36
|
1 /*
|
|
2
|
|
3 Copyright (c) 2007 Carl Byington - 510 Software Group, released under
|
|
4 the GPL version 3 or any later version at your choice available at
|
|
5 http://www.gnu.org/licenses/gpl-3.0.txt
|
|
6
|
|
7 */
|
1
|
8
|
|
9 #include "includes.h"
|
2
|
10 #include <fcntl.h>
|
3
|
11 #include <sys/socket.h>
|
|
12 #include <netinet/in.h>
|
|
13 #include <arpa/inet.h>
|
|
14 #include <netdb.h>
|
4
|
15 #include <limits.h>
|
1
|
16
|
4
|
17 static char* syslogconfig_version = "$Id$";
|
1
|
18
|
27
|
19 char *token_add;
|
3
|
20 char *token_bucket;
|
1
|
21 char *token_file;
|
3
|
22 char *token_ignore;
|
1
|
23 char *token_include;
|
3
|
24 char *token_index;
|
1
|
25 char *token_lbrace;
|
35
|
26 char *token_message;
|
3
|
27 char *token_pattern;
|
1
|
28 char *token_rbrace;
|
27
|
29 char *token_remove;
|
1
|
30 char *token_semi;
|
3
|
31 char *token_slash;
|
|
32 char *token_threshold;
|
|
33
|
|
34 struct ltint
|
|
35 {
|
|
36 bool operator()(const int s1, const int s2) const
|
|
37 {
|
36
|
38 return (unsigned)s1 < (unsigned)s2;
|
3
|
39 }
|
|
40 };
|
1
|
41
|
4
|
42 struct bucket {
|
36
|
43 int count;
|
|
44 bool latch; // true iff ever count>threshold
|
4
|
45 };
|
|
46
|
36
|
47 string_set all_strings; // owns all the strings, only modified by the config loader thread
|
|
48 const int maxlen = 1000; // used for snprintf buffers
|
4
|
49 typedef map<int, bucket, ltint> ip_buckets;
|
3
|
50
|
|
51 class IPR {
|
36
|
52 ip_buckets violations;
|
3
|
53 public:
|
36
|
54 void add(int ip, int amount, CONFIG &con, char *file_name, int pattern_index, char *message);
|
|
55 void leak(int amount, CONFIG &con);
|
|
56 void free_all(CONFIG &con);
|
|
57 void update(int ip, bool added, char *file_name, int pattern_index, char *message);
|
|
58 void changed(CONFIG &con, int ip, bool added);
|
3
|
59 };
|
|
60
|
|
61 IPR recorder;
|
|
62
|
|
63
|
|
64 ////////////////////////////////////////////////
|
|
65 //
|
35
|
66 void IPR::add(int ip, int amount, CONFIG &con, char *file_name, int pattern_index, char *message) {
|
36
|
67 if (con.looking(ip)) {
|
|
68 ip_buckets::iterator i = violations.find(ip);
|
|
69 if (i == violations.end()) {
|
|
70 bucket b;
|
|
71 b.count = amount;
|
|
72 b.latch = (con.get_threshold() <= b.count);
|
|
73 violations[ip] = b;
|
|
74 if (b.latch) {
|
|
75 update(ip, true, file_name, pattern_index, message);
|
|
76 changed(con, ip, true);
|
|
77 }
|
|
78 }
|
|
79 else {
|
|
80 bucket &b = (*i).second;
|
|
81 if (b.count < (INT_MAX-amount)) {
|
|
82 int t = con.get_threshold();
|
|
83 int c = b.count;
|
|
84 b.count += amount;
|
|
85 if ((!b.latch) && (c < t) && (t <= b.count)) {
|
|
86 b.latch = true;
|
|
87 update(ip, true, file_name, pattern_index, message);
|
|
88 changed(con, ip, true);
|
|
89 }
|
|
90 }
|
|
91 }
|
|
92 }
|
3
|
93 }
|
|
94
|
|
95
|
|
96 void IPR::leak(int amount, CONFIG &con) {
|
36
|
97 for (ip_buckets::iterator i=violations.begin(); i!=violations.end(); ) {
|
|
98 int ip = (*i).first;
|
|
99 bucket &b = (*i).second;
|
|
100 if (b.count <= amount) {
|
|
101 if (b.latch) {
|
|
102 update(ip, false, NULL, 0, NULL);
|
|
103 changed(con, ip, false);
|
|
104 }
|
|
105 violations.erase(i++);
|
|
106 }
|
|
107 else {
|
|
108 b.count -= amount;
|
|
109 i++;
|
|
110 }
|
|
111 }
|
|
112 }
|
|
113
|
|
114
|
|
115 void IPR::free_all(CONFIG &con) {
|
|
116 for (ip_buckets::iterator i=violations.begin(); i!=violations.end(); i++) {
|
|
117 int ip = (*i).first;
|
|
118 bucket &b = (*i).second;
|
|
119 if (b.latch) {
|
|
120 update(ip, false, NULL, 0, NULL);
|
|
121 changed(con, ip, false);
|
|
122 }
|
|
123 }
|
|
124 violations.clear();
|
20
|
125 }
|
|
126
|
|
127
|
35
|
128 void IPR::update(int ip, bool added, char *file_name, int pattern_index, char *message) {
|
36
|
129 if (debug_syslog > 2) {
|
|
130 char buf[maxlen];
|
|
131 in_addr ad;
|
|
132 ad.s_addr = htonl(ip);
|
|
133 if (added) {
|
|
134 if (message) snprintf(buf, maxlen, "dropping traffic from/to %s based on %s in %s", inet_ntoa(ad), message, file_name);
|
|
135 else snprintf(buf, maxlen, "dropping traffic from/to %s based on pattern match %d in %s", inet_ntoa(ad), pattern_index, file_name);
|
|
136 }
|
|
137 else snprintf(buf, maxlen, "allowing traffic from/to %s", inet_ntoa(ad));
|
|
138 my_syslog(buf);
|
|
139 }
|
3
|
140 }
|
|
141
|
|
142
|
20
|
143 void IPR::changed(CONFIG &con, int ip, bool added) {
|
36
|
144 int t = con.get_threshold();
|
|
145 char buf[maxlen];
|
|
146 if (added) {
|
|
147 bucket &b = violations[ip];
|
|
148 if (con.looking(ip) && (b.count > t)) {
|
|
149 in_addr ad;
|
|
150 ad.s_addr = htonl(ip);
|
|
151 snprintf(buf, maxlen, con.add_command, inet_ntoa(ad));
|
|
152 system(buf);
|
|
153 }
|
|
154 }
|
|
155 else {
|
|
156 in_addr ad;
|
|
157 ad.s_addr = htonl(ip);
|
|
158 snprintf(buf, maxlen, con.remove_command, inet_ntoa(ad));
|
|
159 system(buf);
|
|
160 }
|
3
|
161 }
|
1
|
162
|
|
163
|
3
|
164 ////////////////////////////////////////////////
|
|
165 //
|
|
166 int ip_address(char *have);
|
|
167 int ip_address(char *have) {
|
36
|
168 int ipaddr = 0;
|
|
169 in_addr ip;
|
|
170 if (inet_aton(have, &ip)) ipaddr = ip.s_addr;
|
|
171 else {
|
|
172 struct hostent *host = gethostbyname(have);
|
|
173 if (host && host->h_addrtype == AF_INET) memcpy(&ipaddr, host->h_addr, sizeof(ipaddr));
|
|
174 }
|
|
175 return ntohl(ipaddr);
|
3
|
176 }
|
|
177
|
|
178
|
|
179 ////////////////////////////////////////////////
|
|
180 //
|
35
|
181 PATTERN::PATTERN(TOKEN &tok, char *pattern_, int index_, int amount_, char *msg_) {
|
36
|
182 pattern = pattern_;
|
|
183 index = index_;
|
|
184 amount = amount_;
|
|
185 message = msg_;
|
|
186 if (pattern) {
|
|
187 int rc = regcomp(&re, pattern, REG_ICASE | REG_EXTENDED);
|
|
188 if (rc) {
|
|
189 char bu[maxlen];
|
|
190 regerror(rc, &re, bu, maxlen);
|
|
191 char buf[maxlen];
|
|
192 snprintf(buf, sizeof(buf), "pattern %s not valid - %s", pattern, bu);
|
|
193 tok.token_error(buf);
|
|
194 pattern = NULL;
|
|
195 }
|
|
196 }
|
3
|
197 }
|
|
198
|
|
199
|
|
200 PATTERN::~PATTERN() {
|
36
|
201 regfree(&re);
|
3
|
202 }
|
|
203
|
|
204
|
20
|
205 bool PATTERN::process(char *buf, CONFIG &con, char *file_name, int pattern_index) {
|
36
|
206 if (pattern) {
|
|
207 const int nmatch = index+1;
|
|
208 regmatch_t match[nmatch];
|
|
209 if (0 == regexec(&re, buf, nmatch, match, 0)) {
|
|
210 int s = match[index].rm_so;
|
|
211 int e = match[index].rm_eo;
|
|
212 if (s != -1) {
|
|
213 if (debug_syslog > 3) {
|
|
214 my_syslog(buf); // show lines with matches
|
|
215 }
|
|
216 buf[e] = '\0';
|
|
217 int ip = ip_address(buf+s);
|
|
218 if (ip) {
|
|
219 recorder.add(ip, amount, con, file_name, pattern_index, message);
|
|
220 }
|
|
221 return true;
|
|
222 }
|
|
223 }
|
|
224 }
|
|
225 return false;
|
3
|
226 }
|
|
227
|
|
228
|
|
229 void PATTERN::dump(int level) {
|
36
|
230 char indent[maxlen];
|
|
231 int i = min(maxlen-1, level*4);
|
|
232 memset(indent, ' ', i);
|
|
233 indent[i] = '\0';
|
|
234 printf("%s pattern \"%s\" {; \n", indent, pattern);
|
|
235 printf("%s index %d; \n", indent, index);
|
|
236 printf("%s bucket %d; \n", indent, amount);
|
|
237 if (message) printf("%s message \"%s\"; \n", indent, message);
|
|
238 printf("%s }; \n", indent);
|
3
|
239 }
|
|
240
|
|
241
|
|
242 ////////////////////////////////////////////////
|
|
243 //
|
1
|
244 CONFIG::CONFIG() {
|
36
|
245 reference_count = 0;
|
|
246 generation = 0;
|
|
247 load_time = 0;
|
|
248 threshold = 500;
|
|
249 add_command = "/sbin/iptables -I INPUT --src %s --jump DROP";
|
|
250 remove_command = "/sbin/iptables -D INPUT --src %s --jump DROP";
|
1
|
251 }
|
|
252
|
|
253
|
|
254 CONFIG::~CONFIG() {
|
36
|
255 for (syslogconfig_list::iterator i=syslogconfigs.begin(); i!=syslogconfigs.end(); i++) {
|
|
256 SYSLOGCONFIG *c = *i;
|
|
257 delete c;
|
|
258 }
|
|
259 ignore.clear();
|
1
|
260 }
|
|
261
|
|
262
|
|
263 void CONFIG::add_syslogconfig(SYSLOGCONFIGP con) {
|
36
|
264 syslogconfigs.push_back(con);
|
1
|
265 }
|
|
266
|
|
267
|
3
|
268 void CONFIG::add_pair(IPPAIR pair) {
|
36
|
269 ignore.push_back(pair);
|
3
|
270 }
|
|
271
|
|
272
|
1
|
273 void CONFIG::dump() {
|
36
|
274 printf(" threshold %d; \n\n", threshold);
|
3
|
275
|
36
|
276 printf(" add_command \"%s\"; \n", add_command);
|
|
277 printf(" remove_command \"%s\"; \n\n", remove_command);
|
27
|
278
|
36
|
279 printf(" ignore { \n");
|
|
280 for (ippair_list::iterator i=ignore.begin(); i!=ignore.end(); i++) {
|
|
281 IPPAIR &p = *i;
|
|
282 in_addr ip;
|
|
283 ip.s_addr = htonl(p.first);
|
|
284 printf(" %s/%d; \n", inet_ntoa(ip), p.cidr);
|
|
285 }
|
|
286 printf(" }; \n\n");
|
3
|
287
|
36
|
288 for (syslogconfig_list::iterator i=syslogconfigs.begin(); i!=syslogconfigs.end(); i++) {
|
|
289 SYSLOGCONFIGP c = *i;
|
|
290 c->dump(0);
|
|
291 }
|
1
|
292 }
|
|
293
|
|
294
|
2
|
295 void CONFIG::read() {
|
36
|
296 while (true) {
|
|
297 bool have = false;
|
|
298 for (syslogconfig_list::iterator i=syslogconfigs.begin(); i!=syslogconfigs.end(); i++) {
|
|
299 SYSLOGCONFIGP c = *i;
|
|
300 have |= c->read(*this);
|
|
301 }
|
|
302 if (!have) break;
|
|
303 }
|
2
|
304 }
|
|
305
|
|
306
|
4
|
307 void CONFIG::sleep(int duration, time_t &previous) {
|
36
|
308 ::sleep(duration);
|
|
309 time_t now = time(NULL);
|
|
310 recorder.leak(now-previous, *this);
|
|
311 previous = now;
|
3
|
312 }
|
|
313
|
|
314
|
36
|
315 void CONFIG::free_all() {
|
|
316 recorder.free_all(*this);
|
|
317 }
|
|
318
|
3
|
319 bool CONFIG::looking(int ip) {
|
36
|
320 for (ippair_list::iterator i=ignore.begin(); i!=ignore.end(); i++) {
|
|
321 IPPAIR &p = *i;
|
|
322 if ((p.first <= ip) && (ip <= p.last)) return false;
|
|
323 }
|
|
324 return true;
|
3
|
325 }
|
|
326
|
|
327 ////////////////////////////////////////////////
|
|
328 //
|
|
329 SYSLOGCONFIG::SYSLOGCONFIG(TOKEN &tok, char *file_name_) {
|
36
|
330 tokp = &tok;
|
|
331 file_name = file_name_;
|
|
332 open(true);
|
1
|
333 }
|
|
334
|
|
335
|
|
336 SYSLOGCONFIG::~SYSLOGCONFIG() {
|
36
|
337 close();
|
|
338 for (pattern_list::iterator i=patterns.begin(); i!=patterns.end(); i++) {
|
|
339 PATTERN *p = *i;
|
|
340 delete p;
|
|
341 }
|
2
|
342 }
|
|
343
|
|
344
|
4
|
345 void SYSLOGCONFIG::open(bool msg) {
|
36
|
346 fd = ::open(file_name, O_RDONLY);
|
|
347 len = 0;
|
|
348 if (fd == -1) {
|
|
349 if (msg) {
|
|
350 char buf[maxlen];
|
|
351 snprintf(buf, sizeof(buf), "syslog file %s not readable", file_name);
|
|
352 tokp->token_error(buf);
|
|
353 }
|
|
354 }
|
|
355 else {
|
|
356 if (debug_syslog > 1) {
|
|
357 snprintf(buf, sizeof(buf), "syslog file %s opened", file_name);
|
|
358 my_syslog(buf);
|
|
359 }
|
|
360 lseek(fd, 0, SEEK_END);
|
|
361 if (fstat(fd, &openfdstat)) {
|
|
362 close();
|
|
363 snprintf(buf, sizeof(buf), "syslog file %s cannot stat after open", file_name);
|
|
364 tokp->token_error(buf);
|
|
365 }
|
|
366 // specify that this fd gets closed on exec, so that selinux
|
|
367 // won't complain about iptables trying to read log files.
|
|
368 int oldflags = fcntl(fd, F_GETFD, 0);
|
|
369 if (oldflags >= 0) {
|
|
370 fcntl(fd, F_SETFD, oldflags | FD_CLOEXEC);
|
|
371 }
|
|
372 }
|
3
|
373 }
|
|
374
|
|
375
|
|
376 bool SYSLOGCONFIG::read(CONFIG &con) {
|
36
|
377 if (failed()) {
|
|
378 open(false);
|
|
379 if (failed()) return false;
|
|
380 }
|
|
381 int n = ::read(fd, buf+len, buflen-len);
|
|
382 bool have = (n > 0);
|
|
383 if (have) {
|
|
384 len += n;
|
|
385 while (true) {
|
|
386 char *p = (char*)memchr(buf, '\n', len);
|
|
387 if (!p) break;
|
|
388 n = p-buf;
|
|
389 *p = '\0';
|
|
390 process(con); // process null terminated string
|
|
391 len -= n+1;
|
|
392 memmove(buf, p+1, len);
|
|
393 }
|
|
394 // no <lf> in a full buffer
|
|
395 if (len == buflen) len = 0;
|
|
396 }
|
|
397 else {
|
|
398 // check for file close
|
|
399 struct stat filenamest;
|
|
400 if (0 == stat(file_name, &filenamest)) {
|
|
401 if ((filenamest.st_dev != openfdstat.st_dev) ||
|
|
402 (filenamest.st_ino != openfdstat.st_ino)) {
|
|
403 close();
|
|
404 }
|
|
405 }
|
|
406 else {
|
|
407 // filename no longer exists
|
|
408 close();
|
|
409 }
|
|
410 }
|
|
411 return have;
|
2
|
412 }
|
|
413
|
|
414
|
4
|
415 void SYSLOGCONFIG::close() {
|
36
|
416 if (debug_syslog > 1) {
|
|
417 snprintf(buf, sizeof(buf), "syslog file %s closed", file_name);
|
|
418 my_syslog(buf);
|
|
419 }
|
|
420 if (fd != -1) ::close(fd);
|
|
421 fd = -1;
|
4
|
422 }
|
|
423
|
|
424
|
|
425 void SYSLOGCONFIG::add_pattern(PATTERNP pat) {
|
36
|
426 patterns.push_back(pat);
|
4
|
427 }
|
|
428
|
|
429
|
3
|
430 void SYSLOGCONFIG::process(CONFIG &con) {
|
36
|
431 int pi=0;
|
|
432 for (pattern_list::iterator i=patterns.begin(); i!=patterns.end(); i++) {
|
|
433 PATTERN *p = *i;
|
|
434 if (p->process(buf, con, file_name, pi)) break;
|
|
435 pi++;
|
|
436 }
|
1
|
437 }
|
|
438
|
|
439
|
|
440 void SYSLOGCONFIG::dump(int level) {
|
36
|
441 char indent[maxlen];
|
|
442 int i = min(maxlen-1, level*4);
|
|
443 memset(indent, ' ', i);
|
|
444 indent[i] = '\0';
|
|
445 char buf[maxlen];
|
|
446 printf("%s file \"%s\" {\n", indent, file_name);
|
|
447 for (pattern_list::iterator i=patterns.begin(); i!=patterns.end(); i++) {
|
|
448 PATTERN *p = *i;
|
|
449 p->dump(level+1);
|
|
450 }
|
|
451 printf("%s }; \n", indent);
|
1
|
452 }
|
|
453
|
|
454
|
|
455 ////////////////////////////////////////////////
|
|
456 // helper to discard the strings held by a string_set
|
|
457 //
|
|
458 void discard(string_set &s) {
|
36
|
459 for (string_set::iterator i=s.begin(); i!=s.end(); i++) {
|
|
460 free(*i);
|
|
461 }
|
|
462 s.clear();
|
1
|
463 }
|
|
464
|
|
465
|
|
466 ////////////////////////////////////////////////
|
|
467 // helper to register a string in a string set
|
|
468 //
|
|
469 char* register_string(string_set &s, char *name) {
|
36
|
470 string_set::iterator i = s.find(name);
|
|
471 if (i != s.end()) return *i;
|
|
472 char *x = strdup(name);
|
|
473 s.insert(x);
|
|
474 return x;
|
1
|
475 }
|
|
476
|
|
477
|
|
478 ////////////////////////////////////////////////
|
|
479 // register a global string
|
|
480 //
|
|
481 char* register_string(char *name) {
|
36
|
482 return register_string(all_strings, name);
|
1
|
483 }
|
|
484
|
|
485
|
|
486 ////////////////////////////////////////////////
|
|
487 //
|
|
488 bool tsa(TOKEN &tok, char *token);
|
|
489 bool tsa(TOKEN &tok, char *token) {
|
36
|
490 char *have = tok.next();
|
|
491 if (have == token) return true;
|
|
492 tok.token_error(token, have);
|
|
493 return false;
|
1
|
494 }
|
|
495
|
|
496
|
|
497 ////////////////////////////////////////////////
|
|
498 //
|
3
|
499 bool parse_pattern(TOKEN &tok, SYSLOGCONFIG &con);
|
|
500 bool parse_pattern(TOKEN &tok, SYSLOGCONFIG &con) {
|
36
|
501 char *pat = tok.next();
|
|
502 int ind, buc;
|
|
503 char *msg = NULL;
|
|
504 if (!tsa(tok, token_lbrace)) return false;
|
|
505 while (true) {
|
|
506 char *have = tok.next();
|
|
507 if (!have) break;
|
|
508 if (have == token_rbrace) break;
|
|
509 if (have == token_index) {
|
|
510 have = tok.next();
|
|
511 ind = atoi(have);
|
|
512 if (!tsa(tok, token_semi)) return false;
|
|
513 }
|
|
514 else if (have == token_bucket) {
|
|
515 have = tok.next();
|
|
516 buc = atoi(have);
|
|
517 if (!tsa(tok, token_semi)) return false;
|
|
518 }
|
|
519 else if (have == token_message) {
|
|
520 msg = tok.next();
|
|
521 if (!tsa(tok, token_semi)) return false;
|
|
522 }
|
|
523 else {
|
|
524 tok.token_error("index/bucket", have);
|
|
525 return false;
|
|
526 }
|
|
527 }
|
|
528 if (!tsa(tok, token_semi)) return false;
|
|
529 PATTERNP patt = new PATTERN(tok, pat, ind, buc, msg);
|
|
530 con.add_pattern(patt);
|
|
531 return true;
|
3
|
532 }
|
|
533
|
|
534
|
|
535 ////////////////////////////////////////////////
|
|
536 //
|
|
537 bool parse_ignore(TOKEN &tok, CONFIG &dc);
|
|
538 bool parse_ignore(TOKEN &tok, CONFIG &dc) {
|
36
|
539 if (!tsa(tok, token_lbrace)) return false;
|
|
540 while (true) {
|
|
541 char *have = tok.next();
|
|
542 if (!have) break;
|
|
543 if (have == token_rbrace) break;
|
|
544 int ipaddr = ip_address(have);
|
|
545 if (ipaddr == 0) {
|
|
546 tok.token_error("ip address", have);
|
|
547 return false;
|
|
548 }
|
|
549 if (!tsa(tok, token_slash)) return false;
|
|
550 have = tok.next();
|
|
551 int mask = atoi(have);
|
|
552 if ((mask < 8) || (mask > 32)) {
|
|
553 tok.token_error("cidr 8..32 value", have);
|
|
554 return false;
|
|
555 }
|
|
556 if (!tsa(tok, token_semi)) return false;
|
|
557 IPPAIR pair;
|
|
558 const int masks[33] = {0xffffffff, // 0
|
|
559 0x7fffffff, // 1
|
|
560 0x3fffffff, // 2
|
|
561 0x1fffffff, // 3
|
|
562 0x0fffffff, // 4
|
|
563 0x07ffffff, // 5
|
|
564 0x03ffffff, // 6
|
|
565 0x01ffffff, // 7
|
|
566 0x00ffffff, // 8
|
|
567 0x007fffff, // 9
|
|
568 0x003fffff, // 10
|
|
569 0x001fffff, // 11
|
|
570 0x000fffff, // 12
|
|
571 0x0007ffff, // 13
|
|
572 0x0003ffff, // 14
|
|
573 0x0001ffff, // 15
|
|
574 0x0000ffff, // 16
|
|
575 0x00007fff, // 17
|
|
576 0x00003fff, // 18
|
|
577 0x00001fff, // 19
|
|
578 0x00000fff, // 20
|
|
579 0x000007ff, // 21
|
|
580 0x000003ff, // 22
|
|
581 0x000001ff, // 23
|
|
582 0x000000ff, // 24
|
|
583 0x0000007f, // 25
|
|
584 0x0000003f, // 26
|
|
585 0x0000001f, // 27
|
|
586 0x0000000f, // 28
|
|
587 0x00000007, // 29
|
|
588 0x00000003, // 30
|
|
589 0x00000001, // 31
|
|
590 0x00000000}; // 32
|
|
