add timestamp switch, bump version to 0.4
This commit is contained in:
parent
92ba4e4ca6
commit
417f387f3c
14
libbsm.go
14
libbsm.go
@ -116,6 +116,8 @@ const (
|
|||||||
// Display control
|
// Display control
|
||||||
PRT_ONELINE = 1
|
PRT_ONELINE = 1
|
||||||
PRT_NORESOLVE_USER = 2
|
PRT_NORESOLVE_USER = 2
|
||||||
|
PRT_TIMESTAMP = 4
|
||||||
|
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
@ -513,12 +515,18 @@ func (h *Header32) LoadFromBinary(file *os.File) error {
|
|||||||
print_header32_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags)
|
print_header32_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags)
|
||||||
*/
|
*/
|
||||||
func (h *Header32) Print(file *os.File, delimiter string, flags int) {
|
func (h *Header32) Print(file *os.File, delimiter string, flags int) {
|
||||||
t := time.Unix((int64)(h.S), 0)
|
var timeval string
|
||||||
|
if PRT_TIMESTAMP == flags & PRT_TIMESTAMP {
|
||||||
|
timeval = strconv.Itoa(int(h.S))
|
||||||
|
} else {
|
||||||
|
t := time.Unix((int64)(h.S), 0)
|
||||||
|
timeval = t.Format(time.UnixDate)
|
||||||
|
}
|
||||||
// We dont care for error
|
// We dont care for error
|
||||||
evdesc, _ := getEventName(h.E_type)
|
evdesc, _ := getEventName(h.E_type)
|
||||||
fmt.Fprintf(file, "header%s%v%s%v%s%s%s%v%s%v%s%v", delimiter, h.Size, delimiter, h.Version, delimiter,
|
fmt.Fprintf(file, "header%s%d%s%d%s%s%s%v%s%s%s%d", delimiter, h.Size, delimiter, h.Version, delimiter,
|
||||||
//h.E_type, delimiter, h.E_mod, delimiter, t.Format(time.UnixDate), delimiter, h.Msec)
|
//h.E_type, delimiter, h.E_mod, delimiter, t.Format(time.UnixDate), delimiter, h.Msec)
|
||||||
evdesc, delimiter, h.E_mod, delimiter, t.Format(time.UnixDate), delimiter, h.Msec)
|
evdesc, delimiter, h.E_mod, delimiter, timeval, delimiter, h.Msec)
|
||||||
if 0 == (flags & PRT_ONELINE) {
|
if 0 == (flags & PRT_ONELINE) {
|
||||||
fmt.Fprintf(file, "\n")
|
fmt.Fprintf(file, "\n")
|
||||||
} else {
|
} else {
|
||||||
|
|||||||
16
main.go
16
main.go
@ -23,7 +23,7 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
version = "0.03"
|
version = "0.4"
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
@ -39,9 +39,11 @@ func main() {
|
|||||||
var flags int
|
var flags int
|
||||||
var oneLine bool
|
var oneLine bool
|
||||||
var noUserResolve bool
|
var noUserResolve bool
|
||||||
|
var timestamp bool
|
||||||
|
|
||||||
pflag.BoolVarP(&oneLine, "oneline", "l", false, "Prints the entire record on the same line. If this option is not specified, every token is displayed on a different line.")
|
pflag.BoolVarP(&oneLine, "oneline", "l", false, "Prints the entire record on the same line. If this option is not specified, every token is displayed on a different line.")
|
||||||
pflag.BoolVarP(&noUserResolve, "numeric", "n", false, "Do not convert user and group IDs to their names but leave in their numeric forms.")
|
pflag.BoolVarP(&noUserResolve, "numeric", "n", false, "Do not convert user and group IDs to their names but leave in their numeric forms.")
|
||||||
|
pflag.BoolVarP(×tamp, "timestamp", "t", false, "Print unix timestamp instead of formatted date/time.")
|
||||||
pflag.BoolVarP(&showVersion, "version", "V", false, "Show version then exit")
|
pflag.BoolVarP(&showVersion, "version", "V", false, "Show version then exit")
|
||||||
|
|
||||||
pflag.Parse()
|
pflag.Parse()
|
||||||
@ -59,6 +61,10 @@ func main() {
|
|||||||
flags = flags + PRT_NORESOLVE_USER
|
flags = flags + PRT_NORESOLVE_USER
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if timestamp {
|
||||||
|
flags = flags + PRT_TIMESTAMP
|
||||||
|
}
|
||||||
|
|
||||||
args := os.Args
|
args := os.Args
|
||||||
|
|
||||||
filename := args[len(args)-1]
|
filename := args[len(args)-1]
|
||||||
@ -68,14 +74,6 @@ func main() {
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
if len(filename) > 0 {
|
if len(filename) > 0 {
|
||||||
/* err := print_tokens(filename)
|
|
||||||
if err != nil {
|
|
||||||
:q
|
|
||||||
fmt.Printf("Erreur dans print_tokens: %s\n", err.Error())
|
|
||||||
return
|
|
||||||
}
|
|
||||||
}
|
|
||||||
*/
|
|
||||||
f, err := os.Open(filename)
|
f, err := os.Open(filename)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
fmt.Printf("Impossible d'ouvrir le fichier %s\n", filename)
|
fmt.Printf("Impossible d'ouvrir le fichier %s\n", filename)
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user