|
1 | 1 | /* |
2 | 2 | This file is part of the libmsclogparser project. |
3 | 3 |
|
4 | | -Copyright (c) 2023 Digitalwave |
| 4 | +Copyright (c) 2023-2026 Digitalwave |
5 | 5 |
|
6 | 6 | Authors: Ervin Hegedüs <airween@digitalwave.hu> |
7 | 7 |
|
@@ -570,16 +570,11 @@ static void parse_tail(loglinetype linetype, char *line, size_t *startpos, logda |
570 | 570 | set_error(l, "[hostname] field is truncated!", *startpos, l->log_entry_raw_length); |
571 | 571 | return; |
572 | 572 | } |
573 | | - // 'hostname' is relevant only if type of log is Apache |
574 | | - // Nginx [hostname ""] contains the IP address, therefore we |
575 | | - // have to process that later - see end of this function |
576 | | - if (linetype == LOG_TYPE_APACHE) { |
577 | | - tbuff[t] = '\0'; |
578 | | - l->log_hostname = mscl_stradd(l, tbuff, t); |
579 | | - *startpos = k; |
580 | | - if (tailstart != NULL) { |
581 | | - *tailstart = matches[0]; |
582 | | - } |
| 573 | + tbuff[t] = '\0'; |
| 574 | + l->log_hostname = mscl_stradd(l, tbuff, t); |
| 575 | + *startpos = k; |
| 576 | + if (tailstart != NULL) { |
| 577 | + *tailstart = matches[0]; |
583 | 578 | } |
584 | 579 | } |
585 | 580 | else { |
@@ -639,7 +634,8 @@ static void parse_tail(loglinetype linetype, char *line, size_t *startpos, logda |
639 | 634 |
|
640 | 635 | // Nginx [hostname ""] filed contains the server IP address, we have to process |
641 | 636 | // the last 'host: "..."' field |
642 | | - if (linetype == LOG_TYPE_NGINX) { |
| 637 | + // enter this block only if hostname is empty, eg. log is chunked |
| 638 | + if (linetype == LOG_TYPE_NGINX && strlen(l->log_hostname) == 0) { |
643 | 639 | memset(&matches, '\0', sizeof(size_t)*2); |
644 | 640 | mcnt = find_pattern(line, hostlast, l->log_entry_raw_length, "host: \"", 7, &matches, MATCH_FIRST); |
645 | 641 | if (mcnt > 0) { |
@@ -1042,15 +1038,15 @@ int parse (char * line, size_t len, loglinetype t, logdata * l) { |
1042 | 1038 | l->log_unique_id = mscl_stradd(l, "", 0); |
1043 | 1039 |
|
1044 | 1040 | if (t == LOG_TYPE_APACHE) { |
1045 | | - // [Thu Sep 22 14:51:12.636955 2022] [:error] [pid 19765:tid 139903325140736] [client 165.232.134.42:52179] [client 165.232.134.42] |
1046 | | - // [Thu Sep 22 14:51:12.636955 2022] [:info] [pid 1:tid 1] [client 1.2.3.4:1] [client 1.2.3.4] |
| 1041 | + // [Thu Sep 22 14:51:12.636955 2022] [security2:error] [pid 19765:tid 139903325140736] [client 165.232.134.42:52179] |
| 1042 | + // [Thu Sep 22 14:51:12.636955 2022] [security2:info] [pid 1:tid 1] [client 1.2.3.4:1] |
1047 | 1043 | // | | | | | | | | | | | | | |
1048 | 1044 | offset = 90; |
1049 | 1045 | } |
1050 | 1046 | else if (t == LOG_TYPE_NGINX) { |
1051 | 1047 | // 2022/12/20 17:04:13 [info] 59513#59513: *1 |
1052 | 1048 | // 2022/12/20 17:04:13 [info] 1#1: *1 |
1053 | | - // | | | | |
| 1049 | + // | | | | |
1054 | 1050 | offset = 30; |
1055 | 1051 | } |
1056 | 1052 |
|
@@ -1082,38 +1078,32 @@ int parse (char * line, size_t len, loglinetype t, logdata * l) { |
1082 | 1078 | if (t == LOG_TYPE_APACHE) { |
1083 | 1079 |
|
1084 | 1080 | // catch the [client ...] fields |
1085 | | - // first possible occurrance position of first [client ...] is 55 |
| 1081 | + // first possible occurrance position of first [client ...] is 65 |
1086 | 1082 | // only in case of Apache |
1087 | 1083 |
|
1088 | 1084 | // catch the [client ...] fields |
1089 | 1085 | memset(matches, '\0', sizeof(size_t)*2); |
1090 | | - // first possible occurrance position of first [client ...] is 55 |
| 1086 | + // first possible occurrance position of first [client ...] is 65 |
1091 | 1087 | // only in case of Apache |
1092 | | - mcnt = find_pattern(line, 55, len, "[client ", 8, &matches, MATCH_FIRST); |
| 1088 | + mcnt = find_pattern(line, 65, len, "[client ", 8, &matches, MATCH_FIRST); |
1093 | 1089 | if (mcnt != 1) { |
1094 | | - set_error(l, "Can't find [client] field!", 0, len); |
1095 | | - return 1; |
1096 | | - } |
1097 | | - else { |
1098 | | - size_t pos = matches[0] + matches[1]; |
1099 | | - memset(matches, '\0', sizeof(size_t)*2); |
1100 | | - // find the second [client] position, this shows the end of real [client] |
1101 | | - mcnt = find_pattern(line, pos, len, "[client ", 8, &matches, MATCH_FIRST); |
| 1090 | + mcnt = find_pattern(line, 65, len, "[remote ", 8, &matches, MATCH_FIRST); |
1102 | 1091 | if (mcnt != 1) { |
1103 | | - set_error(l, "Can't find second [client] field!", 0, len); |
| 1092 | + set_error(l, "Can't find [client] or [remote] field!", 0, len); |
1104 | 1093 | return 1; |
1105 | 1094 | } |
1106 | | - else { |
1107 | | - int ci = 0; |
1108 | | - int k = pos; |
1109 | | - char client[50]; |
1110 | | - while(k < matches[0]-1 && line[k] != ']') { |
1111 | | - client[ci++] = line[k++]; |
1112 | | - } |
1113 | | - client[ci] = '\0'; |
1114 | | - l->log_client = mscl_stradd(l, client, ci); |
1115 | | - } |
1116 | 1095 | } |
| 1096 | + size_t pos = matches[0] + matches[1]; |
| 1097 | + memset(matches, '\0', sizeof(size_t)*2); |
| 1098 | + |
| 1099 | + int ci = 0; |
| 1100 | + int k = pos; |
| 1101 | + char client[50]; |
| 1102 | + while(k < matches[0]-1 && line[k] != ']') { |
| 1103 | + client[ci++] = line[k++]; |
| 1104 | + } |
| 1105 | + client[ci] = '\0'; |
| 1106 | + l->log_client = mscl_stradd(l, client, ci); |
1117 | 1107 |
|
1118 | 1108 | //ap_log_msg_type log_msg_type; |
1119 | 1109 | memset(matches, '\0', sizeof(size_t)*2); |
|
0 commit comments