public function SetFileName($szNewVal) { // Replace dynamic variables if necessary if (strpos($szNewVal, "%") !== false) { OutputDebugMessage("LogStreamConfigDisk|SetFileName: Filename before replacing: " . $szNewVal, DEBUG_DEBUG); // Create search and replace array $search = array("%y", "%Y", "%m", "%M", "%d", "%h", "%S", "%w", "%W"); $replace = array(date("y"), date("Y"), date("m"), date("i"), date("d"), date("H"), date("s"), date("w"), date("D")); // Do the replacing $szNewVal = str_replace($search, $replace, $szNewVal); OutputDebugMessage("LogStreamConfigDisk|SetFileName: Filename after replacing: " . $szNewVal, DEBUG_DEBUG); } // Set Filename Property! $this->FileName = $szNewVal; }
/** * ParseLine * * @param arrArguments array in&out: properties of interest. There can be no guarantee the logstream can actually deliver them. * @return integer Error stat */ public function ParseLine($szLine, &$arrArguments) { global $content; // Set IUT Property first! $arrArguments[SYSLOG_MESSAGETYPE] = IUT_Syslog; // Sample (WinSyslog/EventReporter): 2008-04-02,15:19:06,2008-04-02,15:19:06,127.0.0.1,16,5,EvntSLog: Performance counters for the RSVP (QoS RSVP) service were loaded successfully. if (preg_match("/([0-9]{4,4}-[0-9]{1,2}-[0-9]{1,2}.[0-9]{1,2}:[0-9]{1,2}:[0-9]{1,2}),([0-9]{4,4}-[0-9]{1,2}-[0-9]{1,2}.[0-9]{1,2}:[0-9]{1,2}:[0-9]{1,2}),(.*?),([0-9]{1,2}),([0-9]{1,2}),(.*?):(.*?)\$/", $szLine, $out)) { // Copy parsed properties! $arrArguments[SYSLOG_DATE] = GetEventTime($out[1]); $arrArguments[SYSLOG_HOST] = $out[3]; $arrArguments[SYSLOG_FACILITY] = $out[4]; $arrArguments[SYSLOG_SEVERITY] = $out[5]; $arrArguments[SYSLOG_SYSLOGTAG] = $out[6]; $arrArguments[SYSLOG_MESSAGE] = $out[7]; } else { if (preg_match("/([0-9]{4,4}-[0-9]{1,2}-[0-9]{1,2}.[0-9]{1,2}:[0-9]{1,2}:[0-9]{1,2}),([0-9]{4,4}-[0-9]{1,2}-[0-9]{1,2}.[0-9]{1,2}:[0-9]{1,2}:[0-9]{1,2}),(.*?),([0-9]{1,2}),([0-9]{1,2}),(.*?)\$/", $szLine, $out)) { // Copy parsed properties! $arrArguments[SYSLOG_DATE] = GetEventTime($out[1]); $arrArguments[SYSLOG_HOST] = $out[3]; $arrArguments[SYSLOG_FACILITY] = $out[4]; $arrArguments[SYSLOG_SEVERITY] = $out[5]; $arrArguments[SYSLOG_MESSAGE] = $out[6]; } else { if (isset($arrArguments[SYSLOG_MESSAGE]) && strlen($arrArguments[SYSLOG_MESSAGE]) > 0) { OutputDebugMessage("Unparseable Winsyslog message - '" . $arrArguments[SYSLOG_MESSAGE] . "'", DEBUG_ERROR); } } } // If SyslogTag is set, we check for MessageType! if (isset($arrArguments[SYSLOG_SYSLOGTAG])) { if (strpos($arrArguments[SYSLOG_SYSLOGTAG], "EvntSLog") !== false) { $arrArguments[SYSLOG_MESSAGETYPE] = IUT_NT_EventReport; } } // Return success! return SUCCESS; }
/** * Init advanced settings from _customFilters string */ public function InitAdvancedSettings() { // Parse and Split _customFilters if (strlen($this->_customFilters) > 0) { // First of all split by comma $tmpFilterValues = explode(",", $this->_customFilters); //Loop through mappings foreach ($tmpFilterValues as &$myFilterValue) { // Split subvalues $tmpArray = explode("=>", $myFilterValue); // Set into temporary array $tmpfilterid = trim($tmpArray[0]); // Set advanced property if (isset($this->_arrCustomFilters[$tmpfilterid])) { // Copy New value first! $szNewVal = trim($tmpArray[1]); // Negated logic if ($this->_arrCustomFilters[$tmpfilterid][FILTER_TYPE] == FILTER_TYPE_NUMBER && !(isset($this->_arrCustomFilters[$tmpfilterid]['MinValue']) && intval($szNewVal) < $this->_arrCustomFilters[$tmpfilterid]['MinValue']) && !