//********************************************************************************
// Function Name : IniCmd
// Retun Value : NON
// Argment Value : NON
// Explanation : Command Execute Process Initial
// History : First edition 2009.07.30 Y.Tashita
//********************************************************************************
void IniCmd( void )
{
MemClr( ( unsigned char * )&StAdjPar, sizeof( stAdjPar ) ) ; // Adjust Parameter Clear
MemClr( ( unsigned char * )&StLbgCon, sizeof( stLbgCon ) ) ; // Zoom Value Controler Clear
}
short PROC_Raptor(char *buffer,HitDataPtr Line)
{
char *ptr;
short i=1, tot;
static char globalyear[8];
MemClr( format, 25*sizeof(void*) );
MemClr( Line, sizeof( struct HitData ) );
//Tokenise line into format fields 1 to 25 from \t
format[i++]=buffer;
while (*buffer && i<FORMATSIZE ) {
if ( *buffer == ' ') {
format[i++] = buffer+1;
*buffer=0;
}
buffer++;
}
tot = i;
//check if it is a valid format first
if (tot<8)
return 0;
if ( Line->lineNum > 1 )
{
sprintf( GlobalDate, "%02d/%s/%s", Month2Num( format[1] ), format[2], globalyear );
Line->date = GlobalDate; //Jan 08 02:53:23
}
Line->time = format[3];
Line->stat = format[6];
if( Line->protocol = format[5] ){
ptr = mystrchr( Line->protocol, '[' ); // remove [ from the protocol field
if ( ptr ) *ptr = 0;
}
i = 5;
while( i<=tot ){
if ( format[5] && format[i] ){
if ( ptr=strstr( format[i], "src=" ) ){
if( Line->clientaddr = 4+ptr ){
if ( ptr=mystrchr( 4+ptr, '/' ) ) *ptr = ':'; // replace / with : for port number of address
}
} else
if ( ptr=strstr( format[i], "srcname=" ) )
Line->user = 8+ptr;
else
if ( ptr=strstr( format[i], "Year" ) )
{
// This is a line (generally the 1st line) which gives you the current year for all the other lines which
// just give the day & month (as well as the time)
mystrcpy( globalyear, format[i+2] );
globalyear[4] = 0;
sprintf( GlobalDate, "%02d/%s/%s", Month2Num( format[1] ), format[2], globalyear );
Line->date = GlobalDate; //Jan 08 02:53:23
return 0; // This is a line with the year in it
}
else
if ( ptr=strstr( format[i], "dst=" ) ){
if( Line->sourceaddr = 4+ptr ){
if ( ptr=mystrchr( 4+ptr, '/' ) ) {
Line->port = myatoi( ptr+1 );
*ptr = 0; // replace / with : for port number of address
}
}
} else
if ( ptr=strstr( format[i], "dstname=" ) ){
if( Line->file = 8+ptr ){
if ( ptr=mystrchr( 8+ptr, '/' ) ){
Line->port = myatoi( ptr+1 );
*ptr = 0; // replace / with : for port number of address
}
}
} else
if ( ptr=strstr( format[i], "arg=" ) ){ // if name enclosed in <> only use content
if ( ptr[4] == '<' ) {
ptr++;
if( Line->file ) mystrcat( Line->file, " , " );
} else
if( Line->file ) mystrcat( Line->file, "/" );
if ( Line->file ) {
mystrcat( Line->file, 4+ptr );
} else
Line->file = 4+ptr;
if ( ptr=strrchr( ptr, '>' ) ) *ptr = 0;
} else
if ( ptr=strstr( format[i], "proto=" ) )
Line->protocol = 6+ptr;
else
if ( ptr=strstr( format[i], "Protocol=" ) )
Line->protocol = 9+ptr;
else
if ( ptr=strstr( format[i], "sent=" ) )
Line->bytesIn = myatoi( 5+ptr );
else
if ( ptr=strstr( format[i], "rcvd=" ) )
Line->bytes = myatoi( 5+ptr );
else
if ( ptr=strstr( format[i], "result=" ) )
Line->stat = 7+ptr;
else
if ( ptr=strstr( format[i], "duration=" ) )
Line->ms = myatoi( 9+ptr ) * 1000;
else
if ( ptr=strstr( format[i], "user=" ) ){
if ( ptr[5] == '<' ) ptr++;
Line->clientaddr = 4+ptr;
if ( ptr=strrchr( ptr, '>' ) ) *ptr = 0;
}
}
i++;
}
return 1;
}
/*
Nov 30 00:00:03 eaglent firelogd[127]: 108 starting new log file. UTC offset is +1000, Year is 1998, Eagle is 5.0.1i, OS is "NT 4.0 (Build 1381: Service Pack 3)", Platform is "Intel x86"
Nov 30 00:00:11 eaglent dnsd[129]: 120 dnsd Info: Failed to handle request from 172.168.1.245 for MailServer for . - no progress possible (139.130.4.4/No response)
Nov 30 00:00:19 eaglent xntpd[132]: 120 NTP Info: offset 0.023925 sec freq 13.340 ppm poll 10
Nov 30 00:27:35 eaglent smtp[357]: 121 Statistics: duration=9.19 user=<*****@*****.**> sent=1404 rcvd=314 srcif=Vpn8 src=203.32.30.36/29807 srcname=malvern.starway.net.au dstif=Vpn5 dst=172.168.1.220/25 dstname=main.unisuper.com.au op="To 1 recips" arg=<*****@*****.**> result="250 Data received OK." proto=smtp rule=3
Nov 30 00:41:30 eaglent httpd[338]: 121 Statistics: duration=0.03 sent=262 rcvd=503 srcif=Vpn6 src=212.17.88.76/1377 srcname=TK212017088076.tuwien.teleweb.at dstif=Vpn5 dst=172.168.1.230/80 dstname=www.unisuper.com.au op=GET arg=/python/ result="404 Not Found" proto=http rule=18
Nov 30 00:46:50 eaglent dnsd[129]: 120 dnsd Info: Failed to handle request from 172.168.1.245 for MailServer for nothnet.com.au. - no progress possible (139.130.4.4/No response)
Nov 30 00:46:50 eaglent dnsd[129]: 120 dnsd Info: Failed to handle request from 172.168.1.245 for MailServer for netscape.net.au. - no progress possible (139.130.4.4/No response)
Nov 30 00:46:50 eaglent dnsd[129]: 120 dnsd Info: Failed to handle request from 172.168.1.245 for MailServer for netscape.net.au. - no progress possible (139.130.4.4/No response)
Nov 30 00:46:50 eaglent dnsd[129]: 120 dnsd Info: Failed to handle request from 172.168.1.245 for MailServer for netscape.net.au. - no progress possible (139.130.4.4/No response)
Nov 30 00:46:50 eaglent dnsd[129]: 120 dnsd Info: Failed to handle request from 172.168.1.245 for MailServer for mugs.cc.monash.edu.au. - no progress possible (139.130.4.4/No response)
Nov 30 00:46:50 eaglent dnsd[129]: 120 dnsd Info: Failed to handle request from 172.168.1.245 for MailServer for . - no progress possible (139.130.4.4/No response)
Nov 30 00:47:04 eaglent dnsd[129]: 120 dnsd Info: Failed to handle request from 172.168.1.245 for Address for nothnet.com.au. - no progress possible (139.130.4.4/No response)
Nov 30 00:47:06 eaglent httpd[338]: 121 Statistics: duration=0.04 sent=259 rcvd=375 srcif=Vpn6 src=195.92.199.104/21876 srcname=webcache05s.cache.pol.co.uk dstif=Vpn5 dst=172.168.1.230/80 dstname=www.unisuper.com.au op=GET arg=/startrek/strek.htm result="404 Not Found" proto=http rule=18
Nov 30 00:47:18 eaglent dnsd[129]: 120 dnsd Info: Failed to handle request from 172.168.1.245 for Address for nothnet.com.au.com.au. - no progress possible (139.130.4.4/No response)
Nov 30 00:47:34 eaglent dnsd[129]: 120 dnsd Info: Failed to handle request from 172.168.1.245 for Address for netscape.net.au. - no progress possible (139.130.4.4/No response)
Nov 30 00:47:48 eaglent dnsd[129]: 120 dnsd Info: Failed to handle request from 172.168.1.245 for Address for netscape.net.au.com.au. - no progress possible (139.130.4.4/No response)
Nov 30 00:48:04 eaglent dnsd[129]: 120 dnsd Info: Failed to handle request from 172.168.1.245 for Address for netscape.net.au. - no progress possible (139.130.4.4/No response)
*/
short PROC_Firewall(char *buffer,HitDataPtr Line)
{
char *ptr;
short i=1, tot;
