#include		<stdio.h>#include		<string.h>#include		<stdlib.h>#include		<time.h>#include 		<net-snmp/net-snmp-config.h>#include		 <net-snmp/net-snmp-includes.h>		#include 	"devicelog.h"#include	"logging.h"#include 	"queue.h"#define SYSLOG 	1  			//消息來源于SYSLOG#define TRAP 	2			//消息來源于TRAP#define AGENT 	3			//消息來源于AGENT#define UNIXDEVICE_LOG 4	//來源于UNIX設備的日志消息#define CISCO_LOG 	5		//來源于CISCO設備的日志消息#define UNKNOWN_LOG 	6	//來源于未知設備的日志消息char *month[12]={"Jua","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec"};/*UNIX設備的facility的定義*/static const char *facility_std[24]={"kernel" , 						"user-level",   						"mail"	, 						"daemons" ,						"authorization" , 						"syslogd" ,						"printer",						" news",						"UUCP",						"clock",						"security",						"FTP",						"NTP",						"log audit",						"log alert",						"clock daemon",						"local use 0",						"local use 1",						"local use 2",						"local use 3",						"local use 4",						"local use 5",						"local use 6",						"local use 7"};/*******************************************************************************************************			函數功能： 判斷消息的日志來源			@ msg: 接收到的消息******************************************************************************************************/int logstyle(char *msg)  {	char mon[4],*count,*spchar1=">",*spchar2="%";	int i=0,j=0;		j=strcspn(msg,spchar1); j++;	if(j>strlen(msg)) return UNKNOWN_LOG;	count=msg+j;		strncpy(mon,count,3);	mon[3]='\0';		for(i=0;i<12;i++)   /*look whether the mon[3] is in the month[12] */	{		if(strcmp(month[i],mon)==0)			break;	}	if(i!=12) return UNIXDEVICE_LOG;		j=strcspn(msg,spchar2);	if(j>0 && j<40) return CISCO_LOG; /*find the '%' in the msg*/		return UNKNOWN_LOG;			}int gethour(){	time_t ti;	struct tm *tm;	time(&ti);	tm=localtime(&ti);	return tm->tm_hour;}int getmin(){	time_t ti;	struct tm *tm;	time(&ti);	tm=localtime(&ti);	return tm->tm_min;}int getsec(){	time_t ti;	struct tm *tm;	time(&ti);	tm=localtime(&ti);	return tm->tm_sec;}int getmon(){	time_t ti;	struct tm *tm;	time(&ti);	tm=localtime(&ti);	return tm->tm_mon+1;}int getday(){	time_t ti;	struct tm *tm;	time(&ti);	tm=localtime(&ti);	return tm->tm_mday;}													int getyear(){	time_t ti;	struct tm *tm;	time(&ti);	tm=localtime(&ti);	return tm->tm_year+1900;	}							/**********************************************************************************************	 	函數功能： 處理來源于UNIX設備的日志消息中的時間戳				@ msg: 消息中的時間戳，格式如： "Oct 12 22:14:13"		@ timestamp: 數據庫中的標準時間戳格式："11 12 22:14:13"		***********************************************************************************************/							void processtimestamp_std(char *msg,char *timestamp,char **month){	char mon[4],day[3],time[9];	int i=0,j=0;	for(i=0;i<3;i++)		mon[i]=timestamp[i];		mon[3]='\0';	for(i=4;i<=5;i++)		day[j++]=timestamp[i];	day[2]='\0';	j=0;i++;	for(;i<strlen(timestamp);i++)		time[j++]=timestamp[i];	time[8]='\0';	i=0;	for(j=0;j<12;j++)	{		if(strcmp(month[j],mon)==0)			break;	}	j++;/*j is the month*/	memset(mon,'\0',3);	sprintf(mon,"%d",j);	sprintf(timestamp,"%d-%s-%s %s",getyear(),mon,day,time);		}		/*************************************************************************************************************************************							函數功能：從來源于UNIX設備的消息中得到日志的優先級														@ msg:   收到的日志消息							************************************************************************************************************************************/	int getofpri(char * msg){	char *spchar1="<", *spchar2=">",*count,temp[4];	int start=0,end=0;	start=strcspn(msg,spchar1);	end=strcspn(msg,spchar2);	start++;	count=msg+start;	strncpy(temp,count,end-start);	temp[end-start]='\0';	return atoi(temp);}/*************************************************************************************************************************************							函數功能： 從來源于UNIX設備的消息中獲得facility， 其值為priority/8														@ msg: 接收到的日志消息							@ facility: 保存facility值							