lnav/src/log_format_impls.cc


#include <stdio.h>

#include "log_format.hh"
#include "log_vtab_impl.hh"

using namespace std;

class access_log_format : public log_format {
    string get_name() { return "access_log"; };

    bool scan(vector < logline > &dst,
	      off_t offset,
	      char *prefix,
	      int len) {
	static const char *log_fmt[] = {
	    "%*s %*s %*s [%63[^]]] \"%*[^\"]\" %d",
	    NULL
	};

	bool retval = false;
	struct tm log_time;
	int http_code = 0;
	char timestr[64];
	time_t line_time;

	if (this->log_scanf(prefix,
			    log_fmt,
			    2,
			    NULL,
			    timestr,
			    &log_time,
			    line_time,

			    timestr,
			    &http_code)) {
	    logline::level_t ll = logline::LEVEL_UNKNOWN;

	    if (http_code < 400) {
		ll = logline::LEVEL_INFO;
	    }
	    else {
		ll = logline::LEVEL_ERROR;
	    }
	    dst.push_back(logline(offset,
				  line_time,
				  0,
				  ll));
	    retval = true;
	}

	return retval;
    };

    auto_ptr<log_format> specialized() {
	auto_ptr<log_format> retval((log_format *)new access_log_format(*this));

	return retval;
    };
};

log_format::register_root_format<access_log_format> access_log_instance;

class syslog_log_format : public log_format {
    string get_name() { return "syslog_log"; };

    bool scan(vector < logline > &dst,
	      off_t offset,
	      char *prefix,
	      int len) {
	bool      retval = false;
	struct tm log_time;
	short     millis = 0;
	time_t    now;
	char      *rest;

	now      = time(NULL);
	localtime_r(&now, &log_time);

	log_time.tm_isdst = 0;

	if ((rest = strptime(prefix,
			     "%b %d %H:%M:%S",
			     &log_time)) != NULL) {
	    logline::level_t ll = logline::LEVEL_UNKNOWN;
	    time_t           log_gmt;

	    if (strcasestr(prefix, "failed") != NULL ||
		strcasestr(prefix, "failure") != NULL ||
		strcasestr(prefix, "error") != NULL) {
		ll = logline::LEVEL_ERROR;
	    }
	    else if (strcasestr(prefix, "warn") != NULL ||
		     strcasestr(prefix, "not responding") != NULL ||
		     strcasestr(prefix, "init: cannot execute") != NULL) {
		ll = logline::LEVEL_WARNING;
	    }
	    log_gmt = tm2sec(&log_time);
	    if (!dst.empty() &&
		((dst.back().get_time() - log_gmt) > (24 * 60 * 60))) {
		vector<logline>::iterator iter;

		for (iter = dst.begin(); iter != dst.end(); iter++) {
		    time_t    ot = iter->get_time();
		    struct tm *otm;

		    otm           = gmtime(&ot);
		    otm->tm_year -= 1;
		    iter->set_time(tm2sec(otm));
		}
	    }
	    dst.push_back(logline(offset, log_gmt, millis, ll));

	    retval = true;
	}

	return retval;
    };

    auto_ptr<log_format> specialized() {
	auto_ptr<log_format> retval((log_format *)new syslog_log_format(*this));

	return retval;
    };
};

log_format::register_root_format<syslog_log_format> syslog_instance;

class tcsh_history_format : public log_format {
    string get_name() { return "tcsh_history"; };

    bool scan(vector < logline > &dst,
	      off_t offset,
	      char *prefix,
	      int len) {
	bool   retval = false;
	time_t log_time;
	int log_time_int;

	if (sscanf(prefix, "#+%d", &log_time_int) == 1) {
	    struct tm log_tm;

	    log_time = log_time_int;
	    /*
	     * NB: We convert any displayed dates to gm time, so we need to
	     * convert this time to local and then back to gmt.
	     */
	    memset(&log_tm, 0, sizeof(log_tm));
	    log_tm = *localtime( &log_time);
	    log_tm.tm_zone = NULL;
	    log_tm.tm_isdst = 0;

	    dst.push_back(logline(offset,
				  tm2sec(&log_tm),
				  0,
				  logline::LEVEL_UNKNOWN));

	    retval = true;
	}

	return retval;
    };

    auto_ptr<log_format> specialized() {
	auto_ptr<log_format> retval((log_format *)
				    new tcsh_history_format(*this));

	return retval;
    };
};

log_format::register_root_format<tcsh_history_format> tcsh_instance;

class generic_log_format : public log_format {
    string get_name() { return "generic_log"; };

    bool scan(vector < logline > &dst,
	      off_t offset,
	      char *prefix,
	      int len) {
	static const char *log_fmt[] = {
	    "%63[0-9: ,-]%31[^:]",
	    "%63[a-zA-Z0-9: ,-] [%*[^]]]%31[^:]",
	    "%63[a-zA-Z0-9: ,-] %31s",
	    "[%63[0-9: .-] %*s %31s",
	    "[%63[a-zA-Z0-9: -+/]] %31s",
	    "[%63[a-zA-Z0-9: -+/]] [%31[a-zA-Z]]",
	    "[%63[a-zA-Z0-9: .-+/] %*s %31s",
	    "[%63[a-zA-Z0-9: -+/]] (%*d) %31s",
	    NULL
	};

	bool retval = false;
	struct tm log_time;
	char timestr[64 + 32];
	time_t line_time;
	char level[32];
	char *last_pos;

	if ((last_pos = this->log_scanf(prefix,
					log_fmt,
					2,
					NULL,
					timestr,
					&log_time,
					line_time,

					timestr,
					level)) != NULL) {
	    uint16_t millis = 0;

	    /* Try to pull out the milliseconds value. */
	    if (last_pos[0] == ',') {
	    	sscanf(last_pos, ",%hd", &millis);
	    	if (millis >= 1000)
		    millis = 0;
	    }
	    dst.push_back(logline(offset,
				  line_time,
				  millis,
				  logline::string2level(level)));
	    retval = true;
	}

	return retval;
    };

    auto_ptr<log_format> specialized() {
	auto_ptr<log_format> retval((log_format *)
				    new generic_log_format(*this));

	return retval;
    };
};

log_format::register_root_format<generic_log_format> generic_log_instance;

class strace_log_format : public log_format {
    string get_name() { return "strace_log"; };

    bool scan(vector < logline > &dst,
	      off_t offset,
	      char *prefix,
	      int len) {
	static const char *log_fmt[] = {
	    "%63[0-9:].%d",
	    NULL
	};

	static const char *time_fmt[] = {
	    "%H:%M:%S",
	    NULL
	};

	bool retval = false;
	struct tm log_time;
	char timestr[64];
	time_t line_time;
	int usecs;

	if (this->log_scanf(prefix,
			    log_fmt,
			    2,
			    time_fmt,
			    timestr,
			    &log_time,
			    line_time,

			    timestr,
			    &usecs)) {
	    logline::level_t level = logline::LEVEL_UNKNOWN;
	    const char *eq;

	    if ((eq = strrchr(prefix, '=')) != NULL) {
		int rc;

		if (sscanf(eq, "= %d", &rc) == 1 && rc < 0) {
		    level = logline::LEVEL_ERROR;
		}
	    }

	    if (!dst.empty() && (line_time < dst.back().get_time())) {
		line_time += (24 * 60 * 60);
	    }
	    dst.push_back(logline(offset,
				  line_time,
				  usecs / 1000,
				  level));
	    retval = true;
	}

	return retval;
    };

    auto_ptr<log_format> specialized() {
	auto_ptr<log_format> retval((log_format *)
				    new strace_log_format(*this));

	return retval;
    };
};

log_format::register_root_format<strace_log_format> strace_log_instance;
first commit 2009-09-14 01:07:32 +00:00
fix some minor build issues 2010-01-29 23:17:08 +00:00			`#include <stdio.h>`

first commit 2009-09-14 01:07:32 +00:00			`#include "log_format.hh"`
			`#include "log_vtab_impl.hh"`

			`using namespace std;`

			`class access_log_format : public log_format {`
			`string get_name() { return "access_log"; };`

			`bool scan(vector < logline > &dst,`
			`off_t offset,`
			`char *prefix,`
			`int len) {`
			`static const char *log_fmt[] = {`
			`"%s %s %s [%63[^]]] \"%[^\"]\" %d",`
			`NULL`
			`};`
fix a stack smash ## BEGIN PATCH TEMPLATE QA Notes: Bug Number: Reviewed By: Testing Done: make check 2012-09-06 14:37:18 +00:00
first commit 2009-09-14 01:07:32 +00:00			`bool retval = false;`
			`struct tm log_time;`
			`int http_code = 0;`
			`char timestr[64];`
			`time_t line_time;`
fix a stack smash ## BEGIN PATCH TEMPLATE QA Notes: Bug Number: Reviewed By: Testing Done: make check 2012-09-06 14:37:18 +00:00
first commit 2009-09-14 01:07:32 +00:00			`if (this->log_scanf(prefix,`
			`log_fmt,`
			`2,`
			`NULL,`
			`timestr,`
			`&log_time,`
			`line_time,`
fix a stack smash ## BEGIN PATCH TEMPLATE QA Notes: Bug Number: Reviewed By: Testing Done: make check 2012-09-06 14:37:18 +00:00
first commit 2009-09-14 01:07:32 +00:00			`timestr,`
			`&http_code)) {`
			`logline::level_t ll = logline::LEVEL_UNKNOWN;`
fix a stack smash ## BEGIN PATCH TEMPLATE QA Notes: Bug Number: Reviewed By: Testing Done: make check 2012-09-06 14:37:18 +00:00
first commit 2009-09-14 01:07:32 +00:00			`if (http_code < 400) {`
			`ll = logline::LEVEL_INFO;`
			`}`
			`else {`
			`ll = logline::LEVEL_ERROR;`
			`}`
			`dst.push_back(logline(offset,`
			`line_time,`
			`0,`
			`ll));`
			`retval = true;`
			`}`
fix a stack smash ## BEGIN PATCH TEMPLATE QA Notes: Bug Number: Reviewed By: Testing Done: make check 2012-09-06 14:37:18 +00:00
first commit 2009-09-14 01:07:32 +00:00			`return retval;`
			`};`

			`auto_ptr<log_format> specialized() {`
			`auto_ptr<log_format> retval((log_format )new access_log_format(this));`
fix a stack smash ## BEGIN PATCH TEMPLATE QA Notes: Bug Number: Reviewed By: Testing Done: make check 2012-09-06 14:37:18 +00:00
first commit 2009-09-14 01:07:32 +00:00			`return retval;`
			`};`
			`};`

			`log_format::register_root_format<access_log_format> access_log_instance;`

			`class syslog_log_format : public log_format {`
			`string get_name() { return "syslog_log"; };`

			`bool scan(vector < logline > &dst,`
			`off_t offset,`
			`char *prefix,`
			`int len) {`
			`bool retval = false;`
			`struct tm log_time;`
			`short millis = 0;`
			`time_t now;`
			`char *rest;`
fix a stack smash ## BEGIN PATCH TEMPLATE QA Notes: Bug Number: Reviewed By: Testing Done: make check 2012-09-06 14:37:18 +00:00
first commit 2009-09-14 01:07:32 +00:00			`now = time(NULL);`
[valgrind] Plug some more leaks and tweak a few things 2012-04-20 23:59:19 +00:00			`localtime_r(&now, &log_time);`
fix a stack smash ## BEGIN PATCH TEMPLATE QA Notes: Bug Number: Reviewed By: Testing Done: make check 2012-09-06 14:37:18 +00:00
first commit 2009-09-14 01:07:32 +00:00			`log_time.tm_isdst = 0;`
fix a stack smash ## BEGIN PATCH TEMPLATE QA Notes: Bug Number: Reviewed By: Testing Done: make check 2012-09-06 14:37:18 +00:00
first commit 2009-09-14 01:07:32 +00:00			`if ((rest = strptime(prefix,`
			`"%b %d %H:%M:%S",`
			`&log_time)) != NULL) {`
			`logline::level_t ll = logline::LEVEL_UNKNOWN;`
			`time_t log_gmt;`
fix a stack smash ## BEGIN PATCH TEMPLATE QA Notes: Bug Number: Reviewed By: Testing Done: make check 2012-09-06 14:37:18 +00:00
first commit 2009-09-14 01:07:32 +00:00			`if (strcasestr(prefix, "failed") != NULL \|\|`
			`strcasestr(prefix, "failure") != NULL \|\|`
			`strcasestr(prefix, "error") != NULL) {`
			`ll = logline::LEVEL_ERROR;`
			`}`
			`else if (strcasestr(prefix, "warn") != NULL \|\|`
			`strcasestr(prefix, "not responding") != NULL \|\|`
			`strcasestr(prefix, "init: cannot execute") != NULL) {`
			`ll = logline::LEVEL_WARNING;`
			`}`
			`log_gmt = tm2sec(&log_time);`
			`if (!dst.empty() &&`
			`((dst.back().get_time() - log_gmt) > (24 * 60 * 60))) {`
			`vector<logline>::iterator iter;`
fix a stack smash ## BEGIN PATCH TEMPLATE QA Notes: Bug Number: Reviewed By: Testing Done: make check 2012-09-06 14:37:18 +00:00
first commit 2009-09-14 01:07:32 +00:00			`for (iter = dst.begin(); iter != dst.end(); iter++) {`
			`time_t ot = iter->get_time();`
			`struct tm *otm;`
fix a stack smash ## BEGIN PATCH TEMPLATE QA Notes: Bug Number: Reviewed By: Testing Done: make check 2012-09-06 14:37:18 +00:00
first commit 2009-09-14 01:07:32 +00:00			`otm = gmtime(&ot);`
			`otm->tm_year -= 1;`
			`iter->set_time(tm2sec(otm));`
			`}`
			`}`
			`dst.push_back(logline(offset, log_gmt, millis, ll));`
fix a stack smash ## BEGIN PATCH TEMPLATE QA Notes: Bug Number: Reviewed By: Testing Done: make check 2012-09-06 14:37:18 +00:00
first commit 2009-09-14 01:07:32 +00:00			`retval = true;`
			`}`
fix a stack smash ## BEGIN PATCH TEMPLATE QA Notes: Bug Number: Reviewed By: Testing Done: make check 2012-09-06 14:37:18 +00:00
first commit 2009-09-14 01:07:32 +00:00			`return retval;`
			`};`

			`auto_ptr<log_format> specialized() {`
			`auto_ptr<log_format> retval((log_format )new syslog_log_format(this));`

			`return retval;`
			`};`
			`};`

			`log_format::register_root_format<syslog_log_format> syslog_instance;`

			`class tcsh_history_format : public log_format {`
			`string get_name() { return "tcsh_history"; };`

			`bool scan(vector < logline > &dst,`
			`off_t offset,`
			`char *prefix,`
			`int len) {`
			`bool retval = false;`
			`time_t log_time;`
build work 2009-10-14 19:42:58 +00:00			`int log_time_int;`
fix a stack smash ## BEGIN PATCH TEMPLATE QA Notes: Bug Number: Reviewed By: Testing Done: make check 2012-09-06 14:37:18 +00:00
build work 2009-10-14 19:42:58 +00:00			`if (sscanf(prefix, "#+%d", &log_time_int) == 1) {`
first commit 2009-09-14 01:07:32 +00:00			`struct tm log_tm;`
build work 2009-10-14 19:42:58 +00:00
			`log_time = log_time_int;`
[test] some cleanup for tests and other things Just a cleanup pass 2012-06-05 20:18:59 +00:00			`/*`
			`* NB: We convert any displayed dates to gm time, so we need to`
			`* convert this time to local and then back to gmt.`
			`*/`
first commit 2009-09-14 01:07:32 +00:00			`memset(&log_tm, 0, sizeof(log_tm));`
			`log_tm = *localtime( &log_time);`
[test] some cleanup for tests and other things Just a cleanup pass 2012-06-05 20:18:59 +00:00			`log_tm.tm_zone = NULL;`
first commit 2009-09-14 01:07:32 +00:00			`log_tm.tm_isdst = 0;`
[test] some cleanup for tests and other things Just a cleanup pass 2012-06-05 20:18:59 +00:00
first commit 2009-09-14 01:07:32 +00:00			`dst.push_back(logline(offset,`
tcsh fix and distcheck 2010-01-02 20:28:14 +00:00			`tm2sec(&log_tm),`
first commit 2009-09-14 01:07:32 +00:00			`0,`
			`logline::LEVEL_UNKNOWN));`
fix a stack smash ## BEGIN PATCH TEMPLATE QA Notes: Bug Number: Reviewed By: Testing Done: make check 2012-09-06 14:37:18 +00:00
first commit 2009-09-14 01:07:32 +00:00			`retval = true;`
			`}`
fix a stack smash ## BEGIN PATCH TEMPLATE QA Notes: Bug Number: Reviewed By: Testing Done: make check 2012-09-06 14:37:18 +00:00
first commit 2009-09-14 01:07:32 +00:00			`return retval;`
			`};`

			`auto_ptr<log_format> specialized() {`
			`auto_ptr<log_format> retval((log_format *)`
			`new tcsh_history_format(*this));`

			`return retval;`
			`};`
			`};`

			`log_format::register_root_format<tcsh_history_format> tcsh_instance;`

			`class generic_log_format : public log_format {`
			`string get_name() { return "generic_log"; };`

			`bool scan(vector < logline > &dst,`
			`off_t offset,`
			`char *prefix,`
			`int len) {`
			`static const char *log_fmt[] = {`
fix log format 2012-08-01 16:37:55 +00:00			`"%63[0-9: ,-]%31[^:]",`
			`"%63[a-zA-Z0-9: ,-] [%*[^]]]%31[^:]",`
			`"%63[a-zA-Z0-9: ,-] %31s",`
			`"[%63[0-9: .-] %*s %31s",`
			`"[%63[a-zA-Z0-9: -+/]] %31s",`
			`"[%63[a-zA-Z0-9: -+/]] [%31[a-zA-Z]]",`
			`"[%63[a-zA-Z0-9: .-+/] %*s %31s",`
			`"[%63[a-zA-Z0-9: -+/]] (%*d) %31s",`
first commit 2009-09-14 01:07:32 +00:00			`NULL`
			`};`
fix a stack smash ## BEGIN PATCH TEMPLATE QA Notes: Bug Number: Reviewed By: Testing Done: make check 2012-09-06 14:37:18 +00:00
first commit 2009-09-14 01:07:32 +00:00			`bool retval = false;`
			`struct tm log_time;`
fix log format 2012-08-01 16:37:55 +00:00			`char timestr[64 + 32];`
first commit 2009-09-14 01:07:32 +00:00			`time_t line_time;`
fix a stack smash ## BEGIN PATCH TEMPLATE QA Notes: Bug Number: Reviewed By: Testing Done: make check 2012-09-06 14:37:18 +00:00			`char level[32];`
[generic log format/misc] try to pull millisecond value out of the log * log_format.cc, log_format_impls.cc, log_format.hh: Change log_scanf to return a pointer to the character in the time string that was not part of the time. Change the generic log format to try and pull out the millisecond value from the timestamp. * test/Makefile.am: Fix some dist problems. * test/logfile_generic.0: Test logfile for the generic log format. 2012-07-03 19:01:09 +00:00			`char *last_pos;`
fix a stack smash ## BEGIN PATCH TEMPLATE QA Notes: Bug Number: Reviewed By: Testing Done: make check 2012-09-06 14:37:18 +00:00
[generic log format/misc] try to pull millisecond value out of the log * log_format.cc, log_format_impls.cc, log_format.hh: Change log_scanf to return a pointer to the character in the time string that was not part of the time. Change the generic log format to try and pull out the millisecond value from the timestamp. * test/Makefile.am: Fix some dist problems. * test/logfile_generic.0: Test logfile for the generic log format. 2012-07-03 19:01:09 +00:00			`if ((last_pos = this->log_scanf(prefix,`
			`log_fmt,`
			`2,`
			`NULL,`
			`timestr,`
			`&log_time,`
			`line_time,`
fix a stack smash ## BEGIN PATCH TEMPLATE QA Notes: Bug Number: Reviewed By: Testing Done: make check 2012-09-06 14:37:18 +00:00
[generic log format/misc] try to pull millisecond value out of the log * log_format.cc, log_format_impls.cc, log_format.hh: Change log_scanf to return a pointer to the character in the time string that was not part of the time. Change the generic log format to try and pull out the millisecond value from the timestamp. * test/Makefile.am: Fix some dist problems. * test/logfile_generic.0: Test logfile for the generic log format. 2012-07-03 19:01:09 +00:00			`timestr,`
			`level)) != NULL) {`
			`uint16_t millis = 0;`

			`/* Try to pull out the milliseconds value. */`
			`if (last_pos[0] == ',') {`
			`sscanf(last_pos, ",%hd", &millis);`
			`if (millis >= 1000)`
			`millis = 0;`
			`}`
first commit 2009-09-14 01:07:32 +00:00			`dst.push_back(logline(offset,`
			`line_time,`
[generic log format/misc] try to pull millisecond value out of the log * log_format.cc, log_format_impls.cc, log_format.hh: Change log_scanf to return a pointer to the character in the time string that was not part of the time. Change the generic log format to try and pull out the millisecond value from the timestamp. * test/Makefile.am: Fix some dist problems. * test/logfile_generic.0: Test logfile for the generic log format. 2012-07-03 19:01:09 +00:00			`millis,`
first commit 2009-09-14 01:07:32 +00:00			`logline::string2level(level)));`
			`retval = true;`
			`}`

			`return retval;`
			`};`

			`auto_ptr<log_format> specialized() {`
			`auto_ptr<log_format> retval((log_format *)`
			`new generic_log_format(*this));`

			`return retval;`
			`};`
			`};`

			`log_format::register_root_format<generic_log_format> generic_log_instance;`

			`class strace_log_format : public log_format {`
			`string get_name() { return "strace_log"; };`

			`bool scan(vector < logline > &dst,`
			`off_t offset,`
			`char *prefix,`
			`int len) {`
			`static const char *log_fmt[] = {`
			`"%63[0-9:].%d",`
			`NULL`
			`};`

			`static const char *time_fmt[] = {`
			`"%H:%M:%S",`
			`NULL`
			`};`
fix a stack smash ## BEGIN PATCH TEMPLATE QA Notes: Bug Number: Reviewed By: Testing Done: make check 2012-09-06 14:37:18 +00:00
first commit 2009-09-14 01:07:32 +00:00			`bool retval = false;`
			`struct tm log_time;`
			`char timestr[64];`
			`time_t line_time;`
			`int usecs;`
clean up some auto conf and add an strace test 2010-01-24 20:25:34 +00:00
first commit 2009-09-14 01:07:32 +00:00			`if (this->log_scanf(prefix,`
			`log_fmt,`
			`2,`
			`time_fmt,`
			`timestr,`
			`&log_time,`
			`line_time,`
fix a stack smash ## BEGIN PATCH TEMPLATE QA Notes: Bug Number: Reviewed By: Testing Done: make check 2012-09-06 14:37:18 +00:00
first commit 2009-09-14 01:07:32 +00:00			`timestr,`
			`&usecs)) {`
			`logline::level_t level = logline::LEVEL_UNKNOWN;`
			`const char *eq;`

			`if ((eq = strrchr(prefix, '=')) != NULL) {`
			`int rc;`

			`if (sscanf(eq, "= %d", &rc) == 1 && rc < 0) {`
			`level = logline::LEVEL_ERROR;`
			`}`
			`}`
fix a stack smash ## BEGIN PATCH TEMPLATE QA Notes: Bug Number: Reviewed By: Testing Done: make check 2012-09-06 14:37:18 +00:00
first commit 2009-09-14 01:07:32 +00:00			`if (!dst.empty() && (line_time < dst.back().get_time())) {`
			`line_time += (24 * 60 * 60);`
			`}`
			`dst.push_back(logline(offset,`
			`line_time,`
			`usecs / 1000,`
			`level));`
			`retval = true;`
			`}`

			`return retval;`
			`};`

			`auto_ptr<log_format> specialized() {`
			`auto_ptr<log_format> retval((log_format *)`
			`new strace_log_format(*this));`

			`return retval;`
			`};`
			`};`

			`log_format::register_root_format<strace_log_format> strace_log_instance;`