tyler.durden/loganalyzer
1
0
Fork 0
mirror of https://github.com/rsyslog/loganalyzer.git synced 2025-09-24 10:28:10 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added support to filter for dynamic fields within the logstream database sources.

Browse Source 
This was not possible yet. The filtering also has a secure end timer, which avoids
that the timelimit hits the script.
This commit is contained in:
Andre Lorbach 2008-10-27 14:42:21 +01:00
parent 5faad8d2fd
commit c4a8889a09
5 changed files with 371 additions and 331 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

216
src/classes/logstream.class.php
View File

@ -258,6 +258,219 @@ abstract class LogStream {
$this->_sortOrder = $newSortOrder; $this->_sortOrder = $newSortOrder;
return SUCCESS; return SUCCESS;
} }
/**
* Implementation of ApplyFilters which can be used by all LogStream Classes!
* This function performs a check on the filters and actually triggers the
* syslog parsers as well.
*/
public function ApplyFilters($myResults, &$arrProperitesOut)
{
// IF result was unsuccessfull, return success - nothing we can do here.
if ( $myResults >= ERROR )
return SUCCESS;
// Process all filters
if ( $this->_filters != null )
{
// Evaluation default for now is true
$bEval = true;
// Loop through set properties
foreach( $arrProperitesOut as $propertyname => $propertyvalue )
{
// TODO: NOT SURE IF THIS WILL WORK ON NUMBERS AND OTHER TYPES RIGHT NOW
if (
array_key_exists($propertyname, $this->_filters) &&
isset($propertyvalue) /* &&
!(is_string($propertyvalue) && strlen($propertyvalue) <= 0) /* Negative because it only matters if the propvalure is a string*/
)
{
// Extra var needed for number checks!
$bIsOrFilter = false; // If enabled we need to check for numbereval later
$bOrFilter = false;
// Found something to filter, so do it!
foreach( $this->_filters[$propertyname] as $myfilter )
{
switch( $myfilter[FILTER_TYPE] )
{
case FILTER_TYPE_STRING:
// Only filter if value is non zero
if ( strlen($propertyvalue) > 0 && strlen($myfilter[FILTER_VALUE]) > 0 )
{
// If Syslog message, we have AND handling!
if ( $propertyname == SYSLOG_MESSAGE )
{
// Include Filter
if ( $myfilter[FILTER_MODE] & FILTER_MODE_INCLUDE )
{
if ( stripos($propertyvalue, $myfilter[FILTER_VALUE]) === false )
$bEval = false;
}
// Exclude Filter
else if ( $myfilter[FILTER_MODE] & FILTER_MODE_EXCLUDE )
{
if ( stripos($propertyvalue, $myfilter[FILTER_VALUE]) !== false )
$bEval = false;
}
}
// Otherwise we use OR Handling!
else
{
// Include Filter
if ( $myfilter[FILTER_MODE] & FILTER_MODE_INCLUDE )
{
// Set isOrFilter to true in this case
$bIsOrFilter = true;
if ( $myfilter[FILTER_MODE] & FILTER_MODE_SEARCHFULL )
{
if ( strtolower($propertyvalue) == strtolower($myfilter[FILTER_VALUE]) )
$bOrFilter = true;
}
else
{
if ( stripos($propertyvalue, $myfilter[FILTER_VALUE]) !== false )
$bOrFilter = true;
}
}
// Exclude Filter - handeled with AND filtering!
else if ( $myfilter[FILTER_MODE] & FILTER_MODE_EXCLUDE )
{
if ( $myfilter[FILTER_MODE] & FILTER_MODE_SEARCHFULL )
{
// if ( strtolower($propertyvalue) != strtolower($myfilter[FILTER_VALUE]) )
if ( strtolower($propertyvalue) == strtolower($myfilter[FILTER_VALUE]) )
$bEval = false;
}
else
{
// if ( stripos($propertyvalue, $myfilter[FILTER_VALUE]) === false )
if ( stripos($propertyvalue, $myfilter[FILTER_VALUE]) !== false )
$bEval = false;
}
}
break;
}
}
else
{
// Either filter value or property value was empty!
// This means we have no match
$bEval = false;
}
break;
case FILTER_TYPE_NUMBER:
$bIsOrFilter = true; // Default is set to TRUE
if ( is_numeric($arrProperitesOut[$propertyname]) )
{
if ( $myfilter[FILTER_MODE] & FILTER_MODE_INCLUDE )
{
if ( $myfilter[FILTER_VALUE] == $arrProperitesOut[$propertyname] )
$bOrFilter = true;
else
$bOrFilter = false;
}
else if ( $myfilter[FILTER_MODE] & FILTER_MODE_EXCLUDE )
{
if ( $myfilter[FILTER_VALUE] == $arrProperitesOut[$propertyname] )
$bOrFilter = false;
else
$bOrFilter = true;
}
}
else
{
// If wanted, we treat this filter as a success!
if ( GetConfigSetting("TreatNotFoundFiltersAsTrue", 0, CFGLEVEL_USER) == 1 )
$bOrFilter = true;
else
$bOrFilter = false;
}
break;
case FILTER_TYPE_DATE:
// Get Log TimeStamp
$nLogTimeStamp = $arrProperitesOut[$propertyname][EVTIME_TIMESTAMP];
if ( $myfilter[FILTER_DATEMODE] == DATEMODE_LASTX )
{
// Get current timestamp
$nNowTimeStamp = time();
if ( $myfilter[FILTER_VALUE] == DATE_LASTX_HOUR )
$nLastXTime = 60 * 60; // One Hour!
else if ( $myfilter[FILTER_VALUE] == DATE_LASTX_12HOURS )
$nLastXTime = 60 * 60 * 12; // 12 Hours!
else if ( $myfilter[FILTER_VALUE] == DATE_LASTX_24HOURS )
$nLastXTime = 60 * 60 * 24; // 24 Hours!
else if ( $myfilter[FILTER_VALUE] == DATE_LASTX_7DAYS )
$nLastXTime = 60 * 60 * 24 * 7; // 7 days
else if ( $myfilter[FILTER_VALUE] == DATE_LASTX_31DAYS )
$nLastXTime = 60 * 60 * 24 * 31; // 31 days
else
// WTF default?
$nLastXTime = 86400;
// If Nowtime + LastX is higher then the log timestamp, the this logline is to old for us.
if ( ($nNowTimeStamp - $nLastXTime) > $nLogTimeStamp )
$bEval = false;
}
else if ( $myfilter[FILTER_DATEMODE] == DATEMODE_RANGE_FROM )
{
// Get filter timestamp!
$nFromTimeStamp = GetTimeStampFromTimeString($myfilter[FILTER_VALUE]);
// If logtime is smaller then FromTime, then the Event is outside of our scope!
if ( $nLogTimeStamp < $nFromTimeStamp )
$bEval = false;
}
else if ( $myfilter[FILTER_DATEMODE] == DATEMODE_RANGE_TO )
{
// Get filter timestamp!
// echo $myfilter[FILTER_VALUE];
$nToTimeStamp = GetTimeStampFromTimeString($myfilter[FILTER_VALUE]);
// If logtime is smaller then FromTime, then the Event is outside of our scope!
if ( $nLogTimeStamp > $nToTimeStamp )
$bEval = false;
}
break;
default:
// TODO!
break;
}
}
// If was number filter, we apply it the evaluation.
if ( $bIsOrFilter )
$bEval &= $bOrFilter;
if ( !$bEval )
{
// unmatching filter, reset property array
foreach ( $this->_arrProperties as $property )
$arrProperitesOut[$property] = '';
// return error!
return ERROR_FILTER_NOT_MATCH;
}
}
}
// Reached this point means filters did match!
return SUCCESS;
}
else // No filters at all means success!
return SUCCESS;
}
/*
* --- PIRVATE HELPERS!
*/
/** /**
* Helper function to parse filters into a useful filter array we can work with. * Helper function to parse filters into a useful filter array we can work with.
@ -815,7 +1028,8 @@ abstract class LogStream {
// reached here means we failed to convert the facility! // reached here means we failed to convert the facility!
return -1; return -1;
} }
} }
?> ?>

102
src/classes/logstreamdb.class.php
View File

@ -210,67 +210,85 @@ class LogStreamDB extends LogStream {
public function ReadNext(&$uID, &$arrProperitesOut, $bParseMessage = true) public function ReadNext(&$uID, &$arrProperitesOut, $bParseMessage = true)
{ {
// Helpers needed for DB Mapping // Helpers needed for DB Mapping
global $content, $gl_starttime;
global $dbmapping, $fields; global $dbmapping, $fields;
$szTableType = $this->_logStreamConfigObj->DBTableType; $szTableType = $this->_logStreamConfigObj->DBTableType;
// define $ret // define $ret
$ret = SUCCESS; $ret = SUCCESS;
// No buffer? then read from DB! do
if ( $this->bufferedRecords == null )
$ret = $this->ReadNextRecordsFromDB($uID);
else
{ {
if ( !isset($this->bufferedRecords[$this->_currentRecordNum] ) ) // No buffer? then read from DB!
{ if ( $this->bufferedRecords == null )
// We need to load new records, so clear the old ones first!
$this->ResetBufferedRecords();
// Set new Record start, will be used in the SQL Statement!
$this->_currentRecordStart = $this->_currentRecordNum; // + 1;
// Now read new ones
$ret = $this->ReadNextRecordsFromDB($uID); $ret = $this->ReadNextRecordsFromDB($uID);
else
if ( !isset($this->bufferedRecords[$this->_currentRecordNum] ) )
$ret = ERROR_NOMORERECORDS;
}
}
if ( $ret == SUCCESS )
{
// Init and set variables
foreach ( $this->_arrProperties as $property )
{ {
// Check if mapping exists if ( !isset($this->bufferedRecords[$this->_currentRecordNum] ) )
if ( isset($dbmapping[$szTableType][$property]) )
{ {
// Copy property if available! // We need to load new records, so clear the old ones first!
