add timestamp switch, bump version to 0.4
This commit is contained in:
parent
92ba4e4ca6
commit
417f387f3c
12
libbsm.go
12
libbsm.go
@ -116,6 +116,8 @@ const (
|
||||
// Display control
|
||||
PRT_ONELINE = 1
|
||||
PRT_NORESOLVE_USER = 2
|
||||
PRT_TIMESTAMP = 4
|
||||
|
||||
)
|
||||
|
||||
var (
|
||||
@ -513,12 +515,18 @@ func (h *Header32) LoadFromBinary(file *os.File) error {
|
||||
print_header32_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags)
|
||||
*/
|
||||
func (h *Header32) Print(file *os.File, delimiter string, flags int) {
|
||||
var timeval string
|
||||
if PRT_TIMESTAMP == flags & PRT_TIMESTAMP {
|
||||
timeval = strconv.Itoa(int(h.S))
|
||||
} else {
|
||||
t := time.Unix((int64)(h.S), 0)
|
||||
timeval = t.Format(time.UnixDate)
|
||||
}
|
||||
// We dont care for error
|
||||
evdesc, _ := getEventName(h.E_type)
|
||||
fmt.Fprintf(file, "header%s%v%s%v%s%s%s%v%s%v%s%v", delimiter, h.Size, delimiter, h.Version, delimiter,
|
||||
fmt.Fprintf(file, "header%s%d%s%d%s%s%s%v%s%s%s%d", delimiter, h.Size, delimiter, h.Version, delimiter,
|
||||
//h.E_type, delimiter, h.E_mod, delimiter, t.Format(time.UnixDate), delimiter, h.Msec)
|
||||
evdesc, delimiter, h.E_mod, delimiter, t.Format(time.UnixDate), delimiter, h.Msec)
|
||||
evdesc, delimiter, h.E_mod, delimiter, timeval, delimiter, h.Msec)
|
||||
if 0 == (flags & PRT_ONELINE) {
|
||||
fmt.Fprintf(file, "\n")
|
||||
} else {
|
||||
|
16
main.go
16
main.go
@ -23,7 +23,7 @@ import (
|
||||
)
|
||||
|
||||
const (
|
||||
version = "0.03"
|
||||
version = "0.4"
|
||||
)
|
||||
|
||||
var (
|
||||
@ -39,9 +39,11 @@ func main() {
|
||||
var flags int
|
||||
var oneLine bool
|
||||
var noUserResolve bool
|
||||
var timestamp bool
|
||||
|
||||
pflag.BoolVarP(&oneLine, "oneline", "l", false, "Prints the entire record on the same line. If this option is not specified, every token is displayed on a different line.")
|
||||
pflag.BoolVarP(&noUserResolve, "numeric", "n", false, "Do not convert user and group IDs to their names but leave in their numeric forms.")
|
||||
pflag.BoolVarP(×tamp, "timestamp", "t", false, "Print unix timestamp instead of formatted date/time.")
|
||||
pflag.BoolVarP(&showVersion, "version", "V", false, "Show version then exit")
|
||||
|
||||
pflag.Parse()
|
||||
@ -59,6 +61,10 @@ func main() {
|
||||
flags = flags + PRT_NORESOLVE_USER
|
||||
}
|
||||
|
||||
if timestamp {
|
||||
flags = flags + PRT_TIMESTAMP
|
||||
}
|
||||
|
||||
args := os.Args
|
||||
|
||||
filename := args[len(args)-1]
|
||||
@ -68,14 +74,6 @@ func main() {
|
||||
*/
|
||||
|
||||
if len(filename) > 0 {
|
||||
/* err := print_tokens(filename)
|
||||
if err != nil {
|
||||
:q
|
||||
fmt.Printf("Erreur dans print_tokens: %s\n", err.Error())
|
||||
return
|
||||
}
|
||||
}
|
||||
*/
|
||||
f, err := os.Open(filename)
|
||||
if err != nil {
|
||||
fmt.Printf("Impossible d'ouvrir le fichier %s\n", filename)
|
||||
|
Loading…
Reference in New Issue
Block a user