************************************************************************************************************************************/void getoffacility_std(char *msg,char *facility){         int pri=0,fac=0;                  pri=getofpri(msg);         fac=pri/8;                 sprintf(facility,"%s",facility_std[fac]);                                           }/*************************************************************************************************************************************							函數功能： 從來源于UNIX設備的消息中獲取severity， 其值為： priority/8的余數														@ msg: 接收到的日志消息							@ serverity: 保存severity值************************************************************************************************************************************/void getofserverity_std(char *msg,char *serverity){	int pri=0,ser=0,facility=0;		pri=getofpri(msg);	facility=pri/8;	ser=pri-8*facility;	sprintf(serverity,"%d",ser);	serverity[1]='\0';	//free(temp);}							/*************************************************************************************************************************************							get the time from the message														@ msg: the message style like "<34>Oct 12 14 22:12:14 mymachine su 'su root ' can not open the deveice"							@ time: the point to the result like "Oct 12 14 22:12:14"							************************************************************************************************************************************/void getoftime_std(char *msg,char *time){	char *spchar=">",*count;	int start=0;	start=strcspn(msg,spchar);	start++;		count=msg+start;	strncpy(time,count,15);	time[15]='\0';	}/*************************************************************************************************************************************							get the hostname from the message														@ msg: the message style like "<34>Oct 12 14 22:12:14 mymachine su 'su root ' can not open the deveice"							@hostname: the point to the result like "mymachine"							************************************************************************************************************************************/void getofhostname_std(char *msg,char *hostname){	char *spchar=":",*count;	int start=0,i=0;	start=strcspn(msg,spchar);	start+=7;/*get the start position of the hostname*/	count=msg+start;	while(*count!=' ')	{		hostname[i]=*count;		i++;		count++;	}	hostname[i]='\0';	}/*************************************************************************************************************************************							get the content from the message														@ msg: the message style like "<34>Oct 12 14 22:12:14 mymachine su 'su root ' can not open the deveice"							@ content: the point to the result like "su 'su root ' can not open the deveice"							************************************************************************************************************************************/							void getofcontent_std(char *msg,char *content){	int start=0;	char *count,*spchar=":";	start=strcspn(msg,spchar);	start+=7;		count=msg+start;	while(*count!=' ') count++;	strcpy(content,count);}							/*******************************************************************************************************************												處理CISCO日志格式************************************************************************************************/void processtimestamp_cisco(char *msg,char *timestamp){	int  mon,day;	int j=0;	char time[9],*count,*spchar="%";			mon=getmon();	day=getday();		j=strcspn(msg,spchar); j=j-10;	count=msg+j;		strncpy(time,count,8);	time[8]='\0';		sprintf(timestamp,"%d-%d-%d %s",getyear(),mon,day,time);			}void getfacility_cisco(char *msg, char *facility){	char *spchar1="%",*spchar2="-",*count;	int i,j;		i=strcspn(msg,spchar1); i++;	j=strcspn(msg,spchar2);	count=msg+i;		strncpy(facility,count,j-i);	facility[j-i]='\0';	}void getserverity_cisco(char *msg, char *serverity){	char *spchar="-",*count;	int j;		j=strcspn(msg,spchar); j++;	count=msg+j;	strncpy(serverity,count,1);	serverity[1]='\0';			}void