diff options
| author | NOYB <Al_Stu@Frontier.com> | 2015-12-02 14:47:32 -0800 |
|---|---|---|
| committer | Stephen Beaver <sbeaver@netgate.com> | 2015-12-03 19:03:32 -0500 |
| commit | e3efcb23fa0ab60dcfa032e12236fb433dea88d5 (patch) | |
| tree | 0cd472f018f633a04f2ce80a186170304ca32d6a /src/etc/inc/filter_log.inc | |
| parent | c71d37a7f44e5987f39c1b497ad9808ae4ba3402 (diff) | |
| download | pfsense-e3efcb23fa0ab60dcfa032e12236fb433dea88d5.zip pfsense-e3efcb23fa0ab60dcfa032e12236fb433dea88d5.tar.gz | |
Status - System Logs - Filter
Add advanced log filter form
Break out log listing fields in to columns (Time, Process, PID, Message).
Basic log filter form is still used in raw mode.
Diffstat (limited to 'src/etc/inc/filter_log.inc')
| -rw-r--r-- | src/etc/inc/filter_log.inc | 139 |
1 files changed, 135 insertions, 4 deletions
diff --git a/src/etc/inc/filter_log.inc b/src/etc/inc/filter_log.inc index ea45aa9..05f2b19 100644 --- a/src/etc/inc/filter_log.inc +++ b/src/etc/inc/filter_log.inc @@ -79,10 +79,60 @@ function conv_log_filter($logfile, $nentries, $tail = 50, $filtertext = "", $fil /* Always do a reverse tail, to be sure we're grabbing the 'end' of the log. */ $logarr = ""; + if ($logfile == "{$g['varlog_path']}/system.log") { $logfile_type = "system"; } + elseif ($logfile == "{$g['varlog_path']}/gateways.log") { $logfile_type = "system"; } + elseif ($logfile == "{$g['varlog_path']}/routing.log") { $logfile_type = "system"; } + elseif ($logfile == "{$g['varlog_path']}/resolver.log") { $logfile_type = "system"; } + elseif ($logfile == "{$g['varlog_path']}/wireless.log") { $logfile_type = "system"; } + + elseif ($logfile == "{$g['varlog_path']}/filter.log") { $logfile_type = "firewall"; } + elseif ($logfile == "{$g['varlog_path']}/dhcpd.log") { $logfile_type = "system"; } + elseif ($logfile == "{$g['varlog_path']}/portalauth.log") { $logfile_type = "system"; } + elseif ($logfile == "{$g['varlog_path']}/ipsec.log") { $logfile_type = "system"; } + elseif ($logfile == "{$g['varlog_path']}/ppp.log") { $logfile_type = "system"; } + + elseif ($logfile == "{$g['varlog_path']}/vpn.log") { $logfile_type = "tbd"; } + elseif ($logfile == "{$g['varlog_path']}/pptps.log") { $logfile_type = "tbd"; } + elseif ($logfile == "{$g['varlog_path']}/poes.log") { $logfile_type = "tbd"; } + elseif ($logfile == "{$g['varlog_path']}/l2tps.log") { $logfile_type = "tbd"; } + + elseif ($logfile == "{$g['varlog_path']}/relayd.log") { $logfile_type = "system"; } + elseif ($logfile == "{$g['varlog_path']}/openvpn.log") { $logfile_type = "system"; } + elseif ($logfile == "{$g['varlog_path']}/ntpd.log") { $logfile_type = "system"; } + + else { $logfile_type = "unknown"; } + + if ($logfile_type == 'firewall') { + $pattern = "filterlog:"; + } + elseif ($logfile_type == 'system') { + + $month_pattern = "[a-zA-Z]{3}"; + $day_pattern = "[0-9]{1,2}"; + $time_pattern = "[0-9]{2}:[0-9]{2}:[0-9]{2}"; + + $date_pattern = "\(" . $month_pattern . "\ +" . $day_pattern . "\ +" . $time_pattern . "\)"; + + $process_pattern = "\(.*?\)"; + $pid_pattern = "\(.*?\)\(?::\ +\)?\(?:\[[0-9:]*\]\)?:?"; + $log_message_pattern = "\(.*\)"; + + $pattern = "^" . $date_pattern . "\ +" . $process_pattern . "\ +" . $pid_pattern . "\ +" . $log_message_pattern . "$"; + } + elseif ($logfile_type == 'tbd') { + $pattern = "^\(.*\)$"; + } + elseif ($logfile_type == 'unknown') { + $pattern = "^\(.*\)$"; + } + else { + $pattern = "^\(.