diff --git a/fw1-loggrabber.c b/fw1-loggrabber.c
index 518ddb7..2f068be 100644
--- a/fw1-loggrabber.c
+++ b/fw1-loggrabber.c
@@ -38,6 +38,7 @@ int
main (int argc, char *argv[])
{
int i;
+ int record_num = 0;
stringlist *lstptr;
char *foundstring;
char *field;
@@ -128,6 +129,32 @@ main (int argc, char *argv[])
{
audit_log = 0;
}
+ else if (strcmp (argv[i], "--loc") == 0)
+ {
+ i++;
+ if ( argv[i] == NULL || argv[i][0] == '-')
+ {
+ fprintf (stderr, "ERROR: 0 or positive value expected for argument %s\n",
+ argv[i - 1]);
+ usage (argv[0]);
+ exit_loggrabber (1);
+ }
+
+ errno = 0;
+ long raw_record_num = strtol ( argv[i], NULL, 10 );
+ if ( errno == ERANGE || raw_record_num < 0 || raw_record_num > INT_MAX)
+ {
+ fprintf (stderr,
+ "WARNING: %s expects an integer range value greater than or equal to 0\n"
+ " The provided value will be treated as if it were 0\n",
+ argv[i-1] );
+ record_num = 0;
+ }
+ else
+ {
+ record_num = (int) raw_record_num;
+ }
+ }
else if ((strcmp (argv[i], "-f") == 0)
|| (strcmp (argv[i], "--logfile") == 0))
{
@@ -464,7 +491,7 @@ main (int argc, char *argv[])
fprintf (stderr, "DEBUG: Processing Logfile: %s\n",
lstptr->data);
}
- read_fw1_logfile (&(lstptr->data));
+ read_fw1_logfile (&(lstptr->data), record_num);
lstptr = lstptr->next;
}
}
@@ -486,7 +513,7 @@ main (int argc, char *argv[])
fprintf (stderr, "DEBUG: Processing Logfile: %s\n",
cfgvalues.fw1_logfile);
}
- read_fw1_logfile (&(cfgvalues.fw1_logfile));
+ read_fw1_logfile (&(cfgvalues.fw1_logfile), record_num);
}
while (lstptr)
{
@@ -495,7 +522,7 @@ main (int argc, char *argv[])
fprintf (stderr, "DEBUG: Processing Logfile: %s\n",
foundstring);
}
- read_fw1_logfile (&foundstring);
+ read_fw1_logfile (&foundstring, record_num);
lstptr =
stringlist_search (&(lstptr->next), cfgvalues.fw1_logfile,
&foundstring);
@@ -513,7 +540,7 @@ main (int argc, char *argv[])
* function read_fw1_logfile
*/
int
-read_fw1_logfile (char **LogfileName)
+read_fw1_logfile (char **LogfileName, int record_num)
{
OpsecEntity *pClient = NULL;
OpsecEntity *pServer = NULL;
@@ -769,15 +796,24 @@ read_fw1_logfile (char **LogfileName)
}
else
{
- pSession =
- lea_new_suspended_session (pClient, pServer, LEA_OFFLINE,
- LEA_UNIFIED_SINGLE, *LogfileName,
- LEA_AT_START);
+ if ( record_num > 0 )
+ {
+ pSession = lea_new_suspended_session (pClient, pServer, LEA_OFFLINE,
+ LEA_UNIFIED_SINGLE, *LogfileName,
+ LEA_AT_POS, record_num);
+ }
+ else
+ {
+ pSession =
+ lea_new_suspended_session (pClient, pServer, LEA_OFFLINE,
+ LEA_UNIFIED_SINGLE, *LogfileName,
+ LEA_AT_START);
+ }
}
if (!pSession)
{
- fprintf (stderr, "ERROR: failed to create session (%s)\n",
- opsec_errno_str (opsec_errno));
+ fprintf (stderr, "ERROR: failed to create session (%s), loc=%d\n",
+ opsec_errno_str (opsec_errno), record_num);
cleanup_fw1_environment (pEnv, pClient, pServer);
exit_loggrabber (1);
}
@@ -1989,6 +2025,8 @@ usage (char *szProgName)
" --auditlog|--normallog : Get data of audit-logfile (fw.adtlog)(default: normallog)\n");
fprintf (stderr,
" --debug-level : Specify Debuglevel (default: 0 - no debugging)\n");
+ fprintf (stderr,
+ " --loc : Starting record number (default: 0 - start at the beginning of the log, ng only)\n");
fprintf (stderr,
" --help : Show usage information\n");
}
diff --git a/fw1-loggrabber.h b/fw1-loggrabber.h
index 132d49b..01bd75d 100644
--- a/fw1-loggrabber.h
+++ b/fw1-loggrabber.h
@@ -36,6 +36,8 @@
#include
#include
#include
+#include
+#include
#define SLEEP(sec) sleep(sec)
#include
@@ -127,7 +129,7 @@ configvalues;
/*
* function to get the content of a given FW-1 Logfile
*/
-int read_fw1_logfile (char **);
+int read_fw1_logfile (char **,int);
/*
* event handler used by read_fw1_logfile to approve a rulebase