allow handling of audit logging

ChangeLog

@@ -1,3 +1,11 @@
+2018-06-25  Richard Frith-Macdonald <rfm@gnu.org>
+
+	* EcAlerter.h:
+	* EcAlerter.m:
+	Extend to permit (simple) handling of audit logs as well as
+	error/alert/alarm.
+	New -handleAudit:withHost:andServer:timestamp: method.
+
 2018-06-24  Richard Frith-Macdonald <rfm@gnu.org>
 
 	* EcProcess.h:

EcAlerter.h

@@ -395,6 +395,15 @@
  */
 - (void) flushSms;
 
+/** This method handles an audit event.<br />
+ * The default implementation does nothing (an audit event is automatically
+ * written to the debug log before it reaches this point).
+ */
+- (void) handleAudit: (NSString*)text
+            withHost: (NSString*)hostName
+           andServer: (NSString*)serverName
+           timestamp: (NSDate*)timestamp;
+
 /** <p>This method handles an error/alert event (an 'error' is one which may
  * be buffered, while an 'alert' must be sent immediately).<br />
  * If the identifier field is non-nil then the event is an alert which is
@@ -428,7 +437,7 @@
                alarm: (EcAlarm*)alarm
             reminder: (int)reminder;
 
-/** <p>This method handles error/alert messages.  It is able to handle
+/** <p>This method handles error/alert/audit messages.  It is able to handle
  * multiple (newline separated messages.
  * </p>
  * <p>Each message must be a line of the format -<br />
@@ -436,7 +445,8 @@
  * </p>
  * <p>Each message is parsed an then the components are passed to the
  * -handleEvent:withHost:andServer:timestamp:identifier:alarm:reminder:
- * method.
+ * method or it the -handleAudit:withHost:andServer:timestamp: method
+ * if it isa an audit event.
  * </p>
  */
 - (void) handleInfo: (NSString*)str;

EcAlerter.m

@@ -1164,6 +1164,14 @@ replaceFields(NSDictionary *fields, NSString *template)
   RELEASE(pool);
 }
 
+- (void) handleAudit: (NSString*)text
+            withHost: (NSString*)hostName
+           andServer: (NSString*)serverName
+           timestamp: (NSDate*)timestamp
+{
+  return;
+}
+
 - (void) handleEvent: (NSString*)text
             withHost: (NSString*)hostName
            andServer: (NSString*)serverName
@@ -1295,6 +1303,7 @@ replaceFields(NSDictionary *fields, NSString *template)
 	  NSString		*serverName;
 	  NSString		*hostName;
 	  BOOL  		immediate;
+	  BOOL  		isAudit;
 	  unsigned		pos;
 
 	  str = inf;
@@ -1307,11 +1316,13 @@ replaceFields(NSDictionary *fields, NSString *template)
 	  * serverName(hostName): timestamp Alert - message
 	  * or
 	  * serverName(hostName): timestamp Error - message
+	  * or
+	  * serverName(hostName): timestamp Audit - message
 	  */
 	  r = [str rangeOfString: @":"];
 	  if (r.length == 0)
 	    {
-	      continue;		// Not an alert or error
+	      continue;		// Not an audit, alert or error
 	    }
 	  serverName = [str substringToIndex: r.location];
 	  str = [str substringFromIndex: NSMaxRange(r) + 1];
@@ -1325,20 +1336,29 @@ replaceFields(NSDictionary *fields, NSString *template)
 	    NSMakeRange(pos, [serverName length] - pos - 1)];
 	  serverName = [serverName substringToIndex: r.location];
 
-	  r = [str rangeOfString: @" Alert - "];
+          r = [str rangeOfString: @" Audit - "];
-	  if (r.length == 0)
+          if (r.length == 0)
-	    {
+            {
-	      r = [str rangeOfString: @" Error - "];
+              isAudit = NO;
-	      if (r.length == 0)
+              r = [str rangeOfString: @" Alert - "];
-		{
+              if (r.length == 0)
-		  continue;		// Not an alert or error
+                {
-		}
+                  r = [str rangeOfString: @" Error - "];
-	      immediate = NO;
+                  if (r.length == 0)
-	    }
+                    {
-	  else
+                      continue;		// Not an alert or error
-	    {
+                    }
-	      immediate = YES;
+                  immediate = NO;
-	    }
+                }
+              else
+                {
+                  immediate = YES;
+                }
+            }
+          else
+            {
+              isAudit = YES;
+            }
 	  timestamp = [NSCalendarDate
             dateWithString: [str substringToIndex: r.location]
             calendarFormat: @"%Y-%m-%d %H:%M:%S.%F %z"];
@@ -1353,13 +1373,23 @@ replaceFields(NSDictionary *fields, NSString *template)
 
 	  str = [str substringFromIndex: NSMaxRange(r)];
 
-          [self handleEvent: str
+          if (YES == isAudit)
-                   withHost: hostName
+            {
-                  andServer: serverName
+              [self handleAudit: str
-                  timestamp: timestamp
+                       withHost: hostName
-                 identifier: (YES == immediate) ? (id)@"" : (id)nil
+                      andServer: serverName
-                      alarm: nil
+                      timestamp: timestamp];
-                   reminder: -1];
+            }
+          else
+            {
+              [self handleEvent: str
+                       withHost: hostName
+                      andServer: serverName
+                      timestamp: timestamp
+                     identifier: (YES == immediate) ? (id)@"" : (id)nil
+                          alarm: nil
+                       reminder: -1];
+            }
 	}
     }
   NS_HANDLER

EcControl.m

@@ -1744,9 +1744,9 @@ static NSString*	cmdWord(NSArray* a, unsigned int pos)
       [[self cmdLogFile: logname] puts: inf];
     }
   /*
-   * Errors and alerts (severe errors) get passed to a handler.
+   * Errors, audit logs, and alerts (severe errors) get passed to a handler.
    */
-  if (t == LT_ERROR || t == LT_ALERT)
+  if (t == LT_ERROR || t == LT_AUDIT || t == LT_ALERT)
     {
       if (alerter != nil)
         {