Bump version to v.0.5

go.mod

@@ -0,0 +1,5 @@
+module godit
+
+go 1.17
+
+require github.com/spf13/pflag v1.0.5

go.sum

@@ -0,0 +1,2 @@
+github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
+github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=

main.go

@@ -4,26 +4,34 @@
 // godit is a search tool for BSM audit trails used by FreeBSD auditd
 //
 
+/*
+% time praudit -l /home/yo/Dev/go/godit/20211228134923.20211228151348 > praudit.log
+101.728u 7.315s 1:49.09 99.9%   10+167k 0+191152io 0pf+0w
+
+% time ./godit 20211228134923.20211228151348 > godit.log
+11.599u 38.235s 0:48.25 103.2%  1045+553k 1+2262168io 4pf+0w
+% ./godit -V
+Godit v0.03
+
+% time ./godit 20211228134923.20211228151348 > 20211228134923.20211228151348.godit3
+7.183u 19.590s 0:25.98 103.0%   1038+559k 0+2262168io 0pf+0w
+% ./godit -V
+Godit v0.4.3
+*/
+
 package main
 
-/*
-#cgo CFLAGS: -I /usr/lib
-#cgo LDFLAGS: -L. -lbsm -lc
-#include <stdlib.h>
-#include <bsm/libbsm.h>
-*/
-import "C"
-import "unsafe"
-
 import (
+	"io"
 	"os"
 	"fmt"
-//	"encoding/hex"
+	"bufio"
+	"strings"
 	"github.com/spf13/pflag"
 )
 
 const (
-	version = "0.001"
+	version = "0.5"
 )
 
 var (
@@ -35,76 +43,15 @@ var (
 )
 
 
-/*
-// This function only work on full file for the moment
-// It is essentially a rip of praudit:print_tokens function
-
- It is SLOW:
-
-yo@martine:~/Dev/go/godit % time praudit -l /home/yo/Dev/go/godit/20211228134923.20211228151348 > praudit.log
-102.428u 8.496s 1:50.98 99.9%   10+167k 0+191152io 0pf+0w
-
-yo@martine:~/Dev/go/godit % time ./godit 20211228134923.20211228151348 > godit.log
-232.573u 56.834s 5:12.00 92.7%  859+553k 0+381988io 0pf+0w
-
-*/
-func print_tokens(filename string) error {
-	var buf			*C.u_char
-	var recLen 		C.int
-	var bytesRead	C.int
-	var tok			C.tokenstr_t
-	var del			*C.char
-	var fp			*C.FILE
-	var cFilename	*C.char
-	var r			*C.char
-
-	del = C.CString(delimiter)
-	r = C.CString("r")
-
-	cFilename = C.CString(filename)
-	fp = C.fopen(cFilename, r)
-	if fp == nil {
-		return fmt.Errorf("Error opening file %s\n", filename)
-	}
-
-	for recLen != -1 {
-		recLen = C.au_read_rec(fp, &buf)
-		if recLen == -1 {
-			break
-		}
-		bytesRead = 0
-		for bytesRead < recLen {
-			newstart := unsafe.Add(unsafe.Pointer(buf), bytesRead)
-			if( -1 == C.au_fetch_tok(&tok, (*C.u_char)(newstart), recLen - bytesRead)) {
-				break
-			}
-			C.au_print_flags_tok((*C.FILE)(C.stdout), &tok, del, C.AU_OFLAG_NONE)
-		
-			bytesRead += (C.int)(tok.len)
-			// fmt.Printf is buffered, its use cause a time glitch on display
-			C.putchar((C.int)(*del))
-		}
-		fmt.Printf("\n")
-		C.fflush((*C.FILE)(C.stdout))
-		
-		// buf was allocated by au_read_rec(), we need to free it
-		C.free(unsafe.Pointer(buf))
-
-	}
-
-	C.fclose(fp)
-
-	C.free(unsafe.Pointer(cFilename))
-	C.free(unsafe.Pointer(del))
-	C.free(unsafe.Pointer(r))
-
-	return nil
-}
-
-
 func main() {
-	
-	pflag.BoolVarP(&randFlag, "randFlag", "r", false, "A random flag, just to play you.")
+	var flags int
+	var oneLine bool
+	var noUserResolve bool
+	var timestamp bool
+
+	pflag.BoolVarP(&oneLine, "oneline", "l", false, "Prints the entire record on the same line. If this option is not specified, every token is displayed on a different line.")
+	pflag.BoolVarP(&noUserResolve, "numeric", "n", false, "Do not convert user and group IDs to their names but leave in their numeric forms.")
+	pflag.BoolVarP(&timestamp, "timestamp", "t", false, "Print unix timestamp instead of formatted date/time.")
 	pflag.BoolVarP(&showVersion, "version", "V", false, "Show version then exit")
 
 	pflag.Parse()
@@ -114,36 +61,52 @@ func main() {
 		return
 	}
 
-	args := os.Args
+	if oneLine {
+		flags = flags + PRT_ONELINE
+	}
 
+	if noUserResolve {
+		flags = flags + PRT_NORESOLVE_USER
+	}
+
+	if timestamp {
+		flags = flags + PRT_TIMESTAMP
+	}
+
+	args := os.Args
 	filename := args[len(args)-1]
 	
 /*	fmt.Printf("Args: %s\n", args)
 	fmt.Printf("Filename: %s\n", filename)
 */
 	
+	var f *os.File
+	var r *bufio.Reader
+	var err error
 	if len(filename) > 0 {
-/*		err := print_tokens(filename)
-		if err != nil {
-		:q
-		fmt.Printf("Erreur dans print_tokens: %s\n", err.Error())
-			return
-		}
-	}
-*/
-		f, err := os.Open(filename)
-		if err != nil {
-			fmt.Printf("Impossible d'ouvrir le fichier %s\n", filename)
-			return
-		}
-		//for i := 0 ; i < 20 ; i++ {
-		for {
-			rec, err := readRecordToStruct(f)
-			if err != nil { 
-				fmt.Printf("Erreur : %v\n", err)
+		// If arg is "-", open stdin to read content
+		if true == strings.EqualFold(filename, "-") {
+			r = bufio.NewReader(os.Stdin)
+		} else {
+			f, err = os.Open(filename)
+			if err != nil {
+				fmt.Printf("Impossible d'ouvrir le fichier %s\n", filename)
 				return
 			}
-			rec.Print(os.Stdout, ",", 0)
+			r = bufio.NewReader(f)
+		}
+
+		//for i := 0 ; i < 20 ; i++ {
+		for {
+			rec, err := readRecordToStruct(r)
+			if err != nil {
+				if err != io.EOF {
+					fmt.Printf("Erreur : %v\n", err)
+				} else {		// v.0.4.2 : Continue on error
+					return
+				}
+			}
+			rec.Print(os.Stdout, ",", flags)
 		}
 	}
 }