Archives
/
lnav
mirror of https://github.com/tstack/lnav
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[date_time_scanner] do not try to read millis if it is already set

Browse Source 
Also, pay attention to the gmtoff when converting exttm to a timeval.

Fixes #1034
pull/1161/merge
Tim Stack 9 months ago
parent bd5b3908c3
commit e952dc6340
28 changed files with 180 additions and 71 deletions
Show Stats Download Patch File Download Diff File

3
NEWS.md
Unescape Escape View File

@ -71,6 +71,9 @@ Bug Fixes:
(i.e. when you run **lnav** with the `-m` flag).
* Fields in the bro and w3c log formats that were hidden are
now saved in the session and restored.
* A warning will now be issued if a timestamp in a log format's
sample message does not match completely. Warnings in the
configuration can be viewed by passing the `-W` flag.
Interface changes:
* The DB view now uses the "alt-text" theme style to draw

42
src/base/date_time_scanner.cc
Unescape Escape View File

@ -47,15 +47,17 @@ date_time_scanner::ftime(char* dst,
if (time_fmt == nullptr) {
PTIMEC_FORMATS[this->dts_fmt_lock].pf_ffunc(dst, off, len, tm);
if (tm.et_flags & ETF_MILLIS_SET) {
dst[off++] = '.';
ftime_L(dst, off, len, tm);
} else if (tm.et_flags & ETF_MICROS_SET) {
dst[off++] = '.';
ftime_f(dst, off, len, tm);
} else if (tm.et_flags & ETF_NANOS_SET) {
dst[off++] = '.';
ftime_N(dst, off, len, tm);
if (tm.et_flags & ETF_SUB_NOT_IN_FORMAT) {
if (tm.et_flags & ETF_MILLIS_SET) {
dst[off++] = '.';
ftime_L(dst, off, len, tm);
} else if (tm.et_flags & ETF_MICROS_SET) {
dst[off++] = '.';
ftime_f(dst, off, len, tm);
} else if (tm.et_flags & ETF_NANOS_SET) {
dst[off++] = '.';
ftime_N(dst, off, len, tm);
}
}
dst[off] = '\0';
} else {
@ -116,7 +118,7 @@ date_time_scanner::scan(const char* time_dest,
tm_out->et_tm.tm_zone = nullptr;
#endif
tm_out->et_tm.tm_isdst = 0;
gmt = tm2sec(&tm_out->et_tm);
gmt = tm_out->to_timeval().tv_sec;
}
tv_out.tv_sec = gmt;
tv_out.tv_usec = 0;
@ -148,7 +150,7 @@ date_time_scanner::scan(const char* time_dest,
&& (this->dts_local_time
|| tm_out->et_flags & ETF_EPOCH_TIME))
{
time_t gmt = tm2sec(&tm_out->et_tm);
time_t gmt = tm_out->to_timeval().tv_sec;
this->to_localtime(gmt, *tm_out);
}
@ -167,7 +169,7 @@ date_time_scanner::scan(const char* time_dest,
tm_out->et_tm.tm_wday = last_tm.tm_wday;
} else {
// log_debug("doing tm2sec");
tv_out.tv_sec = tm2sec(&tm_out->et_tm);
tv_out = tm_out->to_timeval();
secs2wday(tv_out, &tm_out->et_tm);
}
tv_out.tv_usec = tm_out->et_nsec / 1000;
@ -199,7 +201,7 @@ date_time_scanner::scan(const char* time_dest,
&& (this->dts_local_time
|| tm_out->et_flags & ETF_EPOCH_TIME))
{
time_t gmt = tm2sec(&tm_out->et_tm);
time_t gmt = tm_out->to_timeval().tv_sec;
this->to_localtime(gmt, *tm_out);
#ifdef HAVE_STRUCT_TM_TM_ZONE
@ -208,8 +210,7 @@ date_time_scanner::scan(const char* time_dest,
tm_out->et_tm.tm_isdst = 0;
}
tv_out.tv_sec = tm2sec(&tm_out->et_tm);
tv_out.tv_usec = tm_out->et_nsec / 1000;
tv_out = tm_out->to_timeval();
secs2wday(tv_out, &tm_out->et_tm);
this->dts_fmt_lock = curr_time_fmt;
@ -233,7 +234,10 @@ date_time_scanner::scan(const char* time_dest,
if (retval != nullptr && static_cast<size_t>(retval - time_dest) < time_len)
{
/* Try to pull out the milli/micro-second value. */
if (retval[0] == '.' || retval[0] == ',') {
if (!(tm_out->et_flags
& (ETF_MILLIS_SET | ETF_MICROS_SET | ETF_NANOS_SET))
&& (retval[0] == '.' || retval[0] == ','))
{
off_t off = (retval - time_dest) + 1;
if (ptime_N(tm_out, time_dest, off, time_len)) {
@ -242,7 +246,7 @@ date_time_scanner::scan(const char* time_dest,
std::chrono::nanoseconds{tm_out->et_nsec})
.count();
this->dts_fmt_len += 10;
tm_out->et_flags |= ETF_NANOS_SET;
tm_out->et_flags |= ETF_NANOS_SET | ETF_SUB_NOT_IN_FORMAT;
retval += 10;
} else if (ptime_f(tm_out, time_dest, off, time_len)) {
tv_out.tv_usec
@ -250,7 +254,7 @@ date_time_scanner::scan(const char* time_dest,
std::chrono::nanoseconds{tm_out->et_nsec})
.count();
this->dts_fmt_len += 7;
tm_out->et_flags |= ETF_MICROS_SET;
tm_out->et_flags |= ETF_MICROS_SET | ETF_SUB_NOT_IN_FORMAT;
retval += 7;
} else if (ptime_L(tm_out, time_dest, off, time_len)) {
tv_out.tv_usec
@ -258,7 +262,7 @@ date_time_scanner::scan(const char* time_dest,
std::chrono::nanoseconds{tm_out->et_nsec})
.count();
this->dts_fmt_len += 4;
tm_out->et_flags |= ETF_MILLIS_SET;
tm_out->et_flags |= ETF_MILLIS_SET | ETF_SUB_NOT_IN_FORMAT;
retval += 4;
}
}

16
src/base/date_time_scanner.hh
Unescape Escape View File

@ -59,13 +59,27 @@ struct date_time_scanner {
this->dts_last_tm = exttm{};
}
struct lock_state {
int ls_fmt_index{-1};
int ls_fmt_len{-1};
};
/**
* Unlock this scanner so that the format is rediscovered.
*/
void unlock()
lock_state unlock()
{
auto retval = lock_state{this->dts_fmt_lock, this->dts_fmt_len};
this->dts_fmt_lock = -1;
this->dts_fmt_len = -1;
return retval;
}
void relock(const lock_state& ls)
{
this->dts_fmt_lock = ls.ls_fmt_index;
this->dts_fmt_len = ls.ls_fmt_len;
}
void set_base_time(time_t base_time, const tm& local_tm);

1
src/base/time_util.cc
Unescape Escape View File

@ -242,6 +242,7 @@ exttm::to_timeval() const
struct timeval retval;
retval.tv_sec = tm2sec(&this->et_tm);
retval.tv_sec -= this->et_gmtoff;
retval.tv_usec = std::chrono::duration_cast<std::chrono::microseconds>(
std::chrono::nanoseconds(this->et_nsec))
.count();

8
src/base/time_util.hh
Unescape Escape View File

@ -84,9 +84,13 @@ enum exttm_bits_t {
ETB_SECOND_SET,
ETB_MACHINE_ORIENTED,
ETB_EPOCH_TIME,
ETB_SUB_NOT_IN_FORMAT,
ETB_MILLIS_SET,
ETB_MICROS_SET,
ETB_NANOS_SET,
ETB_ZONE_SET,
ETB_Z_FOR_UTC,
ETB_Z_COLON,
};
enum exttm_flags_t {
@ -98,9 +102,13 @@ enum exttm_flags_t {
ETF_SECOND_SET = (1UL << ETB_SECOND_SET),
ETF_MACHINE_ORIENTED = (1UL << ETB_MACHINE_ORIENTED),
ETF_EPOCH_TIME = (1UL << ETB_EPOCH_TIME),
ETF_SUB_NOT_IN_FORMAT = (1UL << ETB_SUB_NOT_IN_FORMAT),
ETF_MILLIS_SET = (1UL << ETB_MILLIS_SET),
ETF_MICROS_SET = (1UL << ETB_MICROS_SET),
ETF_NANOS_SET = (1UL << ETB_NANOS_SET),
ETF_ZONE_SET = (1UL << ETB_ZONE_SET),
ETF_Z_FOR_UTC = (1UL << ETB_Z_FOR_UTC),
ETF_Z_COLON = (1UL << ETB_Z_COLON),
};
struct exttm {

12
src/formats/esx_syslog_log.json
Unescape Escape View File

@ -24,6 +24,18 @@
"fatal": "^(?:Al|Em)$"
},
"opid-field": "opid",
"opid": {
"description": {
"settingsd": {
"format": [
{
"field": "body",
"extractor": "^Authz::Invoke method: (.+)"
}
]
}
}
},
"time-field": "new_time",
"multiline": false,
"value": {

17
src/listview_curses.hh
Unescape Escape View File

@ -514,13 +514,16 @@ public:
void log_state()
{
log_debug("listview_curses=%p", this);
log_debug(" lv_title=%s", this->lv_title.c_str());
log_debug(" lv_y=%u", this->lv_y);
log_debug(" lv_top=%d", (int) this->lv_top);
log_debug(" lv_left=%d", (int) this->lv_left);
log_debug(" lv_height=%d", this->lv_height);
log_debug(" lv_selection=%d", (int) this->lv_selection);
log_debug(" inner_height=%d", (int) this->get_inner_height());
log_debug(
" lv_title=%s; lv_y=%u; lv_top=%d; lv_left=%d; lv_height=%d; "
"lv_selection=%d; inner_height=%d",
this->lv_title.c_str(),
this->lv_y,
(int) this->lv_top,
(int) this->lv_left,
this->lv_height,
(int) this->lv_selection,
(int) this->get_inner_height());
}
virtual void invoke_scroll() { this->lv_scroll(this); }

3
src/lnav_commands.cc
Unescape Escape View File

@ -520,8 +520,7 @@ com_goto(exec_context& ec, std::string cmdline, std::vector<std::string>& args)
{
tm.et_nsec = 0;
}
tv.tv_sec = tm2sec(&tm.et_tm);
tv.tv_usec = tm.et_nsec / 1000;
tv = tm.to_timeval();
dst_vl = ttt->row_for_time(tv);
} else if (sscanf(args[1].c_str(), "%f%n", &value, &consumed) == 1) {
if (args[1][consumed] == '%') {

1
src/lnav_util.hh
Unescape Escape View File

@ -55,7 +55,6 @@
#include "config.h"
#include "fmt/format.h"
#include "optional.hpp"
#include "ptimec.hh"
#if SIZEOF_OFF_T == 8
# define FORMAT_OFF_T "%lld"

12
src/log_format.cc
Unescape Escape View File

@ -376,6 +376,15 @@ log_format::log_scanf(uint32_t line_number,
retval = this->lf_date_time.scan(
ts->data(), ts->length(), nullptr, tm_out, *tv_out);
if (retval == nullptr) {
auto ls = this->lf_date_time.unlock();
retval = this->lf_date_time.scan(
ts->data(), ts->length(), nullptr, tm_out, *tv_out);
if (retval == nullptr) {
this->lf_date_time.relock(ls);
}
}
if (retval) {
*ts_out = ts.value();
*level_out = md[2];
@ -1048,7 +1057,7 @@ external_log_format::scan(logfile& lf,
log_tv))
== nullptr)
{
this->lf_date_time.unlock();
auto ls = this->lf_date_time.unlock();
if ((last = this->lf_date_time.scan(ts->data(),
ts->length(),
this->get_timestamp_formats(),
@ -1056,6 +1065,7 @@ external_log_format::scan(logfile& lf,
log_tv))
== nullptr)
{
this->lf_date_time.relock(ls);
continue;
}
}

4
src/log_format_impls.cc
Unescape Escape View File

@ -1149,9 +1149,7 @@ public:
tm.et_tm.tm_yday = date_tm.et_tm.tm_yday;
}
tv.tv_sec = tm2sec(&tm.et_tm);
tv.tv_usec = tm.et_nsec / 1000;
tv = tm.to_timeval();
if (!this->lf_specialized) {
for (auto& ll : dst) {
ll.set_ignore(true);

2
src/log_vtab_impl.cc
Unescape Escape View File

@ -157,7 +157,7 @@ log_vtab_impl::get_table_statement()
oss << ");\n";
log_debug("log_vtab_impl.get_table_statement() -> %s", oss.str().c_str());
log_trace("log_vtab_impl.get_table_statement() -> %s", oss.str().c_str());
return oss.str();
}

30
src/ptimec.hh
Unescape Escape View File

@ -323,7 +323,7 @@ ptime_s(struct exttm* dst, const char* str, off_t& off_inout, ssize_t len)
secs2tm(epoch, &dst->et_tm);
dst->et_flags = ETF_DAY_SET | ETF_MONTH_SET | ETF_YEAR_SET | ETF_HOUR_SET
| ETF_MINUTE_SET | ETF_SECOND_SET | ETF_MACHINE_ORIENTED
| ETF_EPOCH_TIME;
| ETF_EPOCH_TIME | ETF_ZONE_SET;
return (epoch > 0);
}
@ -381,7 +381,7 @@ ptime_q(struct exttm* dst, const char* str, off_t& off_inout, ssize_t len)
secs2tm(epoch, &dst->et_tm);
dst->et_flags = ETF_DAY_SET | ETF_MONTH_SET | ETF_YEAR_SET | ETF_HOUR_SET
| ETF_MINUTE_SET | ETF_SECOND_SET | ETF_MACHINE_ORIENTED
| ETF_EPOCH_TIME;
| ETF_EPOCH_TIME | ETF_ZONE_SET;
return (epoch > 0);
}
@ -412,6 +412,7 @@ ptime_L(struct exttm* dst, const char* str, off_t& off_inout, ssize_t len)
});
if ((ms >= 0 && ms <= 999)) {
dst->et_flags |= ETF_MILLIS_SET;
dst->et_nsec = ms * 1000000;
return true;
}
@ -494,7 +495,7 @@ ptime_i(struct exttm* dst, const char* str, off_t& off_inout, ssize_t len)
secs2tm(epoch, &dst->et_tm);
dst->et_flags = ETF_DAY_SET | ETF_MONTH_SET | ETF_YEAR_SET | ETF_HOUR_SET
| ETF_MINUTE_SET | ETF_SECOND_SET | ETF_MACHINE_ORIENTED
| ETF_EPOCH_TIME;
| ETF_EPOCH_TIME | ETF_ZONE_SET;
return (epoch_ms > 0);
}
@ -531,7 +532,7 @@ ptime_6(struct exttm* dst, const char* str, off_t& off_inout, ssize_t len)
secs2tm(epoch, &dst->et_tm);
dst->et_flags = ETF_DAY_SET | ETF_MONTH_SET | ETF_YEAR_SET | ETF_HOUR_SET
| ETF_MINUTE_SET | ETF_SECOND_SET | ETF_MACHINE_ORIENTED
| ETF_EPOCH_TIME;
| ETF_EPOCH_TIME | ETF_ZONE_SET;
return (epoch_us > 0);
}
@ -884,6 +885,7 @@ ptime_z(struct exttm* dst, const char* str, off_t& off_inout, ssize_t len)
{
if (off_inout + 1 <= len && str[off_inout] == 'Z') {
off_inout += 1;
dst->et_flags |= ETF_ZONE_SET | ETF_Z_FOR_UTC;
#ifdef HAVE_STRUCT_TM_TM_ZONE
dst->et_tm.tm_gmtoff = 0;
#endif
@ -916,6 +918,10 @@ ptime_z(struct exttm* dst, const char* str, off_t& off_inout, ssize_t len)
mins = ((str[off_inout + skip_colon + 3] - '0') * 10
+ (str[off_inout + skip_colon + 4] - '0') * 1)
* 60;
if (skip_colon) {
dst->et_flags |= ETF_Z_COLON;
}
dst->et_flags |= ETF_ZONE_SET;
dst->et_gmtoff = sign * (hours + mins);
#ifdef HAVE_STRUCT_TM_TM_ZONE
dst->et_tm.tm_gmtoff = sign * (hours + mins);
@ -928,6 +934,15 @@ ptime_z(struct exttm* dst, const char* str, off_t& off_inout, ssize_t len)
inline void
ftime_z(char* dst, off_t& off_inout, ssize_t len, const struct exttm& tm)
{
if (!(tm.et_flags & ETF_ZONE_SET)) {
return;
}
if (tm.et_flags & ETF_Z_FOR_UTC) {
PTIME_APPEND('Z');
return;
}
long gmtoff = std::abs(tm.et_gmtoff) / 60;
if (tm.et_gmtoff < 0) {
@ -941,6 +956,9 @@ ftime_z(char* dst, off_t& off_inout, ssize_t len, const struct exttm& tm)
PTIME_APPEND('0' + ((hours / 10) % 10));
PTIME_APPEND('0' + ((hours / 1) % 10));
if (tm.et_flags & ETF_Z_COLON) {
PTIME_APPEND(':');
}
PTIME_APPEND('0' + ((mins / 10) % 10));
PTIME_APPEND('0' + ((mins / 1) % 10));
}
@ -954,6 +972,7 @@ ptime_f(struct exttm* dst, const char* str, off_t& off_inout, ssize_t len)
return false;
}
}
dst->et_flags |= ETF_MICROS_SET;
dst->et_nsec = ((str[off_inout + 0] - '0') * 100000
+ (str[off_inout + 1] - '0') * 10000
+ (str[off_inout + 2] - '0') * 1000
@ -988,6 +1007,7 @@ ptime_N(struct exttm* dst, const char* str, off_t& off_inout, ssize_t len)
return false;
}
}
dst->et_flags |= ETF_NANOS_SET;
dst->et_nsec = ((str[off_inout + 0] - '0') * 100000000
+ (str[off_inout + 1] - '0') * 10000000
+ (str[off_inout + 2] - '0') * 1000000
@ -1092,7 +1112,7 @@ ptime_at(struct exttm* dst, const char* str, off_t& off_inout, ssize_t len)
dst->et_flags |= ETF_DAY_SET | ETF_MONTH_SET | ETF_YEAR_SET | ETF_HOUR_SET
| ETF_MINUTE_SET | ETF_SECOND_SET | ETF_MACHINE_ORIENTED
| ETF_EPOCH_TIME;
| ETF_EPOCH_TIME | ETF_ZONE_SET;
return true;
}

6
src/relative_time.cc
Unescape Escape View File

@ -31,6 +31,7 @@
#include "relative_time.hh"
#include "base/lnav_log.hh"
#include "base/time_util.hh"
#include "config.h"
#include "pcrepp/pcre2pp.hh"
@ -294,7 +295,8 @@ relative_time::from_str(string_fragment str)
bool found = false;
for (int lpc = 0; lpc < RTT__MAX && !found; lpc++) {
static thread_local auto md = lnav::pcre2pp::match_data::unitialized();
static thread_local auto md
= lnav::pcre2pp::match_data::unitialized();
token_t token = (token_t) lpc;
auto match_res = MATCHERS[lpc]
@ -1115,7 +1117,7 @@ relative_time::to_microseconds() const
etm.et_tm.tm_min = this->rt_field[RTF_MINUTES].value;
etm.et_tm.tm_sec = this->rt_field[RTF_SECONDS].value;
auto epoch_secs = std::chrono::seconds(tm2sec(&etm.et_tm));
auto epoch_secs = std::chrono::seconds(etm.to_timeval().tv_sec);
retval
= std::chrono::duration_cast<std::chrono::microseconds>(epoch_secs)
.count();

2
src/relative_time.hh
Unescape Escape View File

@ -42,7 +42,7 @@
#include "base/intern_string.hh"
#include "base/result.h"
#include "ptimec.hh"
#include "base/time_util.hh"
class relative_time {
public:

1
test/CMakeLists.txt
Unescape Escape View File

@ -35,6 +35,7 @@ target_link_libraries(test_bookmarks diag)
add_test(NAME test_bookmarks COMMAND test_bookmarks)
add_executable(test_date_time_scanner test_date_time_scanner.cc)
target_include_directories(test_date_time_scanner PUBLIC ../src/third-party/doctest-root)
target_link_libraries(test_date_time_scanner base lnavdt)
add_test(NAME test_date_time_scanner COMMAND test_date_time_scanner)

1
test/Makefile.am
Unescape Escape View File

@ -363,6 +363,7 @@ dist_noinst_DATA = \
logfile_w3c.6 \
logfile_w3c_big.0 \
logfile_with_a_really_long_name_to_test_a_bug_with_long_names.0 \
logfile_with_zones.0 \
logfile_xml_msg.0 \
multiline.lnav \
nested.lnav \

2
test/expected/expected.am
Unescape Escape View File

@ -352,6 +352,8 @@ EXPECTED_FILES = \
$(srcdir)/%reldir%/test_logfile.sh_218ecb88b4753010c4264b3ac351260b4811612f.out \
$(srcdir)/%reldir%/test_logfile.sh_290a3c49e53c2229a7400c107338fa0bb38375e2.err \
$(srcdir)/%reldir%/test_logfile.sh_290a3c49e53c2229a7400c107338fa0bb38375e2.out \
$(srcdir)/%reldir%/test_logfile.sh_341e491abcf8772422bafb8b0eaea6492da230f6.err \
$(srcdir)/%reldir%/test_logfile.sh_341e491abcf8772422bafb8b0eaea6492da230f6.out \
$(srcdir)/%reldir%/test_logfile.sh_3fc6bfd8a6160817211f3e14fde957af75b9dbe7.err \
$(srcdir)/%reldir%/test_logfile.sh_3fc6bfd8a6160817211f3e14fde957af75b9dbe7.out \
$(srcdir)/%reldir%/test_logfile.sh_4a2a907fcb069b8d6e65961a7b2e796d6c3a87b1.err \

4
test/expected/test_json_format.sh_c60050b3469f37c5b0864e1dc7eb354e91d6ec81.out
Unescape Escape View File

@ -1,4 +1,4 @@
2016-08-03T12:06:31.009 - ;Exception initializing page context; java.lang.NoClassDefFoundError: javax/el/StaticFieldELResolver
2016-08-03T17:06:31.009 - ;Exception initializing page context; java.lang.NoClassDefFoundError: javax/el/StaticFieldELResolver
 at org.apache.jasper.runtime.JspFactoryImpl.internalGetPageContext(JspFactoryImpl.java:172)
 at org.apache.jasper.runtime.JspFactoryImpl.getPageContext(JspFactoryImpl.java:123)
 at org.apache.jsp.errors._404_002dnot_002dfound_jsp._jspService(_404_002dnot_002dfound_jsp.java:38)
@ -41,7 +41,7 @@
 thread_name: http-bio-0.0.0.0-8081-exec-198
 level: ERROR
 customer: foobaz
2016-08-03T12:06:31.009 - ;Exception initializing page context; 
2016-08-03T17:06:31.009 - ;Exception initializing page context; 
 @version: 1
 logger_name: org.apache.jasper.runtime.JspFactoryImpl
 thread_name: http-bio-0.0.0.0-8081-exec-198

0
test/expected/test_logfile.sh_341e491abcf8772422bafb8b0eaea6492da230f6.err
Unescape Escape View File

3
test/expected/test_logfile.sh_341e491abcf8772422bafb8b0eaea6492da230f6.out
Unescape Escape View File

@ -0,0 +1,3 @@
Aug 27 14:22:01 2022 -- 613
Aug 27 14:22:01 2022 -- 694
Aug 27 14:22:01 2022 -- 888

20
test/expected/test_sessions.sh_33ab03afda2c9331a289fcbd1abdbc1c37b2e87b.out
Unescape Escape View File

@ -1,11 +1,11 @@
2011-11-03 00:20:39.348000 ⋮ 192.168.2.76 52099 192.150.187.43 80 2 GET www.bro-ids.org /frames/header.html http://git.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 3516 200 OK - - (empty) - - - - - - Fzea5XNhn9eNRMvx7 - text/html
2011-11-03 00:20:39.448000 ⋮ 192.168.2.76 52109 192.150.187.43 80 1 GET www.bro-ids.org /frames/footer.html http://git.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 6695 200 OK - - (empty) - - - - - - FkCp6k4tqksK3tiSy7 - text/html
2011-11-03 00:20:39.463000 ⋮ 192.168.2.76 52099 192.150.187.43 80 3 GET www.bro-ids.org /images/logo-bro-small.png http://www.bro-ids.org/frames/header.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 6075 200 OK - - (empty) - - - - - - Fw6FlF4WtotJFNXmHb - image/png
2011-11-03 00:20:39.786000 ⋮ 192.168.2.76 52110 199.59.148.201 80 1 GET search.twitter.com /search.json?&q=#BroIDS&rpp=2&callback=jsonp1320279639636 http://www.bro-ids.org/frames/footer.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 1543 200 OK - - (empty) - - - - - - Feut0t346XEHsQ0OC7 - text/plain
2011-11-03 00:21:12.372000 ⋮ 192.168.2.76 52111 192.150.187.43 80 1 GET www.bro-ids.org /research/index.html http://www.bro-ids.org/frames/header.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 47728 200 OK - - (empty) - - - - - - FOze0l2aT79uPyMiv7 - text/html
2011-11-03 00:21:13.121000 ⋮ 192.168.2.76 52087 209.85.145.95 80 7 GET ajax.googleapis.com /ajax/services/feed/load?v=1.0&callback=jsonp1320279672539&q=http://blog.bro-ids.org/feeds/posts/default&num=5 http://www.bro-ids.org/research/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 6584 200 OK - - (empty) - - - - - - FXEXQEMH8DrEuAdg8 - text/plain
2011-11-03 00:21:13.123000 ⋮ 192.168.2.76 52089 74.125.225.83 80 4 GET www.google.com /uds/css/clear.gif http://www.google.com/uds/api/search/1.0/473bb688d0c0dd605119ad983f5a4386/default+en.css 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 0 304 Not Modified - - (empty) - - - - - - - - -
2011-11-03 00:21:13.123000 ⋮ 192.168.2.76 52084 74.125.225.83 80 9 GET www.google.com /uds/css/small-logo.png http://www.bro-ids.org/research/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 0 304 Not Modified - - (empty) - - - - - - - - -
2011-11-03 00:21:13.198000 ⋮ 192.168.2.76 52112 199.59.148.201 80 1 GET search.twitter.com /search.json?&q=#BroIDS&rpp=2&callback=jsonp1320279672537 http://www.bro-ids.org/research/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 1543 200 OK - - (empty) - - - - - - Fzjgwn8xXem3Esvk - text/plain
2011-11-03 00:20:39.348046 ⋮ 192.168.2.76 52099 192.150.187.43 80 2 GET www.bro-ids.org /frames/header.html http://git.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 3516 200 OK - - (empty) - - - - - - Fzea5XNhn9eNRMvx7 - text/html
2011-11-03 00:20:39.448670 ⋮ 192.168.2.76 52109 192.150.187.43 80 1 GET www.bro-ids.org /frames/footer.html http://git.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 6695 200 OK - - (empty) - - - - - - FkCp6k4tqksK3tiSy7 - text/html
2011-11-03 00:20:39.463465 ⋮ 192.168.2.76 52099 192.150.187.43 80 3 GET www.bro-ids.org /images/logo-bro-small.png http://www.bro-ids.org/frames/header.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 6075 200 OK - - (empty) - - - - - - Fw6FlF4WtotJFNXmHb - image/png
2011-11-03 00:20:39.786857 ⋮ 192.168.2.76 52110 199.59.148.201 80 1 GET search.twitter.com /search.json?&q=#BroIDS&rpp=2&callback=jsonp1320279639636 http://www.bro-ids.org/frames/footer.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 1543 200 OK - - (empty) - - - - - - Feut0t346XEHsQ0OC7 - text/plain
2011-11-03 00:21:12.372857 ⋮ 192.168.2.76 52111 192.150.187.43 80 1 GET www.bro-ids.org /research/index.html http://www.bro-ids.org/frames/header.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 47728 200 OK - - (empty) - - - - - - FOze0l2aT79uPyMiv7 - text/html
2011-11-03 00:21:13.121725 ⋮ 192.168.2.76 52087 209.85.145.95 80 7 GET ajax.googleapis.com /ajax/services/feed/load?v=1.0&callback=jsonp1320279672539&q=http://blog.bro-ids.org/feeds/posts/default&num=5 http://www.bro-ids.org/research/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 6584 200 OK - - (empty) - - - - - - FXEXQEMH8DrEuAdg8 - text/plain
2011-11-03 00:21:13.123842 ⋮ 192.168.2.76 52089 74.125.225.83 80 4 GET www.google.com /uds/css/clear.gif http://www.google.com/uds/api/search/1.0/473bb688d0c0dd605119ad983f5a4386/default+en.css 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 0 304 Not Modified - - (empty) - - - - - - - - -
2011-11-03 00:21:13.123121 ⋮ 192.168.2.76 52084 74.125.225.83 80 9 GET www.google.com /uds/css/small-logo.png http://www.bro-ids.org/research/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 0 304 Not Modified - - (empty) - - - - - - - - -
2011-11-03 00:21:13.198815 ⋮ 192.168.2.76 52112 199.59.148.201 80 1 GET search.twitter.com /search.json?&q=#BroIDS&rpp=2&callback=jsonp1320279672537 http://www.bro-ids.org/research/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 1543 200 OK - - (empty) - - - - - - Fzjgwn8xXem3Esvk - text/plain
#close 2017-04-16-21-36-10
2011-11-03 00:21:13.204000 ⋮ 192.168.2.76 52113 199.59.148.20 80 1 GET api.twitter.com /1/statuses/user_timeline.json?screen_name=Bro_IDS&count=2&include_rts=1&callback=jsonp1320279672538 http://www.bro-ids.org/research/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 6095 200 OK - - (empty) - - - - - - FAVIuu2XZQyVznfnq8 - text/plain
2011-11-03 00:21:13.204466 ⋮ 192.168.2.76 52113 199.59.148.20 80 1 GET api.twitter.com /1/statuses/user_timeline.json?screen_name=Bro_IDS&count=2&include_rts=1&callback=jsonp1320279672538 http://www.bro-ids.org/research/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 6095 200 OK - - (empty) - - - - - - FAVIuu2XZQyVznfnq8 - text/plain

20
test/expected/test_sessions.sh_e57697be4d81ac8e5b2b2fa84f919b2d494978f3.out
Unescape Escape View File

@ -1,11 +1,11 @@
2011-11-03 00:20:39.348000 ⋮ 192.168.2.76 52099 192.150.187.43 80 2 GET www.bro-ids.org /frames/header.html http://git.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 3516 200 OK - - (empty) - - - - - - Fzea5XNhn9eNRMvx7 - text/html
2011-11-03 00:20:39.448000 ⋮ 192.168.2.76 52109 192.150.187.43 80 1 GET www.bro-ids.org /frames/footer.html http://git.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 6695 200 OK - - (empty) - - - - - - FkCp6k4tqksK3tiSy7 - text/html
2011-11-03 00:20:39.463000 ⋮ 192.168.2.76 52099 192.150.187.43 80 3 GET www.bro-ids.org /images/logo-bro-small.png http://www.bro-ids.org/frames/header.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 6075 200 OK - - (empty) - - - - - - Fw6FlF4WtotJFNXmHb - image/png
2011-11-03 00:20:39.786000 ⋮ 192.168.2.76 52110 199.59.148.201 80 1 GET search.twitter.com /search.json?&q=#BroIDS&rpp=2&callback=jsonp1320279639636 http://www.bro-ids.org/frames/footer.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 1543 200 OK - - (empty) - - - - - - Feut0t346XEHsQ0OC7 - text/plain
2011-11-03 00:21:12.372000 ⋮ 192.168.2.76 52111 192.150.187.43 80 1 GET www.bro-ids.org /research/index.html http://www.bro-ids.org/frames/header.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 47728 200 OK - - (empty) - - - - - - FOze0l2aT79uPyMiv7 - text/html
2011-11-03 00:21:13.121000 ⋮ 192.168.2.76 52087 209.85.145.95 80 7 GET ajax.googleapis.com /ajax/services/feed/load?v=1.0&callback=jsonp1320279672539&q=http://blog.bro-ids.org/feeds/posts/default&num=5 http://www.bro-ids.org/research/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 6584 200 OK - - (empty) - - - - - - FXEXQEMH8DrEuAdg8 - text/plain
2011-11-03 00:21:13.123000 ⋮ 192.168.2.76 52089 74.125.225.83 80 4 GET www.google.com /uds/css/clear.gif http://www.google.com/uds/api/search/1.0/473bb688d0c0dd605119ad983f5a4386/default+en.css 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 0 304 Not Modified - - (empty) - - - - - - - - -
2011-11-03 00:21:13.123000 ⋮ 192.168.2.76 52084 74.125.225.83 80 9 GET www.google.com /uds/css/small-logo.png http://www.bro-ids.org/research/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 0 304 Not Modified - - (empty) - - - - - - - - -
2011-11-03 00:21:13.198000 ⋮ 192.168.2.76 52112 199.59.148.201 80 1 GET search.twitter.com /search.json?&q=#BroIDS&rpp=2&callback=jsonp1320279672537 http://www.bro-ids.org/research/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 1543 200 OK - - (empty) - - - - - - Fzjgwn8xXem3Esvk - text/plain
2011-11-03 00:20:39.348046 ⋮ 192.168.2.76 52099 192.150.187.43 80 2 GET www.bro-ids.org /frames/header.html http://git.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 3516 200 OK - - (empty) - - - - - - Fzea5XNhn9eNRMvx7 - text/html
2011-11-03 00:20:39.448670 ⋮ 192.168.2.76 52109 192.150.187.43 80 1 GET www.bro-ids.org /frames/footer.html http://git.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 6695 200 OK - - (empty) - - - - - - FkCp6k4tqksK3tiSy7 - text/html
2011-11-03 00:20:39.463465 ⋮ 192.168.2.76 52099 192.150.187.43 80 3 GET www.bro-ids.org /images/logo-bro-small.png http://www.bro-ids.org/frames/header.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 6075 200 OK - - (empty) - - - - - - Fw6FlF4WtotJFNXmHb - image/png
2011-11-03 00:20:39.786857 ⋮ 192.168.2.76 52110 199.59.148.201 80 1 GET search.twitter.com /search.json?&q=#BroIDS&rpp=2&callback=jsonp1320279639636 http://www.bro-ids.org/frames/footer.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 1543 200 OK - - (empty) - - - - - - Feut0t346XEHsQ0OC7 - text/plain
2011-11-03 00:21:12.372857 ⋮ 192.168.2.76 52111 192.150.187.43 80 1 GET www.bro-ids.org /research/index.html http://www.bro-ids.org/frames/header.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 47728 200 OK - - (empty) - - - - - - FOze0l2aT79uPyMiv7 - text/html
2011-11-03 00:21:13.121725 ⋮ 192.168.2.76 52087 209.85.145.95 80 7 GET ajax.googleapis.com /ajax/services/feed/load?v=1.0&callback=jsonp1320279672539&q=http://blog.bro-ids.org/feeds/posts/default&num=5 http://www.bro-ids.org/research/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 6584 200 OK - - (empty) - - - - - - FXEXQEMH8DrEuAdg8 - text/plain
2011-11-03 00:21:13.123842 ⋮ 192.168.2.76 52089 74.125.225.83 80 4 GET www.google.com /uds/css/clear.gif http://www.google.com/uds/api/search/1.0/473bb688d0c0dd605119ad983f5a4386/default+en.css 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 0 304 Not Modified - - (empty) - - - - - - - - -
2011-11-03 00:21:13.123121 ⋮ 192.168.2.76 52084 74.125.225.83 80 9 GET www.google.com /uds/css/small-logo.png http://www.bro-ids.org/research/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 0 304 Not Modified - - (empty) - - - - - - - - -
2011-11-03 00:21:13.198815 ⋮ 192.168.2.76 52112 199.59.148.201 80 1 GET search.twitter.com /search.json?&q=#BroIDS&rpp=2&callback=jsonp1320279672537 http://www.bro-ids.org/research/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 1543 200 OK - - (empty) - - - - - - Fzjgwn8xXem3Esvk - text/plain
#close 2017-04-16-21-36-10
2011-11-03 00:21:13.204000 ⋮ 192.168.2.76 52113 199.59.148.20 80 1 GET api.twitter.com /1/statuses/user_timeline.json?screen_name=Bro_IDS&count=2&include_rts=1&callback=jsonp1320279672538 http://www.bro-ids.org/research/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 6095 200 OK - - (empty) - - - - - - FAVIuu2XZQyVznfnq8 - text/plain
2011-11-03 00:21:13.204466 ⋮ 192.168.2.76 52113 199.59.148.20 80 1 GET api.twitter.com /1/statuses/user_timeline.json?screen_name=Bro_IDS&count=2&include_rts=1&callback=jsonp1320279672538 http://www.bro-ids.org/research/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 6095 200 OK - - (empty) - - - - - - FAVIuu2XZQyVznfnq8 - text/plain

1
test/lnav_doctests.cc
Unescape Escape View File

@ -35,6 +35,7 @@
#include "doctest/doctest.h"
#include "lnav_config.hh"
#include "lnav_util.hh"
#include "ptimec.hh"
#include "relative_time.hh"
#include "unique_path.hh"

3
test/logfile_with_zones.0
Unescape Escape View File

@ -0,0 +1,3 @@
2022-08-27T14:22:01.613Z space01.global-acme.entp NSX 3106 - [abc@6876 comp="abc-edge" subcomp="abc-sha" username="root" level="INFO" s2comp="fork-monitor"] keep-alive check received resp {'seq': 1017276, 'type': 0, 'executor': 2, 'timestamp': 3976009.961550321, 'stats': [{'req': 1017277, 'resp': 1017276, 'pending_req': 0, 'peak_pending_req': 2, 'req_error': 0, 'resp_error': 0, 'req_dropped_no_resource': 0}, {0: {'req': 316363, 'resp': 316363}, 1: {'req': 316430, 'resp': 316430}, 2: {'req': 316416, 'resp': 316416}, 3: {'req': 34178, 'resp': 34178}, 4: {'req': 33890, 'resp': 33890}}]} for req{'seq': 1017276, 'check': True, 'timeout': 4, 'timestamp': 3976009.961173802, 'type': 0}
2022-08-27T17:22:01.694554+03:00 space01.global-acme.entp CRON 20856 - - (root) CMD ( /usr/bin/nice -n 10 /opt/acme/bin/mem_usage_monitor.py >/dev/null 2>&1)
2022-08-27T14:22:01.888Z space01.global-acme.entp NSX 4828 SWITCHING [abc@6876 comp="abc-edge" subcomp="datapathd" s2comp="neigh" tname="dp-learning3" level="INFO"] dynamic arp entry(28b18eb1-3575-4179-956b-aae009433d27, 10.12.160.4) is created

31
test/test_date_time_scanner.cc
Unescape Escape View File

@ -30,11 +30,19 @@
#include <assert.h>
#include <locale.h>
#define DOCTEST_CONFIG_IMPLEMENT_WITH_MAIN
#include "../src/lnav_util.hh"
#include "base/date_time_scanner.hh"
#include "config.h"
#include "doctest/doctest.h"
#include "ptimec.hh"
static const char* GOOD_TIMES[] = {
"2022-08-27T17:22:01.694554+03:00",
"2022-08-27T17:22:01.694554+0300",
"2022-08-27T17:22:01.694554+00:00",
"2022-08-27T17:22:01.694554+0000",
"2022-08-27T17:22:01.694554Z",
"2017 May 08 Mon 18:57:57.578",
"May 01 00:00:01",
"May 10 12:00:01",
@ -53,8 +61,7 @@ static const char* BAD_TIMES[] = {
"@4000000043",
};
int
main(int argc, char* argv[])
TEST_CASE("date_time_scanner")
{
setenv("TZ", "UTC", 1);
@ -70,11 +77,27 @@ main(int argc, char* argv[])
char ts[64];
gmtime_r(&tv.tv_sec, &tm.et_tm);
dts.ftime(ts, sizeof(ts), nullptr, tm);
printf("fmt %s\n", PTIMEC_FORMATS[dts.dts_fmt_lock].pf_fmt);
printf("orig %s\n", good_time);
printf("loop %s\n", ts);
assert(strcmp(ts, good_time) == 0);
CHECK(std::string(ts) == std::string(good_time));
}
{
const auto sf
= string_fragment::from_const("2014-02-11 16:12:34.123.456");
struct timeval tv;
struct exttm tm;
date_time_scanner dts;
const auto* rc = dts.scan(sf.data(), sf.length(), nullptr, &tm, tv);
CHECK((tm.et_flags & ETF_MILLIS_SET));
CHECK(std::string(rc) == sf.substr(23).to_string());
char ts[64];
dts.ftime(ts, sizeof(ts), nullptr, tm);
CHECK(std::string(ts) == std::string("2014-02-11 16:12:34.123"));
}
{

2
test/test_logfile.sh
Unescape Escape View File

@ -545,6 +545,8 @@ error 0x0
error 0x0
EOF
run_cap_test ./drive_logfile -t -f generic_log ${test_dir}/logfile_with_zones.0
touch -t 200711030923 ${srcdir}/logfile_glog.0
run_test ./drive_logfile -t -f glog_log ${srcdir}/logfile_glog.0

4
update_expected_output.sh
Unescape Escape View File

@ -36,7 +36,7 @@ for fname in $(ls -t ${builddir}/*.cmd); do
fi
else
if ! cmp "${exp_stem}.out" "${stem}.out"; then
diff -u "${exp_stem}.out" "${stem}.out"
diff --color=always -u "${exp_stem}.out" "${stem}.out"
if test x"${AUTO_APPROVE}" = x""; then
echo "Expected stdout is different, update with the above?"
select yn in "Yes" "No"; do
@ -68,7 +68,7 @@ for fname in $(ls -t ${builddir}/*.cmd); do
fi
else
if ! cmp "${exp_stem}.err" "${stem}.err"; then
diff -u "${exp_stem}.err" "${stem}.err"
diff --color=always -u "${exp_stem}.err" "${stem}.err"
if test x"${AUTO_APPROVE}" = x""; then
echo "Expected stderr is different, update with the above?"
select yn in "Yes" "No"; do

Write Preview
Loading…
Cancel
Save