$dbfieldname = $dbmapping[$szTableType][$property]; $this->ResetBufferedRecords();
if ( isset($this->bufferedRecords[$this->_currentRecordNum][$dbfieldname]) )
// Set new Record start, will be used in the SQL Statement!
$this->_currentRecordStart = $this->_currentRecordNum; // + 1;
// Now read new ones
$ret = $this->ReadNextRecordsFromDB($uID);
if ( !isset($this->bufferedRecords[$this->_currentRecordNum] ) )
$ret = ERROR_NOMORERECORDS;
}
}
if ( $ret == SUCCESS )
{
// Init and set variables
foreach ( $this->_arrProperties as $property )
{
// Check if mapping exists
if ( isset($dbmapping[$szTableType][$property]) )
{ {
if ( isset($fields[$property]['FieldType']) && $fields[$property]['FieldType'] == FILTER_TYPE_DATE ) // Handle as date! // Copy property if available!
$arrProperitesOut[$property] = GetEventTime( $this->bufferedRecords[$this->_currentRecordNum][$dbfieldname] ); $dbfieldname = $dbmapping[$szTableType][$property];
if ( isset($this->bufferedRecords[$this->_currentRecordNum][$dbfieldname]) )
{
if ( isset($fields[$property]['FieldType']) && $fields[$property]['FieldType'] == FILTER_TYPE_DATE ) // Handle as date!
$arrProperitesOut[$property] = GetEventTime( $this->bufferedRecords[$this->_currentRecordNum][$dbfieldname] );
else
$arrProperitesOut[$property] = $this->bufferedRecords[$this->_currentRecordNum][$dbfieldname];
}
else else
$arrProperitesOut[$property] = $this->bufferedRecords[$this->_currentRecordNum][$dbfieldname]; $arrProperitesOut[$property] = '';
} }
else else
$arrProperitesOut[$property] = ''; $arrProperitesOut[$property] = '';
} }
else
$arrProperitesOut[$property] = ''; // Run optional Message Parsers now
if ( isset($arrProperitesOut[SYSLOG_MESSAGE]) )
$this->_logStreamConfigObj->ProcessMsgParsers($arrProperitesOut[SYSLOG_MESSAGE], $arrProperitesOut);
// Set uID to the PropertiesOut! //DEBUG -> $this->_currentRecordNum;
$uID = $arrProperitesOut[SYSLOG_UID] = $this->bufferedRecords[$this->_currentRecordNum][$dbmapping[$szTableType][SYSLOG_UID]];
// Increment $_currentRecordNum
$this->_currentRecordNum++;
} }
// Run optional Message Parsers now // Check how long we are running. If only two seconds of execution time are left, we abort further reading!
if ( isset($arrProperitesOut[SYSLOG_MESSAGE]) ) $scriptruntime = intval(microtime_float() - $gl_starttime);
$this->_logStreamConfigObj->ProcessMsgParsers($arrProperitesOut[SYSLOG_MESSAGE], $arrProperitesOut); if ( $scriptruntime > ($content['MaxExecutionTime']-2) )
{
// This may display a warning message, so the user knows we stopped reading records because of the script timeout.
$content['logstream_warning'] = "false";
$content['logstream_warning_details'] = $content['LN_WARNING_LOGSTREAMDISK_TIMEOUT'];
$content['logstream_warning_code'] = ERROR_FILE_NOMORETIME;
// Return error code
return ERROR_FILE_NOMORETIME;
}
// Set uID to the PropertiesOut! //DEBUG -> $this->_currentRecordNum; // This additional filter check will take care on dynamic fields from the message parser!
$uID = $arrProperitesOut[SYSLOG_UID] = $this->bufferedRecords[$this->_currentRecordNum][$dbmapping[$szTableType][SYSLOG_UID]]; } while ( $this->ApplyFilters($ret, $arrProperitesOut) != SUCCESS && $ret == SUCCESS );
// Increment $_currentRecordNum
$this->_currentRecordNum++;
}
// reached here means return result! // reached here means return result!
return $ret; return $ret;

212
src/classes/logstreamdisk.class.php
View File

@ -699,215 +699,5 @@ class LogStreamDisk extends LogStream {
$this->_p_buffer = -1; $this->_p_buffer = -1;
} }
/**
* Implementation of ApplyFilters in the LogSTreamDisk Class.
* This function performs a check on the filters and actually triggers the
* syslog parsers as well.
