yo/libbsm
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: yo:a1892cbe37232542510393e038be3fb457145959
Branches Tags
yo:master
yo:v0.6.3
yo:v0.6.2
yo:v0.6.1
yo:v0.6
yo:v0.5.9c
yo:v.0.5
yo:v.0.4
yo:v.0.3
yo:v.0.2
...
compare: yo:30ea9986202b118181e3d3656247c5c0470fc170
Branches Tags
yo:master
yo:v0.6.3
yo:v0.6.2
yo:v0.6.1
yo:v0.6
yo:v0.5.9c
yo:v.0.5
yo:v.0.4
yo:v.0.3
yo:v.0.2

2 Commits
a1892cbe37 ... 30ea998620

Author SHA1 Message Date
yo
30ea998620 v0.6.2 : Write to output file, SIGUSR1 will reopen output file so we can newsyslog 2023-12-18 11:55:23 +01:00
yo
e028ca7ee2 Write output to *bufio.Writer 2023-12-18 11:53:12 +01:00
2 changed files with 98 additions and 32 deletions
Show Stats Expand all files Collapse all files

54
libbsm.go
View File

@ -156,7 +156,7 @@ type Record interface {
GetType() uint8 GetType() uint8
// Length() // Length()
LoadFromBinary(rdr *bufio.Reader) error LoadFromBinary(rdr *bufio.Reader) error
Print(*os.File, string, int) Print(*bufio.Writer, string, int)
} }
type Header32 struct { type Header32 struct {
@ -605,7 +605,7 @@ func (h *Header32) LoadFromBinary(rdr *bufio.Reader) error {
static void static void
print_header32_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) print_header32_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags)
*/ */
func (h *Header32) Print(file *os.File, delimiter string, flags int) { func (h *Header32) Print(file *bufio.Writer, delimiter string, flags int) {
var timeval string var timeval string
if PRT_TIMESYSLOG23 == flags&PRT_TIMESYSLOG23 { if PRT_TIMESYSLOG23 == flags&PRT_TIMESYSLOG23 {
timeval = time.Unix((int64)(h.S), 0).Add(time.Millisecond * (time.Duration)(h.Msec)).Format("2006-01-02T15:04:05.000Z07:00") timeval = time.Unix((int64)(h.S), 0).Add(time.Millisecond * (time.Duration)(h.Msec)).Format("2006-01-02T15:04:05.000Z07:00")
@ -704,7 +704,7 @@ func (e *ExecArg) LoadFromBinary(rdr *bufio.Reader) error {
return nil return nil
} }
func (e *ExecArg) Print(file *os.File, delimiter string, flags int) { func (e *ExecArg) Print(file *bufio.Writer, delimiter string, flags int) {
if flags&PRT_JSON == PRT_JSON { if flags&PRT_JSON == PRT_JSON {
// We don't need no count, bc we reconstiture command line // We don't need no count, bc we reconstiture command line
printable := struct { printable := struct {
@ -770,7 +770,7 @@ func (p *Path) LoadFromBinary(rdr *bufio.Reader) error {
return nil return nil
} }
func (p *Path) Print(file *os.File, delimiter string, flags int) { func (p *Path) Print(file *bufio.Writer, delimiter string, flags int) {
if flags&PRT_JSON == PRT_JSON { if flags&PRT_JSON == PRT_JSON {
// We don't need no length // We don't need no length
printable := struct { printable := struct {
@ -847,7 +847,7 @@ func (a *Attribute32) LoadFromBinary(rdr *bufio.Reader) error {
return nil return nil
} }
func (a *Attribute32) Print(file *os.File, delimiter string, flags int) { func (a *Attribute32) Print(file *bufio.Writer, delimiter string, flags int) {
var user string var user string
var group string var group string
@ -952,7 +952,7 @@ func (a *Attribute64) LoadFromBinary(rdr *bufio.Reader) error {
return nil return nil
} }
func (a *Attribute64) Print(file *os.File, delimiter string, flags int) { func (a *Attribute64) Print(file *bufio.Writer, delimiter string, flags int) {
var user string var user string
var group string var group string
// TODO : resolve Uid and Gid (also support domain accounts) // TODO : resolve Uid and Gid (also support domain accounts)
@ -1082,7 +1082,7 @@ func (s *Subject32) LoadFromBinary(rdr *bufio.Reader) error {
return nil return nil
} }
func (s *Subject32) Print(file *os.File, delimiter string, flags int) { func (s *Subject32) Print(file *bufio.Writer, delimiter string, flags int) {
var auser string var auser string
var euser string var euser string
var egroup string var egroup string
@ -1225,7 +1225,7 @@ func (p *Process32) LoadFromBinary(rdr *bufio.Reader) error {
return nil return nil
} }
func (p *Process32) Print(file *os.File, delimiter string, flags int) { func (p *Process32) Print(file *bufio.Writer, delimiter string, flags int) {
var auser string var auser string
var euser string var euser string
var egroup string var egroup string
@ -1386,7 +1386,7 @@ func (s *Subject32Ex) LoadFromBinary(rdr *bufio.Reader) error {
return nil return nil
} }
func (s *Subject32Ex) Print(file *os.File, delimiter string, flags int) { func (s *Subject32Ex) Print(file *bufio.Writer, delimiter string, flags int) {
var auser string var auser string
var euser string var euser string
var egroup string var egroup string
@ -1558,7 +1558,7 @@ func (p *Process32Ex) LoadFromBinary(rdr *bufio.Reader) error {
return nil return nil
} }
func (p *Process32Ex) Print(file *os.File, delimiter string, flags int) { func (p *Process32Ex) Print(file *bufio.Writer, delimiter string, flags int) {
var auser string var auser string
var euser string var euser string
var egroup string var egroup string
@ -1714,7 +1714,7 @@ func (s *Subject64) LoadFromBinary(rdr *bufio.Reader) error {
return nil return nil
} }
func (s *Subject64) Print(file *os.File, delimiter string, flags int) { func (s *Subject64) Print(file *bufio.Writer, delimiter string, flags int) {
var auser string var auser string
var euser string var euser string
var egroup string var egroup string
@ -1857,7 +1857,7 @@ func (p *Process64) LoadFromBinary(rdr *bufio.Reader) error {
return nil return nil
} }
func (p *Process64) Print(file *os.File, delimiter string, flags int) { func (p *Process64) Print(file *bufio.Writer, delimiter string, flags int) {
var auser string var auser string
var euser string var euser string
var egroup string var egroup string
@ -2017,7 +2017,7 @@ func (s *Subject64Ex) LoadFromBinary(rdr *bufio.Reader) error {
return nil return nil
} }
func (s *Subject64Ex) Print(file *os.File, delimiter string, flags int) { func (s *Subject64Ex) Print(file *bufio.Writer, delimiter string, flags int) {
var auser string var auser string
var euser string var euser string
var egroup string var egroup string
@ -2189,7 +2189,7 @@ func (p *Process64Ex) LoadFromBinary(rdr *bufio.Reader) error {
return nil return nil
} }
func (p *Process64Ex) Print(file *os.File, delimiter string, flags int) { func (p *Process64Ex) Print(file *bufio.Writer, delimiter string, flags int) {
var auser string var auser string
var euser string var euser string
var egroup string var egroup string
@ -2308,7 +2308,7 @@ func (r *Return32) LoadFromBinary(rdr *bufio.Reader) error {
return nil return nil
} }
func (r *Return32) Print(file *os.File, delimiter string, flags int) { func (r *Return32) Print(file *bufio.Writer, delimiter string, flags int) {
var errMsg string var errMsg string
errNo, err := lookupErrno(r.Status) errNo, err := lookupErrno(r.Status)
if err == nil { if err == nil {
@ -2369,7 +2369,7 @@ func (r *Return64) LoadFromBinary(rdr *bufio.Reader) error {
return nil return nil
} }
func (r *Return64) Print(file *os.File, delimiter string, flags int) { func (r *Return64) Print(file *bufio.Writer, delimiter string, flags int) {
var errMsg string var errMsg string
errNo, err := lookupErrno(r.Status) errNo, err := lookupErrno(r.Status)
if err == nil { if err == nil {
@ -2430,7 +2430,7 @@ func (t *Trailer) LoadFromBinary(rdr *bufio.Reader) error {
return nil return nil
} }
func (t *Trailer) Print(file *os.File, delimiter string, flags int) { func (t *Trailer) Print(file *bufio.Writer, delimiter string, flags int) {
if flags&PRT_JSON == PRT_JSON { if flags&PRT_JSON == PRT_JSON {
printable := struct { printable := struct {
Count uint32 `json:"length"` // Effective user ID Count uint32 `json:"length"` // Effective user ID
@ -2493,7 +2493,7 @@ func (a *Arg32) LoadFromBinary(rdr *bufio.Reader) error {
return nil return nil
} }
func (a *Arg32) Print(file *os.File, delimiter string, flags int) { func (a *Arg32) Print(file *bufio.Writer, delimiter string, flags int) {
if flags&PRT_JSON == PRT_JSON { if flags&PRT_JSON == PRT_JSON {
printable := struct { printable := struct {
Count uint32 `json:"count"` // Effective user ID Count uint32 `json:"count"` // Effective user ID
@ -2563,7 +2563,7 @@ func (a *Arg64) LoadFromBinary(rdr *bufio.Reader) error {
return nil return nil
} }
func (a *Arg64) Print(file *os.File, delimiter string, flags int) { func (a *Arg64) Print(file *bufio.Writer, delimiter string, flags int) {
if flags&PRT_JSON == PRT_JSON { if flags&PRT_JSON == PRT_JSON {
printable := struct { printable := struct {
Count uint32 `json:"count"` // Effective user ID Count uint32 `json:"count"` // Effective user ID
@ -2667,7 +2667,7 @@ func (s *SocketEx) LoadFromBinary(rdr *bufio.Reader) error {
return nil return nil
} }
func (s *SocketEx) Print(file *os.File, delimiter string, flags int) { func (s *SocketEx) Print(file *bufio.Writer, delimiter string, flags int) {
var lip string var lip string
var rip string var rip string
if s.AddrType == ISIPV4 { if s.AddrType == ISIPV4 {
@ -2732,7 +2732,7 @@ func (s *SockInet32) LoadFromBinary(rdr *bufio.Reader) error {
return nil return nil
} }
func (s *SockInet32) Print(file *os.File, delimiter string, flags int) { func (s *SockInet32) Print(file *bufio.Writer, delimiter string, flags int) {
if flags&PRT_JSON == PRT_JSON { if flags&PRT_JSON == PRT_JSON {
printable := struct { printable := struct {
Family uint16 `json:"family"` Family uint16 `json:"family"`
@ -2794,7 +2794,7 @@ func (s *SockInet128) LoadFromBinary(rdr *bufio.Reader) error {
return nil return nil
} }
func (s *SockInet128) Print(file *os.File, delimiter string, flags int) { func (s *SockInet128) Print(file *bufio.Writer, delimiter string, flags int) {
if flags&PRT_JSON == PRT_JSON { if flags&PRT_JSON == PRT_JSON {
printable := struct { printable := struct {
Family uint16 `json:"family"` Family uint16 `json:"family"`
@ -2852,7 +2852,7 @@ func (s *SockUnix) LoadFromBinary(rdr *bufio.Reader) error {
return nil return nil
} }
func (s *SockUnix) Print(file *os.File, delimiter string, flags int) { func (s *SockUnix) Print(file *bufio.Writer, delimiter string, flags int) {
if flags&PRT_JSON == PRT_JSON { if flags&PRT_JSON == PRT_JSON {
printable := struct { printable := struct {
Family uint16 `json:"family"` Family uint16 `json:"family"`
@ -2905,7 +2905,7 @@ func (e *Exit) LoadFromBinary(rdr *bufio.Reader) error {
return nil return nil
} }
func (e *Exit) Print(file *os.File, delimiter string, flags int) { func (e *Exit) Print(file *bufio.Writer, delimiter string, flags int) {
if flags&PRT_JSON == PRT_JSON { if flags&PRT_JSON == PRT_JSON {
j, err := json.Marshal(e) j, err := json.Marshal(e)
if err != nil { if err != nil {
@ -2953,7 +2953,7 @@ func (t *Text) LoadFromBinary(rdr *bufio.Reader) error {
return nil return nil
} }
func (t *Text) Print(file *os.File, delimiter string, flags int) { func (t *Text) Print(file *bufio.Writer, delimiter string, flags int) {
if flags&PRT_JSON == PRT_JSON { if flags&PRT_JSON == PRT_JSON {
j, err := json.Marshal(t) j, err := json.Marshal(t)
if err != nil { if err != nil {
@ -3001,7 +3001,7 @@ func (z *ZoneName) LoadFromBinary(rdr *bufio.Reader) error {
return nil return nil
} }
func (z *ZoneName) Print(file *os.File, delimiter string, flags int) { func (z *ZoneName) Print(file *bufio.Writer, delimiter string, flags int) {
if flags&PRT_JSON == PRT_JSON { if flags&PRT_JSON == PRT_JSON {
printable := struct { printable := struct {
Name string `json:"name"` Name string `json:"name"`
@ -3103,7 +3103,7 @@ func (c *Capabilities) MarshalJSON() ([]byte, error) {
return json.Marshal(cJSON) return json.Marshal(cJSON)
} }
func (r *Rights) Print(file *os.File, delimiter string, flags int) { func (r *Rights) Print(file *bufio.Writer, delimiter string, flags int) {
if flags&PRT_JSON == PRT_JSON { if flags&PRT_JSON == PRT_JSON {
// Do not print Rights.Length, only capabilities array // Do not print Rights.Length, only capabilities array
j, err := json.Marshal(r.Rights) j, err := json.Marshal(r.Rights)

76
main.go
View File

@ -27,13 +27,16 @@ import (
"io" "io"
"os" "os"
"fmt" "fmt"
"sync"
"bufio" "bufio"
"strings" "strings"
"syscall"
"os/signal"
"github.com/spf13/pflag" "github.com/spf13/pflag"
) )
const ( const (
version = "0.6.1" version = "0.6.2"
) )
var ( var (
@ -42,19 +45,43 @@ var (
// Default delimiter // Default delimiter
delimiter = "," delimiter = ","
Writer *bufio.Writer
) )
func NewWriter(file string) (*bufio.Writer, *os.File, error) {
if len(file) > 0 {
var f *os.File
var err error
f, err = os.OpenFile(file, os.O_CREATE|os.O_WRONLY, 0640)
if err != nil {
return nil, nil, err
}
Writer = bufio.NewWriter(f)
return Writer, f, nil
} else {
Writer = bufio.NewWriter(os.Stdout)
return Writer, nil, nil
}
}
func main() { func main() {
var flags int var flags int
var oneLine bool var oneLine bool
var noUserResolve bool var noUserResolve bool
var syslog23 bool var syslog23 bool
var json bool var json bool
var outputFile string
// Output file mutex
var outfMtx sync.Mutex
var outFile *os.File
pflag.BoolVarP(&oneLine, "oneline", "l", false, "Prints the entire record on the same line") pflag.BoolVarP(&oneLine, "oneline", "l", false, "Prints the entire record on the same line")
pflag.BoolVarP(&noUserResolve, "numeric", "n", false, "Do not convert user and group IDs to their names but leave in their numeric forms") pflag.BoolVarP(&noUserResolve, "numeric", "n", false, "Do not convert user and group IDs to their names but leave in their numeric forms")
pflag.BoolVarP(&json, "json", "j", false, "Print compact json") pflag.BoolVarP(&json, "json", "j", false, "Print compact json")
pflag.BoolVarP(&syslog23, "syslog23", "s", false, "Print time as \"2006-01-02T15:04:05.000Z07:00\", RFC339 with ms, also used on RSYSLOG_SyslogProtocol23Format. \"msec\" field will not be print in json output") pflag.BoolVarP(&syslog23, "syslog23", "s", false, "Print time as \"2006-01-02T15:04:05.000Z07:00\", RFC339 with ms, also used on RSYSLOG_SyslogProtocol23Format. \"msec\" field will not be print in json output")
pflag.StringVarP(&outputFile, "out", "o", "", "Output to file, overwrite existing. File will be re-opened receiving SIGUSR1.")
pflag.BoolVarP(&showVersion, "version", "V", false, "Show version and exit") pflag.BoolVarP(&showVersion, "version", "V", false, "Show version and exit")
var Usage = func() { var Usage = func() {
@ -90,9 +117,35 @@ func main() {
} }
filename := args[len(args)-1] filename := args[len(args)-1]
// Get a writer, file or stdout
_, outFile, err := NewWriter(outputFile)
if err != nil {
fmt.Fprintf(os.Stderr, "%v\n", err)
os.Exit(1)
}
if len(outputFile) > 0 {
// Manage output file rotation when receiving SIGUSR1
sig := make(chan os.Signal)
signal.Notify(sig, syscall.SIGUSR1)
go func() {
for {
<-sig
outfMtx.Lock()
fmt.Println("SIGUSR1 received, recreating output file")
outFile.Close()
_, outFile, err = NewWriter(outputFile)
if err != nil {
outfMtx.Unlock()
fmt.Fprintf(os.Stderr, "%v\n", err)
os.Exit(1)
}
outfMtx.Unlock()
}
}()
}
var f *os.File var f *os.File
var r *bufio.Reader var r *bufio.Reader
var err error
if len(filename) > 0 { if len(filename) > 0 {
// If arg is "-", open stdin to read content // If arg is "-", open stdin to read content
if true == strings.EqualFold(filename, "-") { if true == strings.EqualFold(filename, "-") {
@ -100,13 +153,12 @@ func main() {
} else { } else {
f, err = os.Open(filename) f, err = os.Open(filename)
if err != nil { if err != nil {
fmt.Printf("Impossible d'ouvrir le fichier %s\n", filename) fmt.Fprintf(os.Stderr, "Impossible d'ouvrir le fichier %s\n", filename)
os.Exit(-1) os.Exit(-1)
} }
r = bufio.NewReader(f) r = bufio.NewReader(f)
} }
//for i := 0 ; i < 20 ; i++ {
for { for {
rec, err := readRecordToStruct(r) rec, err := readRecordToStruct(r)
if err != nil { if err != nil {
@ -116,7 +168,21 @@ func main() {
return return
} }
} }
rec.Print(os.Stdout, ",", flags) if len(outputFile) > 0 {
outfMtx.Lock()
rec.Print(Writer, ",", flags)
Writer.Flush() // Performance ?
outfMtx.Unlock()
} else {
// No need for mutex with stdout
rec.Print(Writer, ",", flags)
}
} }
} }
if len(outputFile) > 0 && outFile != nil {
outfMtx.Lock()
outFile.Close()
outfMtx.Unlock()
}
} }