📄 devicelog.c
字号:
#include <stdio.h>#include <string.h>#include <stdlib.h>#include <time.h>#include <net-snmp/net-snmp-config.h>#include <net-snmp/net-snmp-includes.h> #include "devicelog.h"#include "logging.h"#include "queue.h"#define SYSLOG 1 //消息来源于SYSLOG#define TRAP 2 //消息来源于TRAP#define AGENT 3 //消息来源于AGENT#define UNIXDEVICE_LOG 4 //来源于UNIX设备的日志消息#define CISCO_LOG 5 //来源于CISCO设备的日志消息#define UNKNOWN_LOG 6 //来源于未知设备的日志消息char *month[12]={"Jua","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec"};/*UNIX设备的facility的定义*/static const char *facility_std[24]={"kernel" , "user-level", "mail" , "daemons" , "authorization" , "syslogd" , "printer", " news", "UUCP", "clock", "security", "FTP", "NTP", "log audit", "log alert", "clock daemon", "local use 0", "local use 1", "local use 2", "local use 3", "local use 4", "local use 5", "local use 6", "local use 7"};/******************************************************************************************************* 函数功能: 判断消息的日志来源 @ msg: 接收到的消息******************************************************************************************************/int logstyle(char *msg) { char mon[4],*count,*spchar1=">",*spchar2="%"; int i=0,j=0; j=strcspn(msg,spchar1); j++; if(j>strlen(msg)) return UNKNOWN_LOG; count=msg+j; strncpy(mon,count,3); mon[3]='\0'; for(i=0;i<12;i++) /*look whether the mon[3] is in the month[12] */ { if(strcmp(month[i],mon)==0) break; } if(i!=12) return UNIXDEVICE_LOG; j=strcspn(msg,spchar2); if(j>0 && j<40) return CISCO_LOG; /*find the '%' in the msg*/ return UNKNOWN_LOG; }int gethour(){ time_t ti; struct tm *tm; time(&ti); tm=localtime(&ti); return tm->tm_hour;}int getmin(){ time_t ti; struct tm *tm; time(&ti); tm=localtime(&ti); return tm->tm_min;}int getsec(){ time_t ti; struct tm *tm; time(&ti); tm=localtime(&ti); return tm->tm_sec;}int getmon(){ time_t ti; struct tm *tm; time(&ti); tm=localtime(&ti); return tm->tm_mon+1;}int getday(){ time_t ti; struct tm *tm; time(&ti); tm=localtime(&ti); return tm->tm_mday;} int getyear(){ time_t ti; struct tm *tm; time(&ti); tm=localtime(&ti); return tm->tm_year+1900; } /********************************************************************************************** 函数功能: 处理来源于UNIX设备的日志消息中的时间戳 @ msg: 消息中的时间戳,格式如: "Oct 12 22:14:13" @ timestamp: 数据库中的标准时间戳格式:"11 12 22:14:13" ***********************************************************************************************/ void processtimestamp_std(char *msg,char *timestamp,char **month){ char mon[4],day[3],time[9]; int i=0,j=0; for(i=0;i<3;i++) mon[i]=timestamp[i]; mon[3]='\0'; for(i=4;i<=5;i++) day[j++]=timestamp[i]; day[2]='\0'; j=0;i++; for(;i<strlen(timestamp);i++) time[j++]=timestamp[i]; time[8]='\0'; i=0; for(j=0;j<12;j++) { if(strcmp(month[j],mon)==0) break; } j++;/*j is the month*/ memset(mon,'\0',3); sprintf(mon,"%d",j); sprintf(timestamp,"%d-%s-%s %s",getyear(),mon,day,time); } /************************************************************************************************************************************* 函数功能:从来源于UNIX设备的消息中得到日志的优先级 @ msg: 收到的日志消息 ************************************************************************************************************************************/ int getofpri(char * msg){ char *spchar1="<", *spchar2=">",*count,temp[4]; int start=0,end=0; start=strcspn(msg,spchar1); end=strcspn(msg,spchar2); start++; count=msg+start; strncpy(temp,count,end-start); temp[end-start]='\0'; return atoi(temp);}/************************************************************************************************************************************* 函数功能: 从来源于UNIX设备的消息中获得facility, 其值为priority/8 @ msg: 接收到的日志消息 @ facility: 保存facility值 ************************************************************************************************************************************/void getoffacility_std(char *msg,char *facility){ int pri=0,fac=0; pri=getofpri(msg); fac=pri/8; sprintf(facility,"%s",facility_std[fac]); }/************************************************************************************************************************************* 函数功能: 从来源于UNIX设备的消息中获取severity, 其值为: priority/8的余数 @ msg: 接收到的日志消息 @ serverity: 保存severity值************************************************************************************************************************************/void getofserverity_std(char *msg,char *serverity){ int pri=0,ser=0,facility=0; pri=getofpri(msg); facility=pri/8; ser=pri-8*facility; sprintf(serverity,"%d",ser); serverity[1]='\0'; //free(temp);} /************************************************************************************************************************************* get the time from the message @ msg: the message style like "<34>Oct 12 14 22:12:14 mymachine su 'su root ' can not open the deveice" @ time: the point to the result like "Oct 12 14 22:12:14" ************************************************************************************************************************************/void getoftime_std(char *msg,char *time){ char *spchar=">",*count; int start=0; start=strcspn(msg,spchar); start++; count=msg+start; strncpy(time,count,15); time[15]='\0'; }/************************************************************************************************************************************* get the hostname from the message @ msg: the message style like "<34>Oct 12 14 22:12:14 mymachine su 'su root ' can not open the deveice" @hostname: the point to the result like "mymachine" ************************************************************************************************************************************/void getofhostname_std(char *msg,char *hostname){ char *spchar=":",*count; int start=0,i=0; start=strcspn(msg,spchar); start+=7;/*get the start position of the hostname*/ count=msg+start; while(*count!=' ') { hostname[i]=*count; i++; count++; } hostname[i]='\0'; }/************************************************************************************************************************************* get the content from the message @ msg: the message style like "<34>Oct 12 14 22:12:14 mymachine su 'su root ' can not open the deveice" @ content: the point to the result like "su 'su root ' can not open the deveice" ************************************************************************************************************************************/ void getofcontent_std(char *msg,char *content){ int start=0; char *count,*spchar=":"; start=strcspn(msg,spchar); start+=7; count=msg+start; while(*count!=' ') count++; strcpy(content,count);} /******************************************************************************************************************* 处理CISCO日志格式************************************************************************************************/void processtimestamp_cisco(char *msg,char *timestamp){ int mon,day; int j=0; char time[9],*count,*spchar="%"; mon=getmon(); day=getday(); j=strcspn(msg,spchar); j=j-10; count=msg+j; strncpy(time,count,8); time[8]='\0'; sprintf(timestamp,"%d-%d-%d %s",getyear(),mon,day,time); }void getfacility_cisco(char *msg, char *facility){ char *spchar1="%",*spchar2="-",*count; int i,j; i=strcspn(msg,spchar1); i++; j=strcspn(msg,spchar2); count=msg+i; strncpy(facility,count,j-i); facility[j-i]='\0'; }void getserverity_cisco(char *msg, char *serverity){ char *spchar="-",*count; int