// Copyright 2021, johan@nosd.in // +build freebsd // // godit is a search tool for BSM audit trails used by FreeBSD auditd // /* % time praudit -l /home/yo/Dev/go/godit/20211228134923.20211228151348 > praudit.log 101.728u 7.315s 1:49.09 99.9% 10+167k 0+191152io 0pf+0w % time ./godit 20211228134923.20211228151348 > godit.log 11.599u 38.235s 0:48.25 103.2% 1045+553k 1+2262168io 4pf+0w % ./godit -V Godit v0.03 % time ./godit 20211228134923.20211228151348 > 20211228134923.20211228151348.godit3 7.183u 19.590s 0:25.98 103.0% 1038+559k 0+2262168io 0pf+0w % ./godit -V Godit v0.4.3 */ package main import ( "io" "os" "fmt" "bufio" "strings" "github.com/spf13/pflag" ) const ( version = "0.5" ) var ( randFlag bool showVersion bool // Default delimiter delimiter = "," ) func main() { var flags int var oneLine bool var noUserResolve bool var timestamp bool pflag.BoolVarP(&oneLine, "oneline", "l", false, "Prints the entire record on the same line. If this option is not specified, every token is displayed on a different line.") pflag.BoolVarP(&noUserResolve, "numeric", "n", false, "Do not convert user and group IDs to their names but leave in their numeric forms.") pflag.BoolVarP(×tamp, "timestamp", "t", false, "Print unix timestamp instead of formatted date/time.") pflag.BoolVarP(&showVersion, "version", "V", false, "Show version then exit") pflag.Parse() if showVersion { fmt.Printf("Godit v%s\n", version) return } if oneLine { flags = flags + PRT_ONELINE } if noUserResolve { flags = flags + PRT_NORESOLVE_USER } if timestamp { flags = flags + PRT_TIMESTAMP } args := os.Args filename := args[len(args)-1] /* fmt.Printf("Args: %s\n", args) fmt.Printf("Filename: %s\n", filename) */ var f *os.File var r *bufio.Reader var err error if len(filename) > 0 { // If arg is "-", open stdin to read content if true == strings.EqualFold(filename, "-") { r = bufio.NewReader(os.Stdin) } else { f, err = os.Open(filename) if err != nil { fmt.Printf("Impossible d'ouvrir le fichier %s\n", filename) return } r = bufio.NewReader(f) } //for i := 0 ; i < 20 ; i++ { for { rec, err := readRecordToStruct(r) if err != nil { if err != io.EOF { fmt.Printf("Erreur : %v\n", err) } else { // v.0.4.2 : Continue on error return } } rec.Print(os.Stdout, ",", flags) } } }