*/
protected function ApplyFilters($myResults, &$arrProperitesOut)
{
// IF result was unsuccessfull, return success - nothing we can do here.
if ( $myResults >= ERROR )
return SUCCESS;
// Process all filters
if ( $this->_filters != null )
{
// Evaluation default for now is true
$bEval = true;
// Loop through set properties
foreach( $arrProperitesOut as $propertyname => $propertyvalue )
{
// TODO: NOT SURE IF THIS WILL WORK ON NUMBERS AND OTHER TYPES RIGHT NOW
if (
array_key_exists($propertyname, $this->_filters) &&
isset($propertyvalue) /* &&
!(is_string($propertyvalue) && strlen($propertyvalue) <= 0) /* Negative because it only matters if the propvalure is a string*/
)
{
// Extra var needed for number checks!
$bIsOrFilter = false; // If enabled we need to check for numbereval later
$bOrFilter = false;
// Found something to filter, so do it!
foreach( $this->_filters[$propertyname] as $myfilter )
{
switch( $myfilter[FILTER_TYPE] )
{
case FILTER_TYPE_STRING:
// Only filter if value is non zero
if ( strlen($propertyvalue) > 0 && strlen($myfilter[FILTER_VALUE]) > 0 )
{
// If Syslog message, we have AND handling!
if ( $propertyname == SYSLOG_MESSAGE )
{
// Include Filter
if ( $myfilter[FILTER_MODE] & FILTER_MODE_INCLUDE )
{
if ( stripos($propertyvalue, $myfilter[FILTER_VALUE]) === false )
$bEval = false;
}
// Exclude Filter
else if ( $myfilter[FILTER_MODE] & FILTER_MODE_EXCLUDE )
{
if ( stripos($propertyvalue, $myfilter[FILTER_VALUE]) !== false )
$bEval = false;
}
}
// Otherwise we use OR Handling!
else
{
// Include Filter
if ( $myfilter[FILTER_MODE] & FILTER_MODE_INCLUDE )
{
// Set isOrFilter to true in this case
$bIsOrFilter = true;
if ( $myfilter[FILTER_MODE] & FILTER_MODE_SEARCHFULL )
{
if ( strtolower($propertyvalue) == strtolower($myfilter[FILTER_VALUE]) )
$bOrFilter = true;
}
else
{
if ( stripos($propertyvalue, $myfilter[FILTER_VALUE]) !== false )
$bOrFilter = true;
}
}
// Exclude Filter - handeled with AND filtering!
else if ( $myfilter[FILTER_MODE] & FILTER_MODE_EXCLUDE )
{
if ( $myfilter[FILTER_MODE] & FILTER_MODE_SEARCHFULL )
{
// if ( strtolower($propertyvalue) != strtolower($myfilter[FILTER_VALUE]) )
if ( strtolower($propertyvalue) == strtolower($myfilter[FILTER_VALUE]) )
$bEval = false;
}
else
{
// if ( stripos($propertyvalue, $myfilter[FILTER_VALUE]) === false )
if ( stripos($propertyvalue, $myfilter[FILTER_VALUE]) !== false )
$bEval = false;
}
}
break;
}
}
else
{
// Either filter value or property value was empty!
// This means we have no match
$bEval = false;
}
break;
case FILTER_TYPE_NUMBER:
$bIsOrFilter = true; // Default is set to TRUE
if ( is_numeric($arrProperitesOut[$propertyname]) )
{
if ( $myfilter[FILTER_MODE] & FILTER_MODE_INCLUDE )
{
if ( $myfilter[FILTER_VALUE] == $arrProperitesOut[$propertyname] )
$bOrFilter = true;
else
$bOrFilter = false;
}
else if ( $myfilter[FILTER_MODE] & FILTER_MODE_EXCLUDE )
{
if ( $myfilter[FILTER_VALUE] == $arrProperitesOut[$propertyname] )
$bOrFilter = false;
else
$bOrFilter = true;
}
}
else
{
// If wanted, we treat this filter as a success!
if ( GetConfigSetting("TreatNotFoundFiltersAsTrue", 0, CFGLEVEL_USER) == 1 )
$bOrFilter = true;
else
$bOrFilter = false;
}
break;
case FILTER_TYPE_DATE:
// Get Log TimeStamp
$nLogTimeStamp = $arrProperitesOut[$propertyname][EVTIME_TIMESTAMP];
if ( $myfilter[FILTER_DATEMODE] == DATEMODE_LASTX )
{
// Get current timestamp
$nNowTimeStamp = time();
if ( $myfilter[FILTER_VALUE] == DATE_LASTX_HOUR )
$nLastXTime = 60 * 60; // One Hour!
else if ( $myfilter[FILTER_VALUE] == DATE_LASTX_12HOURS )
$nLastXTime = 60 * 60 * 12; // 12 Hours!
else if ( $myfilter[FILTER_VALUE] == DATE_LASTX_24HOURS )
$nLastXTime = 60 * 60 * 24; // 24 Hours!
else if ( $myfilter[FILTER_VALUE] == DATE_LASTX_7DAYS )
$nLastXTime = 60 * 60 * 24 * 7; // 7 days
else if ( $myfilter[FILTER_VALUE] == DATE_LASTX_31DAYS )
$nLastXTime = 60 * 60 * 24 * 31; // 31 days
else
// WTF default?
