diff options
Diffstat (limited to 'utility/logparse.c')
-rw-r--r-- | utility/logparse.c | 80 |
1 files changed, 69 insertions, 11 deletions
diff --git a/utility/logparse.c b/utility/logparse.c index 6a21964..ac70ee2 100644 --- a/utility/logparse.c +++ b/utility/logparse.c | |||
@@ -349,12 +349,12 @@ apr_status_t parse_logfile(config_t *cfg, const char *filename) | |||
349 | apr_pool_create(&tp, cfg->pool); | 349 | apr_pool_create(&tp, cfg->pool); |
350 | apr_pool_create(&targp, tp); | 350 | apr_pool_create(&targp, tp); |
351 | 351 | ||
352 | logging_log(cfg, LOGLEVEL_NOTICE, "Begin Parsing Log File '%s'", filename); | 352 | logging_log(cfg, LOGLEVEL_NOTICE, "PARSER: Begin Parsing Log File '%s'", filename); |
353 | 353 | ||
354 | rv = apr_file_open(&file, filename, APR_FOPEN_READ | APR_BUFFERED, | 354 | rv = apr_file_open(&file, filename, APR_FOPEN_READ | APR_BUFFERED, |
355 | APR_OS_DEFAULT, tp); | 355 | APR_OS_DEFAULT, tp); |
356 | if (rv != APR_SUCCESS) { | 356 | if (rv != APR_SUCCESS) { |
357 | logging_log(cfg, LOGLEVEL_NOISE, "Could not open %s", filename); | 357 | logging_log(cfg, LOGLEVEL_NOISE, "PARSER: Could not open %s", filename); |
358 | return rv; | 358 | return rv; |
359 | } | 359 | } |
360 | 360 | ||
@@ -362,17 +362,38 @@ apr_status_t parse_logfile(config_t *cfg, const char *filename) | |||
362 | do { | 362 | do { |
363 | rv = apr_file_gets(buff, 1024, file); | 363 | rv = apr_file_gets(buff, 1024, file); |
364 | if (rv == APR_SUCCESS) { | 364 | if (rv == APR_SUCCESS) { |
365 | int i,m, cont = 0; | ||
366 | config_filter_t *filters; | ||
367 | |||
365 | line++; | 368 | line++; |
366 | // chomp off newline | 369 | // chomp off newline |
367 | line_chomp(buff); | 370 | line_chomp(buff); |
371 | // Run line filters | ||
372 | for (i=0, m=cfg->linefilters->nelts, | ||
373 | filters = (config_filter_t *)cfg->linefilters->elts; | ||
374 | i<m; i++) { | ||
375 | if (!filters[i].regex || ap_regexec(filters[i].regex, buff, 0, NULL,0)==0) { | ||
376 | if (filters[i].negative) { | ||
377 | logging_log(cfg, LOGLEVEL_DEBUG, | ||
378 | "PARSER: LINEFILTER: Skipping Line %d due to Filter (%d)%s", | ||
379 | line, i, filters[i].filter); | ||
380 | cont = 1; | ||
381 | } else { | ||
382 | logging_log(cfg, LOGLEVEL_DEBUG, | ||
383 | "PARSER: LINEFILTER: Force Parsing Line %d due to Filter (%d)%s", | ||
384 | line, i, filters[i].filter); | ||
385 | } | ||
386 | break; | ||
387 | } | ||
388 | } | ||
389 | if (cont) continue; | ||
368 | 390 | ||
369 | apr_pool_clear(targp); | 391 | apr_pool_clear(targp); |
370 | tokenize_logline(buff, &targv, targp, 0); | 392 | tokenize_logline(buff, &targv, targp, 0); |
371 | targc = 0; | 393 | targc = 0; |
372 | while (targv[targc]) | 394 | while (targv[targc]) |
373 | targc++; | 395 | targc++; |
374 | /** @todo Run Line Filters here */ | 396 | rv = parse_processline(targp, cfg, line, targv, targc); |
375 | rv = parse_processline(targp, cfg, targv, targc); | ||
376 | if (rv != APR_SUCCESS) { | 397 | if (rv != APR_SUCCESS) { |
377 | int i; | 398 | int i; |
378 | logging_log(cfg, LOGLEVEL_ERROR, "Line %d(%d): %s", line, | 399 | logging_log(cfg, LOGLEVEL_ERROR, "Line %d(%d): %s", line, |
@@ -387,21 +408,22 @@ apr_status_t parse_logfile(config_t *cfg, const char *filename) | |||
387 | apr_file_close(file); | 408 | apr_file_close(file); |
388 | apr_pool_destroy(tp); | 409 | apr_pool_destroy(tp); |
389 | logging_log(cfg, LOGLEVEL_NOTICE, | 410 | logging_log(cfg, LOGLEVEL_NOTICE, |
390 | "Finish Parsing Log File '%s'. Lines: %d", filename, line); | 411 | "PARSER: Finish Parsing Log File '%s'. Lines: %d", filename, line); |
391 | 412 | ||
392 | return APR_SUCCESS; | 413 | return APR_SUCCESS; |
393 | } | 414 | } |
394 | 415 | ||
395 | apr_status_t parse_processline(apr_pool_t *ptemp, config_t *cfg, char **argv, | 416 | apr_status_t parse_processline(apr_pool_t *ptemp, config_t *cfg, int line, |
396 | int argc) | 417 | char **argv, int argc) |
