elB4RTO/LogDoctor
elB4RTO
/
LogDoctor
2
2
Fork 0
Code Issues 6 Pull Requests Projects 1 Releases 8 Wiki Activity

Code improvements

This commit is contained in:
Valentino Orlandi 2022-08-01 21:25:30 +02:00
parent 61e3ae55e8
commit 4eeeb2116e
Signed by: elB4RTO
GPG Key ID: 1719E976DB2D4E71
2 changed files with 609 additions and 235 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

556
logdoctor/tools/craplog/modules/formats.cpp
View File

@ -6,47 +6,48 @@
FormatOps::FormatOps()
{
/*
/////////////////
//// APACHE2 ////
// access logs fields formats (only the ones considered)
this->APACHE_ALF["%h"] = "client";
this->APACHE_ALF["%t"] = "date_time_ncsa";
this->APACHE_ALF["%r"] = "request_full";
this->APACHE_ALF["%H"] = "request_protocol";
this->APACHE_ALF["%m"] = "request_method";
this->APACHE_ALF["%U"] = "request_uri";
this->APACHE_ALF["%q"] = "request_query";
this->APACHE_ALF["%s"] = "response_code";
this->APACHE_ALF["%>s"] = "response_code";
this->APACHE_ALF["%O"] = "bytes_sent";
this->APACHE_ALF["%I"] = "bytes_received";
this->APACHE_ALF["%T"] = "time_taken_s";
this->APACHE_ALF["%D"] = "time_taken_ms";
this->APACHE_ALF["\%h"] = "client";
this->APACHE_ALF["\%t"] = "date_time_ncsa";
this->APACHE_ALF["\%r"] = "request_full";
this->APACHE_ALF["\%H"] = "request_protocol";
this->APACHE_ALF["\%m"] = "request_method";
this->APACHE_ALF["\%U"] = "request_uri";
this->APACHE_ALF["\%q"] = "request_query";
this->APACHE_ALF["\%s"] = "response_code";
this->APACHE_ALF["\%>s"] = "response_code";
this->APACHE_ALF["\%O"] = "bytes_sent";
this->APACHE_ALF["\%I"] = "bytes_received";
this->APACHE_ALF["\%T"] = "time_taken_s";
this->APACHE_ALF["\%D"] = "time_taken_ms";
// composed items (only the ones considered)
this->APACHE_ALF_V["h"] = { {"c", "client"} };
this->APACHE_ALF_V["t"] = { {"sec", "date_time_epoch_s"},
{"msec", "date_time_epoch_ms"},
{"usec", "date_time_epoch_us"},
{"%b", "date_time_month_str"},
{"%B", "date_time_month_str"},
{"%c", "date_time_mcs"},
{"%d", "date_time_day"},
{"%D", "date_time_MMDDYY"},
{"%e", "date_time_day"},
{"%F", "date_time_YYYYMMDD"},
{"%h", "date_time_month_str"},
{"%H", "date_time_hour"},
{"%m", "date_time_month"},
{"%M", "date_time_minute"},
{"%p", "date_time_clock_meridian"},
{"%r", "date_time_clock_12"},
{"%R", "date_time_clock_short"},
{"%S", "date_time_second"},
{"%T", "date_time_clock_24"},
{"%x", "date_time_MMDDYY"},
{"%X", "date_time_clock_24"},
{"%y", "date_time_year_short"},
{"%Y", "date_time_year"} };
{"\%b", "date_time_month_str"},
{"\%B", "date_time_month_str"},
{"\%c", "date_time_mcs"},
{"\%d", "date_time_day"},
{"\%D", "date_time_MMDDYY"},
{"\%e", "date_time_day"},
{"\%F", "date_time_YYYYMMDD"},
{"\%h", "date_time_month_str"},
{"\%H", "date_time_hour"},
{"\%m", "date_time_month"},
{"\%M", "date_time_minute"},
//{"\%p", "date_time_clock_meridian"},
{"\%r", "date_time_clock_12"},
{"\%R", "date_time_clock_short"},
{"\%S", "date_time_second"},
{"\%T", "date_time_clock_24"},
{"\%x", "date_time_MMDDYY"},
{"\%X", "date_time_clock_24"},
{"\%y", "date_time_year_short"},
{"\%Y", "date_time_year"} };
this->APACHE_ALF_V["i"] = { {"Cookie", "cookie"},
{"User-agent", "user_agent"},
{"Referer", "referer"} };
@ -54,23 +55,23 @@ FormatOps::FormatOps()
{"ms", "time_taken_ms"},
{"us", "time_taken_us"} };
// not in use, will be discarded
this->APACHE_ALF["%a"] = "NONE";
this->APACHE_ALF["%A"] = "NONE";
this->APACHE_ALF["%b"] = "NONE";
