Skip to content
This repository has been archived by the owner on Dec 29, 2020. It is now read-only.

Commit

Permalink
Online mode starts reading logs from the end of file and collect new …
Browse files Browse the repository at this point in the history 
…logs until the process is stopped.

Offline mode starts reading logs from the start to the end of file and stops.

The new online-resume mode resumes from where it was stopped.
When a log is "submitted" (recorded to file, displayed to screen or send to syslog),
 a cursor file with the next position is updated.
The cursor file is named <firewall_log_file>.cursor.

Mode should be specified in configuration file (not ONLINE_MODE anymore) :
MODE=OFFLINE
MODE=ONLINE
MODE=ONLINE-RESUME

Or in command-line:
--offline
--online
--online-resume
  • Loading branch information
Gabriel MACHADO committed Oct 31, 2017
1 parent adfca03 commit e843a0f
Show file tree
Hide file tree
Showing 5 changed files with 166 additions and 29 deletions.
2 changes: 1 addition & 1 deletion Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ CC = $(GCC_PREFIX)/bin/$(CC_CMD)
LD = $(GCC_PREFIX)/bin/$(LD_CMD)

EXE_NAME = fw1-loggrabber
OBJ_FILES = thread.o queue.o fw1-loggrabber.o
OBJ_FILES = thread.o queue.o fw1-cursor.o fw1-loggrabber.o

CFLAGS += -m32 -g -Wall -fpic -DLINUX -DUNIXOS=1 -DDEBUG
SYSTEM_LIBS = -lpthread -lresolv -ldl -lnsl -lelf -lstdc++ -lz
Expand Down
79 changes: 79 additions & 0 deletions fw1-cursor.c
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,79 @@
#include "fw1-cursor.h"

int read_fw1_cursorfile (const char *LogfileName) {
FILE *fd;
char line[POSITION_MAX_SIZE];

char *current_cursor = get_fw1_cursorname (LogfileName);
fd = fopen (current_cursor,"r");

if (fd == NULL)
{
fprintf (stderr, "Error while opening the file %s in read mode.\n", current_cursor);
fprintf (stderr, "Maybe, it doesn't exist yet.\n");
free(current_cursor);
return 0;
}
free(current_cursor);

fgets (line, POSITION_MAX_SIZE, fd);
fclose (fd);

return atoi (line);
}

void write_fw1_cursorfile (const char *LogfileName, const char *message, const char separator) {
FILE *fd;

char *current_cursor = get_fw1_cursorname (LogfileName);
char position[POSITION_MAX_SIZE];
int i, j = 0;

fd = fopen (current_cursor,"r+");

if (fd == NULL)
{
fprintf (stderr, "Error while opening the file %s in r+ mode.\n", current_cursor);
fprintf (stderr, "Maybe, it doesn't exist yet. Trying to open it in w mode.\n");

fd = fopen (current_cursor,"w");
if (fd == NULL)
{
fprintf (stderr, "Error while opening the file %s in w mode also.\n", current_cursor);
free(current_cursor);
exit (EXIT_FAILURE);
}
}
free(current_cursor);

// Extract cuurent position from message
for (i=4; i<strlen (message); i++)
{
if ((char)message[i] != separator)
{
position[j] = message[i];
j++;
}
else
{
break;
}
}

fprintf (fd, "%d", atoi (position)+1);
fclose (fd);
}

char* get_fw1_cursorname(const char *LogfileName) {
char *cursor_name =
(char *) malloc (strlen (LogfileName) + 7);
if (cursor_name == NULL)
{
fprintf (stderr, "ERROR: Out of memory\n");
exit(EXIT_FAILURE);
}
strcpy (cursor_name, LogfileName);
strcat (cursor_name, ".cursor");

return cursor_name;
}
14 changes: 14 additions & 0 deletions fw1-cursor.h
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
#ifndef FW1CURSOR_H
#define FW1CURSOR_H

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#define POSITION_MAX_SIZE 20

int read_fw1_cursorfile(const char *LogfileName); // Return next log position from cursor file
void write_fw1_cursorfile(const char *LogfileName, const char *message, const char separator); // Deduce next log position from current message
char* get_fw1_cursorname(const char *LogfileName); // Give cursor name associated with log file

#endif
84 changes: 62 additions & 22 deletions fw1-loggrabber.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -110,11 +110,15 @@ main (int argc, char *argv[])
}
else if (strcmp (argv[i], "--online") == 0)
{
online_mode = 1;
mode = ONLINE;
}
else if (strcmp (argv[i], "--no-online") == 0)
else if (strcmp (argv[i], "--online-resume") == 0)
{
online_mode = 0;
mode = ONLINE_RESUME;
}
else if (strcmp (argv[i], "--offline") == 0)
{
mode = OFFLINE;
}
else if (strcmp (argv[i], "--auditlog") == 0)
{
Expand Down Expand Up @@ -248,8 +252,8 @@ main (int argc, char *argv[])
*/
cfgvalues.debug_mode =
(debug_mode != -1) ? debug_mode : cfgvalues.debug_mode;
cfgvalues.online_mode =
(online_mode != -1) ? online_mode : cfgvalues.online_mode;
cfgvalues.mode =
(mode != -1) ? mode : cfgvalues.mode;
cfgvalues.resolve_mode =
(resolve_mode != -1) ? resolve_mode : cfgvalues.resolve_mode;
cfgvalues.fw1_2000 = (fw1_2000 != -1) ? fw1_2000 : cfgvalues.fw1_2000;
Expand Down Expand Up @@ -316,18 +320,18 @@ main (int argc, char *argv[])
}
}

if (cfgvalues.online_mode && (!(cfgvalues.audit_mode))
if (cfgvalues.mode && (!(cfgvalues.audit_mode))
&& (strcmp (cfgvalues.fw1_logfile, "fw.log") != 0))
{
fprintf (stderr,
"ERROR: -f <FILENAME> option is not available in online mode. For use with Audit-Logfile, use --auditlog\n");
"ERROR: -f <FILENAME> option is not available in online modes. For use with Audit-Logfile, use --auditlog\n");
exit_loggrabber (1);
}

if (cfgvalues.online_mode && cfgvalues.showfiles_mode)
if (cfgvalues.mode && cfgvalues.showfiles_mode)
{
fprintf (stderr,
"ERROR: --showfiles option is not available in online mode.\n");
"ERROR: --showfiles option is not available in online modes.\n");
exit_loggrabber (1);
}

Expand Down Expand Up @@ -393,26 +397,41 @@ main (int argc, char *argv[])
(cfgvalues.showfiles_mode ? "Yes" : "No"));
fprintf (stderr, "DEBUG: FW1-2000 : %s\n",
(cfgvalues.fw1_2000 ? "Yes" : "No"));
fprintf (stderr, "DEBUG: Online-Mode : %s\n",
(cfgvalues.online_mode ? "Yes" : "No"));
char* mode_str;
switch(cfgvalues.mode){
case ONLINE:
mode_str = "ONLINE";
break;
case OFFLINE:
mode_str = "OFFLINE";
break;
case ONLINE_RESUME:
mode_str = "ONLINE_RESUME";
break;
//default:
// strcpy (mode_str, (char*)cfgvalues.mode);
// mode_str = cfgvalues.mode;
}
fprintf (stderr, "DEBUG: Mode : %s\n", mode_str);

fprintf (stderr, "DEBUG: Audit-Log : %s\n",
(cfgvalues.audit_mode ? "Yes" : "No"));
}

/*
* function call to get available Logfile-Names (not available in FW1-4.1)
*/
if (!(cfgvalues.fw1_2000) && !(cfgvalues.online_mode))
if (!(cfgvalues.fw1_2000) && !(cfgvalues.mode))
{
get_fw1_logfiles ();
}

if (cfgvalues.showfiles_mode)
{
if ((cfgvalues.fw1_2000) || (cfgvalues.online_mode))
if ((cfgvalues.fw1_2000) || (cfgvalues.mode))
{
fprintf (stderr,
"ERROR: Option --showfiles is not supported for Checkpoint FW-1 2000 or in online mode.\n");
"ERROR: Option --showfiles is not supported for Checkpoint FW-1 2000 or in online modes.\n");
}
close_log ();
exit_loggrabber (0);
Expand Down Expand Up @@ -686,14 +705,21 @@ read_fw1_logfile (char **LogfileName)
/*
* create LEA-session. differs for connections to FW-1 4.1 and FW-1 NG
*/

