//******************************************************************************** // Function Name : IniCmd // Retun Value : NON // Argment Value : NON // Explanation : Command Execute Process Initial // History : First edition 2009.07.30 Y.Tashita //******************************************************************************** void IniCmd( void ) { MemClr( ( unsigned char * )&StAdjPar, sizeof( stAdjPar ) ) ; // Adjust Parameter Clear MemClr( ( unsigned char * )&StLbgCon, sizeof( stLbgCon ) ) ; // Zoom Value Controler Clear }
short PROC_Raptor(char *buffer,HitDataPtr Line) { char *ptr; short i=1, tot; static char globalyear[8]; MemClr( format, 25*sizeof(void*) ); MemClr( Line, sizeof( struct HitData ) ); //Tokenise line into format fields 1 to 25 from \t format[i++]=buffer; while (*buffer && i<FORMATSIZE ) { if ( *buffer == ' ') { format[i++] = buffer+1; *buffer=0; } buffer++; } tot = i; //check if it is a valid format first if (tot<8) return 0; if ( Line->lineNum > 1 ) { sprintf( GlobalDate, "%02d/%s/%s", Month2Num( format[1] ), format[2], globalyear ); Line->date = GlobalDate; //Jan 08 02:53:23 } Line->time = format[3]; Line->stat = format[6]; if( Line->protocol = format[5] ){ ptr = mystrchr( Line->protocol, '[' ); // remove [ from the protocol field if ( ptr ) *ptr = 0; } i = 5; while( i<=tot ){ if ( format[5] && format[i] ){ if ( ptr=strstr( format[i], "src=" ) ){ if( Line->clientaddr = 4+ptr ){ if ( ptr=mystrchr( 4+ptr, '/' ) ) *ptr = ':'; // replace / with : for port number of address } } else if ( ptr=strstr( format[i], "srcname=" ) ) Line->user = 8+ptr; else if ( ptr=strstr( format[i], "Year" ) ) { // This is a line (generally the 1st line) which gives you the current year for all the other lines which // just give the day & month (as well as the time) mystrcpy( globalyear, format[i+2] ); globalyear[4] = 0; sprintf( GlobalDate, "%02d/%s/%s", Month2Num( format[1] ), format[2], globalyear ); Line->date = GlobalDate; //Jan 08 02:53:23 return 0; // This is a line with the year in it } else if ( ptr=strstr( format[i], "dst=" ) ){ if( Line->sourceaddr = 4+ptr ){ if ( ptr=mystrchr( 4+ptr, '/' ) ) { Line->port = myatoi( ptr+1 ); *ptr = 0; // replace / with : for port number of address } } } else if ( ptr=strstr( format[i], "dstname=" ) ){ if( Line->file = 8+ptr ){ if ( ptr=mystrchr( 8+ptr, '/' ) ){ Line->port = myatoi( ptr+1 ); *ptr = 0; // replace / with : for port number of address } } } else if ( ptr=strstr( format[i], "arg=" ) ){ // if name enclosed in <> only use content if ( ptr[4] == '<' ) { ptr++; if( Line->file ) mystrcat( Line->file, " , " ); } else if( Line->file ) mystrcat( Line->file, "/" ); if ( Line->file ) { mystrcat( Line->file, 4+ptr ); } else Line->file = 4+ptr; if ( ptr=strrchr( ptr, '>' ) ) *ptr = 0; } else if ( ptr=strstr( format[i], "proto=" ) ) Line->protocol = 6+ptr; else if ( ptr=strstr( format[i], "Protocol=" ) ) Line->protocol = 9+ptr; else if ( ptr=strstr( format[i], "sent=" ) ) Line->bytesIn = myatoi( 5+ptr ); else if ( ptr=strstr( format[i], "rcvd=" ) ) Line->bytes = myatoi( 5+ptr ); else if ( ptr=strstr( format[i], "result=" ) ) Line->stat = 7+ptr; else if ( ptr=strstr( format[i], "duration=" ) ) Line->ms = myatoi( 9+ptr ) * 1000; else if ( ptr=strstr( format[i], "user=" ) ){ if ( ptr[5] == '<' ) ptr++; Line->clientaddr = 4+ptr; if ( ptr=strrchr( ptr, '>' ) ) *ptr = 0; } } i++; } return 1; }
