalue) && strlen($propertyvalue) <= 0) /* Negative because it only matters if the propvalure is a string*/ - ) - { - // Extra var needed for number checks! - $bIsOrFilter = false; // If enabled we need to check for numbereval later - $bOrFilter = false; - - // Found something to filter, so do it! - foreach( $this->_filters[$propertyname] as $myfilter ) - { - switch( $myfilter[FILTER_TYPE] ) - { - case FILTER_TYPE_STRING: - // Only filter if value is non zero - if ( strlen($propertyvalue) > 0 && strlen($myfilter[FILTER_VALUE]) > 0 ) - { - // If Syslog message, we have AND handling! - if ( $propertyname == SYSLOG_MESSAGE ) - { - // Include Filter - if ( $myfilter[FILTER_MODE] & FILTER_MODE_INCLUDE ) - { - if ( stripos($propertyvalue, $myfilter[FILTER_VALUE]) === false ) - $bEval = false; - } - // Exclude Filter - else if ( $myfilter[FILTER_MODE] & FILTER_MODE_EXCLUDE ) - { - if ( stripos($propertyvalue, $myfilter[FILTER_VALUE]) !== false ) - $bEval = false; - } - } - // Otherwise we use OR Handling! - else - { - // Include Filter - if ( $myfilter[FILTER_MODE] & FILTER_MODE_INCLUDE ) - { - - // Set isOrFilter to true in this case - $bIsOrFilter = true; - - if ( $myfilter[FILTER_MODE] & FILTER_MODE_SEARCHFULL ) - { - if ( strtolower($propertyvalue) == strtolower($myfilter[FILTER_VALUE]) ) - $bOrFilter = true; - } - else - { - if ( stripos($propertyvalue, $myfilter[FILTER_VALUE]) !== false ) - $bOrFilter = true; - } - } - // Exclude Filter - handeled with AND filtering! - else if ( $myfilter[FILTER_MODE] & FILTER_MODE_EXCLUDE ) - { - if ( $myfilter[FILTER_MODE] & FILTER_MODE_SEARCHFULL ) - { -// if ( strtolower($propertyvalue) != strtolower($myfilter[FILTER_VALUE]) ) - if ( strtolower($propertyvalue) == strtolower($myfilter[FILTER_VALUE]) ) - $bEval = false; - } - else - { -// if ( stripos($propertyvalue, $myfilter[FILTER_VALUE]) === false ) - if ( stripos($propertyvalue, $myfilter[FILTER_VALUE]) !== false ) - $bEval = false; - } - } - break; - } - } - else - { - // Either filter value or property value was empty! - // This means we have no match - $bEval = false; - } - - break; - case FILTER_TYPE_NUMBER: - $bIsOrFilter = true; // Default is set to TRUE - if ( is_numeric($arrProperitesOut[$propertyname]) ) - { - if ( $myfilter[FILTER_MODE] & FILTER_MODE_INCLUDE ) - { - if ( $myfilter[FILTER_VALUE] == $arrProperitesOut[$propertyname] ) - $bOrFilter = true; - else - $bOrFilter = false; - } - else if ( $myfilter[FILTER_MODE] & FILTER_MODE_EXCLUDE ) - { - if ( $myfilter[FILTER_VALUE] == $arrProperitesOut[$propertyname] ) - $bOrFilter = false; - else - $bOrFilter = true; - } - } - else - { - // If wanted, we treat this filter as a success! - if ( GetConfigSetting("TreatNotFoundFiltersAsTrue", 0, CFGLEVEL_USER) == 1 ) - $bOrFilter = true; - else - $bOrFilter = false; - } - break; - case FILTER_TYPE_DATE: - // Get Log TimeStamp - $nLogTimeStamp = $arrProperitesOut[$propertyname][EVTIME_TIMESTAMP]; - - if ( $myfilter[FILTER_DATEMODE] == DATEMODE_LASTX ) - { - // Get current timestamp - $nNowTimeStamp = time(); - - if ( $myfilter[FILTER_VALUE] == DATE_LASTX_HOUR ) - $nLastXTime = 60 * 60; // One Hour! - else if ( $myfilter[FILTER_VALUE] == DATE_LASTX_12HOURS ) - $nLastXTime = 60 * 60 * 12; // 12 Hours! - else if ( $myfilter[FILTER_VALUE] == DATE_LASTX_24HOURS ) - $nLastXTime = 60 * 60 * 24; // 24 Hours! - else if ( $myfilter[FILTER_VALUE] == DATE_LASTX_7DAYS ) - $nLastXTime = 60 * 60 * 24 * 7; // 7 days - else if ( $myfilter[FILTER_VALUE] == DATE_LASTX_31DAYS ) - $nLastXTime = 60 * 60 * 24 * 31; // 31 days - else - // WTF default? - $nLastXTime = 86400; - - // If Nowtime + LastX is higher then the log timestamp, the this logline is to old for us. - if ( ($nNowTimeStamp - $nLastXTime) > $nLogTimeStamp ) - $bEval = false; - } - else if ( $myfilter[FILTER_DATEMODE] == DATEMODE_RANGE_FROM ) - { - // Get filter timestamp! - $nFromTimeStamp = GetTimeStampFromTimeString($myfilter[FILTER_VALUE]); - - // If logtime is smaller then FromTime, then the Event is outside of our scope! - if ( $nLogTimeStamp < $nFromTimeStamp ) - $bEval = false; - } - else if ( $myfilter[FILTER_DATEMODE] == DATEMODE_RANGE_TO ) - { - // Get filter timestamp! -// echo $myfilter[FILTER_VALUE]; - $nToTimeStamp = GetTimeStampFromTimeString($myfilter[FILTER_VALUE]); - - // If logtime is smaller then FromTime, then the Event is outside of our scope! - if ( $nLogTimeStamp > $nToTimeStamp ) - $bEval = false; - } - - break; - default: - // TODO! - break; - } - } - - // If was number filter, we apply it the evaluation. - if ( $bIsOrFilter ) - $bEval &= $bOrFilter; - - if ( !$bEval ) - { - // unmatching filter, reset property array - foreach ( $this->_arrProperties as $property ) - $arrProperitesOut[$property] = ''; - - // return error! - return ERROR_FILTER_NOT_MATCH; - } - } - } - - // Reached this point means filters did match! - return SUCCESS; - } - else // No filters at all means success! - return SUCCESS; - } - } - -?> +?> \ No newline at end of file diff --git a/src/classes/logstreampdo.class.php b/src/classes/logstreampdo.class.php index e017340..b9d198a 100644 --- a/src/classes/logstreampdo.class.php +++ b/src/classes/logstreampdo.class.php @@ -240,69 +240,87 @@ class LogStreamPDO extends LogStream { public function ReadNext(&$uID, &$arrProperitesOut, $bParseMessage = true) { // Helpers needed for DB Mapping + global $content, $gl_starttime; global $dbmapping, $fields; $szTableType = $this->_logStreamConfigObj->DBTableType; // define $ret $ret = SUCCESS; - // No buffer? then read from DB! - if ( $this->bufferedRecords == null ) - $ret = $this->ReadNextRecordsFromDB($uID); - else + do { - if ( !isset($this->bufferedRecords[$this->_currentRecordNum] ) ) - { - // We need to load new records, so clear the old ones first! - $this->ResetBufferedRecords(); - - // Set new Record start, will be used in the SQL Statement! - $this->_currentRecordStart = $this->_currentRecordNum; // + 1; - - // Now read new ones + // No buffer? then read from DB! + if ( $this->bufferedRecords == null ) $ret = $this->ReadNextRecordsFromDB($uID); -//echo "!" . $ret . " " . $this->_currentRecordStart . "=" . $this->_currentRecordNum; - - // Check if we found more records - if ( !isset($this->bufferedRecords[$this->_currentRecordNum] ) ) - $ret = ERROR_NOMORERECORDS; - } - } - - if ( $ret == SUCCESS ) - { - // Init and set variables - foreach ( $this->_arrProperties as $property ) + else { - // Check if mapping exists - if ( isset($dbmapping[$szTableType][$property]) ) + if ( !isset($this->bufferedRecords[$this->_currentRecordNum] ) ) { - // Copy property if available! - $dbfieldname = $dbmapping[$szTableType][$property]; - if ( isset($this->bufferedRecords[$this->_currentRecordNum][$dbfieldname]) ) + // We need to load new records, so clear the old ones first! + $this->ResetBufferedRecords(); + + // Set new Record start, will be used in the SQL Statement! + $this->_currentRecordStart = $this->_currentRecordNum; // + 1; + + // Now read new ones + $ret = $this->ReadNextRecordsFromDB($uID); + + // Check if we found more records + if ( !isset($this->bufferedRecords[$this->_currentRecordNum] ) ) + $ret = ERROR_NOMORERECORDS; + } + } + + if ( $ret == SUCCESS ) + { + // Init and set variables + foreach ( $this->_arrProperties as $property ) + { + // Check if mapping exists + if ( isset($dbmapping[$szTableType][$property]) ) { - if ( isset($fields[$property]['FieldType']) && $fields[$property]['FieldType'] == FILTER_TYPE_DATE ) // Handle as date! - $arrProperitesOut[$property] = GetEventTime( $this->bufferedRecords[$this->_currentRecordNum][$dbfieldname] ); + // Copy property if available! + $dbfieldname = $dbmapping[$szTableType][$property]; + if ( isset($this->bufferedRecords[$this->_currentRecordNum][$dbfieldname]) ) + { + if ( isset($fields[$property]['FieldType']) && $fields[$property]['FieldType'] == FILTER_TYPE_DATE ) // Handle as date! + $arrProperitesOut[$property] = GetEventTime( $this->bufferedRecords[$this->_currentRecordNum][$dbfieldname] ); + else + $arrProperitesOut[$property] = $this->bufferedRecords[$this->_currentRecordNum][$dbfieldname]; + } else - $arrProperitesOut[$property] = $this->bufferedRecords[$this->_currentRecordNum][$dbfieldname]; + $arrProperitesOut[$property] = ''; } else $arrProperitesOut[$property] = ''; } - else - $arrProperitesOut[$property] = ''; + + // Run optional Message Parsers now + if ( isset($arrProperitesOut[SYSLOG_MESSAGE]) ) + $this->_logStreamConfigObj->ProcessMsgParsers($arrProperitesOut[SYSLOG_MESSAGE], $arrProperitesOut); + + // Set uID to the PropertiesOut! //DEBUG -> $this->_currentRecordNum; + $uID = $arrProperitesOut[SYSLOG_UID] = $this->bufferedRecords[$this->_currentRecordNum][$dbmapping[$szTableType][SYSLOG_UID]]; + + // Increment $_currentRecordNum + $this->_currentRecordNum++; } - // Run optional Message Parsers now - if ( isset($arrProperitesOut[SYSLOG_MESSAGE]) ) - $this->_logStreamConfigObj->ProcessMsgParsers($arrProperitesOut[SYSLOG_MESSAGE], $arrProperitesOut); + // Check how long we are running. If only two seconds of execution time are left, we abort further reading! + $scriptruntime = intval(microtime_float() - $gl_starttime); + if ( $scriptruntime > ($content['MaxExecutionTime']-2) ) + { + // This may display a warning message, so the user knows we stopped reading records because of the script timeout. + $content['logstream_warning'] = "false"; + $content['logstream_warning_details'] = $content['LN_WARNING_LOGSTREAMDISK_TIMEOUT']; + $content['logstream_warning_code'] = ERROR_FILE_NOMORETIME; + + // Return error code + return ERROR_FILE_NOMORETIME; + } - // Set uID to the PropertiesOut! //DEBUG -> $this->_currentRecordNum; - $uID = $arrProperitesOut[SYSLOG_UID] = $this->bufferedRecords[$this->_currentRecordNum][$dbmapping[$szTableType][SYSLOG_UID]]; - - // Increment $_currentRecordNum - $this->_currentRecordNum++; - } + // This additional filter check will take care on dynamic fields from the message parser! + } while ( $this->ApplyFilters($ret, $arrProperitesOut) != SUCCESS && $ret == SUCCESS ); // reached here means return result! return $ret; diff --git a/src/classes/msgparsers/msgparser.wireless.class.php b/src/classes/msgparsers/msgparser.wireless.class.php index c784002..c5a1da5 100644 --- a/src/classes/msgparsers/msgparser.wireless.class.php +++ b/src/classes/msgparsers/msgparser.wireless.class.php @@ -36,6 +36,7 @@ class MsgParser_wireless extends MsgParser { public $_ClassDescription = 'Custom logfile parser for wireless access points.'; public $_ClassHelpArticle = ""; public $_ClassRequiredFields = array ( + "net_host" => array (", ", "FieldID" => "net_host", "FieldDefine" => "SYSLOG_NET_HOST", "FieldCaption" => "Hostname", "FieldType" => 0, "FieldAlign" => "left", "SearchField" => "net_host", "DefaultWidth" => 100, "SearchOnline" => 0, "Trunscate" => 0, "Sortable" => 0), "net_bytesrecieved" => array ( "FieldID" => "net_bytesrecieved", "FieldDefine" => "SYSLOG_NET_BYTESRECIEVED", "FieldCaption" => "Bytes recieved", "FieldType" => 1, "FieldAlign" => "left", "SearchField" => "net_bytesrecieved", "DefaultWidth" => 80, "SearchOnline" => 0, "Trunscate" => 0, "Sortable" => 0), "net_bytessend" => array (", ", "FieldID" => "net_bytessend", "FieldDefine" => "SYSLOG_NET_BYTESSEND", "FieldCaption" => "Bytes send", "FieldType" => 1, "FieldAlign" => "left", "SearchField" => "net_bytessend", "DefaultWidth" => 80, "SearchOnline" => 0, "Trunscate" => 0, "Sortable" => 0 ), "net_interface" => array (", ", "FieldID" => "net_interface", "FieldDefine" => "SYSLOG_NET_INTERFACE", "FieldCaption" => "Interface", "FieldType" => 0, "FieldAlign" => "center", "SearchField" => "net_interface", "DefaultWidth" => 75, "SearchOnline" => 0, "Trunscate" => 0, "Sortable" => 0), @@ -76,32 +77,32 @@ class MsgParser_wireless extends MsgParser { // Sample: Oct 14 21:05:52 script,info INICIO; Madrid-arturosoria ;wlan1 ;00:1F:3A:66:70:09 ;192.168.10.117 ;24Mbps ;36Mbps ;15:50:56 ;00:00:00.080 ;-80dBm@1Mbps ;21 ;78 ;43351,126437 ;2959,377 if ( preg_match('/(.*?);(.|.*?);(.|.*?);(.|.*?);(.|.*?);(.|.*?);(.|.*?);(.|.*?);(.|.*?);(.|.*?);(.|.*?);(.|.*?);(.|.*?)$/', $szMsg, $out) ) { - $arrArguments[SYSLOG_HOST] = $out[1]; + $arrArguments[SYSLOG_NET_HOST] = trim($out[1]); // Set wlan log specific properties! - $arrArguments[SYSLOG_NET_INTERFACE] = trim($out[2]); - $arrArguments[SYSLOG_NET_MAC_ADDRESS] = trim($out[3]); - $arrArguments[SYSLOG_NET_LASTIP] = trim($out[4]); - $arrArguments[SYSLOG_NET_RXRATE] = trim($out[5]); - $arrArguments[SYSLOG_NET_TXRATE] = trim($out[6]); - $arrArguments[SYSLOG_NET_UPTIME] = trim($out[7]); - $arrArguments[SYSLOG_NET_LASTACTIVITY] = trim($out[8]); - $arrArguments[SYSLOG_NET_SIGNALSTRENGTH] = trim($out[9]); + $arrArguments[SYSLOG_NET_INTERFACE] = trim($out[2]); + $arrArguments[SYSLOG_NET_MAC_ADDRESS] = trim($out[3]); + $arrArguments[SYSLOG_NET_LASTIP] = trim($out[4]); + $arrArguments[SYSLOG_NET_RXRATE] = trim($out[5]); + $arrArguments[SYSLOG_NET_TXRATE] = trim($out[6]); + $arrArguments[SYSLOG_NET_UPTIME] = trim($out[7]); + $arrArguments[SYSLOG_NET_LASTACTIVITY] = trim($out[8]); + $arrArguments[SYSLOG_NET_SIGNALSTRENGTH]= trim($out[9]); // Number based fields - $arrArguments[SYSLOG_NET_SIGNALTONOISE] = $out[10]; - $arrArguments[SYSLOG_NET_TXCCQ] = $out[11]; + $arrArguments[SYSLOG_NET_SIGNALTONOISE] = trim($out[10]); + $arrArguments[SYSLOG_NET_TXCCQ] = trim($out[11]); // Set msg to whole logline - $arrArguments[SYSLOG_MESSAGE] = $out[0]; + $arrArguments[SYSLOG_MESSAGE] = trim($out[0]); // Get additional parameters! if ( preg_match('/(.|.*?[0-9]{1,12}.*?),(.|.*?[0-9]{1,12}.*?);(.|.*?[0-9]{1,12}.*?),(.|.*?[0-9]{1,12}.*?)$/', $out[12], $out2) ) { - $arrArguments[SYSLOG_NET_BYTESRECIEVED] = $out2[1]; - $arrArguments[SYSLOG_NET_BYTESSEND] = $out2[2]; - $arrArguments[SYSLOG_NET_PACKETSRECIEVED] = $out2[3]; - $arrArguments[SYSLOG_NET_PACKETSSEND] = $out2[4]; + $arrArguments[SYSLOG_NET_BYTESRECIEVED] = trim($out2[1]); + $arrArguments[SYSLOG_NET_BYTESSEND] = trim($out2[2]); + $arrArguments[SYSLOG_NET_PACKETSRECIEVED] = trim($out2[3]); + $arrArguments[SYSLOG_NET_PACKETSSEND] = trim($out2[4]); } else { @@ -144,33 +145,32 @@ class MsgParser_wireless extends MsgParser { // Set generic properties $arrArguments[SYSLOG_DATE] = GetEventTime($out[1] . " " . $out[2]); - $arrArguments[SYSLOG_HOST] = $out[6]; -// $arrArguments[SYSLOG_DATE] = GetEventTime($out[4]); + $arrArguments[SYSLOG_NET_HOST] = trim($out[6]); // Set wlan log specific properties! - $arrArguments[SYSLOG_NET_INTERFACE] = trim($out[7]); - $arrArguments[SYSLOG_NET_MAC_ADDRESS] = trim($out[8]); - $arrArguments[SYSLOG_NET_LASTIP] = trim($out[9]); - $arrArguments[SYSLOG_NET_RXRATE] = trim($out[10]); - $arrArguments[SYSLOG_NET_TXRATE] = trim($out[11]); - $arrArguments[SYSLOG_NET_UPTIME] = trim($out[12]); - $arrArguments[SYSLOG_NET_LASTACTIVITY] = trim($out[13]); - $arrArguments[SYSLOG_NET_SIGNALSTRENGTH] = trim($out[14]); + $arrArguments[SYSLOG_NET_INTERFACE] = trim($out[7]); + $arrArguments[SYSLOG_NET_MAC_ADDRESS] = trim($out[8]); + $arrArguments[SYSLOG_NET_LASTIP] = trim($out[9]); + $arrArguments[SYSLOG_NET_RXRATE] = trim($out[10]); + $arrArguments[SYSLOG_NET_TXRATE] = trim($out[11]); + $arrArguments[SYSLOG_NET_UPTIME] = trim($out[12]); + $arrArguments[SYSLOG_NET_LASTACTIVITY] = trim($out[13]); + $arrArguments[SYSLOG_NET_SIGNALSTRENGTH]= trim($out[14]); // Number based fields - $arrArguments[SYSLOG_NET_SIGNALTONOISE] = $out[15]; - $arrArguments[SYSLOG_NET_TXCCQ] = $out[16]; + $arrArguments[SYSLOG_NET_SIGNALTONOISE] = trim($out[15]); + $arrArguments[SYSLOG_NET_TXCCQ] = trim($out[16]); // Set msg to whole logline - $arrArguments[SYSLOG_MESSAGE] = $out[0]; + $arrArguments[SYSLOG_MESSAGE] = trim($out[0]); // Get additional parameters! if ( preg_match('/(.|.*?[0-9]{1,12}.*?),(.|.*?[0-9]{1,12}.*?);(.|.*?[0-9]{1,12}.*?),(.|.*?[0-9]{1,12}.*?)$/', $out[17], $out2) ) { - $arrArguments[SYSLOG_NET_BYTESRECIEVED] = $out2[1]; - $arrArguments[SYSLOG_NET_BYTESSEND] = $out2[2]; - $arrArguments[SYSLOG_NET_PACKETSRECIEVED] = $out2[3]; - $arrArguments[SYSLOG_NET_PACKETSSEND] = $out2[4]; + $arrArguments[SYSLOG_NET_BYTESRECIEVED] = trim($out2[1]); + $arrArguments[SYSLOG_NET_BYTESSEND] = trim($out2[2]); + $arrArguments[SYSLOG_NET_PACKETSRECIEVED] = trim($out2[3]); + $arrArguments[SYSLOG_NET_PACKETSSEND] = trim($out2[4]); } else {