📄 fixlogfilesthread1.cpp
字号:
fixform->AddInfoItem(rbufinfo,fbuf);
}
else if(fixformmuster!=NULL)
fixformmuster->AddInfoItem(rbufinfo,fbuf,pinfobuf->buftype,fixselecttype,pinfobuf->hostname);
}
if((rbufinfo->img!=-1) || !allbz)
{
rbufinfo++;
firstbz=false;
}
DWORD x=rcn/128;
if(rcn==x*128)
{
AnsiString s="正在分析"+pinfobuf->sourcefile+"..."+IntToStr(rcn);
pshowstatus(s);
}
buf=buf1;
buf1="";
}
}
rBytes=msgstream->Read(&rdbf, 131072);
}
/*
char bf;
msgstream->Seek(0,soFromBeginning);
int rBytes=msgstream->Read(&bf, sizeof(bf));
AnsiString buf="";
AnsiString buf1="";
bool fdbz=false;
CLOGS_FIX_BUF* rbuf=NULL;
CLOGS_FIX_BUF_INFO* rbufinfo=NULL;
bool filecheck=false;
DWORD hrecordcn=0;
while((rBytes==sizeof(bf)) && !exits)
{
if(!filecheck)
{
if(bf==char(0x00))
filecheck=true;
}
buf+=bf;
if(bf==char(0x0a))
{
if(buf.SubString(1,8)=="#Fields:")
{
int lt=Getlogfiletype(pinfobuf->sourcefile,buf,fbuf);
mbuf->logstype=lt;
fdbz=true;
buf="";
rBytes=msgstream->Read(&bf, sizeof(bf));
continue;
}
else if(buf.SubString(1,1)=="#")
{
buf="";
rBytes=msgstream->Read(&bf, sizeof(bf));
continue;
}
else if(!fdbz)
{
int lt=Getlogfiletype(pinfobuf->sourcefile,buf,fbuf);
mbuf->logstype=lt;
fdbz=true;
}
if(fbuf->fieldstr.SubString(1,1)!="%")
{
rBytes=msgstream->Read(&bf, sizeof(bf));
AnsiString tmps=bf;
if((tmps!=fbuf->fieldstr.SubString(1,1)) && (rBytes==sizeof(bf)))
continue;
buf1=bf;
}
div_t xm=div(rcn,2000);
if(xm.rem==0)
{
CLOGS_FIX_BUF* tmpbuf=new CLOGS_FIX_BUF;
memset(tmpbuf,0,sizeof(CLOGS_FIX_BUF));
if(rbuf==NULL)
{
rbuf=tmpbuf;
mbuf->logsinfo=rbuf;
}
else
{
rbuf->next=tmpbuf;
rbuf=tmpbuf;
}
if(fixform!=NULL)
fixform->allpage++;
rbufinfo=new CLOGS_FIX_BUF_INFO[2000];
memset(rbufinfo,0,sizeof(CLOGS_FIX_BUF_INFO)*2000);
tmpbuf->bufinfo=rbufinfo;
//if(fixform!=NULL)
// fixform->allpage++;;
}
rcn++;
rbuf->recordcn=rcn;
rbufinfo->sourceinfo=buf;
rbufinfo->img=-1;
AnsiString cks="";
AnsiString last=lasttime;
lasttime="";
AnsiString dts1=CanRunDate;
if(!IRSReg)
{
bool css=false;
if((dts1.SubString(2,1)!="0") || (dts1.SubString(4,1)!="5") || (dts1.SubString(1,1)!="2") || (dts1.SubString(3,1)!="0"))
css=true;
else if(last>CanRunDate)
{
try
{
TDateTime tm=StrToDate(last.SubString(1,10));
css=true;
}
catch(...)
{
}
}
if(css)
{
AnsiString s=" 本系统为测试版本.";
s+=char(13);
s+="已超过测试期,请使用正式软件!";
MessageBox(NULL,s.c_str(),"警告",MB_OK);
//ShowMessage(s);
//Application->Terminate();
break;
}
}
if(mbuf->logstype==1) //IIS
cks=getiisdata(fbuf,rbufinfo,buf,pinfobuf->buftype,pinfobuf->stantime);
else if(mbuf->logstype==2) //NSCA
cks=getnscadata(fbuf,rbufinfo,buf,pinfobuf->buftype,pinfobuf->stantime);
else if(mbuf->logstype==3) //w3c
cks=getw3cdata(fbuf,rbufinfo,buf,pinfobuf->buftype,pinfobuf->stantime);
else if(mbuf->logstype==4) //Apacheerr
cks=getapacheerdata(fbuf,rbufinfo,buf,pinfobuf->buftype,pinfobuf->stantime);
else if(mbuf->logstype==9) //self
cks=getselfdata(fbuf,rbufinfo,buf,pinfobuf->buftype,pinfobuf->stantime);
else
{
rbufinfo->field[0]=buf;
}
AnsiString std="";
try
{
if(!lasttime.IsEmpty())
{
if((lasttime.SubString(1,4)>"0000") && (lasttime.SubString(1,4)<"2099"))
{
TDateTime ddd=StrToDateTime(lasttime)+pinfobuf->stantime;
std=ddd.FormatString("yyyy-mm-dd hh:nn:ss");
}
}
}
catch(...)