getcontent_cisco(char *msg,char *content){	char *spchar=">",*count;	int j=0;		j=strcspn(msg,spchar); j++;	count=msg+j;		strncpy(content,count,strlen(count));	content[strlen(count)]='\0';}																																																	/*************************************************************************************************************************************							函數功能： 解析日志格式，轉化為標準格式														@ msg: 收到的消息							@ log: 轉換的標準日志格式							************************************************************************************************************************************/								void getmsg(char * log,struct eventinfo *msg)  {	if(UNIXDEVICE_LOG==logstyle(log))       //判斷是否是來自于UNIX設備的日志	{			log_debug("DEVICELOG","This is a UNIX device log!");		getoftime_std(log,msg->time_stamp);		getoffacility_std(log,msg->facility);		getofserverity_std(log,msg->serverity);		getofhostname_std(log,msg->ip);		getofcontent_std(log,msg->content);		processtimestamp_std(log,msg->time_stamp,month);		sprintf(msg->source,"%d",SYSLOG);			}	else		if(CISCO_LOG==logstyle(log))		//判斷是否為來自于CISCO設備的日志格式		{						log_debug("DEVICELOG","This is a CISCO device log!");						log_info("CISCO LOG INFO", log);			processtimestamp_cisco(log,msg->time_stamp);			getfacility_cisco(log,msg->facility);			getserverity_cisco(log,msg->serverity);			getcontent_cisco(log,msg->content);						printf("LOG CONTENT: %s\n", msg->content);					   	sprintf(msg->source,"%d",SYSLOG);				}		else									//來源未知（為了考慮到程序操作的方便性和一致性，對于未知來源的消息采取特殊的賦值處理 ）		{			log_debug("DEVICELOG","This is a UNKNOWN log!");			sprintf(msg->time_stamp,"%d-%d-%d %d:%d:%d",getyear(),getmon(),getday(),gethour(),getmin(),getsec());			strcpy(msg->time_stamp," ");			strcpy(msg->facility,"Unknown\0");			strcpy(msg->serverity,"8\0");			strncpy(msg->content,log,strlen(log));			msg->content[strlen(log)]='\0';			sprintf(msg->source,"%d",UNKNOWN_LOG);									/*UNKNOWN_LOG*/										}}																																																																													void get_trap_msg(struct eventinfo *msg, netsnmp_pdu *pdu, char *addr){			char  buffer[10240], temp_buffer[1024],trap_facility[20], severity;			memset(trap_facility, 0, sizeof(trap_facility));						switch(pdu->trap_type)	{		case 0:				strcpy(trap_facility, "coldstart");		severity = '0';		break;	case 1:		strcpy(trap_facility, "warmstart");		severity = '1';		break;			case 2:		strcpy(trap_facility, "linkdown");		severity = '2';		break;	case 3:		strcpy(trap_facility, "linkup");		severity = '3';		break;	case 4:		strcpy(trap_facility, "auth fail");		severity = '4';		break;	case 5:		strcpy(trap_facility, "egpneighbor loss");		severity = '5';		break;	case 6:		strcpy(trap_facility, "enterprise sepecific");		severity = '6';		break;	default:		strcpy(trap_facility, "Unknown");		severity = '7';		break;	}		log_debug("FACILITY", trap_facility);		strcpy(msg->time_stamp, "");	strcpy(msg->facility,trap_facility);	strcpy(msg->serverity, severity);	strcpy(msg->ip, addr);	strcpy(msg->source,"2");		memset(buffer, 0, sizeof(buffer));		struct variable_list *vars;		for(vars = pdu->variables; vars; vars = vars->next_variable)	{		memset(temp_buffer, 0, sizeof(temp_buffer));		snprint_variable(temp_buffer, sizeof(temp_buffer), vars->name, vars->name_length, vars);				strcat(buffer, temp_buffer);		strcat(buffer, ", ");	}		strcpy(msg->content, buffer);		log_info("get_trap_msg", buffer);			}																																																																																																									/*int main(void){	struct eventinfo info;	char buffer[1024];	getmsg(logcontent,&info);	printf("%s\n",info.time_stamp);	printf("%s\n",info.facility);	printf("%s\n",info.serverity);	printf("%s\n",info.host_name);	printf("%s\n",info.content);		processtimestamp(logcontent,info.time_stamp,month);	sprintf(buffer,"insert into EVENT_INFO1 values ('2006-%s','%s','%s','%s','%s')",info.time_stamp,info.facility,		info.serverity,info.host_name,info.content);	printf("%s\n",buffer);	return 0;}*/