this->APACHE_ALF["%B"] = "NONE";
this->APACHE_ALF["%f"] = "NONE";
this->APACHE_ALF["%k"] = "NONE";
this->APACHE_ALF["%l"] = "NONE";
this->APACHE_ALF["%L"] = "NONE";
this->APACHE_ALF["%p"] = "NONE";
this->APACHE_ALF["%P"] = "NONE";
this->APACHE_ALF["%R"] = "NONE";
this->APACHE_ALF["%S"] = "NONE";
this->APACHE_ALF["%u"] = "NONE";
this->APACHE_ALF["%v"] = "NONE";
this->APACHE_ALF["%V"] = "NONE";
this->APACHE_ALF["%X"] = "NONE";
this->APACHE_ALF["%{x-forwarded-for}"] = "NONE";
this->APACHE_ALF["\%a"] = "NONE";
this->APACHE_ALF["\%A"] = "NONE";
this->APACHE_ALF["\%b"] = "NONE";
this->APACHE_ALF["\%B"] = "NONE";
this->APACHE_ALF["\%f"] = "NONE";
this->APACHE_ALF["\%k"] = "NONE";
this->APACHE_ALF["\%l"] = "NONE";
this->APACHE_ALF["\%L"] = "NONE";
this->APACHE_ALF["\%p"] = "NONE";
this->APACHE_ALF["\%P"] = "NONE";
this->APACHE_ALF["\%R"] = "NONE";
this->APACHE_ALF["\%S"] = "NONE";
this->APACHE_ALF["\%u"] = "NONE";
this->APACHE_ALF["\%v"] = "NONE";
this->APACHE_ALF["\%V"] = "NONE";
this->APACHE_ALF["\%X"] = "NONE";
this->APACHE_ALF["\%{x-forwarded-for}"] = "NONE";
// composed not in use
this->APACHE_ALF_V["a"] = {};
this->APACHE_ALF_V["c"] = {};
@ -83,25 +84,25 @@ FormatOps::FormatOps()
this->APACHE_ALF_V["^to"] = {};
// error logs fields formats (only the ones considered)
this->APACHE_ELF["%a"] = "client:port";
this->APACHE_ELF["%l"] = "error_level";
this->APACHE_ELF["%M"] = "error_message";
this->APACHE_ELF["%F"] = "source_file";
this->APACHE_ELF["%t"] = "date_time_mcs";
this->APACHE_ELF["\%a"] = "client:port";
this->APACHE_ELF["\%l"] = "error_level";
this->APACHE_ELF["\%M"] = "error_message";
this->APACHE_ELF["\%F"] = "source_file";
this->APACHE_ELF["\%t"] = "date_time_mcs";
// composed
this->APACHE_ELF_V["t"] = { {"u", "date_time_mcs"},
{"cu","date_time_iso_mcs"}};
// not in use, will be discarded
this->APACHE_ELF["%A"] = "NONE";
this->APACHE_ELF["%E"] = "NONE";
this->APACHE_ELF["%F"] = "NONE";
this->APACHE_ELF["%k"] = "NONE";
this->APACHE_ELF["%L"] = "NONE";
this->APACHE_ELF["%m"] = "NONE";
this->APACHE_ELF["%P"] = "NONE";
this->APACHE_ELF["%T"] = "NONE";
this->APACHE_ELF["%v"] = "NONE";
this->APACHE_ELF["%V"] = "NONE";
this->APACHE_ELF["\%A"] = "NONE";
this->APACHE_ELF["\%E"] = "NONE";
this->APACHE_ELF["\%F"] = "NONE";
this->APACHE_ELF["\%k"] = "NONE";
this->APACHE_ELF["\%L"] = "NONE";
this->APACHE_ELF["\%m"] = "NONE";
this->APACHE_ELF["\%P"] = "NONE";
this->APACHE_ELF["\%T"] = "NONE";
this->APACHE_ELF["\%v"] = "NONE";
this->APACHE_ELF["\%V"] = "NONE";
// composed not in use
this->APACHE_ELF_V["a"] = {};
this->APACHE_ELF_V["e"] = {};
@ -168,51 +169,174 @@ FormatOps::FormatOps()
// error logs fields formats (only the ones considered)
this->IIS_ELF[""] = "";
// not in use, will be discarded
this->IIS_ELF[""] = "NONE";
this->IIS_ELF[""] = "NONE";*/
}
const FormatOps::LogsFormat FormatOps::processFormatString( const std::string& f_str, const int l_type, const int ws_id )
const FormatOps::LogsFormat FormatOps::processApacheFormatString( const std::string& f_str, const int l_type )
{
std::unordered_map<std::string, std::string> f_map;
std::vector<std::string> f_flds;
switch ( ws_id ) {
case 11:
// this method is not for Apache
throw (&"This format-convert method is not made for Apache");
case 12:
switch ( l_type ) {
case 1:
f_map = this->NGINX_ALF;
f_flds = this->N_ALFs;
break;
case 2:
f_map = this->NGINX_ELF;
f_flds = this->N_ELFs;
break;
default:
// shouldn't be here