if (cfgvalues.fw1_2000)
{
if (cfgvalues.online_mode)
if (cfgvalues.mode == ONLINE)
{
pSession =
lea_new_session (pClient, pServer, LEA_ONLINE, LEA_FILENAME,
*LogfileName, LEA_AT_END);
}
else if (cfgvalues.mode == ONLINE_RESUME)
{
pSession =
lea_new_session (pClient, pServer, LEA_ONLINE, LEA_FILENAME,
*LogfileName, LEA_AT_POS, read_fw1_cursorfile (*LogfileName));
}
else
{
pSession =
Expand All @@ -713,13 +739,20 @@ read_fw1_logfile (char **LogfileName)
/*
* create a suspended session, i.e. not log data will be sent to client
*/
if (cfgvalues.online_mode)
if (cfgvalues.mode == ONLINE)
{
pSession =
lea_new_suspended_session (pClient, pServer, LEA_ONLINE,
LEA_UNIFIED_SINGLE, *LogfileName,
LEA_AT_END);
}
else if (cfgvalues.mode == ONLINE_RESUME)
{
pSession =
lea_new_suspended_session (pClient, pServer, LEA_ONLINE,
LEA_UNIFIED_SINGLE, *LogfileName,
LEA_AT_POS, read_fw1_cursorfile (*LogfileName));
}
else
{
pSession =
Expand Down Expand Up @@ -1937,7 +1970,7 @@ usage (char *szProgName)
fprintf (stderr,
" --ignore-fields \"...\" : Specify ; separated list of field names to not output to the log\n");
fprintf (stderr,
" --online|--no-online : Enable Online mode (default: no-online)\n");
" --online|--online-resume|--no-online : Enable Online mode (default: no-online)\n");
fprintf (stderr,
" --auditlog|--normallog : Get data of audit-logfile (fw.adtlog)(default: normallog)\n");
fprintf (stderr,
Expand Down Expand Up @@ -4496,16 +4529,20 @@ read_config_file (char *filename, configvalues * cfgvalues)
{
cfgvalues->debug_mode = atoi (string_trim (configvalue, '"'));
}
else if (strcmp (configparameter, "ONLINE_MODE") == 0)
else if (strcmp (configparameter, "MODE") == 0)
{
configvalue = string_duplicate (string_trim (configvalue, '"'));
if (string_icmp (configvalue, "no") == 0)
if (string_icmp (configvalue, "OFFLINE") == 0)
{
cfgvalues->online_mode = 0;
cfgvalues->mode = OFFLINE;
}
else if (string_icmp (configvalue, "yes") == 0)
else if (string_icmp (configvalue, "ONLINE") == 0)
{
cfgvalues->mode = ONLINE;
}
else if (string_icmp (configvalue, "ONLINE-RESUME") == 0)
{
cfgvalues->online_mode = 1;
cfgvalues->mode = ONLINE_RESUME;
}
else
{
Expand Down Expand Up @@ -4932,6 +4969,7 @@ submit_syslog (char *message)
fprintf (stderr, "DEBUG: Submit message to Syslog.\n");
}
syslog (LOG_NOTICE, "%s", message);
write_fw1_cursorfile ((lea_get_logfile_desc (pSession))->filename, message, cfgvalues.record_separator); // update cursor
return;
}

Expand Down Expand Up @@ -4984,6 +5022,7 @@ submit_screen (char *message)
}
fprintf (stdout, "%s\n", message);
fflush (NULL);
write_fw1_cursorfile ((lea_get_logfile_desc (pSession))->filename, message, cfgvalues.record_separator); // update cursor
return;
}

Expand Down Expand Up @@ -5071,6 +5110,7 @@ submit_logfile (char *message)
}

fprintf (logstream, "%s\n", message);
write_fw1_cursorfile ((lea_get_logfile_desc (pSession))->filename, message, cfgvalues.record_separator); // update cursor

//Check and see if it reaches the log file limitation
fseek (logstream, 0, SEEK_CUR);
Expand Down
16 changes: 10 additions & 6 deletions fw1-loggrabber.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,11 +57,12 @@
*/
#include "queue.h"
#include "thread.h"
#include "fw1-cursor.h"

/*
* Constant definitions
*/
#define VERSION "2.1"
#define VERSION "2.2"

#define TRUE 1
#define FALSE 0
Expand All @@ -79,6 +80,10 @@
#define INITIAL_CAPACITY 1024
#define CAPACITY_INCREMENT 4096

#define OFFLINE 0
#define ONLINE 1
#define ONLINE_RESUME 2

/*
* Type definitions
*/
Expand All @@ -92,7 +97,7 @@ stringlist;
typedef struct configvalues
{
int debug_mode;
int online_mode;
int mode;
int resolve_mode;
int fw1_2000;
int audit_mode;
Expand Down Expand Up @@ -303,7 +308,7 @@ int fileExist (const char *fileName);

// Worker thread function
ThreadFuncReturnType leaRecordProcessor( void *data );

/*
* pointers to functions
*/
Expand All @@ -321,7 +326,7 @@ void (*close_log) ();
*/
int debug_mode = -1;
int show_files = -1;
int online_mode = -1;
int mode = -1;
int resolve_mode = -1;
char *LogfileName = NULL;
int fw1_2000 = -1;
Expand Down Expand Up @@ -376,7 +381,7 @@ char **field_values[NUMBER_FIELDS];

configvalues cfgvalues = {
0, // debug_mode
FALSE, // online_mode
0, // mode
TRUE, // resolve_mode
FALSE, // fw1_2000
FALSE, // audit_mode
Expand Down Expand Up @@ -419,4 +424,3 @@ int established = FALSE;

int initialCapacity = 1024;
int capacityIncrement = 4096;

0 comments on commit e843a0f

Please sign in to comment.