$nLastXTime = 86400;
// If Nowtime + LastX is higher then the log timestamp, the this logline is to old for us.
if ( ($nNowTimeStamp - $nLastXTime) > $nLogTimeStamp )
$bEval = false;
}
else if ( $myfilter[FILTER_DATEMODE] == DATEMODE_RANGE_FROM )
{
// Get filter timestamp!
$nFromTimeStamp = GetTimeStampFromTimeString($myfilter[FILTER_VALUE]);
// If logtime is smaller then FromTime, then the Event is outside of our scope!
if ( $nLogTimeStamp < $nFromTimeStamp )
$bEval = false;
}
else if ( $myfilter[FILTER_DATEMODE] == DATEMODE_RANGE_TO )
{
// Get filter timestamp!
// echo $myfilter[FILTER_VALUE];
$nToTimeStamp = GetTimeStampFromTimeString($myfilter[FILTER_VALUE]);
// If logtime is smaller then FromTime, then the Event is outside of our scope!
if ( $nLogTimeStamp > $nToTimeStamp )
$bEval = false;
}
break;
default:
// TODO!
break;
}
}
// If was number filter, we apply it the evaluation.
if ( $bIsOrFilter )
$bEval &= $bOrFilter;
if ( !$bEval )
{
// unmatching filter, reset property array
foreach ( $this->_arrProperties as $property )
$arrProperitesOut[$property] = '';
// return error!
return ERROR_FILTER_NOT_MATCH;
}
}
}
// Reached this point means filters did match!
return SUCCESS;
}
else // No filters at all means success!
return SUCCESS;
}
} }
?>
?>

106
src/classes/logstreampdo.class.php
View File

@ -240,69 +240,87 @@ class LogStreamPDO extends LogStream {
public function ReadNext(&$uID, &$arrProperitesOut, $bParseMessage = true) public function ReadNext(&$uID, &$arrProperitesOut, $bParseMessage = true)
{ {
// Helpers needed for DB Mapping // Helpers needed for DB Mapping
global $content, $gl_starttime;
global $dbmapping, $fields; global $dbmapping, $fields;
$szTableType = $this->_logStreamConfigObj->DBTableType; $szTableType = $this->_logStreamConfigObj->DBTableType;
// define $ret // define $ret
$ret = SUCCESS; $ret = SUCCESS;
// No buffer? then read from DB! do
if ( $this->bufferedRecords == null )
$ret = $this->ReadNextRecordsFromDB($uID);
else
{ {
if ( !isset($this->bufferedRecords[$this->_currentRecordNum] ) ) // No buffer? then read from DB!
{ if ( $this->bufferedRecords == null )
// We need to load new records, so clear the old ones first!
$this->ResetBufferedRecords();
// Set new Record start, will be used in the SQL Statement!
$this->_currentRecordStart = $this->_currentRecordNum; // + 1;
// Now read new ones
$ret = $this->ReadNextRecordsFromDB($uID); $ret = $this->ReadNextRecordsFromDB($uID);
//echo "!" . $ret . " " . $this->_currentRecordStart . "=" . $this->_currentRecordNum; else
// Check if we found more records
if ( !isset($this->bufferedRecords[$this->_currentRecordNum] ) )
$ret = ERROR_NOMORERECORDS;
}
}
if ( $ret == SUCCESS )
{
// Init and set variables
foreach ( $this->_arrProperties as $property )
{ {
// Check if mapping exists if ( !isset($this->bufferedRecords[$this->_currentRecordNum] ) )
if ( isset($dbmapping[$szTableType][$property]) )
{ {
// Copy property if available! // We need to load new records, so clear the old ones first!
$dbfieldname = $dbmapping[$szTableType][$property]; $this->ResetBufferedRecords();
if ( isset($this->bufferedRecords[$this->_currentRecordNum][$dbfieldname]) )
// Set new Record start, will be used in the SQL Statement!
$this->_currentRecordStart = $this->_currentRecordNum; // + 1;
// Now read new ones
$ret = $this->ReadNextRecordsFromDB($uID);
// Check if we found more records
if ( !isset($this->bufferedRecords[$this->_currentRecordNum] ) )
$ret = ERROR_NOMORERECORDS;
}
}
if ( $ret == SUCCESS )
{
// Init and set variables
foreach ( $this->_arrProperties as $property )
{
// Check if mapping exists
if ( isset($dbmapping[$szTableType][$property]) )
{ {
if ( isset($fields[$property]['FieldType']) && $fields[$property]['FieldType'] == FILTER_TYPE_DATE ) // Handle as date! // Copy property if available!
$arrProperitesOut[$property] = GetEventTime( $this->bufferedRecords[$this->_currentRecordNum][$dbfieldname] ); $dbfieldname = $dbmapping[$szTableType][$property];
if ( isset($this->bufferedRecords[$this->_currentRecordNum][$dbfieldname]) )
{
if ( isset($fields[$property]['FieldType']) && $fields[$property]['FieldType'] == FILTER_TYPE_DATE ) // Handle as date!
$arrProperitesOut[$property] = GetEventTime( $this->bufferedRecords[$this->_currentRecordNum][$dbfieldname] );
else
$arrProperitesOut[$property] = $this->bufferedRecords[$this->_currentRecordNum][$dbfieldname];
}
else else
$arrProperitesOut[$property] = $this->bufferedRecords[$this->_currentRecordNum][$dbfieldname]; $arrProperitesOut[$property] = '';
} }
else else
$arrProperitesOut[$property] = ''; $arrProperitesOut[$property] = '';
} }
else
$arrProperitesOut[$property] = ''; // Run optional Message Parsers now
if ( isset($arrProperitesOut[SYSLOG_MESSAGE]) )
$this->_logStreamConfigObj->ProcessMsgParsers($arrProperitesOut[SYSLOG_MESSAGE], $arrProperitesOut);
// Set uID to the PropertiesOut! //DEBUG -> $this->_currentRecordNum;
$uID = $arrProperitesOut[SYSLOG_UID] = $this->bufferedRecords[$this->_currentRecordNum][$dbmapping[$szTableType][SYSLOG_UID]];
// Increment $_currentRecordNum
$this->_currentRecordNum++;
} }
// Run optional Message Parsers now // Check how long we are running. If only two seconds of execution time are left, we abort further reading!
if ( isset($arrProperitesOut[SYSLOG_MESSAGE]) ) $scriptruntime = intval(microtime_float() - $gl_starttime);
$this->_logStreamConfigObj->ProcessMsgParsers($arrProperitesOut[SYSLOG_MESSAGE], $arrProperitesOut); if ( $scriptruntime > ($content['MaxExecutionTime']-2) )
{
// This may display a warning message, so the user knows we stopped reading records because of the script timeout.
$content['logstream_warning'] = "false";
$content['logstream_warning_details'] = $content['LN_WARNING_LOGSTREAMDISK_TIMEOUT'];
$content['logstream_warning_code'] = ERROR_FILE_NOMORETIME;
// Return error code
return ERROR_FILE_NOMORETIME;
}
// Set uID to the PropertiesOut! //DEBUG -> $this->_currentRecordNum; // This additional filter check will take care on dynamic fields from the message parser!
$uID = $arrProperitesOut[SYSLOG_UID] = $this->bufferedRecords[$this->_currentRecordNum][$dbmapping[$szTableType][SYSLOG_UID]]; } while ( $this->ApplyFilters($ret, $arrProperitesOut) != SUCCESS && $ret == SUCCESS );
// Increment $_currentRecordNum
$this->_currentRecordNum++;
}
// reached here means return result! // reached here means return result!
return $ret; return $ret;

66
src/classes/msgparsers/msgparser.wireless.class.php
View File

@ -36,6 +36,7 @@ class MsgParser_wireless extends MsgParser {
public $_ClassDescription = 'Custom logfile parser for wireless access points.'; public $_ClassDescription = 'Custom logfile parser for wireless access points.';
public $_ClassHelpArticle = ""; public $_ClassHelpArticle = "";
public $_ClassRequiredFields = array ( public $_ClassRequiredFields = array (
"net_host" => array (", ", "FieldID" => "net_host", "FieldDefine" => "SYSLOG_NET_HOST", "FieldCaption" => "Hostname", "FieldType" => 0, "FieldAlign" => "left", "SearchField" => "net_host", "DefaultWidth" => 100, "SearchOnline" => 0, "Trunscate" => 0, "Sortable" => 0),
"net_bytesrecieved" => array ( "FieldID" => "net_bytesrecieved", "FieldDefine" => "SYSLOG_NET_BYTESRECIEVED", "FieldCaption" => "Bytes recieved", "FieldType" => 1, "FieldAlign" => "left", "SearchField" => "net_bytesrecieved", "DefaultWidth" => 80, "SearchOnline" => 0, "Trunscate" => 0, "Sortable" => 0), "net_bytesrecieved" => array ( "FieldID" => "net_bytesrecieved", "FieldDefine" => "SYSLOG_NET_BYTESRECIEVED", "FieldCaption" => "Bytes recieved", "FieldType" => 1, "FieldAlign" => "left", "SearchField" => "net_bytesrecieved", "DefaultWidth" => 80, "SearchOnline" => 0, "Trunscate" => 0, "Sortable" => 0),
