diff options
| author | NOYB <Al_Stu@Frontier.com> | 2015-12-15 21:27:08 -0800 |
|---|---|---|
| committer | NOYB <Al_Stu@Frontier.com> | 2015-12-15 21:27:08 -0800 |
| commit | d45a206f30cecb06d6cb01bb58efa529ec5997fc (patch) | |
| tree | 01cba174d4dc68614e4ddcea6427a5608be2c3a9 /src/etc/inc/filter_log.inc | |
| parent | 6b55a30f4b202d9593878a1e9ccc89e31792e311 (diff) | |
| download | pfsense-d45a206f30cecb06d6cb01bb58efa529ec5997fc.zip pfsense-d45a206f30cecb06d6cb01bb58efa529ec5997fc.tar.gz | |
Consolidate conv_log_filter RegEx Patterns
Consolidate common regex patterns.
Use pattern globally in parse functions.
Diffstat (limited to 'src/etc/inc/filter_log.inc')
| -rw-r--r-- | src/etc/inc/filter_log.inc | 78 |
1 files changed, 32 insertions, 46 deletions
diff --git a/src/etc/inc/filter_log.inc b/src/etc/inc/filter_log.inc index 6226ba2..7d00534 100644 --- a/src/etc/inc/filter_log.inc +++ b/src/etc/inc/filter_log.inc @@ -61,7 +61,7 @@ $buffer_rules_normal = array(); /* format filter logs */ function conv_log_filter($logfile, $nentries, $tail = 50, $filtertext = "", $filterinterface = null) { - global $config, $g; + global $config, $g, $pattern; /* Make sure this is a number before using it in a system call */ if (!(is_numeric($tail))) { @@ -88,7 +88,6 @@ function conv_log_filter($logfile, $nentries, $tail = 50, $filtertext = "", $fil else if ($logfile == "{$g['varlog_path']}/ppp.log") { $logfile_type = "system"; } else if ($logfile == "{$g['varlog_path']}/vpn.log") { $logfile_type = "tbd"; } - else if ($logfile == "{$g['varlog_path']}/pptps.log") { $logfile_type = "tbd"; } else if ($logfile == "{$g['varlog_path']}/poes.log") { $logfile_type = "tbd"; } else if ($logfile == "{$g['varlog_path']}/l2tps.log") { $logfile_type = "tbd"; } @@ -98,44 +97,58 @@ function conv_log_filter($logfile, $nentries, $tail = 50, $filtertext = "", $fil else { $logfile_type = "unknown"; } - if ($logfile_type == 'firewall') { - $pattern = "filterlog:"; - } - else if ($logfile_type == 'system') { - $month_pattern = "[a-zA-Z]{3}"; - $day_pattern = "[0-9]{1,2}"; - $time_pattern = "[0-9]{2}:[0-9]{2}:[0-9]{2}"; +# Common Regular Expression Patterns + $month_pattern = "[a-zA-Z]{3}"; + $day_pattern = "[0-9]{1,2}"; + $time_pattern = "[0-9]{2}:[0-9]{2}:[0-9]{2}"; - $date_pattern = "\(" . $month_pattern . "\ +" . $day_pattern . "\ +" . $time_pattern . "\)"; + $date_pattern = "\(" . $month_pattern . "\ +" . $day_pattern . "\ +" . $time_pattern . "\)"; - $host_pattern = "\(.*?\)"; -# $host_pattern = "\([a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9]\)"; + $host_pattern = "\(.*?\)"; +# $host_pattern = "\([a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9]\)"; + + $process_pattern = "\(.*?\)\(?::\ +\)?"; + $pid_pattern = "\(?:\\\[\([0-9:]*\)\\\]\)?:?"; + $process_pid_pattern = $process_pattern . $pid_pattern; - $process_pattern = "\(.*?\)\(?::\ +\)?"; - $pid_pattern = "\(?:\[[0-9:]*\]\)?:?"; - $process_pid_pattern = $process_pattern . $pid_pattern; + $log_message_pattern = "\(.*\)"; - $log_message_pattern = "\(.*\)"; + # Construct RegEx for specific log file type. + if ($logfile_type == 'firewall') { + $pattern = "filterlog:"; + } + else if ($logfile_type == 'system') { $pattern = "^" . $date_pattern . "\ +" . $host_pattern . "\ +" . $process_pid_pattern . "\ +" . $log_message_pattern . "$"; } else if ($logfile_type == 'tbd') { $pattern = "^\(.*\)$"; } else if ($logfile_type == 'unknown') { - $pattern = "^\(.*\)$"; + $pattern = "^" . $date_pattern . "\ +" . $log_message_pattern . "$"; } else { $pattern = "^\(.*\)$"; } + + # Get a bunch of log entries. if (isset($config['system']['usefifolog'])) { exec("/usr/sbin/fifolog_reader " . escapeshellarg($logfile) . " | /usr/bin/grep -E $pattern | /usr/bin/tail -r -n {$tail}", $logarr); } else { exec("/usr/local/sbin/clog " . escapeshellarg($logfile) . " | /usr/bin/grep -v \"CLOG\" | /usr/bin/grep -v \"\033\" | /usr/bin/grep -E $pattern | /usr/bin/tail -r -n {$tail}", $logarr); } + + # Remove escapes and fix up the pattern for preg_match. + $pattern = '/' . $pattern . '/'; + $pattern = str_replace('\(', '(', $pattern); + $pattern = str_replace('\)', ')', $pattern); + $pattern = str_replace('\[', '[', $pattern); + $pattern = str_replace('\]', ']', $pattern); + + $filterlog = array(); $counter = 0; @@ -222,21 +235,11 @@ function in_arrayi($needle, $haystack) { } function parse_unknown_log_line($line) { - global $config, $g; + global $config, $g, $pattern; $flent = array(); $log_split = ""; - $month_pattern = "[a-zA-Z]{3}"; - $day_pattern = "[0-9]{1,2}"; - $time_pattern = "[0-9]{2}:[0-9]{2}:[0-9]{2}"; - - $date_pattern = "(" . $month_pattern . "\ +" . $day_pattern . "\ +" . $time_pattern . ")"; - - $log_message_pattern = "(.*)"; - - $pattern = "/^" . $date_pattern . "\ +" . $log_message_pattern . "$/"; - if (!preg_match($pattern, $line, $log_split)) { return ""; } @@ -255,28 +258,11 @@ function parse_unknown_log_line($line) { } function parse_system_log_line($line) { - global $config, $g; + global $config, $g, $pattern; $flent = array(); $log_split = ""; - $month_pattern = "[a-zA-Z]{3}"; - $day_pattern = "[0-9]{1,2}"; - $time_pattern = "[0-9]{2}:[0-9]{2}:[0-9]{2}"; - - $date_pattern = "(" . $month_pattern . "\ +" . $day_pattern . "\ +" . $time_pattern . ")"; - - $host_pattern = "(.*?)"; -# $host_pattern = "([a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])"; - - $process_pattern = "(.*?)(?::\ +)?"; - $pid_pattern = "(?:\[([0-9:]*)\])?:?"; - $process_pid_pattern = $process_pattern . $pid_pattern; - - $log_message_pattern = "(.*)"; - - $pattern = "/^" . $date_pattern . "\ +" . $host_pattern . "\ +" . $process_pid_pattern . "\ +" . $log_message_pattern . "$/"; - if (!preg_match($pattern, $line, $log_split)) { return ""; } |