static char globalyear[8];
static char newFieldFound = 0;
static char newFieldMsgDisplayed = 0;
static char newFieldName[32];
MemClr( format, 25*sizeof(void*) );
MemClr( Line, sizeof( struct HitData ) );
//Tokenise line into format fields 1 to 25 from \t
format[i++]=buffer;
while (*buffer && i<FORMATSIZE ) {
if ( *buffer == ' ') {
format[i++] = buffer+1;
*buffer=0;
}
buffer++;
}
tot = i;
//check if it is a valid format first
if (tot<8)
return 0;
i = 1;
while( i<tot )
{
switch( *format[i] )
{
case 's':
if ( ptr=strstr( format[i], "src=" ) ){
if( Line->clientaddr = 4+ptr ){
if ( ptr=mystrchr( 4+ptr, '/' ) ) *ptr = ':'; // replace / with : for port number of address
}
} else
if ( ptr=strstr( format[i], "srcname=" ) )
Line->user = 8+ptr;
else
if ( ptr=strstr( format[i], "service=" ) )
Line->protocol = 8+ptr;
else
newFieldFound = 1;
break;
case 'd':
if ( ptr=strstr( format[i], "dst=" ) ){
if( Line->sourceaddr = 4+ptr ){
if ( ptr=mystrchr( 4+ptr, '/' ) ) {
Line->port = myatoi( ptr+1 );
*ptr = 0; // replace / with : for port number of address
}
}
} else
if ( ptr=strstr( format[i], "dstname=" ) ){
if( Line->file = 8+ptr ){
if ( ptr=mystrchr( 8+ptr, '/' ) ){
Line->port = myatoi( ptr+1 );
*ptr = 0; // replace / with : for port number of address
}
}
} else
if ( ptr=strstr( format[i], "duration=" ) )
Line->ms = myatoi( 9+ptr );
else
newFieldFound = 1;
break;
case 'p':
if ( ptr=strstr( format[i], "port=" ) )
Line->port = myatoi( 5+ptr );
else
// if ( ptr=strstr( format[i], "policy=" ) )
// Line->policy = myatoi( 7+ptr );
// else
newFieldFound = 1;
break;
case 'a':
// if ( ptr=strstr( format[i], "action=" ) )
// Line->action = 7+ptr;
// else
newFieldFound = 1;
break;
case 't':
//Fix this
if ( ptr=strstr( format[i], "time=\"" ) )
{
// This is a line (generally the 1st line) which gives you the current year for all the other lines which
// just give the day & month (as well as the time)
//mystrncpyNull( globalyear, format[i]+4, 5 );
//globalyear[4] = 0;
Line->date = ConvLDate( format[i]+6, Line->newdate );
// sscanf(
// sprintf( GlobalDate, "%d-%d-%d", format[i] );
//Line->date = GlobalDate;
i++;
char *p = format[i];
while( *p != '\"' )
p++;
p = 0;
Line->time = format[i];
//return 0; // This is a line with the year in it
}
else
newFieldFound = 1;
break;
}
if ( newFieldFound )
{
if ( !newFieldMsgDisplayed )
{
// Display a message to the user...
//ErrorMsg( format[i] );
newFieldMsgDisplayed = 1;
}
newFieldFound = 0;
}
else
{
if ( ptr=strstr( format[i], "arg=" ) ){ // if name enclosed in <> only use content
if ( ptr[4] == '<' ) {
ptr++;
if( Line->file ) strcat( Line->file, " , " );
} else
if( Line->file ) strcat( Line->file, "/" );
if ( Line->file ) {
strcat( Line->file, 4+ptr );
} else
Line->file = 4+ptr;
if ( ptr=strrchr( ptr, '>' ) ) *ptr = 0;
} else
if ( ptr=strstr( format[i], "proto=" ) )
Line->protocol = 6+ptr;
else
if ( ptr=strstr( format[i], "Protocol=" ) )
Line->protocol = 9+ptr;
else
if ( ptr=strstr( format[i], "sent=" ) )
Line->bytesIn = myatoi( 5+ptr );
else
if ( ptr=strstr( format[i], "rcvd=" ) )
Line->bytes = myatoi( 5+ptr );
else
if ( ptr=strstr( format[i], "result=" ) )
Line->stat = 7+ptr;
else
if ( ptr=strstr( format[i], "duration=" ) )
Line->ms = myatoi( 9+ptr ) * 1000;
else
if ( ptr=strstr( format[i], "user=" ) ){
if ( ptr[5] == '<' ) ptr++;
Line->clientaddr = 4+ptr;
if ( ptr=strrchr( ptr, '>' ) ) *ptr = 0;
}
}
i++;
}
return 1;
}