throw (&"Wrong LogType for Nginx: "[l_type]);
}
const std::unordered_map<std::string, std::string> *f_map;
const std::unordered_map<std::string ,std::unordered_map<std::string, std::string>> *f_map_v;
switch ( l_type ) {
case 1:
f_map = &this->APACHE_ALF;
f_map_v = &this->APACHE_ALF_V;
break;
case 13:
switch ( l_type ) {
case 1:
f_map = this->IIS_ALF;
f_flds = this->I_ALFs;
break;
case 2:
f_map = this->IIS_ELF;
f_flds = this->I_ELFs;
break;
default:
// shouldn't be here
throw (&"Wrong LogType for IIS: "[l_type]);
}
case 2:
f_map = &this->APACHE_ELF;
f_map_v = &this->APACHE_ELF_V;
break;
default:
// shouldn't be here
throw (&"Wrong WebServerID: "[ws_id]);
throw (&"Unexpected LogType for Apache: "[l_type]);
}
std::string initial="", final="";
std::vector<std::string> separators, fields;
// parse the string to convert keyargs in craplog's fields format
int n_fld=0,
start, stop=0, aux, aux_start, aux_stop,
max=f_str.size()-1;
std::string aux_fld, aux_fld_v, cur_fld, cur_sep;
// find and convert any field
while (true) {
// start after the last found field
start = stop;
cur_sep = "";
while (true) {
// loop until a valid field is found (doens't matter if considered or not)
while (true) {
// hunt the next field
aux = f_str.find_first_of( '%', stop );
// check if false positive
if ( aux > 0 && aux <= max ) {
if ( f_str.at(aux-1) == '%' || f_str.at(aux-1) == '\\' ) {
// the percent sign character
stop = aux + 1;
continue;
}
}
break;
}
if ( aux < 0 || aux > max ) {
// no more fields, append the last section as final separator
final = f_str.substr( start );
n_fld = -1;
break;
}
// append the current separator
cur_sep += f_str.substr( start, aux-start );
stop = aux;
// define if normal or composed
if ( f_str.at( aux+1 ) == '{' ) {
// composed
aux_start = aux + 2;
aux = f_str.find_first_of( '}', aux_start );
aux_stop = aux + 2;
// get the varname
aux_fld = f_str.substr(
aux_start,
aux - aux_start );
// get the module
aux_fld_v = f_str.at( aux+1 );
try {
// try if the module is valid
cur_fld = f_map_v->at( aux_fld_v ).at( aux_fld );
// if here, is valid. stop hunting and append
stop = aux_stop;
break;
} catch (...) {
// invalid, append all as separator and restart hunting
cur_sep += f_str.substr( stop, aux_stop-stop );
stop = aux_stop;
continue;
}
} else {
// normal
try {
// try if the module is valid
aux_fld = f_str.substr( aux, 3 );
aux_stop = aux+3;
if ( aux_fld != "%>s" ) {
aux_fld = f_str.substr( aux, 2 );
aux_stop = aux+2;
}
cur_fld = f_map->at( aux_fld );
// if here, is valid. stop hunting and append
stop = aux_stop;
break;
} catch (...) {
// invalid, append all as separator and restart hunting
stop ++;
cur_sep += f_str.at( stop );
continue;
}
}
}
// outside hunting loop
if ( n_fld < 0 ) {
// final reached, stop looping
break;
} else if ( n_fld == 0 ) {
// first field found, assign the separator as the initial one
initial = cur_sep;
} else {
// append to separators list
separators.push_back( cur_sep );
}
// append the field
if ( cur_fld == "client:port" ) {
fields.push_back( "client" );
separators.push_back( ":" );
fields.push_back( "port" );
} else {
fields.push_back( cur_fld );
}
n_fld++;
}
return FormatOps::LogsFormat{
.string = f_str,
.initial = initial,
.final = final,
.separators = separators,
.fields = fields
};
}
const FormatOps::LogsFormat FormatOps::processNginxFormatString( const std::string& f_str, const int l_type )
{
const std::unordered_map<std::string, std::string> *f_map;