j; j=strcspn(msg,spchar); j++; count=msg+j; strncpy(serverity,count,1); serverity[1]='\0'; }void getcontent_cisco(char *msg,char *content){ char *spchar=">",*count; int j=0; j=strcspn(msg,spchar); j++; count=msg+j; strncpy(content,count,strlen(count)); content[strlen(count)]='\0';} /************************************************************************************************************************************* 函数功能: 解析日志格式,转化为标准格式 @ msg: 收到的消息 @ log: 转换的标准日志格式 ************************************************************************************************************************************/ void getmsg(char * log,struct eventinfo *msg) { if(UNIXDEVICE_LOG==logstyle(log)) //判断是否是来自于UNIX设备的日志 { log_debug("DEVICELOG","This is a UNIX device log!"); getoftime_std(log,msg->time_stamp); getoffacility_std(log,msg->facility); getofserverity_std(log,msg->serverity); getofhostname_std(log,msg->ip); getofcontent_std(log,msg->content); processtimestamp_std(log,msg->time_stamp,month); sprintf(msg->source,"%d",SYSLOG); } else if(CISCO_LOG==logstyle(log)) //判断是否为来自于CISCO设备的日志格式 { log_debug("DEVICELOG","This is a CISCO device log!"); log_info("CISCO LOG INFO", log); processtimestamp_cisco(log,msg->time_stamp); getfacility_cisco(log,msg->facility); getserverity_cisco(log,msg->serverity); getcontent_cisco(log,msg->content); printf("LOG CONTENT: %s\n", msg->content); sprintf(msg->source,"%d",SYSLOG); } else //来源未知(为了考虑到程序操作的方便性和一致性,对于未知来源的消息采取特殊的赋值处理 ) { log_debug("DEVICELOG","This is a UNKNOWN log!"); sprintf(msg->time_stamp,"%d-%d-%d %d:%d:%d",getyear(),getmon(),getday(),gethour(),getmin(),getsec()); strcpy(msg->time_stamp," "); strcpy(msg->facility,"Unknown\0"); strcpy(msg->serverity,"8\0"); strncpy(msg->content,log,strlen(log)); msg->content[strlen(log)]='\0'; sprintf(msg->source,"%d",UNKNOWN_LOG); /*UNKNOWN_LOG*/ }} void get_trap_msg(struct eventinfo *msg, netsnmp_pdu *pdu, char *addr){ char buffer[10240], temp_buffer[1024],trap_facility[20], severity; memset(trap_facility, 0, sizeof(trap_facility)); switch(pdu->trap_type) { case 0: strcpy(trap_facility, "coldstart"); severity = '0'; break; case 1: strcpy(trap_facility, "warmstart"); severity = '1'; break; case 2: strcpy(trap_facility, "linkdown"); severity = '2'; break; case 3: strcpy(trap_facility, "linkup"); severity = '3'; break; case 4: strcpy(trap_facility, "auth fail"); severity = '4'; break; case 5: strcpy(trap_facility, "egpneighbor loss"); severity = '5'; break; case 6: strcpy(trap_facility, "enterprise sepecific"); severity = '6'; break; default: strcpy(trap_facility, "Unknown"); severity = '7'; break; } log_debug("FACILITY", trap_facility); strcpy(msg->time_stamp, ""); strcpy(msg->facility,trap_facility); strcpy(msg->serverity, severity); strcpy(msg->ip, addr); strcpy(msg->source,"2"); memset(buffer, 0, sizeof(buffer)); struct variable_list *vars; for(vars = pdu->variables; vars; vars = vars->next_variable) { memset(temp_buffer, 0, sizeof(temp_buffer)); snprint_variable(temp_buffer, sizeof(temp_buffer), vars->name, vars->name_length, vars); strcat(buffer, temp_buffer); strcat(buffer, ", "); } strcpy(msg->content, buffer); log_info("get_trap_msg", buffer); } /*int main(void){ struct eventinfo info; char buffer[1024]; getmsg(logcontent,&info); printf("%s\n",info.time_stamp); printf("%s\n",info.facility); printf("%s\n",info.serverity); printf("%s\n",info.host_name); printf("%s\n",info.content); processtimestamp(logcontent,info.time_stamp,month); sprintf(buffer,"insert into EVENT_INFO1 values ('2006-%s','%s','%s','%s','%s')",info.time_stamp,info.facility, info.serverity,info.host_name,info.content); printf("%s\n",buffer); return 0;}*/ ⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -