1 /*
2 * Argus Software
3 * Copyright (c) 2000-2016 QoSient, LLC
4 * All rights reserved.
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2, or (at your option)
9 * any later version.
10
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
19 *
20 */
21
22 /*
23 * $Id: //depot/argus/clients/clients/ra.c#80 $
24 * $DateTime: 2016/06/01 15:17:28 $
25 * $Change: 3148 $
26 */
27
28 /*
29 *
30 * ra - Read Argus
31 * This program reads argus output streams, either through a socket,
32 * a piped stream, or in a file, filters and optionally writes the
33 * output to 1) a file, 2) its stdout or 3) prints the binary records
34 * to stdout in ASCII.
35 *
36 * written by Carter Bullard
37 * QoSient, LLC
38 */
39
40
41 #ifdef HAVE_CONFIG_H
42 #include "argus_config.h"
43 #endif
44
45
46 #if defined(CYGWIN)
47 #define USE_IPV6
48 #endif
49
50 #include <unistd.h>
51 #include <stdlib.h>
52
53 #include <argus_compat.h>
54
55 #include <rabins.h>
56 #include <argus_util.h>
57 #include <argus_client.h>
58 #include <argus_main.h>
59 #include <argus_filter.h>
60
61 #include <signal.h>
62 #include <ctype.h>
63
64 extern int ArgusTotalMarRecords;
65 extern int ArgusTotalFarRecords;
66
67 extern struct ArgusParserStruct *ArgusParser;
68
69 int RaPrintCounter = 1;
70
71
72 void
ArgusClientInit(struct ArgusParserStruct * parser)73 ArgusClientInit (struct ArgusParserStruct *parser)
74 {
75 struct ArgusModeStruct *mode = NULL;
76 parser->RaWriteOut = 0;
77
78 if (!(parser->RaInitialized)) {
79 (void) signal (SIGHUP, (void (*)(int)) RaParseComplete);
80 (void) signal (SIGTERM, (void (*)(int)) RaParseComplete);
81 (void) signal (SIGQUIT, (void (*)(int)) RaParseComplete);
82 (void) signal (SIGINT, (void (*)(int)) RaParseComplete);
83
84 if ((mode = parser->ArgusModeList) != NULL) {
85 while (mode) {
86 if (!(strncasecmp (mode->mode, "poll", 4)))
87 parser->RaPollMode++;
88
89 if (!(strncasecmp (mode->mode, "rmon", 4)))
90 parser->RaMonMode++;
91
92 if (!(strncasecmp (mode->mode, "uni", 3)))
93 parser->RaUniMode++;
94
95 if (!(strncasecmp (mode->mode, "oui", 3)))
96 parser->ArgusPrintEthernetVendors++;
97
98 if (!(strncasecmp (mode->mode, "man", 3)))
99 parser->ArgusPrintMan = 1;
100
101 if (!(strncasecmp (mode->mode, "noman", 5)))
102 parser->ArgusPrintMan = 0;
103
104 mode = mode->nxt;
105 }
106 }
107
108 if (parser->Pctflag) {
109 parser->ArgusPassNum = 2;
110 if ((parser->ArgusAggregator = ArgusNewAggregator(parser, "srcid", ARGUS_RECORD_AGGREGATOR)) == NULL)
111 ArgusLog (LOG_ERR, "ArgusClientInit: ArgusNewAggregator error");
112 }
113
114
115 if (parser->dflag) {
116 int pid;
117
118 if (parser->Sflag)
119 parser->ArgusReliableConnection++;
120
121 ArgusLog(LOG_WARNING, "started");
122 if (chdir ("/") < 0)
123 ArgusLog (LOG_ERR, "Can't chdir to / %s", strerror(errno));
124
125 if ((pid = fork ()) < 0) {
126 ArgusLog (LOG_ERR, "Can't fork daemon %s", strerror(errno));
127 } else {
128 if (pid) {
129 struct timespec ts = {0, 20000000};
130 int status;
131 nanosleep(&ts, NULL);
132 waitpid(pid, &status, WNOHANG);
133 if (kill(pid, 0) < 0) {
134 exit (1);
135 } else
136 exit (0);
137 } else {
138 FILE *tmpfile;
139
140 parser->ArgusSessionId = setsid();
141 if ((tmpfile = freopen ("/dev/null", "r", stdin)) == NULL)
142 ArgusLog (LOG_ERR, "Cannot map stdout to /dev/null");
143
144 if ((tmpfile = freopen ("/dev/null", "a+", stdout)) == NULL)
145 ArgusLog (LOG_ERR, "Cannot map stdout to /dev/null");
146
147 if ((tmpfile = freopen ("/dev/null", "a+", stderr)) == NULL)
148 ArgusLog (LOG_ERR, "Cannot map stderr to /dev/null");
149 }
150 }
151 }
152
153 parser->RaInitialized++;
154 }
155 }
156
RaArgusInputComplete(struct ArgusInput * input)157 void RaArgusInputComplete (struct ArgusInput *input) { return; }
158
159 void
RaParseComplete(int sig)160 RaParseComplete (int sig)
161 {
162 if (sig >= 0) {
163 if (!ArgusParser->RaParseCompleting++) {
164
165 if (ArgusParser->Aflag) {
166 #if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__APPLE_CC__) || defined(__APPLE__) || defined(ARGUS_SOLARIS)
167 printf (" Totalrecords %-8lld TotalMarRecords %-8lld TotalFarRecords %-8lld TotalPkts %-8lld TotalBytes %-8lld\n",
168 ArgusParser->ArgusTotalRecords + 1, ArgusParser->ArgusTotalMarRecords, ArgusParser->ArgusTotalFarRecords,
169 ArgusParser->ArgusTotalPkts, ArgusParser->ArgusTotalBytes);
170 #else
171 printf (" Totalrecords %-8Ld TotalManRecords %-8Ld TotalFarRecords %-8Ld TotalPkts %-8Ld TotalBytes %-8Ld\n",
172 ArgusParser->ArgusTotalRecords + 1, ArgusParser->ArgusTotalMarRecords, ArgusParser->ArgusTotalFarRecords,
173 ArgusParser->ArgusTotalPkts, ArgusParser->ArgusTotalBytes);
174 #endif
175 }
176
177 fflush(stdout);
178 ArgusShutDown(sig);
179 }
180
181 #ifdef ARGUSDEBUG
182 ArgusDebug (2, "RaParseComplete(caught signal %d)\n", sig);
183 #endif
184 switch (sig) {
185 case SIGHUP:
186 case SIGINT:
187 case SIGTERM:
188 case SIGQUIT: {
189 struct ArgusWfileStruct *wfile = NULL;
190
191 if (ArgusParser->ArgusWfileList != NULL) {
192 struct ArgusListObjectStruct *lobj = NULL;
193 int i, count = ArgusParser->ArgusWfileList->count;
194
195 if ((lobj = ArgusParser->ArgusWfileList->start) != NULL) {
196 for (i = 0; i < count; i++) {
197 if ((wfile = (struct ArgusWfileStruct *) lobj) != NULL) {
198 if (wfile->fd != NULL) {
199 #ifdef ARGUSDEBUG
200 ArgusDebug (2, "RaParseComplete: closing %s\n", wfile->filename);
201 #endif
202 fflush (wfile->fd);
203 fclose (wfile->fd);
204 wfile->fd = NULL;
205 }
206 lobj = lobj->nxt;
207 }
208 }
209 }
210 }
211 exit(0);
212 break;
213 }
214 }
215 }
216 }
217
218
219 void
ArgusClientTimeout()220 ArgusClientTimeout ()
221 {
222 if ((ArgusParser->ArgusWfileList != NULL) && (!(ArgusListEmpty(ArgusParser->ArgusWfileList)))) {
223 struct ArgusWfileStruct *wfile = NULL;
224 struct ArgusListObjectStruct *lobj = NULL;
225 int i, count = ArgusParser->ArgusWfileList->count;
226
227 if ((lobj = ArgusParser->ArgusWfileList->start) != NULL) {
228 for (i = 0; i < count; i++) {
229 if ((wfile = (struct ArgusWfileStruct *) lobj) != NULL) {
230 if (wfile->fd != NULL)
231 fflush(wfile->fd);
232 }
233 lobj = lobj->nxt;
234 }
235 }
236 }
237
238 #ifdef ARGUSDEBUG
239 ArgusDebug (6, "ArgusClientTimeout()\n");
240 #endif
241 }
242
243 void
parse_arg(int argc,char ** argv)244 parse_arg (int argc, char**argv)
245 {}
246
247 void
usage()248 usage ()
249 {
250 extern char version[];
251
252 fprintf (stdout, "Ra Version %s\n", version);
