summaryrefslogtreecommitdiffstats
path: root/src/sh_log_parse_samba.c
blob: e84302a029c8d4fdc4e2f8bb95241fca85e7c005 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104

/**************************************
 **
 ** PARSER RULES
 **
 ** (a) must set record->host 
 **     (eventually to dummy value)
 **
 ** (b) must set record->prefix
 **     (command) 
 **
 **
 **************************************/

/* for strptime */
#define _XOPEN_SOURCE

#include "config_xor.h"
#include <string.h>

#if defined(HOST_IS_SOLARIS)
/* For 'struct timeval' in <sys/time.h> */
#define __EXTENSIONS__
#endif

#include <time.h>

#if defined(USE_LOGFILE_MONITOR)

#include "samhain.h"
#include "sh_pthread.h"
#include "sh_log_check.h"
#include "sh_string.h"

#undef  FIL__
#define FIL__  _("sh_log_parse_samba.c")


sh_string * sh_read_samba (sh_string * record, struct sh_logfile * logfile)
{
  return sh_cont_reader (record, logfile, " \t");
}

struct sh_logrecord * sh_parse_samba (sh_string * logline, void * fileinfo)
{
  static struct tm old_tm;
  static time_t    old_time;

  struct sh_logrecord * record = NULL;

  static const char *    format0_1 = N_("[%Y/%m/%d %T");
  static char   format_1[16]; 
  static int    format_init = 0;

  (void) fileinfo;

  if (!format_init)
    {
      sl_strlcpy(format_1, _(format0_1), sizeof(format_1));
      format_init = 1;
    }

  if (logline && sh_string_len(logline) > 0)
    {
      size_t lengths[3];
      unsigned int  fields = 3;
      char ** array;
      char * p = strchr(sh_string_str(logline), ',');

      *p = '\0'; ++p;
      array = split_array_ws(p, &fields, lengths);

      if (fields == 3)
	{
	  struct tm btime;
	  char * ptr;

	  memset(&btime, 0, sizeof(struct tm));
	  btime.tm_isdst = -1;

	  ptr = strptime(sh_string_str(logline), format_1, &btime);

	  if (ptr && *ptr == '\0') /* no error, whole string consumed */
	    {
	      record = SH_ALLOC(sizeof(struct sh_logrecord));

	      record->timestamp = conv_timestamp(&btime, &old_tm, &old_time);

	      p = sh_string_str(logline); ++p;
	  
	      record->timestr   = sh_string_new_from_lchar(p, strlen(p));
	      
	      record->message   = sh_string_new_from_lchar(array[2], lengths[2]);
	  
	      record->pid       = 0;
	      record->host      = sh_string_new_from_lchar(sh.host.name, 
							   strlen(sh.host.name));
	    }
	}
      SH_FREE(array);
    }
  return record;
}

#endif
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-02 05:07:05 +0000