From e3efcb23fa0ab60dcfa032e12236fb433dea88d5 Mon Sep 17 00:00:00 2001 From: NOYB Date: Wed, 2 Dec 2015 14:47:32 -0800 Subject: Status - System Logs - Filter Add advanced log filter form Break out log listing fields in to columns (Time, Process, PID, Message). Basic log filter form is still used in raw mode. --- src/etc/inc/filter_log.inc | 139 +++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 135 insertions(+), 4 deletions(-) (limited to 'src/etc/inc/filter_log.inc') diff --git a/src/etc/inc/filter_log.inc b/src/etc/inc/filter_log.inc index ea45aa9..05f2b19 100644 --- a/src/etc/inc/filter_log.inc +++ b/src/etc/inc/filter_log.inc @@ -79,10 +79,60 @@ function conv_log_filter($logfile, $nentries, $tail = 50, $filtertext = "", $fil /* Always do a reverse tail, to be sure we're grabbing the 'end' of the log. */ $logarr = ""; + if ($logfile == "{$g['varlog_path']}/system.log") { $logfile_type = "system"; } + elseif ($logfile == "{$g['varlog_path']}/gateways.log") { $logfile_type = "system"; } + elseif ($logfile == "{$g['varlog_path']}/routing.log") { $logfile_type = "system"; } + elseif ($logfile == "{$g['varlog_path']}/resolver.log") { $logfile_type = "system"; } + elseif ($logfile == "{$g['varlog_path']}/wireless.log") { $logfile_type = "system"; } + + elseif ($logfile == "{$g['varlog_path']}/filter.log") { $logfile_type = "firewall"; } + elseif ($logfile == "{$g['varlog_path']}/dhcpd.log") { $logfile_type = "system"; } + elseif ($logfile == "{$g['varlog_path']}/portalauth.log") { $logfile_type = "system"; } + elseif ($logfile == "{$g['varlog_path']}/ipsec.log") { $logfile_type = "system"; } + elseif ($logfile == "{$g['varlog_path']}/ppp.log") { $logfile_type = "system"; } + + elseif ($logfile == "{$g['varlog_path']}/vpn.log") { $logfile_type = "tbd"; } + elseif ($logfile == "{$g['varlog_path']}/pptps.log") { $logfile_type = "tbd"; } + elseif ($logfile == "{$g['varlog_path']}/poes.log") { $logfile_type = "tbd"; } + elseif ($logfile == "{$g['varlog_path']}/l2tps.log") { $logfile_type = "tbd"; } + + elseif ($logfile == "{$g['varlog_path']}/relayd.log") { $logfile_type = "system"; } + elseif ($logfile == "{$g['varlog_path']}/openvpn.log") { $logfile_type = "system"; } + elseif ($logfile == "{$g['varlog_path']}/ntpd.log") { $logfile_type = "system"; } + + else { $logfile_type = "unknown"; } + + if ($logfile_type == 'firewall') { + $pattern = "filterlog:"; + } + elseif ($logfile_type == 'system') { + + $month_pattern = "[a-zA-Z]{3}"; + $day_pattern = "[0-9]{1,2}"; + $time_pattern = "[0-9]{2}:[0-9]{2}:[0-9]{2}"; + + $date_pattern = "\(" . $month_pattern . "\ +" . $day_pattern . "\ +" . $time_pattern . "\)"; + + $process_pattern = "\(.*?\)"; + $pid_pattern = "\(.*?\)\(?::\ +\)?\(?:\[[0-9:]*\]\)?:?"; + $log_message_pattern = "\(.*\)"; + + $pattern = "^" . $date_pattern . "\ +" . $process_pattern . "\ +" . $pid_pattern . "\ +" . $log_message_pattern . "$"; + } + elseif ($logfile_type == 'tbd') { + $pattern = "^\(.*\)$"; + } + elseif ($logfile_type == 'unknown') { + $pattern = "^\(.*\)$"; + } + else { + $pattern = "^\(.*\)$"; + } + if (isset($config['system']['usefifolog'])) { - exec("/usr/sbin/fifolog_reader " . escapeshellarg($logfile) . " | /usr/bin/grep 'filterlog:' | /usr/bin/tail -r -n {$tail}", $logarr); + exec("/usr/sbin/fifolog_reader " . escapeshellarg($logfile) . " | /usr/bin/grep -E $pattern | /usr/bin/tail -r -n {$tail}", $logarr); } else { - exec("/usr/local/sbin/clog " . escapeshellarg($logfile) . " | /usr/bin/grep -v \"CLOG\" | /usr/bin/grep -v \"\033\" | /usr/bin/grep 'filterlog:' | /usr/bin/tail -r -n {$tail}", $logarr); + exec("/usr/local/sbin/clog " . escapeshellarg($logfile) . " | /usr/bin/grep -v \"CLOG\" | /usr/bin/grep -v \"\033\" | /usr/bin/grep -E $pattern | /usr/bin/tail -r -n {$tail}", $logarr); } $filterlog = array(); @@ -94,7 +144,12 @@ function conv_log_filter($logfile, $nentries, $tail = 50, $filtertext = "", $fil break; } - $flent = parse_filter_line($logent); + if ($logfile_type == 'firewall') { $flent = parse_firewall_log_line($logent); } + elseif ($logfile_type == 'system') { $flent = parse_system_log_line($logent); } + elseif ($logfile_type == 'tbd') { $flent = array(); } + elseif ($logfile_type == 'unknown') { $flent = parse_unknown_log_line($logent); } + else { $flent = array(); } + if (!$filterinterface || ($filterinterface == $flent['interface'])) { if ((($flent != "") && (!is_array($filtertext)) && (match_filter_line($flent, $filtertext))) || (($flent != "") && (is_array($filtertext)) && (match_filter_field($flent, $filtertext)))) { @@ -159,7 +214,83 @@ function in_arrayi($needle, $haystack) { return in_array(strtolower($needle), array_map('strtolower', $haystack)); } -function parse_filter_line($line) { +function parse_unknown_log_line($line) { + global $config, $g; + + $flent = array(); + $log_split = ""; + + $month_pattern = "[a-zA-Z]{3}"; + $day_pattern = "[0-9]{1,2}"; + $time_pattern = "[0-9]{2}:[0-9]{2}:[0-9]{2}"; + + $date_pattern = "(" . $month_pattern . "\ +" . $day_pattern . "\ +" . $time_pattern . ")"; + + $log_message_pattern = "(.*)"; + + $pattern = "/^" . $date_pattern . "\ +" . $log_message_pattern . "$/"; + + if (!preg_match($pattern, $line, $log_split)) + return ""; + + list($all, $flent['time'], $flent['message']) = $log_split; + + if($g['debug']) { + log_error(sprintf(gettext("There was a error parsing: %s. Please report to mailing list or forum."), $flent['process'])); + return ""; + } + + /* If there is time, and message, fields, then the line should be usable/good */ + if (!( (trim($flent['time']) == "") && (trim($flent['message']) == "") )) { + return $flent; + } else { + if($g['debug']) { + log_error(sprintf(gettext("There was a error parsing log entry: %s. Please report to mailing list or forum."), $errline)); + } + return ""; + } +} + +function parse_system_log_line($line) { + global $config, $g; + + $flent = array(); + $log_split = ""; + + $month_pattern = "[a-zA-Z]{3}"; + $day_pattern = "[0-9]{1,2}"; + $time_pattern = "[0-9]{2}:[0-9]{2}:[0-9]{2}"; + + $date_pattern = "(" . $month_pattern . "\ +" . $day_pattern . "\ +" . $time_pattern . ")"; + + $process_pattern = "(.*?)"; + $pid_pattern = "(.*?)(?::\ +)?(?:\[([0-9:]*)\])?:?"; + $log_message_pattern = "(.*)"; + + $pattern = "/^" . $date_pattern . "\ +" . $process_pattern . "\ +" . $pid_pattern . "\ +" . $log_message_pattern . "$/"; + + if (!preg_match($pattern, $line, $log_split)) + return ""; + + list($all, $flent['time'], $flent['host'], $flent['process'], $flent['pid'], $flent['message']) = $log_split; + + if($g['debug']) { + log_error(sprintf(gettext("There was a error parsing: %s. Please report to mailing list or forum."), $flent['process'])); + return ""; + } + + /* If there is time, process, and message, fields, then the line should be usable/good */ + if (!( (trim($flent['time']) == "") && (trim($flent['process']) == "") && (trim($flent['message']) == "") )) { + return $flent; + } else { + if($g['debug']) { + log_error(sprintf(gettext("There was a error parsing log entry: %s. Please report to mailing list or forum."), $errline)); + } + return ""; + } +} + +function parse_firewall_log_line($line) { global $config, $g; $flent = array(); -- cgit v1.1