Revision d45a206f
Added by NOYB NOYB over 9 years ago
| src/etc/inc/filter_log.inc | ||
|---|---|---|
| 61 | 61 |
|
| 62 | 62 |
/* format filter logs */ |
| 63 | 63 |
function conv_log_filter($logfile, $nentries, $tail = 50, $filtertext = "", $filterinterface = null) {
|
| 64 |
global $config, $g; |
|
| 64 |
global $config, $g, $pattern;
|
|
| 65 | 65 |
|
| 66 | 66 |
/* Make sure this is a number before using it in a system call */ |
| 67 | 67 |
if (!(is_numeric($tail))) {
|
| ... | ... | |
| 88 | 88 |
else if ($logfile == "{$g['varlog_path']}/ppp.log") { $logfile_type = "system"; }
|
| 89 | 89 |
|
| 90 | 90 |
else if ($logfile == "{$g['varlog_path']}/vpn.log") { $logfile_type = "tbd"; }
|
| 91 |
else if ($logfile == "{$g['varlog_path']}/pptps.log") { $logfile_type = "tbd"; }
|
|
| 92 | 91 |
else if ($logfile == "{$g['varlog_path']}/poes.log") { $logfile_type = "tbd"; }
|
| 93 | 92 |
else if ($logfile == "{$g['varlog_path']}/l2tps.log") { $logfile_type = "tbd"; }
|
| 94 | 93 |
|
| ... | ... | |
| 98 | 97 |
|
| 99 | 98 |
else { $logfile_type = "unknown"; }
|
| 100 | 99 |
|
| 101 |
if ($logfile_type == 'firewall') {
|
|
| 102 |
$pattern = "filterlog:"; |
|
| 103 |
} |
|
| 104 |
else if ($logfile_type == 'system') {
|
|
| 105 | 100 |
|
| 106 |
$month_pattern = "[a-zA-Z]{3}";
|
|
| 107 |
$day_pattern = "[0-9]{1,2}";
|
|
| 108 |
$time_pattern = "[0-9]{2}:[0-9]{2}:[0-9]{2}";
|
|
| 101 |
# Common Regular Expression Patterns |
|
| 102 |
$month_pattern = "[a-zA-Z]{3}";
|
|
| 103 |
$day_pattern = "[0-9]{1,2}";
|
|
| 104 |
$time_pattern = "[0-9]{2}:[0-9]{2}:[0-9]{2}";
|
|
| 109 | 105 |
|
| 110 |
$date_pattern = "\(" . $month_pattern . "\ +" . $day_pattern . "\ +" . $time_pattern . "\)";
|
|
| 106 |
$date_pattern = "\(" . $month_pattern . "\ +" . $day_pattern . "\ +" . $time_pattern . "\)";
|
|
| 111 | 107 |
|
| 112 |
$host_pattern = "\(.*?\)"; |
|
| 113 |
# $host_pattern = "\([a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9]\)"; |
|
| 108 |
$host_pattern = "\(.*?\)"; |
|
| 109 |
# $host_pattern = "\([a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9]\)"; |
|
| 110 |
|
|
| 111 |
$process_pattern = "\(.*?\)\(?::\ +\)?"; |
|
| 112 |
$pid_pattern = "\(?:\\\[\([0-9:]*\)\\\]\)?:?"; |
|
| 113 |
$process_pid_pattern = $process_pattern . $pid_pattern; |
|
| 114 | 114 |
|
| 115 |
$process_pattern = "\(.*?\)\(?::\ +\)?"; |
|
| 116 |
$pid_pattern = "\(?:\[[0-9:]*\]\)?:?"; |
|
| 117 |
$process_pid_pattern = $process_pattern . $pid_pattern; |
|
| 115 |
$log_message_pattern = "\(.*\)"; |
|
| 118 | 116 |
|
| 119 |
$log_message_pattern = "\(.*\)"; |
|
| 120 | 117 |
|
| 118 |
# Construct RegEx for specific log file type. |
|
| 119 |
if ($logfile_type == 'firewall') {
|
|
| 120 |
$pattern = "filterlog:"; |
|
| 121 |
} |
|
| 122 |
else if ($logfile_type == 'system') {
|
|
| 121 | 123 |
$pattern = "^" . $date_pattern . "\ +" . $host_pattern . "\ +" . $process_pid_pattern . "\ +" . $log_message_pattern . "$"; |
| 122 | 124 |
} |
| 123 | 125 |
else if ($logfile_type == 'tbd') {
|
| 124 | 126 |
$pattern = "^\(.*\)$"; |
| 125 | 127 |
} |
| 126 | 128 |
else if ($logfile_type == 'unknown') {
|
| 127 |
$pattern = "^\(.*\)$";
|
|
| 129 |
$pattern = "^" . $date_pattern . "\ +" . $log_message_pattern . "$";
|
|