{
}
if(lasttime.IsEmpty())
lasttime=last;
rbufinfo->standardtime=std;
rbufinfo->mlines=rcn;
if(!cks.IsEmpty())
Checkfilesafety(rbufinfo,cks,pinfobuf->buftype);
if((rbufinfo->img==-1) && ((pinfobuf->buftype==11) || (pinfobuf->buftype==12) || (pinfobuf->buftype==18)))
{
buf=buf.LowerCase();
if(buf.Pos("remote")>0)
{
rbufinfo->img=1;
rbufinfo->modename="邮件转发";
rbufinfo->modetype="严重危害";
}
}
AnsiString fs1="";
AnsiString fs2="";
for(int fd1=0;fd1<30;fd1++)
{
if(fbuf->fieldname[fd1].IsEmpty())
break;
else if(fbuf->fieldname[fd1]=="cs-userflag")
fs1=rbufinfo->field[fd1];
else if(fbuf->fieldname[fd1]=="sc-status")
fs2=rbufinfo->field[fd1];
}
if(rbufinfo->img==-1)
{
if(fs1.Pos("401")>0)
{
rbufinfo->img=1;
rbufinfo->modename="伪装";
rbufinfo->modetype="严重危害";
}
}
if(rbufinfo->img==1)
{
AnsiString fs0=fs2.SubString(1,1);
if((fs0=="2") || (fs0=="3"))
rbufinfo->img=0;
}
rbufinfo->mlines=rcn;
if(rbufinfo->img!=-1)
{
rbuf->hrecordcn++;
hrecordcn++;
if(fixform!=NULL)
{
fixform->allhpage=(hrecordcn+1999)/2000;
fixform->AddInfoItem(rbufinfo,fbuf);
}
else if(fixformmuster!=NULL)
fixformmuster->AddInfoItem(rbufinfo,fbuf,pinfobuf->buftype,fixselecttype,pinfobuf->hostname);
//else if(fixformrelacing!=NULL)
// fixformrelacing->AddInfoItem(rbufinfo,fbuf,pinfobuf->buftype,-fixselecttype,pinfobuf->hostname);
}
rbufinfo++;
DWORD x=rcn/20;
if(rcn==x*20)
{
AnsiString s="正在分析"+pinfobuf->sourcefile+"..."+IntToStr(rcn);
pshowstatus(s);
}
buf=buf1;
buf1="";
}
rBytes=msgstream->Read(&bf, sizeof(bf));
}
*/
pinfobuf->recordcn=rcn;
if(filecheck)
pinfobuf->filecheck="日志文件被破坏";
else
{
try
{
FILETIME fnx;
FileTimeToLocalFileTime(&pinfobuf->writetime,&fnx);
_SYSTEMTIME dnw;
FileTimeToSystemTime(&fnx,&dnw);
TDateTime dnd=SystemTimeToDateTime(dnw);
TDateTime dnd1=StrToDateTime(lasttime);
DOUBLE dnd2=dnd-dnd1;
if(dnd2>0.05)
pinfobuf->filecheck="日志文件被修改";
}
catch(...)
{
}
}
if(openbz)
msgstream->Free();
if(usermodebuf!=NULL)
FreeModebuf((TFIX_DEFMODE_INFO*)usermodebuf);
pshowstatus(pinfobuf->sourcefile+"分析完成.");
if(fixform!=NULL)
SendMessage(fixform->Handle,FIX_INFO_END,0,0);
else if(fixformmuster!=NULL)
SendMessage(fixformmuster->Handle,FIX_INFO_END,fixselecttype,0);
else if(fixformrelacing!=NULL)
SendMessage(fixformrelacing->Handle,FIX_INFO_END,-fixselecttype,0);
}
//---------------------------------------------------------------------------
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -