view src/syslogconfig.h @ 4:2737ab01659a

initial coding
author carl
date Thu, 01 Dec 2005 17:17:37 -0800
parents 8fe310e5cd44
children d76f9ff42487
line wrap: on
line source

/***************************************************************************
 *	 Copyright (C) 2005 by 510 Software Group							   *
 *																		   *
 *																		   *
 *	 This program is free software; you can redistribute it and/or modify  *
 *	 it under the terms of the GNU General Public License as published by  *
 *	 the Free Software Foundation; either version 2 of the License, or	   *
 *	 (at your option) any later version.								   *
 *																		   *
 *	 This program is distributed in the hope that it will be useful,	   *
 *	 but WITHOUT ANY WARRANTY; without even the implied warranty of 	   *
 *	 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the		   *
 *	 GNU General Public License for more details.						   *
 *																		   *
 *	 You should have received a copy of the GNU General Public License	   *
 *	 along with this program; if not, write to the						   *
 *	 Free Software Foundation, Inc.,									   *
 *	 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.			   *
 ***************************************************************************/

#ifndef syslogconfig_include
#define syslogconfig_include

#include "tokenizer.h"
#include <map>
#include <regex.h>
#include <sys/types.h>
#include <sys/stat.h>


class SYSLOGCONFIG;
class CONFIG;

struct IPPAIR {
	int first;
	int last;
	int cidr;
};

class PATTERN {
	char *			pattern;	// owned by the string table
	regex_t 		re;
	int 			index;		// zero based substring of the regex match that contains the ip address or hostname
	int 			amount; 	// count to add to the ip address leaky bucket
public:
	~PATTERN();
	PATTERN(TOKEN &tok, char *pattern_, int index_, int amount_);
	bool	process(char *buf, CONFIG &con);
	void	dump(int level);
};

typedef SYSLOGCONFIG *			SYSLOGCONFIGP;
typedef PATTERN *				PATTERNP;
typedef list<SYSLOGCONFIGP> 	syslogconfig_list;
typedef list<IPPAIR>			ippair_list;
typedef list<PATTERNP>			pattern_list;
const int buflen = 1024;

class SYSLOGCONFIG {
	TOKEN * 		tokp;
	char *			file_name;	// name of the syslog file
	pattern_list	patterns;	// owns the patterns
	int 			fd;
	struct stat 	openfdstat;
	int 			len;		// bytes in the buffer
	char			buf[buflen];
public:
	SYSLOGCONFIG(TOKEN &tok, char *file_name_);
	~SYSLOGCONFIG();
	bool	failed()	{ return (fd == -1); };
	void	open(bool msg);
	bool	read(CONFIG &con);
	void	close();
	void	add_pattern(PATTERNP pat);
	void	process(CONFIG &con);
	void	dump(int level);
};

class CONFIG {
public:
	// the only mutable stuff once it has been loaded from the config file
	int 				reference_count;	// protected by the global config_mutex
	// all the rest is constant after loading from the config file
	int 				generation;
	time_t				load_time;
	string_set			config_files;
	int 				threshold;
	ippair_list 		ignore; 			// owns all the ippairs
	syslogconfig_list	syslogconfigs;		// owns all the syslogconfigs

	CONFIG();
	~CONFIG();
	void	set_threshold(int threshold_)	{ threshold = threshold_; };
	int 	get_threshold() 				{ return threshold; 	  };
	void	add_syslogconfig(SYSLOGCONFIGP con);
	void	add_pair(IPPAIR pair);
	void	dump();
	void	read();
	void	sleep(int duration, time_t &previous);
	bool	looking(int ip);
};

void discard(string_set &s);
char* register_string(string_set &s, char *name);
char* register_string(char *name);
int   ip_address(char *have);
bool  load_conf(CONFIG &dc, char *fn);
void  token_init();

extern char *token_bucket;
extern char *token_file;
extern char *token_ignore;
extern char *token_include;
extern char *token_index;
extern char *token_lbrace;
extern char *token_pattern;
extern char *token_rbrace;
extern char *token_semi;
extern char *token_slash;
extern char *token_threshold;

#endif