📄 fixlogfilesthread1.cpp
字号:
ReadModeIno(s1,&defmodeinfo,true);
}
if((pinfobuf->buftype==10) || (pinfobuf->buftype==18))
{
s1="FTP日志";
ReadModeIno(s1,&usermode,false);
if(defmodeinfo.deflogftp==NULL)
ReadModeIno(s1,&defmodeinfo,true);
}
if((pinfobuf->buftype==11) || (pinfobuf->buftype==18))
{
s1="SMTP日志";
ReadModeIno(s1,&usermode,false);
if(defmodeinfo.deflogsmtp==NULL)
ReadModeIno(s1,&defmodeinfo,true);
}
if((pinfobuf->buftype==12) || (pinfobuf->buftype==18))
{
s1="POP3日志";
ReadModeIno(s1,&usermode,false);
if(defmodeinfo.deflogpop3==NULL)
ReadModeIno(s1,&defmodeinfo,true);
}
if((pinfobuf->buftype==13) || (pinfobuf->buftype==18))
{
s1="PROXY日志";
ReadModeIno(s1,&usermode,false);
if(defmodeinfo.deflogproxy==NULL)
ReadModeIno(s1,&defmodeinfo,true);
}
if((pinfobuf->buftype==14) || (pinfobuf->buftype==18))
{
s1="TELNET日志";
ReadModeIno(s1,&usermode,false);
if(defmodeinfo.deflogtelnet==NULL)
ReadModeIno(s1,&defmodeinfo,true);
}
if((pinfobuf->buftype==15) || (pinfobuf->buftype==18))
{
s1="DNS日志";
ReadModeIno(s1,&usermode,false);
if(defmodeinfo.deflogdns==NULL)
ReadModeIno(s1,&defmodeinfo,true);
}
if((pinfobuf->buftype==16) || (pinfobuf->buftype==18))
{
s1="数据库日志";
ReadModeIno(s1,&usermode,false);
if(defmodeinfo.deflogdbms==NULL)
ReadModeIno(s1,&defmodeinfo,true);
}
if((pinfobuf->buftype==17) || (pinfobuf->buftype==18))
{
s1="应用程序日志";
ReadModeIno(s1,&usermode,false);
if(defmodeinfo.deflogprogram==NULL)
ReadModeIno(s1,&defmodeinfo,true);
}
CLOGS_FIX_INFO* mbuf=new CLOGS_FIX_INFO;
memset(mbuf,0,sizeof(CLOGS_FIX_INFO));
pinfobuf->recordsize=msgstream->Size;
pinfobuf->infobuf=mbuf;
CFIELD_DEFINE* fbuf=new CFIELD_DEFINE;
memset(fbuf,0,sizeof(CFIELD_DEFINE));
mbuf->fielddefine=fbuf;
DWORD rcn=0;
//
bool allbz=false;
if(msgstream->Size>671088640)
allbz=true;
char rdbf[131080];
msgstream->Seek(0,soFromBeginning);
DWORD rBytes=msgstream->Read(&rdbf, 131072);
AnsiString buf="";
AnsiString buf1="";
bool fdbz=false;
CLOGS_FIX_BUF* rbuf=NULL;
CLOGS_FIX_BUF_INFO* rbufinfo=NULL;
bool filecheck=false;
DWORD hrecordcn=0;
DWORD allhkcn=0;
bool firstbz=false;
while((rBytes>0) && !exits)
{
if(fixformrelacing!=NULL)
exits=fixformrelacing->mexits;
else if(fixformmuster!=NULL)
exits=fixformmuster->mexits;
for(DWORD kk=0;kk<rBytes;kk++)
{
if(fixformrelacing!=NULL)
exits=fixformrelacing->mexits;
else if(fixformmuster!=NULL)
exits=fixformmuster->mexits;
if(exits)
break;
if(!filecheck)
{
if(rdbf[kk]==char(0x00))
filecheck=true;
}
buf+=rdbf[kk];
if(rdbf[kk]==char(0x0a))
{
if(buf.SubString(1,8)=="#Fields:")
{
int lt=Getlogfiletype(pinfobuf->sourcefile,buf,fbuf);
mbuf->logstype=lt;
fdbz=true;
buf="";
continue;
}
else if(buf.SubString(1,1)=="#")
{
buf="";
continue;
}
else if(!fdbz)
{
int lt=Getlogfiletype(pinfobuf->sourcefile,buf,fbuf);
mbuf->logstype=lt;
fdbz=true;
}
div_t xm;
if(!allbz)
xm=div(rcn,2000);
else
xm=div(allhkcn,2000);
if((xm.rem==0) && !firstbz)
{
CLOGS_FIX_BUF* tmpbuf=new CLOGS_FIX_BUF;
memset(tmpbuf,0,sizeof(CLOGS_FIX_BUF));
if(rbuf==NULL)
{
rbuf=tmpbuf;
mbuf->logsinfo=rbuf;
}
else
{
rbuf->next=tmpbuf;
rbuf=tmpbuf;
}
if(fixform!=NULL)
fixform->allpage++;
rbufinfo=new CLOGS_FIX_BUF_INFO[2000];
memset(rbufinfo,0,sizeof(CLOGS_FIX_BUF_INFO)*2000);
tmpbuf->bufinfo=rbufinfo;
firstbz=true;
}
rcn++;
if(!allbz)
rbuf->recordcn=rcn;
rbufinfo->sourceinfo=buf;
rbufinfo->img=-1;
AnsiString cks="";
AnsiString last=lasttime;
lasttime="";
AnsiString dts1=CanRunDate;
if(!IRSReg)
{
bool css=false;
//if((dts1.SubString(2,1)!="0") || (dts1.SubString(4,1)!="5") || (dts1.SubString(1,1)!="2") || (dts1.SubString(3,1)!="0"))
// css=true;
//else
if(last>CanRunDate)
{
try
{
TDateTime tm=StrToDate(last.SubString(1,10));
css=true;
}
catch(...)
