diff options
Diffstat (limited to 'usr/local/www/filter_log.inc')
| -rw-r--r-- | usr/local/www/filter_log.inc | 33 |
1 files changed, 28 insertions, 5 deletions
diff --git a/usr/local/www/filter_log.inc b/usr/local/www/filter_log.inc index aa5957b..f7b6c32 100644 --- a/usr/local/www/filter_log.inc +++ b/usr/local/www/filter_log.inc @@ -38,17 +38,23 @@ function conv_log_filter($logfile, $nentries, $tail = 50) { if (!(is_numeric($tail))) return; + /* FreeBSD 8 splits pf log lines into two lines, so we need to at least + * tail twice as many, plus some extra to account for unparseable lines */ + $tail = $tail * 2 + 50; + /* Always do a reverse tail, to be sure we're grabbing the 'end' of the log. */ $logarr = ""; if(isset($config['system']['usefifolog'])) - exec("/usr/sbin/fifolog_reader {$logfile} | /usr/bin/tail -r -n 500", $logarr); + exec("/usr/sbin/fifolog_reader {$logfile} | /usr/bin/tail -r -n {$tail}", $logarr); else - exec("/usr/sbin/clog {$logfile} | grep -v \"CLOG\" | grep -v \"\033\" | /usr/bin/tail -r -n 500", $logarr); + exec("/usr/sbin/clog {$logfile} | grep -v \"CLOG\" | grep -v \"\033\" | /usr/bin/tail -r -n {$tail}", $logarr); $filterlog = array(); $counter = 0; + $logarr = array_reverse(collapse_filter_lines(array_reverse($logarr))); + foreach ($logarr as $logent) { if($counter >= $nentries) break; @@ -63,6 +69,25 @@ function conv_log_filter($logfile, $nentries, $tail = 50) { return isset($config['syslog']['reverse']) ? $filterlog : array_reverse($filterlog); } +function collapse_filter_lines($logarr) { + $lastline = ""; + $collapsed = array(); + foreach ($logarr as $logent) { + $line_split = ""; + preg_match("/.*\spf:\s(.*)/", $logent, $line_split); + if (substr($line_split[1], 0, 4) != " ") { + if (($lastline != "") && (substr($lastline, 0, 1) != " ")) { + $collapsed[] = $lastline; + } + $lastline = $logent; + } else { + $lastline .= substr($line_split[1], 3); + } + } + //print_r($collapsed); + return $collapsed; +} + function parse_filter_line($line) { global $config, $g; $log_split = ""; @@ -97,9 +122,7 @@ function parse_filter_line($line) { $flent['tcpflags'] = ""; if ($flent['proto'] == "TCP") { $flags = split('[\, ]', $leftovers); - $flent['tcpflags'] = $flags[0]; - if ($flent['tcpflags'] == ".") - $flent['tcpflags'] = "A"; + $flent['tcpflags'] = str_replace(".", "A", substr($flags[1], 1, -1)); } /* If there is a src, a dst, and a time, then the line should be usable/good */ |