const std::vector<std::string> *f_flds;
switch ( l_type ) {
case 1:
f_map = &this->NGINX_ALF;
f_flds = &this->N_ALFs;
break;
case 2:
f_map = &this->NGINX_ELF;
f_flds = &this->N_ELFs;
break;
default:
// shouldn't be here
throw (&"Unexpected LogType for Nginx: "[l_type]);
}
std::string initial="", final="";
@ -229,7 +353,7 @@ const FormatOps::LogsFormat FormatOps::processFormatString( const std::string& f
cur_fld = "";
min_dist = max_dist;
// find the next field
for ( std::string& fld : f_flds ) {
for ( const std::string& fld : *f_flds ) {
// run untill a valid field is found
aux = f_str.find( fld, start );
if ( aux < 0 | aux > min_dist ) {
@ -287,12 +411,12 @@ const FormatOps::LogsFormat FormatOps::processFormatString( const std::string& f
n_fld++;
// append the current field, converted
if ( f_map.at( cur_fld ) == "client:port" ) {
if ( f_map->at( cur_fld ) == "client:port" ) {
fields.push_back( "client" );
separators.push_back( ":" );
fields.push_back( "port" );
} else {
fields.push_back( f_map.at( cur_fld ) );
fields.push_back( f_map->at( cur_fld ) );
}
// step at the end of the current field for the next start
stop = min_dist + cur_fld.size();
@ -309,139 +433,112 @@ const FormatOps::LogsFormat FormatOps::processFormatString( const std::string& f
const FormatOps::LogsFormat FormatOps::processApacheFormatString( const std::string& f_str, const int l_type )
const FormatOps::LogsFormat FormatOps::processIisFormatString( const std::string& f_str, const int l_mod )
{
std::unordered_map<std::string, std::string> f_map;
std::unordered_map<std::string ,std::unordered_map<std::string, std::string>> f_map_v;
switch ( l_type ) {
int n_fld=0,
start, aux=0, stop=0,
min_dist=0, max_dist=f_str.size()-1;
std::string cur_fld, cur_sep;
std::string initial="", final="";
std::vector<std::string> separators, fields;
const std::unordered_map<std::string, std::string> &f_map = this->IIS_ALF;
const std::vector<std::string> &f_flds = this->I_ALFs;
switch ( l_mod ) {
case 1:
f_map = this->APACHE_ALF;
f_map_v = this->APACHE_ALF_V;
// IIS logging module
final = ",";
separators = {", ",", ",", ",", ",", ",", ",", ",", ",", ",", ",", ",", ",", ",", "};
fields = {"client","NONE","date_time_MMDDYY","date_time_clock_24","NONE","NONE","NONE","time_taken_ms","bytes_received","bytes_sent","response_code","NONE","request_method","request_uri","request_query"};
break;
case 2:
f_map = this->APACHE_ELF;
f_map_v = this->APACHE_ELF_V;
// NCSA logging module
separators = {" "," "," [","] "," \"","\" "," "};
fields = {"client","NONE","NONE","date_time_ncsa","request_full","response_code","bytes_sent"};
break;
case 3:
// W3C logging module
// parse the string to convert keyargs in craplog's fields format
// find and convert any field
while (true) {
// start after the last found field
start = stop;
cur_fld = "";
min_dist = max_dist;
// find the next field
for ( const std::string& fld : f_flds ) {
// run untill a valid field is found
aux = f_str.find( fld, start );
if ( aux < 0 | aux > min_dist ) {
// not found, skip to the next
continue;
}
if ( aux > 0 ) {
if ( f_str.at(aux-1) == '\\' ) {
// backslashed, may be a false positive
int n_slashes = 1, j=aux-2;
while (true) {
if ( j < 0 ) {
break;
}
if ( f_str.at( j ) == '\\' ) {
n_slashes ++;
j --;
} else {
break;
}
}
if ( n_slashes % 2 == 1 ) {
// odd number of BS, supposed to result in a backslashed keyword
continue;
}
}
}
if ( aux < min_dist ) {
// a nearer field has been found
min_dist = aux;
cur_fld = fld;
}
if ( min_dist == start ) {
// starter position, closest field found
break;
}
}
// break if no more fields was found
if ( cur_fld == "" ) {
// append the last section as final separator
final = f_str.substr( start );
break;
}
// get the current separator
cur_sep = f_str.substr( start, min_dist-start );
if ( n_fld == 0 ) {
// first field found, assign the separator as the initial one
initial = cur_sep;
} else {
// append to separators list
separators.push_back( cur_sep );
}
n_fld++;
// append the current field, converted
if ( f_map.at( cur_fld ) == "client:port" ) {
fields.push_back( "client" );
separators.push_back( ":" );
fields.push_back( "port" );
} else {
fields.push_back( f_map.at( cur_fld ) );
}
// step at the end of the current field for the next start
stop = min_dist + cur_fld.size();
}
break;
default:
// shouldn't be here
throw (&"Wrong LogType for Apache: "[l_type]);
throw (&"Unexpected LogModule for IIS: "[l_mod]);
}
std::string initial="", final="";
std::vector<std::string> separators, fields;
// parse the string to convert keyargs in craplog's fields format
int n_fld=0,
start, stop=0, aux, aux_start, aux_stop,
max=f_str.size()-1;
std::string aux_fld, aux_fld_v, cur_fld, cur_sep;
// find and convert any field
while (true) {
// start after the last found field
start = stop;
cur_sep = "";
while (true) {
// loop until a valid field is found (doens't matter if considered or not)
while (true) {
// hunt the next field
aux = f_str.find_first_of( '%', stop );
// check if false positive
if ( aux > 0 && aux <= max ) {
if ( f_str.at(aux-1) == '%' || f_str.at(aux-1) == '\\' ) {
// the percent sign character
stop = aux + 1;
continue;
}
}
break;
}
if ( aux < 0 || aux > max ) {
// no more fields, append the last section as final separator
final = f_str.substr( start );
n_fld = -1;
break;
}
// append the current separator
cur_sep += f_str.substr( start, aux-start );
stop = aux;
// define if normal or composed
if ( f_str.at( aux+1 ) == '{' ) {
// composed
aux_start = aux + 2;
aux = f_str.find_first_of( '}', aux_start );
aux_stop = aux + 2;
// get the varname
aux_fld = f_str.substr(
aux_start,
aux - aux_start );
// get the module
aux_fld_v = f_str.at( aux+1 );
try {
// try if the module is valid
cur_fld = f_map_v.at( aux_fld_v ).at( aux_fld );
// if here, is valid. stop hunting and append
stop = aux_stop;
break;
} catch (...) {
// invalid, append all as separator and restart hunting
cur_sep += f_str.substr( stop, aux_stop-stop );
stop = aux_stop;
continue;
}
} else {
// normal
try {
// try if the module is valid
aux_fld = f_str.substr( aux, 3 );
aux_stop = aux+3;
if ( aux_fld != "%>s" ) {
aux_fld = f_str.substr( aux, 2 );
aux_stop = aux+2;
}
cur_fld = f_map.at( aux_fld );
// if here, is valid. stop hunting and append
stop = aux_stop;
break;
} catch (...) {
// invalid, append all as separator and restart hunting
stop ++;
cur_sep += f_str.at( stop );
continue;
}
}
}
// outside hunting loop
if ( n_fld < 0 ) {
// final reached, stop looping
break;
} else if ( n_fld == 0 ) {
// first field found, assign the separator as the initial one
initial = cur_sep;
} else {
// append to separators list
separators.push_back( cur_sep );
}
// append the field
if ( cur_fld == "client:port" ) {
fields.push_back( "client" );
separators.push_back( ":" );
fields.push_back( "port" );
} else {
fields.push_back( cur_fld );
}
n_fld++;
}
return FormatOps::LogsFormat{
.string = f_str,
@ -450,5 +547,4 @@ const FormatOps::LogsFormat FormatOps::processApacheFormatString( const std::str
.separators = separators,
.fields = fields
};
}

288
logdoctor/tools/craplog/modules/formats.h
View File

@ -1,6 +1,7 @@
#ifndef FORMAT_H
#define FORMAT_H
#include <QString>
#include <string>
#include <vector>
@ -21,17 +22,21 @@ public:
std::vector<std::string> fields;
};
const LogsFormat processFormatString(const std::string& formatted_string, const int log_type, const int web_server_id );
const LogsFormat processApacheFormatString(const std::string& formatted_string, const int log_type );
const LogsFormat processNginxFormatString(const std::string& formatted_string, const int log_type );
const LogsFormat processIisFormatString(const std::string& formatted_string, const int log_module );
const QString getApacheFormatTranslation( const LogsFormat& log_format );
const QString getApacheLogSample( const LogsFormat& log_format );
private:
std::unordered_map<std::string, std::string>
/*std::unordered_map<std::string, std::string>
APACHE_ALF, APACHE_ELF,
NGINX_ALF, NGINX_ELF,
IIS_ALF, IIS_ELF;
std::unordered_map<std::string, std::unordered_map<std::string, std::string>>
APACHE_ALF_V, APACHE_ELF_V;
APACHE_ALF_V, APACHE_ELF_V;*/
/*
const std::vector<std::string> A_ALFs = {"%h", "%t", "%t_u", "%t_ctime", "%r", "%>s", "%O", "%I", "%T", "%D", "%T/%D", "%{Referer}i", "%{User-agent}i",
@ -43,7 +48,7 @@ private:
*/
// list of access logs fields formats
const std::vector<std::string> N_ALFs = {"$remote_addr", "$time_local", "$time_iso8601", "$msec", "$request", "$status", "$bytes_sent", "$request_length", "$request_time", "$http_referer", "$http_user_agent",
const std::vector<std::string> N_ALFs = {"$remote_addr", "$time_local", "$time_iso8601", "$msec", "$request", "$status", "$bytes_sent", "$request_length", "$request_time", "$http_referer", "$http_user_agent",
/*NOT IN USE->*/"$remote_user", "$gzip_ratio", "$connection", "$connection_requests", "$pipe"};
const std::vector<std::string> I_ALFs = {"c-ip", "time", "cs-version", "cs-method", "cs-uri-stem", "cs-uri-query", "sc-status", "sc-bytes", "cs-bytes", "time-taken", "cs(Referrer)", "cs(Cookie)", "cs(User-Agent)",
@ -53,9 +58,282 @@ private:
const std::vector<std::string> N_ELFs = {"$time_iso8601", "$error_level", "$error_message",
/*NOT IN USE->*/"$pid", "$cid"};
const std::vector<std::string> I_ELFs = {"", "", "", "", "",
const std::vector<std::string> I_ELFs = {"",
/*NOT IN USE->*/};
/////////////////
//// APACHE2 ////
// access logs fields formats
const std::unordered_map<std::string, std::string> APACHE_ALF = {
{"\%h", "client"},
{"\%t", "date_time_ncsa"},
{"\%r", "request_full"},
{"\%H", "request_protocol"},
{"\%m", "request_method"},
{"\%U", "request_uri"},
{"\%q", "request_query"},
{"\%s", "response_code"},
{"\%>s", "response_code"},
{"\%O", "bytes_sent"},
{"\%I", "bytes_received"},
{"\%T", "time_taken_s"},
{"\%D", "time_taken_ms"},
// not in use, will be discarded
{"\%a", "NONE"},
{"\%A", "NONE"},
{"\%b", "NONE"},
{"\%B", "NONE"},
{"\%f", "NONE"},
{"\%k", "NONE"},
{"\%l", "NONE"},
{"\%L", "NONE"},
{"\%p", "NONE"},
{"\%P", "NONE"},
{"\%R", "NONE"},
{"\%S", "NONE"},
{"\%u", "NONE"},
{"\%v", "NONE"},
{"\%V", "NONE"},
{"\%X", "NONE"},
{"\%{x-forwarded-for}", "NONE"} };
// composed items
const std::unordered_map<std::string, std::unordered_map<std::string, std::string>> APACHE_ALF_V = {
{"h", { {"c", "client"} } },
{"t", { {"sec", "date_time_epoch_s"},
{"msec", "date_time_epoch_ms"},
{"usec", "date_time_epoch_us"},
{"\%b", "date_time_month_str"},
{"\%B", "date_time_month_str"},
{"\%c", "date_time_mcs"},
{"\%d", "date_time_day"},
{"\%D", "date_time_MMDDYY"},
{"\%e", "date_time_day"},
{"\%F", "date_time_YYYYMMDD"},
{"\%h", "date_time_month_str"},
{"\%H", "date_time_hour"},
{"\%m", "date_time_month"},
{"\%M", "date_time_minute"},
//{"\%p", "date_time_clock_meridian"},
{"\%r", "date_time_clock_12"},
{"\%R", "date_time_clock_short"},
{"\%S", "date_time_second"},
{"\%T", "date_time_clock_24"},
{"\%x", "date_time_MMDDYY"},
{"\%X", "date_time_clock_24"},
{"\%y", "date_time_year_short"},
{"\%Y", "date_time_year"} } },
{"i", { {"Cookie", "cookie"},
{"User-agent", "user_agent"},
{"Referer", "referer"} } },
{"T", { {"s", "time_taken_s"},
{"ms", "time_taken_ms"},
{"us", "time_taken_us"} } },
// composed not in use
{"a", {}},
{"c", {}},
{"e", {}},
{"n", {}},
{"o", {}},
{"p", {}},
{"P", {}},
{"^ti", {}},
{"^to", {}} };
// access logs fields formats samples
const std::unordered_map<std::string, QString> APACHE_ALF_SAMPLES = {
{"NONE", "DISCARDED"},
{"date_time_epoch_s", "946771199"},
{"date_time_epoch_ms", "946771199000"},
{"date_time_epoch_us", "946771199000000"},
{"date_time_ncsa", "[01/Jan/2000:23:59:59 +0000]"},
{"date_time_mcs", "Sat Jan 01 23:59:59 2000"},
{"date_time_YYYYMMDD", "2000-01-01"},
{"date_time_MMDDYY", "01/01/00"},
{"date_time_year", "2000"},
{"date_time_year_short", "00"},
{"date_time_month_str", "January"},
{"date_time_month", "01"},
{"date_time_day", "01"},
{"date_time_clock_12", "11:59:59 pm"},
{"date_time_clock_24", "23:59:59"},
{"date_time_clock_short", "23:59"},
{"date_time_hour", "23"},
{"date_time_minute", "59"},
{"date_time_second", "59"},
{"request_full", "GET /index.php?query=x HTTP/1.1"},
{"request_protocol", "HTTP/1.1"},
{"request_method", "GET"},
{"request_uri", "/index.php"},
{"request_query", "query=x"},
{"response_code", "404"},
{"bytes_sent", "1234"},
{"bytes_received", "123"},
{"time_taken_s", "1"},
{"time_taken_ms", "1000"},
{"time_taken_us", "1000000"},
{"referer", "http://www.referrer.site"},
{"cookie", "aCookie=abc123"},
{"user_agent", "UserAgent/3.0 (Details stuff) Info/123"},
{"client", "192.168.1.123"} };
// error logs fields formats
const std::unordered_map<std::string, std::string> APACHE_ELF = {
{"\%a", "client:port"},
{"\%l", "error_level"},
{"\%M", "error_message"},
{"\%F", "source_file"},
{"\%t", "date_time_mcs"},
// not in use, will be discarded
{"\%A", "NONE"},
{"\%E", "NONE"},
{"\%F", "NONE"},
{"\%k", "NONE"},
{"\%L", "NONE"},
{"\%m", "NONE"},
{"\%P", "NONE"},
{"\%T", "NONE"},
{"\%v", "NONE"},
{"\%V", "NONE"} };
// composed
const std::unordered_map<std::string, std::unordered_map<std::string, std::string>> APACHE_ELF_V = {
{"t", { {"u", "date_time_mcs"},
{"cu","date_time_iso_mcs"} } },
// composed not in use
{"a", {}},
{"e", {}},
{"i", {}},
{"L", {}},
{"n", {}},
{"T", {}} };
// error logs fields formats samples
const std::unordered_map<std::string, QString> APACHE_ELF_SAMPLES = {
{"NONE", "DISCARDED"},
{"date_time_mcs", "Sat Jan 01 23:59:59.123456 0000"},
{"date_time_iso_mcs", "2000-01-01 23:59:59.123456"},
{"client:port", "192.168.1.123:54321"},
{"error_level", "group:level"},
{"error_message", "AH00123: some infoes: some details"},
{"source_file", "file.c"} };
///////////////
//// NGINX ////