397 | { | 418 | { |
398 | config_logformat_t *fmt; | 419 | config_logformat_t *fmt; |
399 | config_logformat_field_t *ifields; | 420 | config_logformat_field_t *ifields; |
400 | config_output_field_t *ofields; | 421 | config_output_field_t *ofields; |
422 | config_filter_t *filters; | ||
401 | apr_table_t *datain; | 423 | apr_table_t *datain; |
402 | apr_table_t *dataout; | 424 | apr_table_t *dataout; |
403 | apr_status_t rv= APR_SUCCESS; | 425 | apr_status_t rv= APR_SUCCESS; |
404 | int i; | 426 | int i,m; |
405 | 427 | ||
406 | fmt = apr_hash_get(cfg->log_formats, cfg->logformat, APR_HASH_KEY_STRING); | 428 | fmt = apr_hash_get(cfg->log_formats, cfg->logformat, APR_HASH_KEY_STRING); |
407 | if (!fmt) | 429 | if (!fmt) |
@@ -416,13 +438,31 @@ apr_status_t parse_processline(apr_pool_t *ptemp, config_t *cfg, char **argv, | |||
416 | for (i=0; i<fmt->fields->nelts; i++) { | 438 | for (i=0; i<fmt->fields->nelts; i++) { |
417 | apr_table_setn(datain, ifields[i].name, argv[i]); | 439 | apr_table_setn(datain, ifields[i].name, argv[i]); |
418 | } | 440 | } |
419 | /** @todo Run Pre Filters here */ | 441 | // Run Pre Filters |
442 | for (i=0, m=cfg->prefilters->nelts, | ||
443 | filters = (config_filter_t *)cfg->prefilters->elts; | ||
444 | i<m; i++) { | ||
445 | const char *temp = apr_table_get(datain, filters[i].field); | ||
446 | if (temp && (!filters[i].regex || ap_regexec(filters[i].regex, temp, 0, NULL,0)==0)) { | ||
447 | if (filters[i].negative) { | ||
448 | logging_log(cfg, LOGLEVEL_DEBUG, | ||
449 | "PARSER: PREFILTER: Skipping Line %d due to Filter (%d)%s", | ||
450 | line, i, filters[i].filter); | ||
451 | return APR_SUCCESS; | ||
452 | } else { | ||
453 | logging_log(cfg, LOGLEVEL_DEBUG, | ||
454 | "PARSER: PREFILTER: Force Parsing Line %d due to Filter (%d)%s", | ||
455 | line, i, filters[i].filter); | ||
456 | } | ||
457 | break; | ||
458 | } | ||
459 | } | ||
420 | 460 | ||
421 | ofields = (config_output_field_t *)cfg->output_fields->elts; | 461 | ofields = (config_output_field_t *)cfg->output_fields->elts; |
422 | // clear out ofield function per-line data | 462 | // clear out ofield function per-line data |
423 | memset(&g_parser_linedata[1],0,sizeof(void *)*(int)g_parser_linedata[0]); | 463 | memset(&g_parser_linedata[1],0,sizeof(void *)*(int)g_parser_linedata[0]); |
424 | // Convert input fields to output fields | 464 | // Convert input fields to output fields |
425 | for (i=0; i<cfg->output_fields->nelts; i++) { | 465 | for (i=0,m=cfg->output_fields->nelts; i<m; i++) { |
426 | const char *val; | 466 | const char *val; |
427 | val = apr_table_get(datain, ofields[i].source); | 467 | val = apr_table_get(datain, ofields[i].source); |
428 | // If we can't find the source field just continue | 468 | // If we can't find the source field just continue |
@@ -442,7 +482,25 @@ apr_status_t parse_processline(apr_pool_t *ptemp, config_t *cfg, char **argv, | |||
442 | } | 482 | } |
443 | } | 483 | } |
444 | 484 | ||
445 | /** @todo Run Post Filters here */ | 485 | // Run Post filters |
486 | for (i=0, m=cfg->postfilters->nelts, | ||
487 | filters = (config_filter_t *)cfg->postfilters->elts; | ||
488 | i<m; i++) { | ||
489 | const char *temp = apr_table_get(dataout, filters[i].field); | ||
490 | if (temp && (!filters[i].regex || ap_regexec(filters[i].regex, temp, 0, NULL,0)==0)) { | ||
491 | if (filters[i].negative) { | ||
492 | logging_log(cfg, LOGLEVEL_DEBUG, | ||
493 | "PARSER: POSTFILTER: Skipping Line %d due to Filter (%d)%s", | ||
494 | line, i, filters[i].filter); | ||
495 | return APR_SUCCESS; | ||
496 | } else { | ||
497 | logging_log(cfg, LOGLEVEL_DEBUG, | ||
498 | "PARSER: POSTFILTER: Force Parsing Line %d due to Filter (%d)%s", | ||
499 | line, i, filters[i].filter); | ||
500 | } | ||
501 | break; | ||
502 | } | ||
503 | } | ||
446 | 504 | ||
447 | // Process DB Query | 505 | // Process DB Query |
448 | if (!cfg->dryrun) { | 506 | if (!cfg->dryrun) { |