(isset($this->_arrCustomFilters[$tmpfilterid]['MaxValue']) && intval($szNewVal) >= $this->_arrCustomFilters[$tmpfilterid]['MaxValue'])) { if ($tmpfilterid == '_maxHosts') { $this->_maxHosts = intval($szNewVal); } else { if ($tmpfilterid == '_maxauditsummarysPerHost') { $this->_maxauditsummarysPerHost = intval($szNewVal); } else { if ($tmpfilterid == '_colorThreshold') { $this->_colorThreshold = intval($szNewVal); } } } } else { if ($this->_arrCustomFilters[$tmpfilterid][FILTER_TYPE] == FILTER_TYPE_BOOL) { if ($tmpfilterid == '_events_logon') { $this->_events_logon = intval($szNewVal); } else { if ($tmpfilterid == '_events_logoff') { $this->_events_logoff = intval($szNewVal); } else { if ($tmpfilterid == '_events_logonfail') { $this->_events_logonfail = intval($szNewVal); } else { if ($tmpfilterid == '_events_policychangeevents') { $this->_events_policychangeevents = intval($szNewVal); } else { if ($tmpfilterid == '_events_objectaccess') { $this->_events_objectaccess = intval($szNewVal); } else { if ($tmpfilterid == '_events_systemevents') { $this->_events_systemevents = intval($szNewVal); } else { if ($tmpfilterid == '_events_hostsessionevents') { $this->_events_hostsessionevents = intval($szNewVal); } else { if ($tmpfilterid == '_events_useraccchangeevents') { $this->_events_useraccchangeevents = intval($szNewVal); } else { if ($tmpfilterid == '_events_auditpolicychangesevents') { $this->_events_auditpolicychangesevents = intval($szNewVal); } else { if ($tmpfilterid == '_events_useractions') { $this->_events_useractions = intval($szNewVal); } else { if ($tmpfilterid == '_events_hostactions') { $this->_events_hostactions = intval($szNewVal); } } } } } } } } } } } } else { // Write to debuglog OutputDebugMessage("Failed setting advanced report option property '" . $tmpfilterid . "', value not in value range!", DEBUG_ERROR); } } } } } }
function InitReportModules($szRootPath = "") { global $content, $gl_root_path; // Check for parameter if (strlen($szRootPath) == 0) { $szRootPath = $gl_root_path; } $szDirectory = $szRootPath . 'classes/reports/'; $aFiles = list_files($szDirectory, true); if (isset($aFiles) && count($aFiles) > 0) { foreach ($aFiles as $myFile) { // Check if file is valid msg parser! if (preg_match("/report\\.(.*?)\\.(.*?)\\.class\\.php\$/", $myFile, $out)) { // Set ParserID! $myReportCat = $out[1]; $myReportID = $out[2]; // Check if parser file include exists $szIncludeFile = $szDirectory . $myFile; if (file_exists($szIncludeFile)) { // Try to include if (include_once $szIncludeFile) { // Set ParserClassName $szReportClass = "Report_" . $myReportID; // Create Instance and get properties $tmpReport = new $szReportClass(); // Create an instance $szReportName = $tmpReport->_reportTitle; $szReportDescription = $tmpReport->_reportDescription; $szReportVersion = $tmpReport->_reportVersion; $szReportHelpArticle = $tmpReport->_reportHelpArticle; $bNeedsInit = $tmpReport->_reportNeedsInit; $bInitialized = $tmpReport->_reportInitialized; $aRequiredFieldsList = $tmpReport->GetRequiredProperties(); /* // check for required fields! if ( $tmpReport->_ClassRequiredFields != null && count($tmpParser->_ClassRequiredFields) > 0 ) { $bCustomFields = true; $aCustomFieldList = $tmpParser->_ClassRequiredFields; // print_r ( $aCustomFieldList ); } else { $bCustomFields = false; $aCustomFieldList = null; } */ // Add entry to report modules