// access logs fields formats (only the ones considered)
const std::unordered_map<std::string, std::string> NGINX_ALF = {
{"$remote_addr", "client"},
{"$time_local", "date_time_ncsa"},
{"$time_iso8601", "date_time_iso"},
{"msec", "date_time_epoch_s.ms"},
{"$request", "request_full"},
{"$status", "response_code"},
{"$bytes_sent", "bytes_sent"},
{"$request_length", "bytes_received"},
{"$request_time", "time_taken_s.ms"},
{"$http_referer", "referer"},
{"$http_user_agent", "user_agent"},
// not in use, will be discarded
{"$remote_user", "NONE"},
{"$gzip_ratio", "NONE"},
{"$connection", "NONE"},
{"$connection_requests", "NONE"},
{"pipe", "NONE"} };
// nginx logs fields formats samples
const std::unordered_map<std::string, QString> NGINX_ALF_SAMPLES = {
{"NONE", "DISCARDED"},
{"date_time_epoch_s.ms", "946771199.000"},
{"date_time_iso", "2000-01-01T23:59:59+00:00]"},
{"date_time_mcs", "Sat Jan 01 23:59:59 2000"},
{"request_full", "GET /index.php?query=x HTTP/1.1"},
{"response_code", "404"},
{"bytes_sent", "1234"},
{"bytes_received", "123"},
{"time_taken_s.ms", "1.000"},
{"referer", "http://www.referrer.site"},
{"user_agent", "UserAgent/3.0 (Details stuff) Info/123"},
{"client", "192.168.1.123"} };
// error logs fields formats (only the ones considered)
const std::unordered_map<std::string, std::string> NGINX_ELF = {
{"$time_iso8601", "date_time_iso"},
{"$error_level", "error_level"},
{"$error_message", "error_message"},
// not in use, will be discarded
{"$pid", "NONE"},
{"$cid", "NONE"} };
// error logs fields formats samples
const std::unordered_map<std::string, QString> NGINX_ELF_SAMPLES = {
{"NONE", "DISCARDED"},
{"date_time_iso", "2000-01-01T23:59:59+00:00]"},
{"error_level", "[level]"},
{"error_message", "123#456: some infoes"} };
/////////////
//// IIS ////
// access logs fields formats
const std::unordered_map<std::string, std::string> IIS_ALF = {
{"date", "date_time_utc_d"},
{"time", "date_time_utc_t"},
{"cs-version", "request_protocol"},
{"cs-method", "request_method"},
{"cs-uri-stem", "request_uri"},
{"cs-uri-query", "request_query"},
{"sc-status", "response_code"},
{"sc-bytes", "bytes_sent"},
{"cs-bytes", "bytes_received"},
{"time-taken", "time_taken_ms"},
{"cs(Referrer)", "referer"},
{"cs(Cookie)", "cookie"},
{"cs(User-Agent)", "user_agent"},
{"c-ip", "client"},
// not in use, will be discarded
{"s-sitename", "NONE"},
{"s-computername", "NONE"},
{"s-ip", "NONE"},
{"s-port", "NONE"},
{"cs-username", "NONE"},
{"cs-host", "NONE"},
{"sc-substatus", "NONE"},
{"sc-win32-status", "NONE"},
{"streamid", "NONE"} };
// access logs fields formats samples
const std::unordered_map<std::string, QString> IIS_ALF_SAMPLES = {
{"NONE", "DISCARDED"},
{"date_time_utc_d", "2000-01-01"},
{"date_time_utc_t", "23:59:59"},
{"request_protocol", "HTTP/1.1"},
{"request_method", "GET"},
{"request_uri", "/index.php"},
{"request_query", "query=x"},
{"response_code", "404"},
{"bytes_sent", "1234"},
{"bytes_received", "123"},
{"time_taken_ms", "1000"},
{"referer", "http://www.referrer.site"},
{"cookie", "aCookie=abc123"},
{"user_agent", "UserAgent/3.0+(Details+stuff)+Info/123"},
{"client", "192.168.1.123"} };
// error logs fields formats
const std::unordered_map<std::string, std::string> IIS_ELF = {
{"", ""},
// not in use, will be discarded
{"", "NONE"} };
// error logs fields formats samples
const std::unordered_map<std::string, QString> IIS_ELF_SAMPLES = {
{"NONE", "DISCARDED"} };
};
#endif // FORMAT_H