Mercurial > syslog2iptables

diff src/syslogconfig.cpp @ 5:276c4edc8521

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
initial coding
author carl
date Fri, 02 Dec 2005 17:52:44 -0800
parents 2737ab01659a
children c2a2e35a85ac
line wrap: on
line diff
--- a/src/syslogconfig.cpp	Thu Dec 01 17:17:37 2005 -0800
+++ b/src/syslogconfig.cpp	Fri Dec 02 17:52:44 2005 -0800
@@ -101,11 +101,6 @@
 	for (ip_buckets::iterator i=violations.begin(); i!=violations.end(); ) {
 		int    ip = (*i).first;
 		bucket &b = (*i).second;
-	 // in_addr ad;
-	 // ad.s_addr = htonl(ip);
-	 // char buf[maxlen];
-	 // snprintf(buf, maxlen, "leak %s with %d count", inet_ntoa(ad), n);
-	 // my_syslog(buf);
 		if (b.count <= amount) {
 			ch |= b.latch;
 			violations.erase(i++);
@@ -122,8 +117,11 @@
 void IPR::changed(CONFIG &con) {
 	char buf[maxlen];
 	snprintf(buf, maxlen, "%s -F INPUT", iptables);
+	if (debug_syslog > 2) {
 	my_syslog(" ");
 	my_syslog(buf);
+	}
+	system(buf);
 	for (ip_buckets::iterator i=violations.begin(); i!=violations.end(); i++) {
 		int    ip = (*i).first;
 		bucket &b = (*i).second;
@@ -131,7 +129,8 @@
 			in_addr ad;
 			ad.s_addr = htonl(ip);
 			snprintf(buf, maxlen, "count=%d %s -A INPUT --src %s --jump DROP", b.count, iptables, inet_ntoa(ad));
-			my_syslog(buf);
+			if (debug_syslog > 2) my_syslog(buf);
+			system(buf);
 		}
 	}
 }
@@ -184,10 +183,10 @@
 		if (0 == regexec(&re, buf, nmatch, match, 0)) {
 			int s = match[index].rm_so;
 			int e = match[index].rm_eo;
-		//	char bu[maxlen];
-		//	snprintf(bu, maxlen, "re match from %d to %d", s, e);
-		//	my_syslog(bu);
 			if (s != -1) {
+				if (debug_syslog > 3) {
+					my_syslog(buf); // show lines with matches
+				}
 				buf[e] = '\0';
 				int ip = ip_address(buf+s);
 				if (ip) {
@@ -317,10 +316,13 @@
 		}
 	}
 	else {
+		if (debug_syslog > 1) {
+			snprintf(buf, sizeof(buf), "syslog file %s opened", file_name);
+			my_syslog(buf);
+		}
 		lseek(fd, 0, SEEK_END);
 		if (fstat(fd, &openfdstat)) {
 			close();
-			char buf[maxlen];
 			snprintf(buf, sizeof(buf), "syslog file %s cannot stat after open", file_name);
 			tokp->token_error(buf);
 		}
@@ -369,6 +371,10 @@
 
 
 void SYSLOGCONFIG::close() {
+	if (debug_syslog > 1) {
+		snprintf(buf, sizeof(buf), "syslog file %s closed", file_name);
+		my_syslog(buf);
+	}
 	if (fd != -1) ::close(fd);
 	fd = -1;
 }