253 fprintf (stdout, "usage: %s \n", ArgusParser->ArgusProgramName);
254 fprintf (stdout, "usage: %s [options] [- filter-expression]\n", ArgusParser->ArgusProgramName);
255
256 fprintf (stdout, "options: -A print record summaries on termination.\n");
257 fprintf (stdout, " -b dump packet-matching code.\n");
258 fprintf (stdout, " -c <char> specify a delimiter <char> for output columns.\n");
259 fprintf (stdout, " -C <[host]:port> specify Cisco Netflow source.\n");
260 #if defined (ARGUSDEBUG)
261 fprintf (stdout, " -D <level> specify debug level\n");
262 #endif
263 fprintf (stdout, " -e <regex> match regular expression in flow user data fields.\n");
264 fprintf (stdout, " Prepend the regex with either \"s:\" or \"d:\" to limit the match\n");
265 fprintf (stdout, " to either the source or destination user data fields.\n");
266 fprintf (stdout, " -E <file> write records that are rejected by the filter into <file>\n");
267 fprintf (stdout, " -F <conffile> read configuration from <conffile>.\n");
268 fprintf (stdout, " -h print help.\n");
269 fprintf (stdout, " -H abbreviate numeric values. Use -p option to control precision.\n");
270 fprintf (stdout, " -M <option> specify a Mode of operation.\n");
271 fprintf (stdout, " rmon convert bi-directional flow data to RMON in/out stats\n");
272 fprintf (stdout, " poll attach to remote server to get MAR and then disconnect\n");
273 fprintf (stdout, " xml print output in xml format\n");
274 fprintf (stdout, " TZ='timezone' set TZ environment variable with timezone string\n");
275 fprintf (stdout, " saslmech='mech' specify the sasl mechanism to use for this connection\n");
276 fprintf (stdout, " label='str' specify label matching expression\n");
277 fprintf (stdout, " printer='printer' specify user data printing format\n");
278 fprintf (stdout, " ascii print user data using ascii encoding\n");
279 fprintf (stdout, " obfuscate print user data using ascii` encoding, obfuscate passwords\n");
280 fprintf (stdout, " encode32 print user data using encode32 encoding\n");
281 fprintf (stdout, " encode64 print user data using encode64 encoding\n");
282 fprintf (stdout, " hex print user data using hex encoding\n");
283 fprintf (stdout, " dsrs='strip str' specify input dsrs (see rastrip.1)\n");
284 fprintf (stdout, " sql='str' use str as \"WHERE\" clause in sql call.\n");
285 fprintf (stdout, " disa Use US DISA diff-serve encodings\n");
286 fprintf (stdout, " -n don't convert numbers to names.\n");
287 fprintf (stdout, " -N [io]<num> process the first <num> records in the stream. Optional initial char\n");
288 fprintf (stdout, " specifies the input or output stream. The default is 'i'nput.\n");
289 fprintf (stdout, " [io]<start-end> process this inclusive range of matching records.\n");
290 fprintf (stdout, " [io]<start+num> process this number of matching records, starting at start.\n");
291 fprintf (stdout, " -p <digits> print fractional time with <digits> precision.\n");
292 fprintf (stdout, " -q quiet mode. don't print record outputs.\n");
293 fprintf (stdout, " -r <[type:]file[::ostart[:ostop]] ...>\n");
294 fprintf (stdout, " read <type> data from <file>. '-' denotes stdin.\n");
295 fprintf (stdout, " types supported are argus (default), 'cisco' and 'ft' (flow-tools)\n");
296 fprintf (stdout, " optionally provide starting and ending byte offsets\n");
297 fprintf (stdout, " for seeking into file. Must be legitimate record boundaries.\n");
298 fprintf (stdout, " -R <dir> recursively process files in directory\n");
299 fprintf (stdout, " -s [-][+[#]]field[:w] specify fields to print.\n");
300 fprintf (stdout, " fields: srcid, stime, ltime, sstime, dstime, sltime, dltime,\n");
301 fprintf (stdout, " trans, seq, flgs, dur, avgdur, stddev, mindur, maxdur,\n");
302 fprintf (stdout, " saddr, daddr, proto, sport, dport, stos, dtos, sdsb, ddsb\n");
303 fprintf (stdout, " sco, dco, sttl, dttl, sipid, dipid, smpls, dmpls, svlan, dvlan\n");
304 fprintf (stdout, " svid, dvid, svpri, dvpri, [s|d]pkts, [s|d]bytes,\n");
305 fprintf (stdout, " [s||d]appbytes, [s|d]load, [s|d]loss, [s|d]ploss, [s|d]rate,\n");
306 fprintf (stdout, " smac, dmac, dir, [s|d]intpkt, [s|d]jit, state, suser, duser,\n");
307 fprintf (stdout, " swin, dwin, trans, srng, erng, stcpb, dtcpb, tcprtt, inode,\n");
308 fprintf (stdout, " offset, smaxsz, dmaxsz, sminsz, dminsz\n");
309 fprintf (stdout, " -S <[user[:pass]@]host[:port]> specify remote argus and optional port number\n");
310 fprintf (stdout, " -S <URI://[user[:pass]@]host[:port]> \n");
311 fprintf (stdout, " URI : argus-udp \n");
312 fprintf (stdout, " argus-tcp \n");
313 fprintf (stdout, " argus \n");
314 fprintf (stdout, " \n");
315 fprintf (stdout, " -t <timerange> specify <timerange> for reading records.\n");
316 fprintf (stdout, " format: timeSpecification[-timeSpecification]\n");
317 fprintf (stdout, " timeSpecification: [[[yyyy/]mm/]dd.]hh[:mm[:ss]]\n");
318 fprintf (stdout, " [yyyy/]mm/dd\n");
319 fprintf (stdout, " -%%d{yMdhms}\n");
320 fprintf (stdout, " -T <secs> attach to remote server for T seconds.\n");
321 fprintf (stdout, " -u print time in Unix time format.\n");
322 #ifdef ARGUS_SASL
323 fprintf (stdout, " -U <user/auth> specify <user/auth> authentication information.\n");
324 #endif
325 fprintf (stdout, " -w <file> write output to <file>. '-' denotes stdout.\n");
326 fprintf (stdout, " -X don't read default rarc file.\n");
327 fprintf (stdout, " -z print Argus TCP state changes.\n");
328 fprintf (stdout, " -Z <s|d|b> print actual TCP flag values.\n");
329 fprintf (stdout, " <'s'rc | 'd'st | 'b'oth>\n");
330 fflush (stdout);
331 exit(1);
332 }
333
334 void RaProcessThisRecord (struct ArgusParserStruct *, struct ArgusRecordStruct *);
335
336 void
RaProcessRecord(struct ArgusParserStruct * parser,struct ArgusRecordStruct * argus)337 RaProcessRecord (struct ArgusParserStruct *parser, struct ArgusRecordStruct *argus)
338 {
339 switch (argus->hdr.type & 0xF0) {
340 case ARGUS_MAR:
341 RaProcessManRecord (parser, argus);
342 break;
343
344 case ARGUS_EVENT:
345 RaProcessEventRecord (parser, argus);
346 break;
347
348 case ARGUS_NETFLOW:
349 case ARGUS_FAR: {
350 if (ArgusParser->Aflag) {
351 struct ArgusMetricStruct *metric = (void *)argus->dsrs[ARGUS_METRIC_INDEX];
352
353 if (metric != NULL) {
354 parser->ArgusTotalPkts += metric->src.pkts;
355 parser->ArgusTotalPkts += metric->dst.pkts;
356 parser->ArgusTotalBytes += metric->src.bytes;
357 parser->ArgusTotalBytes += metric->dst.bytes;
