diff --git a/fw1-loggrabber.c b/fw1-loggrabber.c index 518ddb7..2f068be 100644 --- a/fw1-loggrabber.c +++ b/fw1-loggrabber.c @@ -38,6 +38,7 @@ int main (int argc, char *argv[]) { int i; + int record_num = 0; stringlist *lstptr; char *foundstring; char *field; @@ -128,6 +129,32 @@ main (int argc, char *argv[]) { audit_log = 0; } + else if (strcmp (argv[i], "--loc") == 0) + { + i++; + if ( argv[i] == NULL || argv[i][0] == '-') + { + fprintf (stderr, "ERROR: 0 or positive value expected for argument %s\n", + argv[i - 1]); + usage (argv[0]); + exit_loggrabber (1); + } + + errno = 0; + long raw_record_num = strtol ( argv[i], NULL, 10 ); + if ( errno == ERANGE || raw_record_num < 0 || raw_record_num > INT_MAX) + { + fprintf (stderr, + "WARNING: %s expects an integer range value greater than or equal to 0\n" + " The provided value will be treated as if it were 0\n", + argv[i-1] ); + record_num = 0; + } + else + { + record_num = (int) raw_record_num; + } + } else if ((strcmp (argv[i], "-f") == 0) || (strcmp (argv[i], "--logfile") == 0)) { @@ -464,7 +491,7 @@ main (int argc, char *argv[]) fprintf (stderr, "DEBUG: Processing Logfile: %s\n", lstptr->data); } - read_fw1_logfile (&(lstptr->data)); + read_fw1_logfile (&(lstptr->data), record_num); lstptr = lstptr->next; } } @@ -486,7 +513,7 @@ main (int argc, char *argv[]) fprintf (stderr, "DEBUG: Processing Logfile: %s\n", cfgvalues.fw1_logfile); } - read_fw1_logfile (&(cfgvalues.fw1_logfile)); + read_fw1_logfile (&(cfgvalues.fw1_logfile), record_num); } while (lstptr) { @@ -495,7 +522,7 @@ main (int argc, char *argv[]) fprintf (stderr, "DEBUG: Processing Logfile: %s\n", foundstring); } - read_fw1_logfile (&foundstring); + read_fw1_logfile (&foundstring, record_num); lstptr = stringlist_search (&(lstptr->next), cfgvalues.fw1_logfile, &foundstring); @@ -513,7 +540,7 @@ main (int argc, char *argv[]) * function read_fw1_logfile */ int -read_fw1_logfile (char **LogfileName) +read_fw1_logfile (char **LogfileName, int record_num) { OpsecEntity *pClient = NULL; OpsecEntity *pServer = NULL; @@ -769,15 +796,24 @@ read_fw1_logfile (char **LogfileName) } else { - pSession = - lea_new_suspended_session (pClient, pServer, LEA_OFFLINE, - LEA_UNIFIED_SINGLE, *LogfileName, - LEA_AT_START); + if ( record_num > 0 ) + { + pSession = lea_new_suspended_session (pClient, pServer, LEA_OFFLINE, + LEA_UNIFIED_SINGLE, *LogfileName, + LEA_AT_POS, record_num); + } + else + { + pSession = + lea_new_suspended_session (pClient, pServer, LEA_OFFLINE, + LEA_UNIFIED_SINGLE, *LogfileName, + LEA_AT_START); + } } if (!pSession) { - fprintf (stderr, "ERROR: failed to create session (%s)\n", - opsec_errno_str (opsec_errno)); + fprintf (stderr, "ERROR: failed to create session (%s), loc=%d\n", + opsec_errno_str (opsec_errno), record_num); cleanup_fw1_environment (pEnv, pClient, pServer); exit_loggrabber (1); } @@ -1989,6 +2025,8 @@ usage (char *szProgName) " --auditlog|--normallog : Get data of audit-logfile (fw.adtlog)(default: normallog)\n"); fprintf (stderr, " --debug-level : Specify Debuglevel (default: 0 - no debugging)\n"); + fprintf (stderr, + " --loc : Starting record number (default: 0 - start at the beginning of the log, ng only)\n"); fprintf (stderr, " --help : Show usage information\n"); } diff --git a/fw1-loggrabber.h b/fw1-loggrabber.h index 132d49b..01bd75d 100644 --- a/fw1-loggrabber.h +++ b/fw1-loggrabber.h @@ -36,6 +36,8 @@ #include #include #include +#include +#include #define SLEEP(sec) sleep(sec) #include @@ -127,7 +129,7 @@ configvalues; /* * function to get the content of a given FW-1 Logfile */ -int read_fw1_logfile (char **); +int read_fw1_logfile (char **,int); /* * event handler used by read_fw1_logfile to approve a rulebase