{
}
}
if(css)
{
AnsiString s=" 本系统为测试版本.";
s+=char(13);
s+="已超过测试期,请使用正式软件!";
MessageBox(NULL,s.c_str(),"警告",MB_OK);
exits=true;
break;
}
}
if(mbuf->logstype==1) //IIS
cks=getiisdata(fbuf,rbufinfo,buf,pinfobuf->buftype,pinfobuf->stantime);
else if(mbuf->logstype==2) //NSCA
cks=getnscadata(fbuf,rbufinfo,buf,pinfobuf->buftype,pinfobuf->stantime);
else if(mbuf->logstype==3) //w3c
cks=getw3cdata(fbuf,rbufinfo,buf,pinfobuf->buftype,pinfobuf->stantime);
else if(mbuf->logstype==4) //Apacheerr
cks=getapacheerdata(fbuf,rbufinfo,buf,pinfobuf->buftype,pinfobuf->stantime);
else if(mbuf->logstype==9) //self
cks=getselfdata(fbuf,rbufinfo,buf,pinfobuf->buftype,pinfobuf->stantime);
else
{
rbufinfo->field[0]=buf;
}
AnsiString std="";
try
{
if(!lasttime.IsEmpty())
{
if((lasttime.SubString(1,4)>"0000") && (lasttime.SubString(1,4)<"2099"))
{
TDateTime ddd=StrToDateTime(lasttime)+pinfobuf->stantime;
std=ddd.FormatString("yyyy-mm-dd hh:nn:ss");
}
}
}
catch(...)
{
}
if(lasttime.IsEmpty())
lasttime=last;
rbufinfo->standardtime=std;
rbufinfo->mlines=rcn;
if(!cks.IsEmpty())
Checkfilesafety(rbufinfo,cks,pinfobuf->buftype);
if((rbufinfo->img==-1) && ((pinfobuf->buftype==11) || (pinfobuf->buftype==12) || (pinfobuf->buftype==18)))
{
buf=buf.LowerCase();
if(buf.Pos(" remote")>0)
{
rbufinfo->img=1;
rbufinfo->modename="邮件转发";
rbufinfo->modetype="严重危害";
}
}
AnsiString fs1="";
AnsiString fs2="";
for(int fd1=0;fd1<30;fd1++)
{
if(fbuf->fieldname[fd1].IsEmpty())
break;
else if(fbuf->fieldname[fd1]=="cs-userflag")
fs1=rbufinfo->field[fd1];
else if(fbuf->fieldname[fd1]=="sc-status")
fs2=rbufinfo->field[fd1];
}
if(rbufinfo->img==-1)
{
if(fs1.Pos("401")>0)
{
rbufinfo->img=1;
rbufinfo->modename="伪装";
rbufinfo->modetype="严重危害";
}
}
if(rbufinfo->img==1)
{
AnsiString fs0=fs2.SubString(1,1);
if((fs0=="2") || (fs0=="3"))
rbufinfo->img=0;
}
rbufinfo->mlines=rcn;
if(rbufinfo->img!=-1)
{
rbuf->hrecordcn++;
hrecordcn++;
//
allhkcn++;
if(allbz)
rbuf->recordcn=allhkcn;
//
if(fixform!=NULL)
{
fixform->allhpage=(hrecordcn+1999)/2000;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -