** terms of the GNU General Public License, see the file COPYING.
***********************************************************************************/
-function linux_log () {
+function linux_log ()
+{
/* The function linux_log will seperate the logline in several elements. This will
* ease the work of recognizing the type of logline. Once this has been detected
* the correct module will start using the data for a log_adv-table.
*/
global $dbms;
+ global $developrelease;
$local_log_string = str_replace(" ", " ", $dbms->db_result_row[6]);
$local_logline_array = explode (" ", $local_log_string);
- switch (strtolower($local_logline_array[4])) {
+ switch (strtolower($local_logline_array[4]))
+ {
case "kernel:":
//This is a kernel logline now discover which type kernel-record we have
//Detect if this is a network-line
- if (strtolower(substr($local_logline_array[5],0,3)) == "in=") {
+ if (strtolower(substr($local_logline_array[5],0,3)) == "in=")
+ {
//this is a networkline call the processing the routines
$local_result = linux_kernel_network();
return $local_result;
- } else {
- $local_failing_string = "Failing string: ".$dbms->db_result_row[5];
- syslog (LOG_INFO, "Unrecognized kernelline");
- syslog (LOG_INFO, $local_failing_string);
- return "FALSE";
}
+ else
+ {
+ if (strtolower($local_logline_array[4]) == 'device')
+ {
+ $local_result = linux_kernel_device();
+ return $local_result;
+ }
+ else
+ {
+ if ($developrelease == 'TRUE')
+ {
+ $local_failing_string = "Failing string: ".$dbms->db_result_row[5];
+ syslog (LOG_INFO, "Unrecognized kernelline:".$local_log_string);
+ syslog (LOG_INFO, $local_failing_string);
+ }
+
+ return "FALSE";
+
+ }
+ } // <=== We were missing this brace
break;
+
default:
break;
}
- }
+}
function linux_kernel_network() {
* that cannot be identified a notification will be written to the logbook
* for easy expansion of this routine.
* INPUT : NONE
- * GLOBALS : $dmbs
+ * GLOBALS : $dbms, $dbms_working;
* OUTPUT : "TRUE" for success and "FALSE" for failure.
*/
global $dbms;
+ global $dbms_working;
$local_log_string = str_replace(" ", " ", $dbms->db_result_row[6]);
$local_logline_array = explode (" ", $local_log_string);
$local_len = 0;
$local_id = 0;
- $local_dbms = copy_db_class($dbms);
-
for ($i = 4; $i <= ( count($local_logline_array) - 1); $i++) {
//Process each element by exploding this based on the sign: =
$local_element = explode("=", $local_logline_array[$i]);
$local_sql_2 .= ", hw_address";
$local_sql_3 .= ", '".$local_element[1]."'";
break;
-
+
case "src":
$local_sql_2 .= ", source_ip";
$local_sql_3 .= ", '".$local_element[1]."'";
$local_sql_3 .= ", '".$local_element[1]."'";
break;
-
case "tos":
$local_sql_2 .= ", tos_bit";
$local_sql_3 .= ", '".$local_element[1]."'";
//Enter the data into the database
$local_sql = $local_sql_1." (".$local_sql_2.") VALUES (".$local_sql_3.")";
- $local_dbms->query($local_sql);
+ $dbms_working->query($local_sql);
$local_sql_1 = "INSERT INTO log_adv_kernel_network"; //BASIC STATEMENT
$local_sql_2 = "logid, detailed_table"; //FIELDS
$local_id = 0;
break;
default:
- $local_element[0];
+/* $local_element[0];
syslog(LOG_INFO, "Unrecognized kernel/network entry: ".$local_element[0]);
+
+*/
}
}
//Now that the data is complete create the SQL-statement
$local_sql = $local_sql_1." (".$local_sql_2.") VALUES (".$local_sql_3.")";
- $local_dbms->query($local_sql);
+ $dbms_working->query($local_sql);
RETURN "TRUE";
- }
+ }
+ function linux_kernel_device() {
+ /* This function is able to deal with the output of kernel-network messages
+ * coming from device related processes. Typically networkcard and other
+ * hardware-related data will show-up here
+ * INPUT : NONE
+ * GLOBALS : $dbms, $dbms_working
+ * OUTPUT : "TRUE" for success and "FALSE" for failure.
+ */
+
+ global $dbms, $dbms_working;
+
+ }
?>