*\)$"; + } + if (isset($config['system']['usefifolog'])) { - exec("/usr/sbin/fifolog_reader " . escapeshellarg($logfile) . " | /usr/bin/grep 'filterlog:' | /usr/bin/tail -r -n {$tail}", $logarr); + exec("/usr/sbin/fifolog_reader " . escapeshellarg($logfile) . " | /usr/bin/grep -E $pattern | /usr/bin/tail -r -n {$tail}", $logarr); } else { - exec("/usr/local/sbin/clog " . escapeshellarg($logfile) . " | /usr/bin/grep -v \"CLOG\" | /usr/bin/grep -v \"\033\" | /usr/bin/grep 'filterlog:' | /usr/bin/tail -r -n {$tail}", $logarr); + exec("/usr/local/sbin/clog " . escapeshellarg($logfile) . " | /usr/bin/grep -v \"CLOG\" | /usr/bin/grep -v \"\033\" | /usr/bin/grep -E $pattern | /usr/bin/tail -r -n {$tail}", $logarr); } $filterlog = array(); @@ -94,7 +144,12 @@ function conv_log_filter($logfile, $nentries, $tail = 50, $filtertext = "", $fil break; } - $flent = parse_filter_line($logent); + if ($logfile_type == 'firewall') { $flent = parse_firewall_log_line($logent); } + elseif ($logfile_type == 'system') { $flent = parse_system_log_line($logent); } + elseif ($logfile_type == 'tbd') { $flent = array(); } + elseif ($logfile_type == 'unknown') { $flent = parse_unknown_log_line($logent); } + else { $flent = array(); } + if (!$filterinterface || ($filterinterface == $flent['interface'])) { if ((($flent != "") && (!is_array($filtertext)) && (match_filter_line($flent, $filtertext))) || (($flent != "") && (is_array($filtertext)) && (match_filter_field($flent, $filtertext)))) { @@ -159,7 +214,83 @@ function in_arrayi($needle, $haystack) { return in_array(strtolower($needle), array_map('strtolower', $haystack)); } -function parse_filter_line($line) { +function parse_unknown_log_line($line) { + global $config, $g; + + $flent = array(); + $log_split = ""; + + $month_pattern = "[a-zA-Z]{3}"; + $day_pattern = "[0-9]{1,2}"; + $time_pattern = "[0-9]{2}:[0-9]{2}:[0-9]{2}"; + + $date_pattern = "(" . $month_pattern . "\ +" . $day_pattern . "\ +" . $time_pattern . ")"; + + $log_message_pattern = "(.*)"; + + $pattern = "/^" . $date_pattern . "\ +" . $log_message_pattern . "$/"; + + if (!preg_match($pattern, $line, $log_split)) + return ""; + + list($all, $flent['time'], $flent['message']) = $log_split; + + if($g['debug']) { + log_error(sprintf(gettext("There was a error parsing: %s. Please report to mailing list or forum."), $flent['process'])); + return ""; + } + + /* If there is time, and message, fields, then the line should be usable/good */ + if (!( (trim($flent['time']) == "") && (trim($flent['message']) == "") )) { + return $flent; + } else { + if($g['debug']) { + log_error(sprintf(gettext("There was a error parsing log entry: %s. Please report to mailing list or forum."), $errline)); + } + return ""; + } +} + +function parse_system_log_line($line) { + global $config, $g; + + $flent = array(); + $log_split = ""; + + $month_pattern = "[a-zA-Z]{3}"; + $day_pattern = "[0-9]{1,2}"; + $time_pattern = "[0-9]{2}:[0-9]{2}:[0-9]{2}"; + + $date_pattern = "(" . $month_pattern . "\ +" . $day_pattern . "\ +" . $time_pattern . ")"; + + $process_pattern = "(.*?)"; + $pid_pattern = "(.*?)(?::\ +)?(?:\[([0-9:]*)\])?:?"; + $log_message_pattern = "(.*)"; + + $pattern = "/^" . $date_pattern . "\ +" . $process_pattern . "\ +" . $pid_pattern . "\ +" . $log_message_pattern . "$/"; + + if (!preg_match($pattern, $line, $log_split)) + return ""; + + list($all, $flent['time'], $flent['host'], $flent['process'], $flent['pid'], $flent['message']) = $log_split; + + if($g['debug']) { + log_error(sprintf(gettext("There was a error parsing: %s. Please report to mailing list or forum."), $flent['process'])); + return ""; + } + + /* If there is time, process, and message, fields, then the line should be usable/good */ + if (!( (trim($flent['time']) == "") && (trim($flent['process']) == "") && (trim($flent['message']) == "") )) { + return $flent; + } else { + if($g['debug']) { + log_error(sprintf(gettext("There was a error parsing log entry: %s. Please report to mailing list or forum."), $errline)); + } + return ""; + } +} + +function parse_firewall_log_line($line) { global $config, $g; $flent = array(); |