/* Nov 30 00:00:03 eaglent firelogd[127]: 108 starting new log file. UTC offset is +1000, Year is 1998, Eagle is 5.0.1i, OS is "NT 4.0 (Build 1381: Service Pack 3)", Platform is "Intel x86" Nov 30 00:00:11 eaglent dnsd[129]: 120 dnsd Info: Failed to handle request from 172.168.1.245 for MailServer for . - no progress possible (139.130.4.4/No response) Nov 30 00:00:19 eaglent xntpd[132]: 120 NTP Info: offset 0.023925 sec freq 13.340 ppm poll 10 Nov 30 00:27:35 eaglent smtp[357]: 121 Statistics: duration=9.19 user=<*****@*****.**> sent=1404 rcvd=314 srcif=Vpn8 src=203.32.30.36/29807 srcname=malvern.starway.net.au dstif=Vpn5 dst=172.168.1.220/25 dstname=main.unisuper.com.au op="To 1 recips" arg=<*****@*****.**> result="250 Data received OK." proto=smtp rule=3 Nov 30 00:41:30 eaglent httpd[338]: 121 Statistics: duration=0.03 sent=262 rcvd=503 srcif=Vpn6 src=212.17.88.76/1377 srcname=TK212017088076.tuwien.teleweb.at dstif=Vpn5 dst=172.168.1.230/80 dstname=www.unisuper.com.au op=GET arg=/python/ result="404 Not Found" proto=http rule=18 Nov 30 00:46:50 eaglent dnsd[129]: 120 dnsd Info: Failed to handle request from 172.168.1.245 for MailServer for nothnet.com.au. - no progress possible (139.130.4.4/No response) Nov 30 00:46:50 eaglent dnsd[129]: 120 dnsd Info: Failed to handle request from 172.168.1.245 for MailServer for netscape.net.au. - no progress possible (139.130.4.4/No response) Nov 30 00:46:50 eaglent dnsd[129]: 120 dnsd Info: Failed to handle request from 172.168.1.245 for MailServer for netscape.net.au. - no progress possible (139.130.4.4/No response) Nov 30 00:46:50 eaglent dnsd[129]: 120 dnsd Info: Failed to handle request from 172.168.1.245 for MailServer for netscape.net.au. - no progress possible (139.130.4.4/No response) Nov 30 00:46:50 eaglent dnsd[129]: 120 dnsd Info: Failed to handle request from 172.168.1.245 for MailServer for mugs.cc.monash.edu.au. - no progress possible (139.130.4.4/No response) Nov 30 00:46:50 eaglent dnsd[129]: 120 dnsd Info: Failed to handle request from 172.168.1.245 for MailServer for . - no progress possible (139.130.4.4/No response) Nov 30 00:47:04 eaglent dnsd[129]: 120 dnsd Info: Failed to handle request from 172.168.1.245 for Address for nothnet.com.au. - no progress possible (139.130.4.4/No response) Nov 30 00:47:06 eaglent httpd[338]: 121 Statistics: duration=0.04 sent=259 rcvd=375 srcif=Vpn6 src=195.92.199.104/21876 srcname=webcache05s.cache.pol.co.uk dstif=Vpn5 dst=172.168.1.230/80 dstname=www.unisuper.com.au op=GET arg=/startrek/strek.htm result="404 Not Found" proto=http rule=18 Nov 30 00:47:18 eaglent dnsd[129]: 120 dnsd Info: Failed to handle request from 172.168.1.245 for Address for nothnet.com.au.com.au. - no progress possible (139.130.4.4/No response) Nov 30 00:47:34 eaglent dnsd[129]: 120 dnsd Info: Failed to handle request from 172.168.1.245 for Address for netscape.net.au. - no progress possible (139.130.4.4/No response) Nov 30 00:47:48 eaglent dnsd[129]: 120 dnsd Info: Failed to handle request from 172.168.1.245 for Address for netscape.net.au.com.au. - no progress possible (139.130.4.4/No response) Nov 30 00:48:04 eaglent dnsd[129]: 120 dnsd Info: Failed to handle request from 172.168.1.245 for Address for netscape.net.au. - no progress possible (139.130.4.4/No response) */ short PROC_Firewall(char *buffer,HitDataPtr Line) { char *ptr; short i=1, tot; static