"net_bytessend" => array (", ", "FieldID" => "net_bytessend", "FieldDefine" => "SYSLOG_NET_BYTESSEND", "FieldCaption" => "Bytes send", "FieldType" => 1, "FieldAlign" => "left", "SearchField" => "net_bytessend", "DefaultWidth" => 80, "SearchOnline" => 0, "Trunscate" => 0, "Sortable" => 0 ), "net_bytessend" => array (", ", "FieldID" => "net_bytessend", "FieldDefine" => "SYSLOG_NET_BYTESSEND", "FieldCaption" => "Bytes send", "FieldType" => 1, "FieldAlign" => "left", "SearchField" => "net_bytessend", "DefaultWidth" => 80, "SearchOnline" => 0, "Trunscate" => 0, "Sortable" => 0 ),
"net_interface" => array (", ", "FieldID" => "net_interface", "FieldDefine" => "SYSLOG_NET_INTERFACE", "FieldCaption" => "Interface", "FieldType" => 0, "FieldAlign" => "center", "SearchField" => "net_interface", "DefaultWidth" => 75, "SearchOnline" => 0, "Trunscate" => 0, "Sortable" => 0), "net_interface" => array (", ", "FieldID" => "net_interface", "FieldDefine" => "SYSLOG_NET_INTERFACE", "FieldCaption" => "Interface", "FieldType" => 0, "FieldAlign" => "center", "SearchField" => "net_interface", "DefaultWidth" => 75, "SearchOnline" => 0, "Trunscate" => 0, "Sortable" => 0),
@ -76,32 +77,32 @@ class MsgParser_wireless extends MsgParser {
// Sample: Oct 14 21:05:52 script,info INICIO; Madrid-arturosoria ;wlan1 ;00:1F:3A:66:70:09 ;192.168.10.117 ;24Mbps ;36Mbps ;15:50:56 ;00:00:00.080 ;-80dBm@1Mbps ;21 ;78 ;43351,126437 ;2959,377 // Sample: Oct 14 21:05:52 script,info INICIO; Madrid-arturosoria ;wlan1 ;00:1F:3A:66:70:09 ;192.168.10.117 ;24Mbps ;36Mbps ;15:50:56 ;00:00:00.080 ;-80dBm@1Mbps ;21 ;78 ;43351,126437 ;2959,377
if ( preg_match('/(.*?);(.|.*?);(.|.*?);(.|.*?);(.|.*?);(.|.*?);(.|.*?);(.|.*?);(.|.*?);(.|.*?);(.|.*?);(.|.*?);(.|.*?)$/', $szMsg, $out) ) if ( preg_match('/(.*?);(.|.*?);(.|.*?);(.|.*?);(.|.*?);(.|.*?);(.|.*?);(.|.*?);(.|.*?);(.|.*?);(.|.*?);(.|.*?);(.|.*?)$/', $szMsg, $out) )
{ {
$arrArguments[SYSLOG_HOST] = $out[1]; $arrArguments[SYSLOG_NET_HOST] = trim($out[1]);
// Set wlan log specific properties! // Set wlan log specific properties!
$arrArguments[SYSLOG_NET_INTERFACE] = trim($out[2]); $arrArguments[SYSLOG_NET_INTERFACE] = trim($out[2]);
$arrArguments[SYSLOG_NET_MAC_ADDRESS] = trim($out[3]); $arrArguments[SYSLOG_NET_MAC_ADDRESS] = trim($out[3]);
$arrArguments[SYSLOG_NET_LASTIP] = trim($out[4]); $arrArguments[SYSLOG_NET_LASTIP] = trim($out[4]);
$arrArguments[SYSLOG_NET_RXRATE] = trim($out[5]); $arrArguments[SYSLOG_NET_RXRATE] = trim($out[5]);
$arrArguments[SYSLOG_NET_TXRATE] = trim($out[6]); $arrArguments[SYSLOG_NET_TXRATE] = trim($out[6]);
$arrArguments[SYSLOG_NET_UPTIME] = trim($out[7]); $arrArguments[SYSLOG_NET_UPTIME] = trim($out[7]);
$arrArguments[SYSLOG_NET_LASTACTIVITY] = trim($out[8]); $arrArguments[SYSLOG_NET_LASTACTIVITY] = trim($out[8]);
$arrArguments[SYSLOG_NET_SIGNALSTRENGTH] = trim($out[9]); $arrArguments[SYSLOG_NET_SIGNALSTRENGTH]= trim($out[9]);
// Number based fields // Number based fields
$arrArguments[SYSLOG_NET_SIGNALTONOISE] = $out[10]; $arrArguments[SYSLOG_NET_SIGNALTONOISE] = trim($out[10]);
$arrArguments[SYSLOG_NET_TXCCQ] = $out[11]; $arrArguments[SYSLOG_NET_TXCCQ] = trim($out[11]);
// Set msg to whole logline // Set msg to whole logline
$arrArguments[SYSLOG_MESSAGE] = $out[0]; $arrArguments[SYSLOG_MESSAGE] = trim($out[0]);
// Get additional parameters! // Get additional parameters!
