changeset 4:37eace15ef87

allow hourly/daily/weekly triggers for output generation, append to temp wflogs input files so daemon restart won't drop as much data
author Carl Byington <carl@five-ten-sg.com>
date Fri, 17 May 2013 12:03:21 -0700
parents 2ea606326f5b
children efe0b291233a
files src/wflogs-config.cpp src/wflogs-config.h wflogs-daemon.conf wflogs-daemon.spec.in xml/wflogs-daemon.in
diffstat 5 files changed, 97 insertions(+), 26 deletions(-) [+]
line wrap: on
line diff
--- a/src/wflogs-config.cpp	Fri May 17 10:37:25 2013 -0700
+++ b/src/wflogs-config.cpp	Fri May 17 12:03:21 2013 -0700
@@ -13,9 +13,16 @@
 #include <arpa/inet.h>
 #include <netdb.h>
 #include <limits.h>
+#include <time.h>
+
+
+string_set      all_strings;// owns all the strings, only modified by the config loader thread
+const int maxlen = 1000;    // used for snprintf buffers
 
 const char *token_context;
+const char *token_daily;
 const char *token_file;
+const char *token_hourly;
 const char *token_include;
 const char *token_lbrace;
 const char *token_output;
@@ -24,13 +31,11 @@
 const char *token_rbrace;
 const char *token_semi;
 const char *token_tempin;
+const char *token_trigger;
 const char *token_versions;
+const char *token_weekly;
 const char *token_wflogs;
 
-string_set      all_strings;// owns all the strings, only modified by the config loader thread
-const int maxlen = 1000;    // used for snprintf buffers
-
-
 
 ////////////////////////////////////////////////
 //
@@ -41,6 +46,7 @@
     fdo                = -1;
     period             = 120;
     versions           = 3;
+    trigger            = NULL;
     output             = NULL;
     tempin             = NULL;
     wflogs             = NULL;
@@ -58,6 +64,7 @@
     printf("context %s {\n", name);
     printf("    period   %d; \n", period);
     printf("    versions %d; \n", versions);
+    if (trigger) printf("    trigger  \"%s\";\n", trigger);
     printf("    output   \"%s\";\n", output);
     printf("    tempin   \"%s\";\n", tempin);
     printf("    wflogs   \"%s\";\n", wflogs);
@@ -69,7 +76,8 @@
 
 void CONTEXT::openo(bool msg) {
     open_time = time(NULL);
-    fdo = ::creat(tempin, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
+    localtime_r(&open_time, &open_tm);
+    fdo = ::open(tempin, O_CREAT | O_WRONLY, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
     if (fdo == -1) {
         if (msg) {
             char buf[maxlen];
@@ -77,6 +85,9 @@
             tokp->token_error(buf);
         }
     }
+    else {
+        lseek(fdo, 0, SEEK_END);
+    }
 }
 
 
@@ -191,9 +202,19 @@
 }
 
 
+bool CONTEXT::check_wflog_time() {
+    time_t now_time = time(NULL);
+    tm now_tm;
+    localtime_r(&now_time, &now_tm);
+    return (open_time + period < now_time) || \
+           ((trigger == token_hourly) && (now_tm.tm_hour != open_tm.tm_hour)) || \
+           ((trigger == token_daily)  && (now_tm.tm_wday != open_tm.tm_wday)) || \
+           ((trigger == token_weekly) && (now_tm.tm_wday != open_tm.tm_wday) && (now_tm.tm_wday == 0));
+}
+
+
 void CONTEXT::check_wflog() {
-    time_t now = time(NULL);
-    if ((fdo != -1) && (open_time + period < now)) {
+    if ((fdo != -1) && check_wflog_time()) {
         closeo();
         // rename previous wflog html output files
         char buf[maxlen];
@@ -368,7 +389,16 @@
                 tok.token_error(buf);
                 con->pattern = NULL;
             }
-
+            if (!tsa(tok, token_semi)) return false;
+        }
+        else if (have == token_trigger) {
+            have = tok.next();
+            if ((have == token_hourly) || (have == token_daily) || (have == token_weekly)) {
+                con->trigger = have;
+            }
+            else {
+                tok.token_error("hourly/daily/weekly", have);
+            }
             if (!tsa(tok, token_semi)) return false;
         }
         else {
@@ -416,7 +446,9 @@
 //
 void token_init() {
     token_context    = register_string("context");
+    token_daily      = register_string("daily");
     token_file       = register_string("file");
+    token_hourly     = register_string("hourly");
     token_include    = register_string("include");
     token_lbrace     = register_string("{");
     token_output     = register_string("output");
@@ -425,6 +457,8 @@
     token_rbrace     = register_string("}");
     token_semi       = register_string(";");
     token_tempin     = register_string("tempin");
+    token_trigger    = register_string("trigger");
     token_versions   = register_string("versions");
+    token_weekly     = register_string("weekly");
     token_wflogs     = register_string("wflogs");
 }
--- a/src/wflogs-config.h	Fri May 17 10:37:25 2013 -0700
+++ b/src/wflogs-config.h	Fri May 17 12:03:21 2013 -0700
@@ -31,11 +31,13 @@
     // output side
     int                 fdo;                // output tempin wflogs file
     time_t              open_time;          // time when fdo opened
+    tm                  open_tm;
     TOKEN               *tokp;
     // our data
     int             period;     // in seconds
     int             versions;   // number to keep
     // all strings owned by the string table
+    const char *    trigger;    // trigger token or NULL
     const char *    output;     // output file name pattern
     const char *    tempin;     // temp wflogs input file name
     const char *    wflogs;     // wflogs command line
@@ -63,7 +65,8 @@
     void    closeo();
     void    close();
     void    process(char *p);
-    void    check_wflog();      // time to call it?
+    bool    check_wflog_time();
+    void    check_wflog();
     void    free_all();
 };
 typedef CONTEXT *               CONTEXTP;
@@ -98,7 +101,9 @@
 
