Skip to content
This repository has been archived by the owner on Dec 29, 2020. It is now read-only.

Commit

Permalink
Merge pull request #6 from ahoying/EfficientIgnoreFields
Browse files Browse the repository at this point in the history 
Improve efficiency for fields ignoring
  • Loading branch information
@adepasquale
adepasquale committed Dec 8, 2015
2 parents e8423b7 + 6fe8dcf commit 2e9fff0
Show file tree
Hide file tree
Showing 3 changed files with 48 additions and 1 deletion.
39 changes: 38 additions & 1 deletion fw1-loggrabber.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -347,6 +347,11 @@ main (int argc, char *argv[])
while (field != NULL)
{
ignore_fields_count++;
if (ignore_fields_count >= NUMBER_FIELDS)
{
break;
}

ignore_fields_array =
(char **) realloc (ignore_fields_array, ignore_fields_count * sizeof (char *));
if (ignore_fields_array == NULL)
Expand Down Expand Up @@ -969,7 +974,7 @@ read_fw1_logfile_record (OpsecSession * pSession, lea_record * pRec,
*/
for (x = 0; x < ignore_fields_count; x++)
{
if (string_icmp(ignore_fields_array[x], szAttrib)==0)
if (ignore_attr_id_array[x] == pRec->fields[i].lea_attr_id)
{
ignore = TRUE;
break;
Expand Down Expand Up @@ -1137,6 +1142,9 @@ int
read_fw1_logfile_dict (OpsecSession * psession, int dict_id, LEA_VT val_type,
int n_d_entries)
{
lea_value_t d_value;
int x;

if (cfgvalues.debug_mode >= 2)
{
fprintf (stderr, "DEBUG: function read_fw1_logfile_dict\n");
Expand All @@ -1146,6 +1154,35 @@ read_fw1_logfile_dict (OpsecSession * psession, int dict_id, LEA_VT val_type,
{
fprintf (stderr, "DEBUG: LEA logfile dict handler was invoked\n");
}

if (ignore_fields_count && dict_id == LEA_ATTRIB_ID)
{
for (x = 0; x < ignore_fields_count; x++)
{
if (cfgvalues.debug_mode)
{
fprintf (stderr, "DEBUG: Checking attribute id for %s\n", ignore_fields_array[x]);
}
if ((lea_reverse_dictionary_lookup(psession, LEA_ATTRIB_ID, ignore_fields_array[x],
&d_value)) != LEA_NOT_FOUND)
{
if (cfgvalues.debug_mode)
{
fprintf (stderr, "DEBUG: Got attribute id %i\n", d_value.i_value);
}
ignore_attr_id_array[x] = d_value.i_value;
}
else
{
if (cfgvalues.debug_mode)
{
fprintf (stderr, "DEBUG: No attribute id found\n");
}
ignore_attr_id_array[x] = -1;
}
}
}

return OPSEC_SESSION_OK;
}

Expand Down
9 changes: 9 additions & 0 deletions fw1-loggrabber.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,15 @@ RESOLVE_MODE="no"
# RECORD_SEPARATOR=<char>
RECORD_SEPARATOR="|"

# DATEFORMAT=<cp|unix|std>
# cp = " 3Feb2004 14:15:16"
# unix = "1051655431"
# std = "2004-02-03 14:15:16"
DATEFORMAT="std"

# IGNORE_FIELDS=<field1;field2;...>
#IGNORE_FIELDS="uuid;__policy_id_tag"

# LOGGING_CONFIGURATION=<screen|file|syslog>
LOGGING_CONFIGURATION=screen

Expand Down
1 change: 1 addition & 0 deletions fw1-loggrabber.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -332,6 +332,7 @@ int create_tables = FALSE;
char *ignore_fields = NULL;
int ignore_fields_count = 0;
char **ignore_fields_array = NULL;
int ignore_attr_id_array[NUMBER_FIELDS] = { 0 };

OpsecSession* pSession = NULL;
OpsecEnv* pEnv = NULL;
Expand Down

0 comments on commit 2e9fff0

Please sign in to comment.