list! $content['REPORTS'][$myReportID] = array("ID" => $myReportID, "Category" => $myReportCat, "DisplayName" => $szReportName, "Description" => $szReportDescription, "ReportVersion" => $szReportVersion, "ReportHelpArticle" => $szReportHelpArticle, "NeedsInit" => $bNeedsInit, "Initialized" => $bInitialized, "ObjRef" => $tmpReport, "RequiredFieldsList" => $aRequiredFieldsList); // --- Now Search and populate savedReports | but only if DB Version is 9 or higher. if ($content['database_installedversion'] >= 9) { // --- Create SQL Query $sqlquery = " SELECT " . DB_SAVEDREPORTS . ".ID as SavedReportID, " . DB_SAVEDREPORTS . ".sourceid, " . DB_SAVEDREPORTS . ".customTitle, " . DB_SAVEDREPORTS . ".customComment, " . DB_SAVEDREPORTS . ".filterString, " . DB_SAVEDREPORTS . ".customFilters, " . DB_SAVEDREPORTS . ".outputFormat, " . DB_SAVEDREPORTS . ".outputTarget, " . DB_SAVEDREPORTS . ".outputTargetDetails, " . DB_SAVEDREPORTS . ".scheduleSettings " . " FROM `" . DB_SAVEDREPORTS . "`" . " WHERE `" . DB_SAVEDREPORTS . "`.reportid = '" . $myReportID . "' " . " ORDER BY `" . DB_SAVEDREPORTS . "`.customTitle"; // Get Views from DB now! $result = DB_Query($sqlquery); $myrows = DB_GetAllRows($result, true); if (isset($myrows) && count($myrows) > 0) { // Set to true! $content['REPORTS'][$myReportID]['HASSAVEDREPORTS'] = true; // Add all savedreports foreach ($myrows as &$mySavedReport) { // Set default properties if not set! if (!isset($mySavedReport['outputTarget']) || strlen($mySavedReport['outputTarget']) <= 0) { $mySavedReport['outputTarget'] = REPORT_TARGET_STDOUT; } // Add saved report into global array $content['REPORTS'][$myReportID]['SAVEDREPORTS'][$mySavedReport['SavedReportID']] = $mySavedReport; } } } // --- } else { // DEBUG ERROR OutputDebugMessage("InitReportModules: Failed including report file '" . $szIncludeFile . "' with error: '" . $php_errormsg . "'", DEBUG_ERROR); } } else { // DEBUG ERROR OutputDebugMessage("InitReportModules: Reportfile '" . $szIncludeFile . "' does not exist!", DEBUG_ERROR); } } } } // TODO: compare update report modules registered in database }
/** * Append filter definition for the current stream. * * @param filter object in: filter object * @return integer Error state */ public function AppendFilter($szFilters) { OutputDebugMessage("LogStream|AppendFilter: SetFilter combined = '" . $szFilters . "'. ", DEBUG_DEBUG); // Parse Filters from string $this->ParseFilters($szFilters); // return success return SUCCESS; }
/** * ParseLine * * @param arrArguments array in&out: properties of interest. There can be no guarantee the logstream can actually deliver them. * @return integer Error stat */ public function ParseLine($szLine, &$arrArguments) { // Set IUT Property first! $arrArguments[SYSLOG_MESSAGETYPE] = IUT_Syslog; // Sample (Syslog): Mar 10 14:45:44 debandre anacron[3226]: Job `cron.daily' terminated (mailing output) if (preg_match("/(...)(?:.|..)([0-9]{1,2} [0-9]{1,2}:[0-9]{1,2}:[0-9]{1,2}) ([a-zA-Z0-9_\\-\\.]{1,256}) ([A-Za-z0-9_\\-\\/\\.]{1,32})\\[(.*?)\\]:(.*?)\$/", $szLine, $out)) { // Copy parsed properties! $arrArguments[SYSLOG_DATE] = GetEventTime($out[1] . " " . $out[2]); $arrArguments[SYSLOG_HOST] = $out[3]; $arrArguments[SYSLOG_SYSLOGTAG] = $out[4]; $arrArguments[SYSLOG_PROCESSID] = $out[5]; $arrArguments[SYSLOG_MESSAGE] = $out[6]; } else { if (preg_match("/(...)(?:.|..)([0-9]{1,2} [0-9]{1,2}:[0-9]{1,2}:[0-9]{1,2}) ([a-zA-Z0-9_\\-\\.]{1,256}) ([A-Za-z0-9_\\-\\/\\.]{1,32}):(.*?)\$/", $szLine, $out)) { // Copy parsed properties! $arrArguments[SYSLOG_DATE] = GetEventTime($out[1] . " " . $out[2]); $arrArguments[SYSLOG_HOST] = $out[3]; $arrArguments[SYSLOG_SYSLOGTAG] = $out[4]; $arrArguments[SYSLOG_MESSAGE] = $out[5]; } else { if (preg_match("/(...)(?:.|..)([0-9]{1,2} [0-9]{1,2}:[0-9]{1,2}:[0-9]{1,2}) ([a-zA-Z0-9_\\-\\.]{1,256}) ([A-Za-z0-9_\\-\\/\\.]{1,32}) (.*?)\$/", $szLine, $out)) { // Copy parsed properties! $arrArguments[SYSLOG_DATE] = GetEventTime($out[1] . " " . $out[2]); $arrArguments[SYSLOG_HOST] = $out[3]; $arrArguments[SYSLOG_SYSLOGTAG] = $out[4]; $arrArguments[SYSLOG_MESSAGE] = $out[5]; } else { if (preg_match("/(...)(?:.|..)([0-9]{1,2} [0-9]{1,2}:[0-9]{1,2}:[0-9]{1,2}) (.*?) (.*?)\$/", $szLine, $out)) { // Copy parsed properties! $arrArguments[SYSLOG_DATE] = GetEventTime($out[1] . " " . $out[2]); $arrArguments[SYSLOG_HOST] = $out[3]; $arrArguments[SYSLOG_MESSAGE] = $out[4]; } else { if (preg_match("/([0-9]{4,4}-[0-9]{1,2}-[0-9]{1,2}T[0-9]{1,2}:[0-9]{1,2}:[0-9]{1,2}.[0-9]{1,2}:[0-9]{1,2}) (.*?) (.*?):(.*?)\$/", $szLine, $out)) { // Copy parsed properties! $arrArguments[SYSLOG_DATE] = GetEventTime($out[1]); $arrArguments[SYSLOG_HOST] = $out[2]; $arrArguments[SYSLOG_SYSLOGTAG] = $out[3]; $arrArguments[SYSLOG_MESSAGE] = $out[4]; } else { if (preg_match("/([0-9]{4,4}-[0-9]{1,2}-[0-9]{1,2}T[0-9]{1,2}:[0-9]{1,2}:[0-9]{1,2}\\.[0-9]{1,6}.[0-9]{1,2}:[0-9]{1,2}) (.*?) (.*?):(.*?)\$/", $szLine, $out)) { // Copy parsed properties! $arrArguments[SYSLOG_DATE] = GetEventTime($out[1]); $arrArguments[SYSLOG_HOST] = $out[2]; $arrArguments[SYSLOG_SYSLOGTAG] = $out[3]; $arrArguments[SYSLOG_MESSAGE] = $out[4]; } else { if (preg_match("/([0-9]{4,4}-[0-9]{1,2}-[0-9]{1,2}T[0-9]{1,2}:[0-9]{1,2}:[0-9]{1,2}\\.[0-9]{1,6}.[0-9]{1,2}:[0-9]{1,2}),(.*?)\$/", $szLine, $out)) { // Some kind of debug message or something ... $arrArguments[SYSLOG_DATE] = GetEventTime($out[1]); $arrArguments[SYSLOG_MESSAGE] = $out[2]; } else { if (isset($arrArguments[SYSLOG_MESSAGE]) && strlen($arrArguments[SYSLOG_MESSAGE]) > 0) { OutputDebugMessage("Unparseable syslog msg - '" . $arrArguments[SYSLOG_MESSAGE] . "'", DEBUG_ERROR); } } } } } } } } // If SyslogTag is set, we check for MessageType! if (isset($arrArguments[SYSLOG_SYSLOGTAG])) { if (strpos($arrArguments[SYSLOG_SYSLOGTAG], "EvntSLog") !== false) { $arrArguments[SYSLOG_MESSAGETYPE] = IUT_NT_EventReport; } } // Return success! return SUCCESS; }
function DB_PrintError($MyErrorMsg, $DieOrNot) { global $content, $n, $HTTP_COOKIE_VARS, $errdesc, $errno, $linesep; $errdesc = mysql_error(); $errno = mysql_errno(); // Define global variable so we know an error has occured! if (!defined('PHPLOGCON_INERROR')) { define('PHPLOGCON_INERROR', true); } $errormsg = "Database error: {$MyErrorMsg} {$linesep}"; $errormsg .= "mysql error: {$errdesc} {$linesep}"; $errormsg .= "mysql error number: {$errno} {$linesep}"; $errormsg .= "Date: " . date("d.m.Y @ H:i") . $linesep; $errormsg .= "Script: " . getenv("REQUEST_URI") . $linesep; $errormsg .= "Referer: " . getenv("HTTP_REFERER") . $linesep; if ($DieOrNot == true) { DieWithErrorMsg("{$linesep}" . $errormsg); } else { OutputDebugMessage("DB_PrintError: {$errormsg}", DEBUG_ERROR); if (!isset($content['detailederror'])) { $content['detailederror_code'] = ERROR_DB_QUERYFAILED; $content['detailederror'] = GetErrorMessage(ERROR_DB_QUERYFAILED); } else { $content['detailederror'] .= "<br><br>" . GetErrorMessage(ERROR_DB_QUERYFAILED); } // Append SQL Detail Error $content['detailederror'] .= "<br><br>" . $errormsg; } }
