log2sql: added UPDATE support to exec_query
This commit is contained in:
parent
8b548e392d
commit
498016828e
41
log/log2sql
41
log/log2sql
@ -32,7 +32,7 @@ exit;
|
|||||||
|
|
||||||
sub trim_message {
|
sub trim_message {
|
||||||
my $mess = shift;
|
my $mess = shift;
|
||||||
|
|
||||||
return '' if $mess eq 'skip, naughty';
|
return '' if $mess eq 'skip, naughty';
|
||||||
return '' if $mess eq 'skip, relay client';
|
return '' if $mess eq 'skip, relay client';
|
||||||
return '' if $mess eq 'skip, no match';
|
return '' if $mess eq 'skip, no match';
|
||||||
@ -120,10 +120,9 @@ sub create_message {
|
|||||||
my ( $fid, $ts, $pid, $message ) = @_;
|
my ( $fid, $ts, $pid, $message ) = @_;
|
||||||
|
|
||||||
my ($host, $ip) = split /\s/, $message;
|
my ($host, $ip) = split /\s/, $message;
|
||||||
$ip = substr $ip, 1, -1; # remote brackets
|
$ip = substr $ip, 1, -1; # remove brackets
|
||||||
#print "new from $ip\n";
|
|
||||||
|
|
||||||
my $id = exec_query(
|
my $id = exec_query(
|
||||||
"INSERT INTO message SET file_id=?, connect_start=FROM_UNIXTIME(?), qp_pid=?, ip=INET_ATON(?)",
|
"INSERT INTO message SET file_id=?, connect_start=FROM_UNIXTIME(?), qp_pid=?, ip=INET_ATON(?)",
|
||||||
[ $fid, $ts, $pid, $ip ]
|
[ $fid, $ts, $pid, $ip ]
|
||||||
);
|
);
|
||||||
@ -131,6 +130,7 @@ sub create_message {
|
|||||||
if ( $host && $host ne 'Unknown' ) {
|
if ( $host && $host ne 'Unknown' ) {
|
||||||
exec_query( "UPDATE message SET hostname=? WHERE id=?", [ $host, $id ] );
|
exec_query( "UPDATE message SET hostname=? WHERE id=?", [ $host, $id ] );
|
||||||
};
|
};
|
||||||
|
#warn "host updated: $host\n";
|
||||||
};
|
};
|
||||||
|
|
||||||
sub insert_plugin {
|
sub insert_plugin {
|
||||||
@ -200,6 +200,7 @@ sub parse_logfile {
|
|||||||
next;
|
next;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
#warn "type: $type\n";
|
||||||
if ( $type eq 'plugin' ) {
|
if ( $type eq 'plugin' ) {
|
||||||
next if $plugin eq 'naughty'; # housekeeping only
|
next if $plugin eq 'naughty'; # housekeeping only
|
||||||
insert_plugin( $msg_id, $plugin, $message );
|
insert_plugin( $msg_id, $plugin, $message );
|
||||||
@ -255,45 +256,45 @@ sub check_logfile {
|
|||||||
my $size = stat($path)->size or die "unable to get size for $path\n";
|
my $size = stat($path)->size or die "unable to get size for $path\n";
|
||||||
my $exists;
|
my $exists;
|
||||||
|
|
||||||
# check if this tai file is in the DB as 'current'
|
#warn "check if file $file is in the DB as 'current'\n";
|
||||||
if ( $file =~ /^\@/ ) {
|
if ( $file =~ /^\@/ ) {
|
||||||
$exists = exec_query(
|
$exists = exec_query(
|
||||||
'SELECT * FROM log WHERE inode=? AND name=?',
|
'SELECT * FROM log WHERE inode=? AND name=?',
|
||||||
[ $inode, 'current' ]
|
[ $inode, 'current' ]
|
||||||
);
|
);
|
||||||
if ( @$exists ) {
|
if ( @$exists ) {
|
||||||
print "Updating current -> $file\n";
|
print "Updating current -> $file\n";
|
||||||
exec_query(
|
exec_query(
|
||||||
'UPDATE log SET name=? WHERE inode=? AND name=?',
|
'UPDATE log SET name=? WHERE inode=? AND name=?',
|
||||||
[ $file, $inode, 'current' ]
|
[ $file, $inode, 'current' ]
|
||||||
);
|
);
|
||||||
return ( $exists->[0]{id}, $exists->[0]{size} ); # continue parsing
|
return ( $exists->[0]{id}, $exists->[0]{size} ); # continue parsing
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
if ( $file eq 'current' ) {
|
if ( $file eq 'current' ) {
|
||||||
$exists = exec_query(
|
$exists = exec_query(
|
||||||
'SELECT * FROM log WHERE inode=? AND name=?',
|
'SELECT * FROM log WHERE inode=? AND name=?',
|
||||||
[ $inode, $file ]
|
[ $inode, $file ]
|
||||||
);
|
);
|
||||||
if ( @$exists ) {
|
if ( @$exists ) {
|
||||||
$exists = exec_query(
|
exec_query(
|
||||||
'UPDATE log SET size=? WHERE inode=? AND name=?',
|
'UPDATE log SET size=? WHERE inode=? AND name=?',
|
||||||
[ $size, $inode, 'current' ]
|
[ $size, $inode, 'current' ]
|
||||||
);
|
);
|
||||||
return ( $exists->[0]{id}, $exists->[0]{size} ); # continue parsing
|
return ( $exists->[0]{id}, $exists->[0]{size} ); # continue parsing
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
$exists = exec_query(
|
$exists = exec_query(
|
||||||
'SELECT * FROM log WHERE name=? AND size=?',
|
'SELECT * FROM log WHERE name=? AND size=?',
|
||||||
[ $file, $size ]
|
[ $file, $size ]
|
||||||
);
|
);
|
||||||
return if @$exists; # log file hasn't changed, ignore it
|
return if @$exists; # log file hasn't changed, ignore it
|
||||||
#print Dumper($exists);
|
#print Dumper($exists);
|
||||||
|
|
||||||
# file is a new one we haven't seen, add to DB and parse
|
# file is a new one we haven't seen, add to DB and parse
|
||||||
my $id = exec_query(
|
my $id = exec_query(
|
||||||
'INSERT INTO log SET inode=?, size=?, name=?, created=FROM_UNIXTIME(?)',
|
'INSERT INTO log SET inode=?, size=?, name=?, created=FROM_UNIXTIME(?)',
|
||||||
[ $inode, $size, $file, stat($path)->ctime ]
|
[ $inode, $size, $file, stat($path)->ctime ]
|
||||||
);
|
);
|
||||||
@ -443,7 +444,7 @@ sub parse_line_plugin_spamassassin {
|
|||||||
if ( $message =~ /^fail, Spam,\s([\d\.]+)\s< 100/ ) {
|
if ( $message =~ /^fail, Spam,\s([\d\.]+)\s< 100/ ) {
|
||||||
$message = "fail, $1";
|
$message = "fail, $1";
|
||||||
};
|
};
|
||||||
|
|
||||||
return ( 'plugin', $pid, $hook, $plugin, $message );
|
return ( 'plugin', $pid, $hook, $plugin, $message );
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -483,7 +484,7 @@ sub parse_line_plugin_p0f {
|
|||||||
sub parse_line_cleanup {
|
sub parse_line_cleanup {
|
||||||
my ($line) = @_;
|
my ($line) = @_;
|
||||||
# @tai 85931 cleaning up after 3210
|
# @tai 85931 cleaning up after 3210
|
||||||
my $pid = (split /\s+/, $line)[-1];
|
my $pid = (split /\s+/, $line)[-1];
|
||||||
$has_cleanup++;
|
$has_cleanup++;
|
||||||
return ( 'cleanup', $pid, undef, undef, $line );
|
return ( 'cleanup', $pid, undef, undef, $line );
|
||||||
};
|
};
|
||||||
@ -522,6 +523,7 @@ sub exec_query {
|
|||||||
$err .= join(',', @params);
|
$err .= join(',', @params);
|
||||||
};
|
};
|
||||||
|
|
||||||
|
#warn "err: $err\n";
|
||||||
if ( $query =~ /INSERT INTO/ ) {
|
if ( $query =~ /INSERT INTO/ ) {
|
||||||
my ( $table ) = $query =~ /INSERT INTO (\w+)\s/;
|
my ( $table ) = $query =~ /INSERT INTO (\w+)\s/;
|
||||||
$db->query( $query, @params );
|
$db->query( $query, @params );
|
||||||
@ -529,8 +531,11 @@ sub exec_query {
|
|||||||
my $id = $db->last_insert_id(undef,undef,$table,undef) or die $err;
|
my $id = $db->last_insert_id(undef,undef,$table,undef) or die $err;
|
||||||
return $id;
|
return $id;
|
||||||
}
|
}
|
||||||
|
elsif ( $query =~ /^UPDATE/i ) {
|
||||||
|
return $db->query( $query, @params );
|
||||||
|
}
|
||||||
elsif ( $query =~ /DELETE/ ) {
|
elsif ( $query =~ /DELETE/ ) {
|
||||||
$db->query( $query, @params )->hashes or die $err;
|
$db->query( $query, @params ) or die $err;
|
||||||
return $db->query("SELECT ROW_COUNT()")->list;
|
return $db->query("SELECT ROW_COUNT()")->list;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user