char globalyear[8]; static char newFieldFound = 0; static char newFieldMsgDisplayed = 0; static char newFieldName[32]; MemClr( format, 25*sizeof(void*) ); MemClr( Line, sizeof( struct HitData ) ); //Tokenise line into format fields 1 to 25 from \t format[i++]=buffer; while (*buffer && i<FORMATSIZE ) { if ( *buffer == ' ') { format[i++] = buffer+1; *buffer=0; } buffer++; } tot = i; //check if it is a valid format first if (tot<8) return 0; i = 1; while( i<tot ) { switch( *format[i] ) { case 's': if ( ptr=strstr( format[i], "src=" ) ){ if( Line->clientaddr = 4+ptr ){ if ( ptr=mystrchr( 4+ptr, '/' ) ) *ptr = ':'; // replace / with : for port number of address } } else if ( ptr=strstr( format[i], "srcname=" ) ) Line->user = 8+ptr; else if ( ptr=strstr( format[i], "service=" ) ) Line->protocol = 8+ptr; else newFieldFound = 1; break; case 'd': if ( ptr=strstr( format[i], "dst=" ) ){ if( Line->sourceaddr = 4+ptr ){ if ( ptr=mystrchr( 4+ptr, '/' ) ) { Line->port = myatoi( ptr+1 ); *ptr = 0; // replace / with : for port number of address } } } else if ( ptr=strstr( format[i], "dstname=" ) ){ if( Line->file = 8+ptr ){ if ( ptr=mystrchr( 8+ptr, '/' ) ){ Line->port = myatoi( ptr+1 ); *ptr = 0; // replace / with : for port number of address } } } else if ( ptr=strstr( format[i], "duration=" ) ) Line->ms = myatoi( 9+ptr ); else newFieldFound = 1; break; case 'p': if ( ptr=strstr( format[i], "port=" ) ) Line->port = myatoi( 5+ptr ); else // if ( ptr=strstr( format[i], "policy=" ) ) // Line->policy = myatoi( 7+ptr ); // else newFieldFound = 1; break; case 'a': // if ( ptr=strstr( format[i], "action=" ) ) // Line->action = 7+ptr; // else newFieldFound = 1; break; case 't': //Fix this if ( ptr=strstr( format[i], "time=\"" ) ) { // This is a line (generally the 1st line) which gives you the current year for all the other lines which // just give the day & month (as well as the time) //mystrncpyNull( globalyear, format[i]+4, 5 ); //globalyear[4] = 0; Line->date = ConvLDate( format[i]+6, Line->newdate ); // sscanf( // sprintf( GlobalDate, "%d-%d-%d", format[i] ); //Line->date = GlobalDate; i++; char *p = format[i]; while( *p != '\"' ) p++; p = 0; Line->time = format[i]; //return 0; // This is a line with the year in it } else newFieldFound = 1; break; } if ( newFieldFound ) { if ( !newFieldMsgDisplayed ) { // Display a message to the user... //ErrorMsg( format[i] ); newFieldMsgDisplayed = 1; } newFieldFound = 0; } else { if ( ptr=strstr( format[i], "arg=" ) ){ // if name enclosed in <> only use content if ( ptr[4] == '<' ) { ptr++; if( Line->file ) strcat( Line->file, " , " ); } else if( Line->file ) strcat( Line->file, "/" ); if ( Line->file ) { strcat( Line->file, 4+ptr ); } else Line->file = 4+ptr; if ( ptr=strrchr( ptr, '>' ) ) *ptr = 0; } else if ( ptr=strstr( format[i], "proto=" ) ) Line->protocol = 6+ptr; else if ( ptr=strstr( format[i], "Protocol=" ) ) Line->protocol = 9+ptr; else if ( ptr=strstr( format[i], "sent=" ) ) Line->bytesIn = myatoi( 5+ptr ); else if ( ptr=strstr( format[i], "rcvd=" ) ) Line->bytes = myatoi( 5+ptr ); else if ( ptr=strstr( format[i], "result=" ) ) Line->stat = 7+ptr; else if ( ptr=strstr( format[i], "duration=" ) ) Line->ms = myatoi( 9+ptr ) * 1000; else if ( ptr=strstr( format[i], "user=" ) ){ if ( ptr[5] == '<' ) ptr++; Line->clientaddr = 4+ptr; if ( ptr=strrchr( ptr, '>' ) ) *ptr = 0; } } i++; } return 1; }