 
 extern const char *token_context;
+extern const char *token_daily;
 extern const char *token_file;
+extern const char *token_hourly;
 extern const char *token_include;
 extern const char *token_lbrace;
 extern const char *token_output;
@@ -107,5 +112,7 @@
 extern const char *token_rbrace;
 extern const char *token_semi;
 extern const char *token_tempin;
+extern const char *token_trigger;
 extern const char *token_versions;
+extern const char *token_weekly;
 extern const char *token_wflogs;
--- a/wflogs-daemon.conf	Fri May 17 10:37:25 2013 -0700
+++ b/wflogs-daemon.conf	Fri May 17 12:03:21 2013 -0700
@@ -2,8 +2,19 @@
     period   120;
     versions 20;
     output   "/var/www/html/firewall.0fast.%d.html";
-    tempin   "/tmp/wflogs.fast.input";
-    wflogs   "nice wflogs -i all -o html /tmp/wflogs.fast.input >%s &";
+    tempin   "/var/lib/wflogs-daemon/wflogs.fast.input";
+    wflogs   "nice wflogs -i all -o html /var/lib/wflogs-daemon/wflogs.fast.input >%s &";
+    file     "/var/log/messages";
+    pattern  "vyatta kernel";
+};
+
+context hourly {
+    period   3600;
+    versions 4;
+    trigger  hourly;
+    output   "/var/www/html/firewall.1hourly.%d.html";
+    tempin   "/var/lib/wflogs-daemon/wflogs.hourly.input";
+    wflogs   "nice wflogs -i all -o html /var/lib/wflogs-daemon/wflogs.hourly.input >%s &";
     file     "/var/log/messages";
     pattern  "vyatta kernel";
 };
@@ -11,9 +22,10 @@
 context daily {
     period   86400;
     versions 7;
-    output   "/var/www/html/firewall.1daily.%d.html";
-    tempin   "/tmp/wflogs.daily.input";
-    wflogs   "nice wflogs -i all -o html /tmp/wflogs.daily.input >%s &";
+    trigger  daily;
+    output   "/var/www/html/firewall.2daily.%d.html";
+    tempin   "/var/lib/wflogs-daemon/wflogs.daily.input";
+    wflogs   "nice wflogs -i all -o html /var/lib/wflogs-daemon/wflogs.daily.input >%s &";
     file     "/var/log/messages";
     pattern  "vyatta kernel";
 };
@@ -21,9 +33,10 @@
 context weekly {
     period   604800;
     versions 4;
-    output   "/var/www/html/firewall.2weekly.%d.html";
-    tempin   "/tmp/wflogs.weekly.input";
-    wflogs   "nice wflogs -i all -o html /tmp/wflogs.weekly.input >%s &";
+    trigger  weekly;
+    output   "/var/www/html/firewall.3weekly.%d.html";
+    tempin   "/var/lib/wflogs-daemon/wflogs.weekly.input";
+    wflogs   "nice wflogs -i all -o html /var/lib/wflogs-daemon/wflogs.weekly.input >%s &";
     file     "/var/log/messages";
     pattern  "vyatta kernel";
 };
--- a/wflogs-daemon.spec.in	Fri May 17 10:37:25 2013 -0700
+++ b/wflogs-daemon.spec.in	Fri May 17 12:03:21 2013 -0700
@@ -33,6 +33,7 @@
 rm -rf $RPM_BUILD_ROOT
 make DESTDIR=$RPM_BUILD_ROOT install
 mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d
+mkdir -p $RPM_BUILD_ROOT/var/lib/%{name}
 mv -f $RPM_BUILD_ROOT%{_sysconfdir}/%{name}        $RPM_BUILD_ROOT/etc/rc.d/init.d
 