| 128 | 130 |
} |
| 129 | 131 |
else {
|
| 130 | 132 |
$pattern = "^\(.*\)$"; |
| 131 | 133 |
} |
| 132 | 134 |
|
| 135 |
|
|
| 136 |
# Get a bunch of log entries. |
|
| 133 | 137 |
if (isset($config['system']['usefifolog'])) {
|
| 134 | 138 |
exec("/usr/sbin/fifolog_reader " . escapeshellarg($logfile) . " | /usr/bin/grep -E $pattern | /usr/bin/tail -r -n {$tail}", $logarr);
|
| 135 | 139 |
} else {
|
| 136 | 140 |
exec("/usr/local/sbin/clog " . escapeshellarg($logfile) . " | /usr/bin/grep -v \"CLOG\" | /usr/bin/grep -v \"\033\" | /usr/bin/grep -E $pattern | /usr/bin/tail -r -n {$tail}", $logarr);
|
| 137 | 141 |
} |
| 138 | 142 |
|
| 143 |
|
|
| 144 |
# Remove escapes and fix up the pattern for preg_match. |
|
| 145 |
$pattern = '/' . $pattern . '/'; |
|
| 146 |
$pattern = str_replace('\(', '(', $pattern);
|
|
| 147 |
$pattern = str_replace('\)', ')', $pattern);
|
|
| 148 |
$pattern = str_replace('\[', '[', $pattern);
|
|
| 149 |
$pattern = str_replace('\]', ']', $pattern);
|
|
| 150 |
|
|
| 151 |
|
|
| 139 | 152 |
$filterlog = array(); |
| 140 | 153 |
$counter = 0; |
| 141 | 154 |
|
| ... | ... | |
| 222 | 235 |
} |
| 223 | 236 |
|
| 224 | 237 |
function parse_unknown_log_line($line) {
|
| 225 |
global $config, $g; |
|
| 238 |
global $config, $g, $pattern;
|
|
| 226 | 239 |
|
| 227 | 240 |
$flent = array(); |
| 228 | 241 |
$log_split = ""; |
| 229 | 242 |
|
| 230 |
$month_pattern = "[a-zA-Z]{3}";
|
|
| 231 |
$day_pattern = "[0-9]{1,2}";
|
|
| 232 |
$time_pattern = "[0-9]{2}:[0-9]{2}:[0-9]{2}";
|
|
| 233 |
|
|
| 234 |
$date_pattern = "(" . $month_pattern . "\ +" . $day_pattern . "\ +" . $time_pattern . ")";
|
|
| 235 |
|
|
| 236 |
$log_message_pattern = "(.*)"; |
|
| 237 |
|
|
| 238 |
$pattern = "/^" . $date_pattern . "\ +" . $log_message_pattern . "$/"; |
|
| 239 |
|
|
| 240 | 243 |
if (!preg_match($pattern, $line, $log_split)) {
|
| 241 | 244 |
return ""; |
| 242 | 245 |
} |
| ... | ... | |
| 255 | 258 |
} |
| 256 | 259 |
|
| 257 | 260 |
function parse_system_log_line($line) {
|
| 258 |
global $config, $g; |
|
| 261 |
global $config, $g, $pattern;
|
|
| 259 | 262 |
|
| 260 | 263 |
$flent = array(); |
| 261 | 264 |
$log_split = ""; |
| 262 | 265 |
|
| 263 |
$month_pattern = "[a-zA-Z]{3}";
|
|
| 264 |
$day_pattern = "[0-9]{1,2}";
|
|
| 265 |
$time_pattern = "[0-9]{2}:[0-9]{2}:[0-9]{2}";
|
|
| 266 |
|
|
| 267 |
$date_pattern = "(" . $month_pattern . "\ +" . $day_pattern . "\ +" . $time_pattern . ")";
|
|
| 268 |
|
|
| 269 |
$host_pattern = "(.*?)"; |
|
| 270 |
# $host_pattern = "([a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])"; |
|
| 271 |
|
|
| 272 |
$process_pattern = "(.*?)(?::\ +)?"; |
|
| 273 |
$pid_pattern = "(?:\[([0-9:]*)\])?:?"; |
|
| 274 |
$process_pid_pattern = $process_pattern . $pid_pattern; |
|
| 275 |
|
|
| 276 |
$log_message_pattern = "(.*)"; |
|
| 277 |
|
|
| 278 |
$pattern = "/^" . $date_pattern . "\ +" . $host_pattern . "\ +" . $process_pid_pattern . "\ +" . $log_message_pattern . "$/"; |
|
| 279 |
|
|
| 280 | 266 |
if (!preg_match($pattern, $line, $log_split)) {
|
| 281 | 267 |
return ""; |
| 282 | 268 |
} |
Also available in: Unified diff
Consolidate conv_log_filter RegEx Patterns
Consolidate common regex patterns.
Use pattern globally in parse functions.