From 8d3222c683c8d17726188c44759f31944d06c70d Mon Sep 17 00:00:00 2001 From: Richard Frith-Macdonald Date: Mon, 25 Jun 2018 11:34:26 +0100 Subject: [PATCH] allow handling of audit logging --- ChangeLog | 8 ++++++ EcAlerter.h | 14 ++++++++-- EcAlerter.m | 74 +++++++++++++++++++++++++++++++++++++---------------- EcControl.m | 4 +-- 4 files changed, 74 insertions(+), 26 deletions(-) diff --git a/ChangeLog b/ChangeLog index 4a0d446..b021cfd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +2018-06-25 Richard Frith-Macdonald + + * EcAlerter.h: + * EcAlerter.m: + Extend to permit (simple) handling of audit logs as well as + error/alert/alarm. + New -handleAudit:withHost:andServer:timestamp: method. + 2018-06-24 Richard Frith-Macdonald * EcProcess.h: diff --git a/EcAlerter.h b/EcAlerter.h index 6fc54f4..aece33b 100644 --- a/EcAlerter.h +++ b/EcAlerter.h @@ -395,6 +395,15 @@ */ - (void) flushSms; +/** This method handles an audit event.
+ * The default implementation does nothing (an audit event is automatically + * written to the debug log before it reaches this point). + */ +- (void) handleAudit: (NSString*)text + withHost: (NSString*)hostName + andServer: (NSString*)serverName + timestamp: (NSDate*)timestamp; + /**

This method handles an error/alert event (an 'error' is one which may * be buffered, while an 'alert' must be sent immediately).
* If the identifier field is non-nil then the event is an alert which is @@ -428,7 +437,7 @@ alarm: (EcAlarm*)alarm reminder: (int)reminder; -/**

This method handles error/alert messages. It is able to handle +/**

This method handles error/alert/audit messages. It is able to handle * multiple (newline separated messages. *

*

Each message must be a line of the format -
@@ -436,7 +445,8 @@ *

*

Each message is parsed an then the components are passed to the * -handleEvent:withHost:andServer:timestamp:identifier:alarm:reminder: - * method. + * method or it the -handleAudit:withHost:andServer:timestamp: method + * if it isa an audit event. *

*/ - (void) handleInfo: (NSString*)str; diff --git a/EcAlerter.m b/EcAlerter.m index 885d0d5..5c95ae3 100644 --- a/EcAlerter.m +++ b/EcAlerter.m @@ -1164,6 +1164,14 @@ replaceFields(NSDictionary *fields, NSString *template) RELEASE(pool); } +- (void) handleAudit: (NSString*)text + withHost: (NSString*)hostName + andServer: (NSString*)serverName + timestamp: (NSDate*)timestamp +{ + return; +} + - (void) handleEvent: (NSString*)text withHost: (NSString*)hostName andServer: (NSString*)serverName @@ -1295,6 +1303,7 @@ replaceFields(NSDictionary *fields, NSString *template) NSString *serverName; NSString *hostName; BOOL immediate; + BOOL isAudit; unsigned pos; str = inf; @@ -1307,11 +1316,13 @@ replaceFields(NSDictionary *fields, NSString *template) * serverName(hostName): timestamp Alert - message * or * serverName(hostName): timestamp Error - message + * or + * serverName(hostName): timestamp Audit - message */ r = [str rangeOfString: @":"]; if (r.length == 0) { - continue; // Not an alert or error + continue; // Not an audit, alert or error } serverName = [str substringToIndex: r.location]; str = [str substringFromIndex: NSMaxRange(r) + 1]; @@ -1325,20 +1336,29 @@ replaceFields(NSDictionary *fields, NSString *template) NSMakeRange(pos, [serverName length] - pos - 1)]; serverName = [serverName substringToIndex: r.location]; - r = [str rangeOfString: @" Alert - "]; - if (r.length == 0) - { - r = [str rangeOfString: @" Error - "]; - if (r.length == 0) - { - continue; // Not an alert or error - } - immediate = NO; - } - else - { - immediate = YES; - } + r = [str rangeOfString: @" Audit - "]; + if (r.length == 0) + { + isAudit = NO; + r = [str rangeOfString: @" Alert - "]; + if (r.length == 0) + { + r = [str rangeOfString: @" Error - "]; + if (r.length == 0) + { + continue; // Not an alert or error + } + immediate = NO; + } + else + { + immediate = YES; + } + } + else + { + isAudit = YES; + } timestamp = [NSCalendarDate dateWithString: [str substringToIndex: r.location] calendarFormat: @"%Y-%m-%d %H:%M:%S.%F %z"]; @@ -1353,13 +1373,23 @@ replaceFields(NSDictionary *fields, NSString *template) str = [str substringFromIndex: NSMaxRange(r)]; - [self handleEvent: str - withHost: hostName - andServer: serverName - timestamp: timestamp - identifier: (YES == immediate) ? (id)@"" : (id)nil - alarm: nil - reminder: -1]; + if (YES == isAudit) + { + [self handleAudit: str + withHost: hostName + andServer: serverName + timestamp: timestamp]; + } + else + { + [self handleEvent: str + withHost: hostName + andServer: serverName + timestamp: timestamp + identifier: (YES == immediate) ? (id)@"" : (id)nil + alarm: nil + reminder: -1]; + } } } NS_HANDLER diff --git a/EcControl.m b/EcControl.m index f7ec485..6dbdd67 100644 --- a/EcControl.m +++ b/EcControl.m @@ -1744,9 +1744,9 @@ static NSString* cmdWord(NSArray* a, unsigned int pos) [[self cmdLogFile: logname] puts: inf]; } /* - * Errors and alerts (severe errors) get passed to a handler. + * Errors, audit logs, and alerts (severe errors) get passed to a handler. */ - if (t == LT_ERROR || t == LT_ALERT) + if (t == LT_ERROR || t == LT_AUDIT || t == LT_ALERT) { if (alerter != nil) {