358 }
359 }
360
361 if ((parser->RaMonMode) || (parser->RaUniMode)) {
362 struct ArgusRecordStruct *tns = ArgusCopyRecordStruct(argus);
363 struct ArgusFlow *flow;
364
365 if ((flow = (void *)argus->dsrs[ARGUS_FLOW_INDEX]) != NULL) {
366 flow->hdr.subtype &= ~ARGUS_REVERSE;
367 flow->hdr.argus_dsrvl8.qual &= ~ARGUS_DIRECTION;
368 }
369
370 RaProcessThisRecord(parser, argus);
371 ArgusReverseRecord(tns);
372
373 if ((flow = (void *)tns->dsrs[ARGUS_FLOW_INDEX]) != NULL) {
374 flow->hdr.subtype &= ~ARGUS_REVERSE;
375 flow->hdr.argus_dsrvl8.qual &= ~ARGUS_DIRECTION;
376 }
377
378 RaProcessThisRecord(parser, tns);
379 ArgusDeleteRecordStruct(parser, tns);
380
381 } else {
382 RaProcessThisRecord(parser, argus);
383 }
384 }
385 }
386 }
387
388
389 extern void ArgusUniDirectionalRecord (struct ArgusRecordStruct *argus);
390
391 void
RaProcessThisRecord(struct ArgusParserStruct * parser,struct ArgusRecordStruct * argus)392 RaProcessThisRecord (struct ArgusParserStruct *parser, struct ArgusRecordStruct *argus)
393 {
394 static char buf[MAXSTRLEN];
395
396 if (parser->RaUniMode) {
397 struct ArgusMetricStruct *metric = (void *)argus->dsrs[ARGUS_METRIC_INDEX];
398
399 ArgusUniDirectionalRecord (argus);
400 if (metric->src.pkts == 0)
401 return;
402 }
403
404 switch (parser->ArgusPassNum) {
405 case 2: {
406 if (parser->Pctflag) {
407 if (parser->ns == NULL) {
408 parser->ns = ArgusCopyRecordStruct(argus);
409 } else {
410 ArgusMergeRecords (parser->ArgusAggregator, parser->ns, argus);
411 }
412 }
413 break;
414 }
415
416 case 1: {
417 if (parser->ArgusWfileList != NULL) {
418 struct ArgusWfileStruct *wfile = NULL;
419 struct ArgusListObjectStruct *lobj = NULL;
420 int i, count = parser->ArgusWfileList->count;
421
422 if ((lobj = parser->ArgusWfileList->start) != NULL) {
423 for (i = 0; i < count; i++) {
424 if ((wfile = (struct ArgusWfileStruct *) lobj) != NULL) {
425 int retn = 1;
426 if (wfile->filterstr) {
427 struct nff_insn *wfcode = wfile->filter.bf_insns;
428 retn = ArgusFilterRecord (wfcode, argus);
429 }
430
431 if (retn != 0) {
432 argus->rank = RaPrintCounter++;
433
434 if ((ArgusParser->eNoflag == 0 ) || ((ArgusParser->eNoflag >= argus->rank) && (ArgusParser->sNoflag <= argus->rank))) {
435 if ((parser->exceptfile == NULL) || strcmp(wfile->filename, parser->exceptfile)) {
436 struct ArgusRecord *argusrec = NULL;
437 static char sbuf[0x10000];
438
439 if ((argusrec = ArgusGenerateRecord (argus, 0L, sbuf)) != NULL) {
440 #ifdef _LITTLE_ENDIAN
441 ArgusHtoN(argusrec);
442 #endif
443 ArgusWriteNewLogfile (parser, argus->input, wfile, argusrec);
444 }
445 }
446
447 } else {
448 if (ArgusParser->eNoflag < argus->rank)
449 break;
450 }
451 }
452 }
453
454 lobj = lobj->nxt;
455 }
456 }
457
458 } else {
459 if (!parser->qflag) {
460 int retn = 0;
461 if (parser->Lflag && !(parser->ArgusPrintXml)) {
462 if (parser->RaLabel == NULL)
463 parser->RaLabel = ArgusGenerateLabel(parser, argus);
464
465 if (!(parser->RaLabelCounter++ % parser->Lflag))
466 if ((retn = printf ("%s\n", parser->RaLabel)) < 0)
467 RaParseComplete (SIGQUIT);
468
469 if (parser->Lflag < 0)
470 parser->Lflag = 0;
471 }
472
473 bzero (buf, sizeof(buf));
474 argus->rank = RaPrintCounter++;
475