 
@@ -62,6 +63,7 @@
 %{_mandir}/man5/*
 %docdir %{_datadir}/doc/%{name}-%{version}
 %{_datadir}/doc/%{name}-%{version}
+/var/lib/%{name}/
 %config(noreplace) %{_sysconfdir}/%{name}.conf
 /etc/rc.d/init.d/%{name}
 
@@ -69,6 +71,7 @@
 %changelog
 * Fri May 17 2013 Carl Byington <carl@five-ten-sg.com> - 1.1-1
 - allow multiple config contexts
+- output optionally triggered by hourly/daily/weekly rollover
 
 * Wed May 15 2013 Carl Byington <carl@five-ten-sg.com> - 1.0-1
 - initial revision
--- a/xml/wflogs-daemon.in	Fri May 17 10:37:25 2013 -0700
+++ b/xml/wflogs-daemon.in	Fri May 17 12:03:21 2013 -0700
@@ -159,9 +159,10 @@
             <literallayout class="monospaced"><![CDATA[
 CONFIG     = {CONTEXT ";"}+
 CONTEXT    = "context" NAME "{" {STATEMENT}+ "}"
-STATEMENT := (PERIOD | VERSIONS | OUTPUT | TEMPIN | WFLOGS | FILE | PATTERN) ";"
+STATEMENT := (PERIOD | VERSIONS | TRIGGER | OUTPUT | TEMPIN | WFLOGS | FILE | PATTERN) ";"
 PERIOD    := "period" INTEGER-VALUE-SECONDS
 VERSIONS  := "versions" INTEGER-VALUE
+TRIGGER   := "trigger" ("hourly" | "daily" | "weekly")
 OUTPUT    := "output" OUTPUT-FILE-PATTERN
 TEMPIN    := "tempin" TEMP-FILE-NAME
 WFLOGS    := "wflogs" WFLOGS-COMMAND-PATTERN
@@ -176,8 +177,19 @@
     period   120;
     versions 20;
     output   "/var/www/html/firewall.0fast.%d.html";
-    tempin   "/tmp/wflogs.fast.input";
-    wflogs   "nice wflogs -i all -o html /tmp/wflogs.fast.input >%s &";
+    tempin   "/var/lib/wflogs-daemon/wflogs.fast.input";
+    wflogs   "nice wflogs -i all -o html /var/lib/wflogs-daemon/wflogs.fast.input >%s &";
+    file     "/var/log/messages";
+    pattern  "vyatta kernel";
+};
+
+context hourly {
+    period   3600;
+    versions 4;
+    trigger  hourly;
+    output   "/var/www/html/firewall.1hourly.%d.html";
+    tempin   "/var/lib/wflogs-daemon/wflogs.hourly.input";
+    wflogs   "nice wflogs -i all -o html /var/lib/wflogs-daemon/wflogs.hourly.input >%s &";
     file     "/var/log/messages";
     pattern  "vyatta kernel";
 };
@@ -185,9 +197,10 @@
 context daily {
     period   86400;
     versions 7;
-    output   "/var/www/html/firewall.1daily.%d.html";
-    tempin   "/tmp/wflogs.daily.input";
-    wflogs   "nice wflogs -i all -o html /tmp/wflogs.daily.input >%s &";
+    trigger  daily;
+    output   "/var/www/html/firewall.2daily.%d.html";
+    tempin   "/var/lib/wflogs-daemon/wflogs.daily.input";
+    wflogs   "nice wflogs -i all -o html /var/lib/wflogs-daemon/wflogs.daily.input >%s &";
     file     "/var/log/messages";
     pattern  "vyatta kernel";
 };
@@ -195,9 +208,10 @@
 context weekly {
     period   604800;
     versions 4;
-    output   "/var/www/html/firewall.2weekly.%d.html";
-    tempin   "/tmp/wflogs.weekly.input";
-    wflogs   "nice wflogs -i all -o html /tmp/wflogs.weekly.input >%s &";
+    trigger  weekly;
+    output   "/var/www/html/firewall.3weekly.%d.html";
+    tempin   "/var/lib/wflogs-daemon/wflogs.weekly.input";
+    wflogs   "nice wflogs -i all -o html /var/lib/wflogs-daemon/wflogs.weekly.input >%s &";
     file     "/var/log/messages";
     pattern  "vyatta kernel";
 };]]></literallayout>