annotate src/syslogconfig.h @ 35:d2ceebcf6595 stable-1-7

add message description in patterns
author carl
date Tue, 18 Sep 2007 09:54:22 -0700
parents 28fec0c67646
children 6a2f26976898
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1
551433a01cab initial coding
carl
parents:
diff changeset
1 /***************************************************************************
551433a01cab initial coding
carl
parents:
diff changeset
2 * Copyright (C) 2005 by 510 Software Group *
551433a01cab initial coding
carl
parents:
diff changeset
3 * *
551433a01cab initial coding
carl
parents:
diff changeset
4 * *
551433a01cab initial coding
carl
parents:
diff changeset
5 * This program is free software; you can redistribute it and/or modify *
551433a01cab initial coding
carl
parents:
diff changeset
6 * it under the terms of the GNU General Public License as published by *
551433a01cab initial coding
carl
parents:
diff changeset
7 * the Free Software Foundation; either version 2 of the License, or *
551433a01cab initial coding
carl
parents:
diff changeset
8 * (at your option) any later version. *
551433a01cab initial coding
carl
parents:
diff changeset
9 * *
551433a01cab initial coding
carl
parents:
diff changeset
10 * This program is distributed in the hope that it will be useful, *
551433a01cab initial coding
carl
parents:
diff changeset
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
551433a01cab initial coding
carl
parents:
diff changeset
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
551433a01cab initial coding
carl
parents:
diff changeset
13 * GNU General Public License for more details. *
551433a01cab initial coding
carl
parents:
diff changeset
14 * *
551433a01cab initial coding
carl
parents:
diff changeset
15 * You should have received a copy of the GNU General Public License *
551433a01cab initial coding
carl
parents:
diff changeset
16 * along with this program; if not, write to the *
551433a01cab initial coding
carl
parents:
diff changeset
17 * Free Software Foundation, Inc., *
551433a01cab initial coding
carl
parents:
diff changeset
18 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
551433a01cab initial coding
carl
parents:
diff changeset
19 ***************************************************************************/
551433a01cab initial coding
carl
parents:
diff changeset
20
551433a01cab initial coding
carl
parents:
diff changeset
21
551433a01cab initial coding
carl
parents:
diff changeset
22 class SYSLOGCONFIG;
3
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
23 class CONFIG;
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
24
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
25 struct IPPAIR {
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
26 int first;
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
27 int last;
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
28 int cidr;
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
29 };
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
30
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
31 class PATTERN {
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
32 char * pattern; // owned by the string table
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
33 regex_t re;
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
34 int index; // zero based substring of the regex match that contains the ip address or hostname
4
2737ab01659a initial coding
carl
parents: 3
diff changeset
35 int amount; // count to add to the ip address leaky bucket
35
d2ceebcf6595 add message description in patterns
carl
parents: 27
diff changeset
36 char * message; // for logging, owned by the string table
3
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
37 public:
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
38 ~PATTERN();
35
d2ceebcf6595 add message description in patterns
carl
parents: 27
diff changeset
39 PATTERN(TOKEN &tok, char *pattern_, int index_, int amount_, char *msg_);
20
0d65c3de34fd add better logging
carl
parents: 9
diff changeset
40 bool process(char *buf, CONFIG &con, char *file_name, int pattern_index);
3
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
41 void dump(int level);
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
42 };
1
551433a01cab initial coding
carl
parents:
diff changeset
43
551433a01cab initial coding
carl
parents:
diff changeset
44 typedef SYSLOGCONFIG * SYSLOGCONFIGP;
3
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
45 typedef PATTERN * PATTERNP;
1
551433a01cab initial coding
carl
parents:
diff changeset
46 typedef list<SYSLOGCONFIGP> syslogconfig_list;
3
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
47 typedef list<IPPAIR> ippair_list;
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
48 typedef list<PATTERNP> pattern_list;
2
6e88da080f08 initial coding
carl
parents: 1
diff changeset
49 const int buflen = 1024;
1
551433a01cab initial coding
carl
parents:
diff changeset
50
551433a01cab initial coding
carl
parents:
diff changeset
51 class SYSLOGCONFIG {
4
2737ab01659a initial coding
carl
parents: 3
diff changeset
52 TOKEN * tokp;
1
551433a01cab initial coding
carl
parents:
diff changeset
53 char * file_name; // name of the syslog file
3
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
54 pattern_list patterns; // owns the patterns
2
6e88da080f08 initial coding
carl
parents: 1
diff changeset
55 int fd;
4
2737ab01659a initial coding
carl
parents: 3
diff changeset
56 struct stat openfdstat;
2
6e88da080f08 initial coding
carl
parents: 1
diff changeset
57 int len; // bytes in the buffer
6e88da080f08 initial coding
carl
parents: 1
diff changeset
58 char buf[buflen];
1
551433a01cab initial coding
carl
parents:
diff changeset
59 public:
3
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
60 SYSLOGCONFIG(TOKEN &tok, char *file_name_);
1
551433a01cab initial coding
carl
parents:
diff changeset
61 ~SYSLOGCONFIG();
4
2737ab01659a initial coding
carl
parents: 3
diff changeset
62 bool failed() { return (fd == -1); };
2737ab01659a initial coding
carl
parents: 3
diff changeset
63 void open(bool msg);
2737ab01659a initial coding
carl
parents: 3
diff changeset
64 bool read(CONFIG &con);
2737ab01659a initial coding
carl
parents: 3
diff changeset
65 void close();
3
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
66 void add_pattern(PATTERNP pat);
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
67 void process(CONFIG &con);
1
551433a01cab initial coding
carl
parents:
diff changeset
68 void dump(int level);
551433a01cab initial coding
carl
parents:
diff changeset
69 };
551433a01cab initial coding
carl
parents:
diff changeset
70
3
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
71 class CONFIG {
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
72 public:
1
551433a01cab initial coding
carl
parents:
diff changeset
73 // the only mutable stuff once it has been loaded from the config file
551433a01cab initial coding
carl
parents:
diff changeset
74 int reference_count; // protected by the global config_mutex
551433a01cab initial coding
carl
parents:
diff changeset
75 // all the rest is constant after loading from the config file
551433a01cab initial coding
carl
parents:
diff changeset
76 int generation;
551433a01cab initial coding
carl
parents:
diff changeset
77 time_t load_time;
551433a01cab initial coding
carl
parents:
diff changeset
78 string_set config_files;
3
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
79 int threshold;
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
80 ippair_list ignore; // owns all the ippairs
27
28fec0c67646 make add/remove commands configureable
carl
parents: 20
diff changeset
81 char * add_command; // owned by the string table
28fec0c67646 make add/remove commands configureable
carl
parents: 20
diff changeset
82 char * remove_command; // ""
3
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
83 syslogconfig_list syslogconfigs; // owns all the syslogconfigs
1
551433a01cab initial coding
carl
parents:
diff changeset
84
551433a01cab initial coding
carl
parents:
diff changeset
85 CONFIG();
551433a01cab initial coding
carl
parents:
diff changeset
86 ~CONFIG();
27
28fec0c67646 make add/remove commands configureable
carl
parents: 20
diff changeset
87 void set_add(char *add) { add_command = add; };
28fec0c67646 make add/remove commands configureable
carl
parents: 20
diff changeset
88 void set_remove(char *remove) { remove_command = remove; };
28fec0c67646 make add/remove commands configureable
carl
parents: 20
diff changeset
89 void set_threshold(int threshold_) { threshold = threshold_; };
28fec0c67646 make add/remove commands configureable
carl
parents: 20
diff changeset
90 int get_threshold() { return threshold; };
2
6e88da080f08 initial coding
carl
parents: 1
diff changeset
91 void add_syslogconfig(SYSLOGCONFIGP con);
3
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
92 void add_pair(IPPAIR pair);
2
6e88da080f08 initial coding
carl
parents: 1
diff changeset
93 void dump();
6e88da080f08 initial coding
carl
parents: 1
diff changeset
94 void read();
4
2737ab01659a initial coding
carl
parents: 3
diff changeset
95 void sleep(int duration, time_t &previous);
3
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
96 bool looking(int ip);
1
551433a01cab initial coding
carl
parents:
diff changeset
97 };
551433a01cab initial coding
carl
parents:
diff changeset
98
551433a01cab initial coding
carl
parents:
diff changeset
99 void discard(string_set &s);
551433a01cab initial coding
carl
parents:
diff changeset
100 char* register_string(string_set &s, char *name);
551433a01cab initial coding
carl
parents:
diff changeset
101 char* register_string(char *name);
3
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
102 int ip_address(char *have);
1
551433a01cab initial coding
carl
parents:
diff changeset
103 bool load_conf(CONFIG &dc, char *fn);
551433a01cab initial coding
carl
parents:
diff changeset
104 void token_init();
551433a01cab initial coding
carl
parents:
diff changeset
105
27
28fec0c67646 make add/remove commands configureable
carl
parents: 20
diff changeset
106 extern char *token_add;
3
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
107 extern char *token_bucket;
1
551433a01cab initial coding
carl
parents:
diff changeset
108 extern char *token_file;
3
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
109 extern char *token_ignore;
1
551433a01cab initial coding
carl
parents:
diff changeset
110 extern char *token_include;
3
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
111 extern char *token_index;
1
551433a01cab initial coding
carl
parents:
diff changeset
112 extern char *token_lbrace;
3
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
113 extern char *token_pattern;
1
551433a01cab initial coding
carl
parents:
diff changeset
114 extern char *token_rbrace;
27
28fec0c67646 make add/remove commands configureable
carl
parents: 20
diff changeset
115 extern char *token_remove;
1
551433a01cab initial coding
carl
parents:
diff changeset
116 extern char *token_semi;
3
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
117 extern char *token_slash;
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
118 extern char *token_threshold;
1
551433a01cab initial coding
carl
parents:
diff changeset
119