476 if ((ArgusParser->eNoflag == 0 ) || ((ArgusParser->eNoflag >= argus->rank) && (ArgusParser->sNoflag <= argus->rank))) {
477 ArgusPrintRecord(parser, buf, argus, MAXSTRLEN);
478
479 if ((retn = fprintf (stdout, "%s", buf)) < 0)
480 RaParseComplete (SIGQUIT);
481
482 if (parser->eflag == ARGUS_HEXDUMP) {
483 int i;
484 for (i = 0; i < MAX_PRINT_ALG_TYPES; i++) {
485 if (parser->RaPrintAlgorithmList[i] != NULL) {
486 struct ArgusDataStruct *user = NULL;
487 if (parser->RaPrintAlgorithmList[i]->print == ArgusPrintSrcUserData) {
488 int slen = 0, len = parser->RaPrintAlgorithmList[i]->length;
489 if (len > 0) {
490 if ((user = (struct ArgusDataStruct *)argus->dsrs[ARGUS_SRCUSERDATA_INDEX]) != NULL) {
491 if (user->hdr.type == ARGUS_DATA_DSR) {
492 slen = (user->hdr.argus_dsrvl16.len - 2 ) * 4;
493 } else
494 slen = (user->hdr.argus_dsrvl8.len - 2 ) * 4;
495
496 slen = (user->count < slen) ? user->count : slen;
497 slen = (slen > len) ? len : slen;
498 ArgusDump ((const u_char *) &user->array, slen, " ");
499 }
500 }
501 }
502 if (parser->RaPrintAlgorithmList[i]->print == ArgusPrintDstUserData) {
503 int slen = 0, len = parser->RaPrintAlgorithmList[i]->length;
504 if (len > 0) {
505 if ((user = (struct ArgusDataStruct *)argus->dsrs[ARGUS_DSTUSERDATA_INDEX]) != NULL) {
506 if (user->hdr.type == ARGUS_DATA_DSR) {
507 slen = (user->hdr.argus_dsrvl16.len - 2 ) * 4;
508 } else
509 slen = (user->hdr.argus_dsrvl8.len - 2 ) * 4;
510
511 slen = (user->count < slen) ? user->count : slen;
512 slen = (slen > len) ? len : slen;
513 ArgusDump ((const u_char *) &user->array, slen, " ");
514 }
515 }
516 }
517 } else
518 break;
519 }
520 }
521
522 fprintf (stdout, "\n");
523 fflush (stdout);
524
525 } else {
526 if ((ArgusParser->eNoflag != 0 ) && (ArgusParser->eNoflag < argus->rank))
527 RaParseComplete (SIGQUIT);
528 }
529 }
530 }
531 }
532 }
533 }
534
535 void
RaProcessManRecord(struct ArgusParserStruct * parser,struct ArgusRecordStruct * argus)536 RaProcessManRecord (struct ArgusParserStruct *parser, struct ArgusRecordStruct *argus)
537 {
538 static char buf[MAXSTRLEN];
539
540 if (parser->ArgusWfileList != NULL) {
541 struct ArgusWfileStruct *wfile = NULL;
542 struct ArgusListObjectStruct *lobj = NULL;
543 int i, count = parser->ArgusWfileList->count;
544
545 if ((lobj = parser->ArgusWfileList->start) != NULL) {
546 for (i = 0; i < count; i++) {
547 if ((wfile = (struct ArgusWfileStruct *) lobj) != NULL) {
548 int retn = 1;
549 if (wfile->filterstr) {
550 struct nff_insn *wfcode = wfile->filter.bf_insns;
551 retn = ArgusFilterRecord (wfcode, argus);
552 }
553
554 if (retn != 0) {
555 struct ArgusRecord *argusrec = NULL;
556 if ((parser->exceptfile == NULL) || strcmp(wfile->filename, parser->exceptfile)) {
557 if (argus->status & ARGUS_INIT_MAR) {
558 argusrec = &argus->input->ArgusInitCon;
559 } else {
560 static char sbuf[0x10000];
561 if ((argusrec = ArgusGenerateRecord (argus, 0L, sbuf)) != NULL) {
562 #ifdef _LITTLE_ENDIAN
563 ArgusHtoN(argusrec);
564 #endif
565 }
566 }
567 if (argusrec != NULL)
568 ArgusWriteNewLogfile (parser, argus->input, wfile, argusrec);
569 }
570 }
571 }
572
573 lobj = lobj->nxt;
574 }
575 }
576
577 } else {
578
579 if ((parser->ArgusPrintMan) && (!parser->qflag)) {
