void moloch_config_load_header(char *section, char *group, char *helpBase, char *expBase, char *dbBase, MolochStringHashStd_t *hash, int flags)
{
GError *error = 0;
char name[100];
if (!g_key_file_has_group(molochKeyFile, section))
return;
gsize keys_len;
gchar **keys = g_key_file_get_keys (molochKeyFile, section, &keys_len, &error);
if (error) {
LOG("Error with %s: %s", section, error->message);
exit(1);
}
gsize k, v;
for (k = 0 ; k < keys_len; k++) {
gsize values_len;
gchar **values = g_key_file_get_string_list(molochKeyFile,
section,
keys[k],
&values_len,
NULL);
snprintf(name, sizeof(name), "%s", keys[k]);
int type = 0;
int t = 0;
int unique = 1;
int count = 0;
char *kind = 0;
for (v = 0; v < values_len; v++) {
if (strcmp(values[v], "type:integer") == 0 ||
strcmp(values[v], "type:seconds") == 0) {
type = 1;
kind = values[v] + 5;
} else if (strcmp(values[v], "type:ip") == 0) {
type = 2;
} else if (strcmp(values[v], "unique:false") == 0) {
unique = 0;
} else if (strcmp(values[v], "count:true") == 0) {
count = 1;
}
}
int f = flags;
if (count)
f |= MOLOCH_FIELD_FLAG_CNT;
switch (type) {
case 0:
kind = "textfield";
if (unique)
t = MOLOCH_FIELD_TYPE_STR_HASH;
else
t = MOLOCH_FIELD_TYPE_STR_ARRAY;
break;
case 1:
if (unique)
t = MOLOCH_FIELD_TYPE_INT_HASH;
else
t = MOLOCH_FIELD_TYPE_INT_ARRAY;
break;
case 2:
kind = "ip";
t = MOLOCH_FIELD_TYPE_IP_HASH;
break;
}
MolochString_t *hstring;
HASH_FIND(s_, *hash, keys[k], hstring);
if (hstring) {
LOG("WARNING - ignoring field %s for %s", keys[k], section);
g_strfreev(values);
continue;
}
char expression[100];
char field[100];
char rawfield[100];
char help[100];
if (type == 0) {
sprintf(expression, "%s%s", expBase, name);
sprintf(field, "%s%s.snow", dbBase, name);
sprintf(rawfield, "%s%s.raw", dbBase, name);
sprintf(help, "%s%s", helpBase, name);
} else {
sprintf(expression, "%s%s", expBase, name);
sprintf(field, "%s%s", dbBase, name);
rawfield[0] = 0;
sprintf(help, "%s%s", helpBase, name);
}
int pos;
if (rawfield[0]) {
pos = moloch_field_define(group, kind,
expression, expression, field,
help,
t, f,
"rawField", rawfield, NULL);
} else {
pos = moloch_field_define(group, kind,
expression, expression, field,
help,
t, f, NULL);
}
moloch_config_add_header(hash, g_strdup(keys[k]), pos);
g_strfreev(values);
}
g_strfreev(keys);
}
void moloch_config_load_header(char *section, char *base, MolochStringHashStd_t *hash, int flags)
{
GError *error = 0;
char name[100];
if (!g_key_file_has_group(molochKeyFile, section))
return;
gsize keys_len;
gchar **keys = g_key_file_get_keys (molochKeyFile, section, &keys_len, &error);
if (error) {
LOG("Error with %s: %s", section, error->message);
exit(1);
}
gsize k, v;
for (k = 0 ; k < keys_len; k++) {
gsize values_len;
gchar **values = g_key_file_get_string_list(molochKeyFile,
section,
keys[k],
&values_len,
NULL);
snprintf(name, sizeof(name), "%s%s", base, keys[k]);
int type = 0;
int unique = 1;
int count = 0;
for (v = 0; v < values_len; v++) {
if (strcmp(values[v], "type:integer") == 0) {
type = 1;
} else if (strcmp(values[v], "type:ip") == 0) {
type = 2;
} else if (strcmp(values[v], "unique:false") == 0) {
unique = 0;
} else if (strcmp(values[v], "count:true") == 0) {
count = 1;
}
}
g_strfreev(values);
flags |= MOLOCH_FIELD_FLAG_HEADERS;
if (count)
flags |= MOLOCH_FIELD_FLAG_CNT;
switch (type) {
case 0:
if (unique)
type = MOLOCH_FIELD_TYPE_STR_HASH;
else
type = MOLOCH_FIELD_TYPE_STR_ARRAY;
break;
case 1:
if (unique)
type = MOLOCH_FIELD_TYPE_INT_HASH;
else
type = MOLOCH_FIELD_TYPE_INT_ARRAY;
break;
case 2:
flags |= MOLOCH_FIELD_FLAG_IPPOST;
type = MOLOCH_FIELD_TYPE_IP_HASH;
break;
}
MolochString_t *hstring;
HASH_FIND(s_, *hash, keys[k], hstring);
if (hstring) {
LOG("WARNING - ignoring field %s for %s", keys[k], section);
continue;
}
moloch_config_add_header(hash, g_strdup(keys[k]), moloch_field_define(g_strdup(name), type, flags));
}
g_strfreev(keys);
}
