1 #ifndef SH_LOGCHECK_H 2 #define SH_LOGCHECK_H 3 4 #include <sys/types.h> 5 #include <time.h> 6 7 /* Convert a struct tm to unix timestamp with caching 8 */ 9 time_t conv_timestamp (struct tm * btime, 10 struct tm * old_tm, time_t * old_time); 11 12 /* Definition of a log record entry, to be returned from parsing function. 13 */ 14 #define PID_INVALID 0 15 struct sh_logrecord 16 { 17 char * filename; 18 sh_string * host; 19 sh_string * timestr; 20 pid_t pid; 21 time_t timestamp; 22 sh_string * message; 23 }; 24 25 #define SH_LOGFILE_MOVED (1<<0) 26 #define SH_LOGFILE_REWIND (1<<1) 27 #define SH_LOGFILE_PIPE (1<<2) 28 #define SH_LOGFILE_NOFILE (1<<3) 29 30 struct sh_logfile 31 { 32 FILE * fp; 33 int flags; 34 char * filename; 35 dev_t device_id; 36 ino_t inode; 37 fpos_t offset; 38 39 /* Info for the parser, e.g. a regular expression 40 */ 41 void * fileinfo; 42 43 /* Callback function to read the next record 44 */ 45 sh_string * (*get_record) (sh_string * record, 46 struct sh_logfile * logfile); 47 48 /* Callback function to parse the record into standard format 49 */ 50 struct sh_logrecord * (*parse_record)(sh_string * logline, void * fileinfo); 51 52 struct sh_logfile * next; 53 }; 54 55 /* Generic callback function to parse fileinfo. 56 */ 57 void * sh_eval_fileinfo_generic(char * str); 58 59 /* Generic parser info. 60 */ 61 struct sh_logrecord * sh_parse_generic (sh_string * logline, void * fileinfo); 62 63 64 /**************************************************************** 65 ** 66 ** Parsing and reading functions 67 **/ 68 69 /* Open file, position at stored offset. */ 70 int sh_open_for_reader (struct sh_logfile * logfile); 71 72 /* Simple line reader for executed shell command */ 73 sh_string * sh_command_reader (sh_string * record, 74 struct sh_logfile * logfile); 75 76 /* Wrapper for sh_command_reader */ 77 sh_string * sh_read_shell (sh_string * record, struct sh_logfile * logfile); 78 79 /* Parses a shell command reply. */ 80 struct sh_logrecord * sh_parse_shell (sh_string * logline, void * fileinfo); 81 82 /* Simple line reader. */ 83 sh_string * sh_default_reader (sh_string * record, 84 struct sh_logfile * logfile); 85 86 /* Continued line reader. */ 87 sh_string * sh_cont_reader (sh_string * record, 88 struct sh_logfile * logfile, char * cont); 89 90 /* Binary reader */ 91 sh_string * sh_binary_reader (void * s, size_t size, struct sh_logfile * logfile); 92 93 /* Parses a syslog-style line. */ 94 struct sh_logrecord * sh_parse_syslog (sh_string * logline, void * fileinfo); 95 96 /* Format info for apache log. */ 97 void * sh_eval_fileinfo_apache(char * str); 98 99 /* Parses a apache-style line. */ 100 struct sh_logrecord * sh_parse_apache (sh_string * logline, void * fileinfo); 101 102 /* Get a pacct record */ 103 sh_string * sh_read_pacct (sh_string * record, struct sh_logfile * logfile); 104 105 /* Parses a pacct record. */ 106 struct sh_logrecord * sh_parse_pacct (sh_string * logline, void * fileinfo); 107 108 /* Get a samba record */ 109 sh_string * sh_read_samba (sh_string * record, struct sh_logfile * logfile); 110 111 /* Parses a samba record. */ 112 struct sh_logrecord * sh_parse_samba (sh_string * logline, void * fileinfo); 113 114 115 /** 116 *****************************************************************/ 117 118 int sh_get_hidepid(); 119 int sh_set_hidepid(const char *s); 120 121 #define SH_MAX_LCODE_SIZE 16 122 123 struct sh_logfile_type 124 { 125 char code[SH_MAX_LCODE_SIZE]; 126 127 /* read callback */ 128 /*@null@*/sh_string * (*get_record) (sh_string * record, 129 struct sh_logfile * logfile); 130 /* parsing callback */ 131 struct sh_logrecord * (*parse_record)(sh_string * logline, void * fileinfo); 132 133 /* evaluate fileinfo */ 134 void * (*eval_fileinfo)(char * str); 135 }; 136 137 138 #endif 139