E2guardian uses syslog now, otherwise e2guardian v4.1.3 does not reop…

…en the log file after rotation

config/etc/e2guardian/e2guardian.conf

@@ -63,7 +63,7 @@ logfileformat = 1
 #
 # Use syslog for access logging instead of logging to the file
 # at the defined or built-in "loglocation"
-# logsyslog = off
+logsyslog = on
 
 # Suffix to append to program name when logging through syslog
 # Default is the e2Guardian instance number

config/etc/newsyslog.conf

@@ -15,8 +15,8 @@
 /var/log/pflog				600  99    10000 *    ZB "pkill -HUP -u root -U root -t - -x pflogd"
 /var/log/clamd.log			644  99    10000 168  Z
 /var/log/freshclam.log			644  99    10000 168  Z
+/var/log/e2guardian/access.log		644  99    10000 168  Z
 /var/log/e2guardian/e2guardian.log	644  99    10000 168  Z
-/var/log/e2guardian/access.log	644  99    10000 168  Z /var/run/e2guardian.pid
 /var/log/snort/snort.log		644  99    10000 168  Z
 /var/log/snort/alert.log		644  99    10000 168  Z
 /var/log/snortips.log			644  99    10000 168  Z

config/etc/syslog.conf

@@ -64,6 +64,7 @@ daemon.info						/var/log/spamd.log
 !*
 
 !!e2guardian
+local0.*						/var/log/e2guardian/access.log
 *.*							/var/log/e2guardian/e2guardian.log
 !*
 

config/utmfw.files

@@ -143,6 +143,7 @@ usr/local/share/e2guardian/languages/ukenglish/template.html,644,root,wheel
 usr/local/share/e2guardian/languages/ukenglish/template_nobypass.html,644,root,wheel
 var/cron/tabs/root,600,root,crontab
 var/log/doas,600,root,wheel
+var/log/e2guardian/access.log,640,root,wheel
 var/log/e2guardian/e2guardian.log,640,root,wheel
 var/log/snort/snort.log,640,root,wheel
 var/log/snort/alert.log,640,root,wheel

config/utmfw.mtree

@@ -30,6 +30,7 @@ tmp			type=dir mode=0755 uid=506 gid=506 flags=none
 log			type=dir mode=0755 uname=root gname=wheel
 doas			type=file mode=0600 uname=root gname=wheel
 e2guardian		type=dir mode=0755 uid=589 gid=589 flags=none
+access.log		type=file mode=0640 uname=root gname=wheel
 e2guardian.log	type=file mode=0640 uname=root gname=wheel
 ..	#var/log/e2guardian
 imspector		type=dir mode=0755 uid=702 gid=702 flags=none

ports/e2guardian/Makefile

@@ -26,7 +26,7 @@ AUTOCONF_VERSION =	2.69
 AUTOMAKE_VERSION =	1.15
 
 CONFIGURE_ENV =		CPPFLAGS="-I${LOCALBASE}/include" \
-			LDFLAGS="-L${LOCALBASE}/lib"
+			LDFLAGS="-L${LOCALBASE}/lib -pthread"
 CONFIGURE_ARGS =	--localstatedir=/var \
 			--with-proxyuser=_e2guardian \
 			--with-proxygroup=_e2guardian \

ports/e2guardian/patches/patch-src_FatController_cpp

@@ -3,6 +3,24 @@ $OpenBSD$
 Index: src/FatController.cpp
 --- src/FatController.cpp.orig
 +++ src/FatController.cpp
+@@ -1071,7 +1071,7 @@ void log_listener(std::string log_location, bool logco
+                             postdata + "\"";
+                 break;
+             case 1:
+-                builtline = when + " " + who + " " + from + " " + where + " " + what + " "
++                builtline = (!logsyslog ? when + " " : "") + who + " " + from + " " + where + " " + what + " "
+                             + how + " " + ssize + " " + sweight + " " + cat + " " + stringgroup + " "
+                             + stringcode + " " + mimetype + " " + clienthost + " " + groupname + " "
+                             + useragent + " " + params + " " + o.logid_1 + " " + o.logid_2 + " " + postdata;
+@@ -1112,7 +1112,7 @@ void log_listener(std::string log_location, bool logco
+         if (!logsyslog)
+             *logfile << builtline << std::endl; // append the line
+         else
+-            syslog(LOG_INFO, "%s", builtline.c_str());
++            syslog(LOG_LOCAL0|LOG_INFO, "%s", builtline.c_str());
+
+         //    delete ipcpeersock; // close the connection
+
 @@ -2026,12 +2026,11 @@ int fc_controlit()   //
              gentlereload = false;
              continue;        //  OK to continue even if gentle failed - just continue to use previous lists

src/Model/e2guardianlogs.php

@@ -34,7 +34,6 @@ function ParseLogLine($logline, &$cols)
 	{
 		global $Re_Ip;
 