580 if (parser->Lflag && !(parser->ArgusPrintXml)) {
581 if (parser->RaLabel == NULL)
582 parser->RaLabel = ArgusGenerateLabel(parser, argus);
583
584 if (!(parser->RaLabelCounter++ % parser->Lflag))
585 printf ("%s\n", parser->RaLabel);
586
587 if (parser->Lflag < 0)
588 parser->Lflag = 0;
589 }
590
591 bzero (buf, sizeof(buf));
592 if (argus->dsrs[0] != NULL) {
593 ArgusPrintRecord(parser, buf, argus, MAXSTRLEN);
594 if (fprintf (stdout, "%s\n", buf) < 0)
595 RaParseComplete (SIGQUIT);
596 }
597 fflush (stdout);
598 }
599 }
600
601 #ifdef ARGUSDEBUG
602 {
603 struct ArgusRecord *rec = (struct ArgusRecord *)argus->dsrs[0];
604 if (rec != NULL) {
605 struct ArgusMarStruct *mar = &rec->ar_un.mar;
606 ArgusDebug (6, "RaProcessManRecord (0x%x, 0x%x) mar parsed 0x%x", parser, argus, mar);
607 }
608 }
609 #endif
610 }
611
612
613 void
RaProcessEventRecord(struct ArgusParserStruct * parser,struct ArgusRecordStruct * argus)614 RaProcessEventRecord (struct ArgusParserStruct *parser, struct ArgusRecordStruct *argus)
615 {
616 static char buf[MAXSTRLEN];
617
618 if (parser->ArgusWfileList != NULL) {
619 struct ArgusWfileStruct *wfile = NULL;
620 struct ArgusListObjectStruct *lobj = NULL;
621 int i, count = parser->ArgusWfileList->count;
622
623 if ((lobj = parser->ArgusWfileList->start) != NULL) {
624 for (i = 0; i < count; i++) {
625 if ((wfile = (struct ArgusWfileStruct *) lobj) != NULL) {
626 int retn = 1;
627 if (wfile->filterstr) {
628 struct nff_insn *wfcode = wfile->filter.bf_insns;
629 retn = ArgusFilterRecord (wfcode, argus);
630 }
631
632 if (retn != 0) {
633 if ((parser->exceptfile == NULL) || strcmp(wfile->filename, parser->exceptfile)) {
634 struct ArgusRecord *argusrec = NULL;
635 static char sbuf[0x10000];
636 if ((argusrec = ArgusGenerateRecord (argus, 0L, sbuf)) != NULL) {
637 #ifdef _LITTLE_ENDIAN
638 ArgusHtoN(argusrec);
639 #endif
640 ArgusWriteNewLogfile (parser, argus->input, wfile, argusrec);
641 }
642 }
643 }
644 }
645
646 lobj = lobj->nxt;
647 }
648 }
649
650 } else {
651
652 if ((parser->ArgusPrintEvent) && (!parser->qflag)) {
653 if (parser->Lflag && !(parser->ArgusPrintXml)) {
654 if (parser->RaLabel == NULL)
655 parser->RaLabel = ArgusGenerateLabel(parser, argus);
656
657 if (!(parser->RaLabelCounter++ % parser->Lflag))
658 printf ("%s\n", parser->RaLabel);
659
660 if (parser->Lflag < 0)
661 parser->Lflag = 0;
662 }
663
664 bzero (buf, sizeof(buf));
665 ArgusPrintRecord(parser, buf, argus, MAXSTRLEN);
666
667 if (fprintf (stdout, "%s\n", buf) < 0)
668 RaParseComplete (SIGQUIT);
669 fflush (stdout);
670 }
671 }
672
673 #ifdef ARGUSDEBUG
674 {
675 struct ArgusRecord *rec = (struct ArgusRecord *)argus->dsrs[0];
676
677 if (rec != NULL) {
678 struct ArgusEventStruct *event = &rec->ar_un.event;
679 ArgusDebug (6, "RaProcessEventRecord (0x%x, 0x%x) event parsed 0x%x", parser, argus, event);
680 }
681 }
682 #endif
683 }
684
RaSendArgusRecord(struct ArgusRecordStruct * argus)685 int RaSendArgusRecord(struct ArgusRecordStruct *argus) {return 0;}
686
687 void ArgusWindowClose(void);
688
ArgusWindowClose(void)689 void ArgusWindowClose(void) {
690 #ifdef ARGUSDEBUG
691 ArgusDebug (6, "ArgusWindowClose () returning\n");
692 #endif
693 }
694