***********************
** FILE NAME : message.cpp
** SYSTEM NAME : Gnucomo - Gnu Computer Monitoring
-** VERSION NUMBER : $Revision: 1.7 $
+** VERSION NUMBER : $Revision: 1.8 $
**
** DESCRIPTION : Implementation of the message handling classes
**
********************************
** ORIGINAL AUTHOR : Arjen Baart - arjen@andromeda.nl
** CREATION DATE : Sep 16, 2002
-** LAST UPDATE : Feb 19, 2003
+** LAST UPDATE : Feb 28, 2003
** MODIFICATIONS :
**************************************************************************/
/*****************************
$Log: message.cpp,v $
- Revision 1.7 2003-02-21 08:08:05 arjen
+ Revision 1.8 2003-03-16 09:42:40 arjen
+ Read IRIX system logs.
+
+ Revision 1.7 2003/02/21 08:08:05 arjen
Gcm_input also detects packages that are removed from the system.
Determining the version number of a package in a RPM
list is improved. Only the last one or two parts of the string that
*****************************/
-static const char *RCSID = "$Id: message.cpp,v 1.7 2003-02-21 08:08:05 arjen Exp $";
+static const char *RCSID = "$Id: message.cpp,v 1.8 2003-03-16 09:42:40 arjen Exp $";
#include <algorithm>
#include "message.h"
static const String unix_date_re("[[:alpha:]]{3} [[:alpha:]]{3} [ 123][0-9] [0-9]{2}:[0-9]{2}:[0-9]{2} [0-9]{4}");
static const regex re_syslog(syslog_date_re + " [[:alnum:]]+ [[:alpha:]]+.*:.+");
+static const regex re_syslog_irix(syslog_date_re + " [0-7][A-T]:[[:alnum:]]+ [[:alpha:]]+.*:.+");
static const regex re_PGP("-----BEGIN PGP MESSAGE-----");
static const regex re_dump("^ *DUMP: Date of this level");
static const regex re_accesslog("(GET|POST) .+ HTTP");
std::cout << "Syslog detected.\n";
}
}
+ else if (line == re_syslog_irix)
+ {
+ certainty = 1.0;
+ classification = SYSLOG_IRIX;
+ if (verbose)
+ {
+ std::cout << "IRIX Syslog detected.\n";
+ }
+ }
else if (line == re_PGP)
{
certainty = 1.0;
case SYSLOG:
check = &re_syslog;
break;
+ case SYSLOG_IRIX:
+ check = &re_syslog_irix;
+ break;
case ACCESSLOG:
check = &re_accesslog;
break;
}
break;
+ case SYSLOG_IRIX:
+ log_date = line;
+ log_time = line;
+ if (log_date.Year() < 0 || log_date.Year() > 2500)
+ {
+ // The year is not in the log file. Assume the year of arrival,
+ // unless this puts the log entry at a later date than the arrival date.
+ // This happens e.g. when a log entry from December arrives in Januari.
+
+ log_date = date(log_date.Day(), log_date.Month(), date(arrival).Year());
+ if (log_date > date(arrival))
+ {
+ log_date = date(log_date.Day(), log_date.Month(), date(arrival).Year() - 1);
+ }
+ }
+
+ if (verbose)
+ {
+ std::cout << " Log timestamp = " << log_date << " " << log_time << "\n";
+ }
+ rest = line << 19;
+ i = rest.index(' ');
+ if (rest(0,i) == hostname(0,i))
+ {
+ rest <<= i + 1;
+ if (verbose)
+ {
+ std::cout << " Hostname matches.\n";
+ std::cout << " rest = " << rest << "\n";
+ }
+ for (i = 0; isalpha(rest[i]) && i < ~rest; i++);
+ if (verbose)
+ {
+ std::cout << " Service name = " << rest(0,i) << "\n";
+ }
+
+ /* Insert a new record into the log table */
+
+ insertion += "'" + objectid + "',";
+ insertion += "'" + rest(0,i) + "',";
+ insertion += "'" + log_date.format("%Y-%m-%d") + " " + log_time.format() + "',";
+ insertion += "'" + arrival.format("%Y-%m-%d %T") + "',";
+ insertion += "'" + SQL_Escape(line) + "',FALSE";
+ insertion += ")";
+
+ if (testmode)
+ {
+ std::cout << insertion << "\n";
+ }
+ else
+ {
+ database.Query(insertion);
+ }
+
+ if (verbose)
+ {
+ std::cout << "\n\n";
+ }
+
+ nr_lines++;
+ }
+ else
+ {
+ std::cerr << " Hostname " << rest(0,i) << " does not match.\n";
+ }
+ break;
+
case ACCESSLOG:
datestring = line(regex("\\[.+\\]"));
datestring <<= 1;
***********************
** FILE NAME : message.h
** SYSTEM NAME :
-** VERSION NUMBER : $Revision: 1.4 $
+** VERSION NUMBER : $Revision: 1.5 $
**
** DESCRIPTION : Classes to for handling client messages
**
********************************
** ORIGINAL AUTHOR : Arjen Baart - arjen@andromeda.nl
** CREATION DATE : Sep 16, 2002
-** LAST UPDATE : Nov 04, 2002
+** LAST UPDATE : Feb 28, 2003
** MODIFICATIONS :
**************************************************************************/
/*****************************
$Log: message.h,v $
- Revision 1.4 2002-12-06 22:26:28 arjen
+ Revision 1.5 2003-03-16 09:42:40 arjen
+ Read IRIX system logs.
+
+ Revision 1.4 2002/12/06 22:26:28 arjen
Set the value of log.processed to FALSE when inserting a
new log entry into the database
When a syslog entry arrives from last year, gcm_input subtracts one from the
*****************************/
-/* static const char *RCSID = "$Id: message.h,v 1.4 2002-12-06 22:26:28 arjen Exp $"; */
+/* static const char *RCSID = "$Id: message.h,v 1.5 2003-03-16 09:42:40 arjen Exp $"; */
#include <iostream>
#include <list>
//
// RELATIONS :
// SEE ALSO :
-// LAST MODIFIED : Nov 04, 2002
+// LAST MODIFIED : Feb 28, 2003
///////////////////////////////////////////////////////////////////////////
*/
double certainty; // How certain are we about the message
enum
{
- UNKNOWN, SYSLOG, ACCESSLOG, ERRORLOG, RPMLIST
+ UNKNOWN, SYSLOG, SYSLOG_IRIX, ACCESSLOG, ERRORLOG, RPMLIST
} classification;