591 pair.first = ipaddr;
|
|
592 pair.last = ipaddr | masks[mask];
|
|
593 pair.cidr = mask;
|
|
594 dc.add_pair(pair);
|
|
595 }
|
|
596 if (!tsa(tok, token_semi)) return false;
|
|
597 return true;
|
3
|
598 }
|
|
599
|
|
600
|
|
601 ////////////////////////////////////////////////
|
|
602 //
|
|
603 bool parse_syslogconfig(TOKEN &tok, CONFIG &dc);
|
|
604 bool parse_syslogconfig(TOKEN &tok, CONFIG &dc) {
|
36
|
605 char *name = tok.next();
|
|
606 if (!tsa(tok, token_lbrace)) return false;
|
|
607 SYSLOGCONFIGP con = new SYSLOGCONFIG(tok, name);
|
|
608 if (con->failed()) {
|
|
609 delete con;
|
|
610 return false;
|
|
611 }
|
|
612 dc.add_syslogconfig(con);
|
|
613 while (true) {
|
|
614 char *have = tok.next();
|
|
615 if (!have) break;
|
|
616 if (have == token_rbrace) break;
|
|
617 if (have == token_pattern) {
|
|
618 if (!parse_pattern(tok, *con)) return false;
|
|
619 }
|
|
620 else {
|
|
621 tok.token_error("pattern", have);
|
|
622 return false;
|
|
623 }
|
|
624 }
|
|
625 if (!tsa(tok, token_semi)) return false;
|
|
626 return true;
|
1
|
627 }
|
|
628
|
|
629
|
|
630 ////////////////////////////////////////////////
|
|
631 // parse a config file
|
|
632 //
|
|
633 bool load_conf(CONFIG &dc, char *fn) {
|
36
|
634 int count = 0;
|
|
635 TOKEN tok(fn, &dc.config_files);
|
|
636 while (true) {
|
|
637 char *have = tok.next();
|
|
638 if (!have) break;
|
|
639 if (have == token_threshold) {
|
|
640 have = tok.next();
|
|
641 dc.set_threshold(atoi(have));
|
|
642 if (!tsa(tok, token_semi)) return false;
|
|
643 }
|
|
644 else if (have == token_ignore) {
|
|
645 if (!parse_ignore(tok, dc)) return false;
|
|
646 }
|
|
647 else if (have == token_add) {
|
|
648 have = tok.next();
|
|
649 dc.set_add(have);
|
|
650 if (!tsa(tok, token_semi)) return false;
|
|
651 }
|
|
652 else if (have == token_remove) {
|
|
653 have = tok.next();
|
|
654 dc.set_remove(have);
|
|
655 if (!tsa(tok, token_semi)) return false;
|
|
656 }
|
|
657 else if (have == token_file) {
|
|
658 if (!parse_syslogconfig(tok, dc)) return false;
|
|
659 count++;
|
|
660 }
|
|
661 else {
|
|
662 tok.token_error("threshold/ignore/add_command/remove_command/file", have);
|
|
663 return false;
|
|
664 }
|
|
665 }
|
|
666 tok.token_error("load_conf() found %d syslog files in %s", count, fn);
|
|
667 return (!dc.syslogconfigs.empty());
|
1
|
668 }
|
|
669
|
|
670
|
|
671 ////////////////////////////////////////////////
|
|
672 // init the tokens
|
|
673 //
|
|
674 void token_init() {
|
36
|
675 token_add = register_string("add_command");
|
|
676 token_bucket = register_string("bucket");
|
|
677 token_file = register_string("file");
|
|
678 token_ignore = register_string("ignore");
|
|
679 token_include = register_string("include");
|
|
680 token_index = register_string("index");
|
|
681 token_lbrace = register_string("{");
|
|
682 token_message = register_string("message");
|
|
683 token_pattern = register_string("pattern");
|
|
684 token_rbrace = register_string("}");
|
|
685 token_remove = register_string("remove_command");
|
|
686 token_semi = register_string(";");
|
|
687 token_slash = register_string("/");
|
|
688 token_threshold = register_string("threshold");
|
1
|
689 }
|