private function GetTriggersAsArray() { global $querycount; // Verify database connection (This also opens the database!) $res = $this->Verify(); if ($res != SUCCESS) { return $res; } // Init Array $arrIndexTriggers = array(); // Create SQL and Get INDEXES for table! if ($this->_logStreamConfigObj->DBType == DB_MYSQL) { $szSql = "SHOW TRIGGERS"; } else { if ($this->_logStreamConfigObj->DBType == DB_PGSQL) { $szSql = "SELECT tgname as \"Trigger\" from pg_trigger;"; } else { if ($this->_logStreamConfigObj->DBType == DB_MSSQL) { $szSql = "SELECT B.Name as TableName,A.name AS 'Trigger' FROM sysobjects A,sysobjects B WHERE A.xtype='TR' AND A.parent_obj = B.id"; } else { // Not supported in this case! return null; } } } OutputDebugMessage("LogStreamPDO|GetTriggersAsArray: List Triggers for '" . $this->_logStreamConfigObj->DBTableName . "' - " . $szSql, DEBUG_ULTRADEBUG); $myQuery = $this->_dbhandle->query($szSql); if ($myQuery) { // Loop through results while ($myRow = $myQuery->fetch(PDO::FETCH_ASSOC)) { // Add to index keys $arrIndexTriggers[] = strtolower($myRow['Trigger']); } // Free query now $myQuery->closeCursor(); // Increment for the Footer Stats $querycount++; } // return Array return $arrIndexTriggers; }
function GetEventTime($szTimStr) { // Sample: Mar 10 14:45:44 if (preg_match("/(...) ([0-9]{1,2}) ([0-9]{1,2}):([0-9]{1,2}):([0-9]{1,2})/", $szTimStr, $out)) { // RFC 3164 typical timestamp $eventtime[EVTIME_TIMESTAMP] = mktime($out[3], $out[4], $out[5], GetMonthFromString($out[1]), $out[2], date("Y")); // If the current time is if ($eventtime[EVTIME_TIMESTAMP] > time()) { // rare case on new year only! $eventtime[EVTIME_TIMESTAMP] = mktime($out[3], $out[4], $out[5], GetMonthFromString($out[1]), $out[2], date("Y") - 1); } $eventtime[EVTIME_TIMEZONE] = date('O'); // Get default Offset $eventtime[EVTIME_MICROSECONDS] = 0; // echo gmdate(DATE_RFC822, $eventtime[EVTIME_TIMESTAMP]) . "<br>"; // print_r ( $eventtime ); // exit; } else { if (preg_match("/([0-9]{4,4})-([0-9]{1,2})-([0-9]{1,2})T([0-9]{1,2}):([0-9]{1,2}):([0-9]{1,2})([+-])([0-9]{1,2}):([0-9]{1,2})/", $szTimStr, $out)) { // RFC 3164 typical timestamp $eventtime[EVTIME_TIMESTAMP] = mktime($out[4], $out[5], $out[6], $out[2], $out[3], $out[1]); $eventtime[EVTIME_TIMEZONE] = $out[7] . $out[8] . $out[9]; $eventtime[EVTIME_MICROSECONDS] = 0; } else { if (preg_match("/([0-9]{4,4})-([0-9]{1,2})-([0-9]{1,2})T([0-9]{1,2}):([0-9]{1,2}):([0-9]{1,2})\\.([0-9]{1,6})([+-])([0-9]{1,2}):([0-9]{1,2})/", $szTimStr, $out)) { // RFC 3164 typical timestamp $eventtime[EVTIME_TIMESTAMP] = mktime($out[4], $out[5], $out[6], $out[2], $out[3], $out[1]); $eventtime[EVTIME_TIMEZONE] = $out[8] . $out[9] . $out[10]; $eventtime[EVTIME_MICROSECONDS] = $out[7]; } else { if (preg_match("/([0-9]{4,4})-([0-9]{1,2})-([0-9]{1,2}),([0-9]{1,2}):([0-9]{1,2}):([0-9]{1,2})/", $szTimStr, $out)) { // RFC 3164 typical timestamp $eventtime[EVTIME_TIMESTAMP] = mktime($out[4], $out[5], $out[6], $out[2], $out[3], $out[1]); $eventtime[EVTIME_TIMEZONE] = date('O'); // Get default Offset $eventtime[EVTIME_MICROSECONDS] = 0; } else { if (preg_match("/([0-9]{4,4})-([0-9]{1,2})-([0-9]{1,2}) ([0-9]{1,2}):([0-9]{1,2}):([0-9]{1,2})/", $szTimStr, $out)) { // RFC 3164 typical timestamp $eventtime[EVTIME_TIMESTAMP] = mktime($out[4], $out[5], $out[6], $out[2], $out[3], $out[1]); $eventtime[EVTIME_TIMEZONE] = date('O'); // Get default Offset $eventtime[EVTIME_MICROSECONDS] = 0; } else { if (preg_match("/([0-9]{4,4})-([0-9]{1,2})-([0-9]{1,2})T([0-9]{1,2}):([0-9]{1,2}):([0-9]{1,2})/", $szTimStr, $out)) { // RFC 3164 typical timestamp $eventtime[EVTIME_TIMESTAMP] = mktime($out[4], $out[5], $out[6], $out[2], $out[3], $out[1]); $eventtime[EVTIME_TIMEZONE] = date('O'); // Get default Offset $eventtime[EVTIME_MICROSECONDS] = 0; } else { if (preg_match("/([0-9]{1,2})\\/(...)\\/([0-9]{1,4}):([0-9]{1,2}):([0-9]{1,2}):([0-9]{1,2}) ([+-])([0-9]{1,4})/", $szTimStr, $out)) { // Apache Logfile typical timestamp $eventtime[EVTIME_TIMESTAMP] = mktime($out[4], $out[5], $out[6], GetMonthFromString($out[2]), $out[1], $out[3]); $eventtime[EVTIME_TIMEZONE] = $out[7] . $out[8]; // Get Offset from MSG $eventtime[EVTIME_MICROSECONDS] = 0; } else { if (preg_match("/([0-9]{4,4})-([0-9]{1,2})-([0-9]{1,2})/", $szTimStr, $out)) { // RFC 3164 typical timestamp $eventtime[EVTIME_TIMESTAMP] = mktime(0, 0, 0, $out[2], $out[3], $out[1]); $eventtime[EVTIME_TIMEZONE] = date('O'); // Get default Offset $eventtime[EVTIME_MICROSECONDS] = 0; } else { $eventtime[EVTIME_TIMESTAMP] = 0; $eventtime[EVTIME_TIMEZONE] = date('O'); // Get default Offset $eventtime[EVTIME_MICROSECONDS] = 0; // Print Error! OutputDebugMessage("GetEventTime got an unparsable time '" . $szTimStr . "', returning 0", DEBUG_WARN); } } } } } } } } // return result! return $eventtime; }
/** * ParseLine * * @param arrArguments array in&out: properties of interest. There can be no guarantee the logstream can actually deliver them. * @return integer Error stat */ public function ParseLine($szLine, &$arrArguments) { // Set IUT Property first! $arrArguments[SYSLOG_MESSAGETYPE] = IUT_Syslog; // Sample: <22>1 2011-03-03T15:27:06+01:00 debian507x64 postfix 2454 - - daemon started -- version 2.5.5, configuration /etc/postfix // Sample: <46>1 2011-03-03T15:27:05+01:00 debian507x64 rsyslogd - - - [origin software="rsyslogd" swVersion="4.6.4" x-pid="2344" x-info="http://www.rsyslog.com"] (re)start // Sample (RSyslog): 2008-03-28T11:07:40+01:00 localhost rger: test 1 if (preg_match("/<([0-9]{1,3})>([0-9]) ([0-9]{4,4}-[0-9]{1,2}-[0-9]{1,2}T[0-9]{1,2}:[0-9]{1,2}:[0-9]{1,2}.[0-9]{1,2}:[0-9]{1,2}) (.*?) (.*?) (.*?) (.*?) (.*?) (.*?)\$/", $szLine, $out)) { // Copy parsed properties! $arrArguments[SYSLOG_FACILITY] = $out[1] >> 3; $arrArguments[SYSLOG_SEVERITY] = $out[1] & 0x7; $arrArguments[SYSLOG_DATE] = GetEventTime($out[3]); $arrArguments[SYSLOG_HOST] = $out[4]; $arrArguments[SYSLOG_SYSLOGTAG] = $out[5]; $arrArguments[SYSLOG_PROCESSID] = $out[6]; $arrArguments[SYSLOG_MESSAGE] = $out[9]; } else { if (preg_match("/<([0-9]{1,3})>([0-9]) ([0-9]{4,4}-[0-9]{1,2}-[0-9]{1,2}T[0-9]{1,2}:[0-9]{1,2}:[0-9]{1,2}\\.[0-9]{1,6}.[0-9]{1,2}:[0-9]{1,2}) (.*?) (.*?) (.*?) (.*?) (.*?) (.*?)\$/", $szLine, $out)) { // Copy parsed properties! $arrArguments[SYSLOG_FACILITY] = $out[1] >> 3; $arrArguments[SYSLOG_SEVERITY] = $out[1] & 0x7; $arrArguments[SYSLOG_DATE] = GetEventTime($out[3]); $arrArguments[SYSLOG_HOST] = $out[4]; $arrArguments[SYSLOG_SYSLOGTAG] = $out[5]; $arrArguments[SYSLOG_PROCESSID] = $out[6]; $arrArguments[SYSLOG_MESSAGE] = $out[9]; } else { if (isset($arrArguments[SYSLOG_MESSAGE]) && strlen($arrArguments[SYSLOG_MESSAGE]) > 0) { OutputDebugMessage("Unparseable syslog msg - '" . $arrArguments[SYSLOG_MESSAGE] . "'", DEBUG_ERROR); } } } // If SyslogTag is set, we check for MessageType! if (isset($arrArguments[SYSLOG_SYSLOGTAG])) { if (strpos($arrArguments[SYSLOG_SYSLOGTAG], "EvntSLog") !== false) { $arrArguments[SYSLOG_MESSAGETYPE] = IUT_NT_EventReport; } } // Return success! return SUCCESS; }
private function PrintDebugError($szErrorMsg) { global $extraErrorDescription; $errdesc = mysql_error(); $errno = mysql_errno(); $errormsg = "{$szErrorMsg} <br>"; $errormsg .= "Detail error: {$errdesc} <br>"; $errormsg .= "Error Code: {$errno} <br>"; // Add to additional error output $extraErrorDescription = $errormsg; //Output! OutputDebugMessage("LogStreamDB|PrintDebugError: {$errormsg}", DEBUG_ERROR); }
private function PrintDebugError($szErrorMsg) { global $extraErrorDescription; $errormsg = "{$szErrorMsg} <br>"; // Add to additional error output $extraErrorDescription = $errormsg; //Output! OutputDebugMessage("LogStreamMongoDB|PrintDebugError: {$errormsg}", DEBUG_ERROR); }
public function SetMsgParserList($szParsers) { global $gl_root_path; // Check if we have at least something to check if ($szParsers == null || strlen($szParsers) <= 0) { return; } // Set list of Parsers! if (strpos($szParsers, ",")) { $aParsers = explode(",", $szParsers); } else { $aParsers[0] = $szParsers; } // Loop through parsers foreach ($aParsers as $szParser) { // Remove whitespaces $szParser = trim($szParser); // Check if parser file include exists $szIncludeFile = $gl_root_path . 'classes/msgparsers/msgparser.' . $szParser . '.class.php'; if (file_exists($szIncludeFile)) { // Try to include if (@(include_once $szIncludeFile)) { $this->_msgParserList[] = $szParser; } else { OutputDebugMessage("Error, MsgParser '" . $szParser . "' could not be included. ", DEBUG_ERROR); } } } // print_r ( $this->_msgParserList ); }
/** * Helper function to consolidate syslogmessages */ private function ConsolidateSyslogmessagesPerHost($arrHosts) { global $content, $gl_starttime, $fields; // Now open the stream for data processing $res = $this->_streamObj->Open($this->_arrProperties, true); if ($res == SUCCESS) { // --- New Method to consolidate data! // TimeStats $nowtime = microtime_float(); $content["report_rendertime"] .= number_format($nowtime - $gl_starttime, 2, '.', '') . "s "; // Update all Checksums first! $this->_streamObj->UpdateAllMessageChecksum(); // TimeStats $nowtime = microtime_float(); $content["report_rendertime"] .= number_format($nowtime - $gl_starttime, 2, '.', '') . "s "; foreach ($arrHosts as $myHost) { // Set custom filters $this->_streamObj->ResetFilters(); $this->_streamObj->SetFilter($this->_filterString . " " . $fields[SYSLOG_MESSAGETYPE]['SearchField'] . ":=" . IUT_Syslog); $this->_streamObj->RemoveFilters(SYSLOG_HOST); $this->_streamObj->AppendFilter($fields[SYSLOG_HOST]['SearchField'] . ":=" . $myHost); // Set Host Item Basics if not set yet $content["report_consdata"][$myHost][SYSLOG_HOST] = $myHost; // Get Data for single host $content["report_consdata"][$myHost]['cons_msgs'] = $this->_streamObj->ConsolidateDataByField(MISC_CHECKSUM, $this->_maxMsgsPerHost, MISC_CHECKSUM, SORTING_ORDER_DESC, null, true, true); // Only process results if valid! if (is_array($content["report_consdata"][$myHost]['cons_msgs'])) { foreach ($content["report_consdata"][$myHost]['cons_msgs'] as &$myConsData) { // Set Basic data entries if (!isset($content['filter_facility_list'][$myConsData[SYSLOG_FACILITY]])) { $myConsData[SYSLOG_FACILITY] = SYSLOG_LOCAL0; } // Set default in this case if (!isset($content['filter_severity_list'][$myConsData[SYSLOG_SEVERITY]])) { $myConsData[SYSLOG_SEVERITY] = SYSLOG_NOTICE; } // Set default in this case } } else { // Write to debuglog OutputDebugMessage("Failed consolidating data for '" . $myHost . "' with error " . $content["report_consdata"][$myHost]['cons_msgs'], DEBUG_ERROR); // Set to empty array $content["report_consdata"][$myHost]['cons_msgs'] = array(); } } // TimeStats $nowtime = microtime_float(); $content["report_rendertime"] .= number_format($nowtime - $gl_starttime, 2, '.', '') . "s "; // --- // --- Start Postprocessing foreach ($content["report_consdata"] as &$tmpConsolidatedComputer) { // First use callback function to sort array uasort($tmpConsolidatedComputer['cons_msgs'], "MultiSortArrayByItemCountDesc"); // Remove entries according to _maxMsgsPerHost if (count($tmpConsolidatedComputer['cons_msgs']) > $this->_maxMsgsPerHost) { $iDropCount = 0; do { array_pop($tmpConsolidatedComputer['cons_msgs']); $iDropCount++; } while (count($tmpConsolidatedComputer['cons_msgs']) > $this->_maxMsgsPerHost); // Append a dummy entry which shows count of all other events if ($iDropCount > 0) { $lastEntry[SYSLOG_SEVERITY] = SYSLOG_NOTICE; $lastEntry[SYSLOG_FACILITY] = SYSLOG_LOCAL0; $lastEntry[SYSLOG_SYSLOGTAG] = $content['LN_GEN_ALL_OTHER_EVENTS']; $lastEntry[SYSLOG_MESSAGE] = $content['LN_GEN_ALL_OTHER_EVENTS']; $lastEntry['itemcount'] = $iDropCount; $lastEntry['firstoccurrence_date'] = "-"; $lastEntry['lastoccurrence_date'] = "-"; $tmpConsolidatedComputer['cons_msgs'][] = $lastEntry; } } // TimeStats $nowtime = microtime_float(); $content["report_rendertime"] .= number_format($nowtime - $gl_starttime, 2, '.', '') . "s "; // PostProcess Events! foreach ($tmpConsolidatedComputer["cons_msgs"] as &$tmpMyEvent) { $tmpMyEvent['FirstOccurrence_Date_Formatted'] = GetFormatedDate($tmpMyEvent['firstoccurrence_date']); $tmpMyEvent['LastOccurrence_Date_Formatted'] = GetFormatedDate($tmpMyEvent['lastoccurrence_date']); $tmpMyEvent['syslogseverity_text'] = $this->GetSeverityDisplayName($tmpMyEvent['syslogseverity']); //$content['filter_severity_list'][ $tmpMyEvent['syslogseverity'] ]["DisplayName"]; $tmpMyEvent['syslogfacility_text'] = $this->GetFacilityDisplayName($tmpMyEvent['syslogfacility']); //$content['filter_facility_list'][ $tmpMyEvent['syslogfacility'] ]["DisplayName"]; $tmpMyEvent['syslogseverity_bgcolor'] = $this->GetSeverityBGColor($tmpMyEvent['syslogseverity']); $tmpMyEvent['syslogfacility_bgcolor'] = $this->GetSeverityBGColor($tmpMyEvent['syslogfacility']); $tmpMyEvent['htmlmsg'] = htmlspecialchars($tmpMyEvent[SYSLOG_MESSAGE]); } } // --- } // Work done! return SUCCESS; }
function GetTimeStampFromTimeString($szTimeString) { //Sample: 2008-4-1T00:00:00 if (preg_match("/([0-9]{4,4})-([0-9]{1,2})-([0-9]{1,2})T([0-9]{1,2}):([0-9]{1,2}):([0-9]{1,2})\$/", $szTimeString, $out)) { // return new timestamp return mktime($out[4], $out[5], $out[6], $out[2], $out[3], $out[1]); } else { if (preg_match("/([0-9]{4,4})-([0-9]{1,2})-([0-9]{1,2})\$/", $szTimeString, $out)) { // return new timestamp return mktime(0, 0, 0, $out[2], $out[3], $out[1]); } else { OutputDebugMessage("Unparseable Time in GetTimeStampFromTimeString - '" . $szTimeString . "'", DEBUG_WARN); return $szTimeString; } } }
public function SetSourceID($newSourceID) { global $content; // check if valid! if (isset($content['Sources'][$newSourceID])) { $this->_mySourceID = $newSourceID; } else { OutputDebugMessage("SetSourceID failed, ID '" . $newSourceID . "' is not a valid Logstream Source", DEBUG_ERROR); return; } }