if ( preg_match('/(.|.*?[0-9]{1,12}.*?),(.|.*?[0-9]{1,12}.*?);(.|.*?[0-9]{1,12}.*?),(.|.*?[0-9]{1,12}.*?)$/', $out[12], $out2) ) if ( preg_match('/(.|.*?[0-9]{1,12}.*?),(.|.*?[0-9]{1,12}.*?);(.|.*?[0-9]{1,12}.*?),(.|.*?[0-9]{1,12}.*?)$/', $out[12], $out2) )
{ {
$arrArguments[SYSLOG_NET_BYTESRECIEVED] = $out2[1]; $arrArguments[SYSLOG_NET_BYTESRECIEVED] = trim($out2[1]);
$arrArguments[SYSLOG_NET_BYTESSEND] = $out2[2]; $arrArguments[SYSLOG_NET_BYTESSEND] = trim($out2[2]);
$arrArguments[SYSLOG_NET_PACKETSRECIEVED] = $out2[3]; $arrArguments[SYSLOG_NET_PACKETSRECIEVED] = trim($out2[3]);
$arrArguments[SYSLOG_NET_PACKETSSEND] = $out2[4]; $arrArguments[SYSLOG_NET_PACKETSSEND] = trim($out2[4]);
} }
else else
{ {
@ -144,33 +145,32 @@ class MsgParser_wireless extends MsgParser {
// Set generic properties // Set generic properties
$arrArguments[SYSLOG_DATE] = GetEventTime($out[1] . " " . $out[2]); $arrArguments[SYSLOG_DATE] = GetEventTime($out[1] . " " . $out[2]);
$arrArguments[SYSLOG_HOST] = $out[6]; $arrArguments[SYSLOG_NET_HOST] = trim($out[6]);
// $arrArguments[SYSLOG_DATE] = GetEventTime($out[4]);
// Set wlan log specific properties! // Set wlan log specific properties!
$arrArguments[SYSLOG_NET_INTERFACE] = trim($out[7]); $arrArguments[SYSLOG_NET_INTERFACE] = trim($out[7]);
$arrArguments[SYSLOG_NET_MAC_ADDRESS] = trim($out[8]); $arrArguments[SYSLOG_NET_MAC_ADDRESS] = trim($out[8]);
$arrArguments[SYSLOG_NET_LASTIP] = trim($out[9]); $arrArguments[SYSLOG_NET_LASTIP] = trim($out[9]);
$arrArguments[SYSLOG_NET_RXRATE] = trim($out[10]); $arrArguments[SYSLOG_NET_RXRATE] = trim($out[10]);
$arrArguments[SYSLOG_NET_TXRATE] = trim($out[11]); $arrArguments[SYSLOG_NET_TXRATE] = trim($out[11]);
$arrArguments[SYSLOG_NET_UPTIME] = trim($out[12]); $arrArguments[SYSLOG_NET_UPTIME] = trim($out[12]);
$arrArguments[SYSLOG_NET_LASTACTIVITY] = trim($out[13]); $arrArguments[SYSLOG_NET_LASTACTIVITY] = trim($out[13]);
$arrArguments[SYSLOG_NET_SIGNALSTRENGTH] = trim($out[14]); $arrArguments[SYSLOG_NET_SIGNALSTRENGTH]= trim($out[14]);
// Number based fields // Number based fields
$arrArguments[SYSLOG_NET_SIGNALTONOISE] = $out[15]; $arrArguments[SYSLOG_NET_SIGNALTONOISE] = trim($out[15]);
$arrArguments[SYSLOG_NET_TXCCQ] = $out[16]; $arrArguments[SYSLOG_NET_TXCCQ] = trim($out[16]);
// Set msg to whole logline // Set msg to whole logline
$arrArguments[SYSLOG_MESSAGE] = $out[0]; $arrArguments[SYSLOG_MESSAGE] = trim($out[0]);
// Get additional parameters! // Get additional parameters!
if ( preg_match('/(.|.*?[0-9]{1,12}.*?),(.|.*?[0-9]{1,12}.*?);(.|.*?[0-9]{1,12}.*?),(.|.*?[0-9]{1,12}.*?)$/', $out[17], $out2) ) if ( preg_match('/(.|.*?[0-9]{1,12}.*?),(.|.*?[0-9]{1,12}.*?);(.|.*?[0-9]{1,12}.*?),(.|.*?[0-9]{1,12}.*?)$/', $out[17], $out2) )
{ {
$arrArguments[SYSLOG_NET_BYTESRECIEVED] = $out2[1]; $arrArguments[SYSLOG_NET_BYTESRECIEVED] = trim($out2[1]);
$arrArguments[SYSLOG_NET_BYTESSEND] = $out2[2]; $arrArguments[SYSLOG_NET_BYTESSEND] = trim($out2[2]);
$arrArguments[SYSLOG_NET_PACKETSRECIEVED] = $out2[3]; $arrArguments[SYSLOG_NET_PACKETSRECIEVED] = trim($out2[3]);
$arrArguments[SYSLOG_NET_PACKETSSEND] = $out2[4]; $arrArguments[SYSLOG_NET_PACKETSSEND] = trim($out2[4]);
} }
else else
{ {