-		$re_datetime= '(\d+\.\d+\.\d+) (\d+:\d+:\d+)';
 		$re_pip= "($Re_Ip|-)";
 		$re_srcip= "($Re_Ip)";
 		$re_link= '(http:\/\/[^ \/]*|https:\/\/[^ \/]*)(\S*)';
@@ -48,46 +47,41 @@ function ParseLogLine($logline, &$cols)
 		$re_num= '(-{0,1}\d+|)';
 		$re_restorempty= '(.*|)';
 
-		// 2007.12.29 20:46:18 - 192.168.1.33 http://URL.com *DENIED* Banned site: URL.com GET 0 0 Cleaning Domains 1 403 -   -
-		// 2007.12.29 20:10:15 - 192.168.1.34 http://URL.com  GET 1632 0  1 404 text/html   -
-		// 2007.12.29 20:09:57 - 192.168.1.34 http://URL.com *SCANNED*  GET 5137 -20  1 200 text/html   -
-		$re= "/^$re_datetime\s+$re_pip\s+$re_srcip\s+$re_link\s+$re_result\s+$re_mtd\s+$re_size\s+$re_ttl\s+$re_restorempty\s*$re_num\s+$re_num\s+$re_rest$/";
-		if (preg_match($re, $logline, $match)) {
-			$cols['Date']= $match[1];
-			$cols['Time']= $match[2];
-			$cols['IPsrc']= $match[3];
-			$cols['IP']= $match[4];
-			$cols['Link']= $match[5].$match[6];
-			$cols['Scan']= $match[7];
-			$cols['Mtd']= $match[8];
-			$cols['Size']= $match[9];
-			$cols['TTL']= $match[10];
-			$log= $match[11].' '.$match[12].' '.$match[13].' '.$match[14];
-			/// @todo What are the other category names?
-			if (preg_match('/(\S+)\s+(Domains|URLs|Sites|Phrases)/', $log, $cats)) {
-				$cols['Cat']= $cats[1];
-			}
-			$cols['Log']= $log;
-			return TRUE;
-		}
-		else {
-			$cols['IP']= _('Unknown');
-			$cols['Link']= _('Unknown');
+		if ($this->ParseSyslogLine($logline, $cols)) {
+			$cols['DateTime']= $cols['Date'].' '.$cols['Time'];
 
-			$re= "/^$re_datetime$re_result\s+$re_mtd\s+$re_nonempty\s+$re_nonempty\s+$re_nonempty\s+$re_link\s+$re_rest$/";
-			if (preg_match($re, $logline, $match)) {
-				$cols['Date']= $match[1];
-				$cols['Time']= $match[2];
-				$cols['Mtd']= $match[4];
-				$cols['Scan']= $match[6].' '.$match[3].' '.$match[5].' '.$match[7];
-				$cols['Link']= $match[8].$match[9];
-				$cols['Log']= $match[10];
-				return TRUE;
+			// - 192.168.1.33 http://URL.com *DENIED* Banned site: URL.com GET 0 0 Cleaning Domains 1 403 -   -
+			// - 192.168.1.34 http://URL.com  GET 1632 0  1 404 text/html   -
+			// - 192.168.1.34 http://URL.com *SCANNED*  GET 5137 -20  1 200 text/html   -
+			$re= "/^$re_pip\s+$re_srcip\s+$re_link\s+$re_result\s+$re_mtd\s+$re_size\s+$re_ttl\s+$re_restorempty\s*$re_num\s+$re_num\s+$re_rest$/";
+			if (preg_match($re, $cols['Log'], $match)) {
+				$cols['IPsrc']= $match[1];
+				$cols['IP']= $match[2];
+				$cols['Link']= $match[3].$match[4];
+				$cols['Scan']= $match[5];
+				$cols['Mtd']= $match[6];
+				$cols['Size']= $match[7];
+				$cols['TTL']= $match[8];
+				$log= $match[9].' '.$match[10].' '.$match[11].' '.$match[12];
+				/// @todo What are the other category names?
+				if (preg_match('/(.+)\s+(Domains|URLs|Sites|Phrases)/', $log, $cats)) {
+					$cols['Cat']= $cats[1];
+				}
+				$cols['Log']= $log;
 			}
-			else if ($this->ParseSyslogLine($logline, $cols)) {
-				$cols['DateTime']= $cols['Date'].' '.$cols['Time'];
-				return TRUE;
+			else {
+				$cols['IP']= _('Unknown');
+				$cols['Link']= _('Unknown');
+
+				$re= "/^$re_result\s+$re_mtd\s+$re_nonempty\s+$re_nonempty\s+$re_nonempty\s+$re_link\s+$re_rest$/";
+				if (preg_match($re, $cols['Log'], $match)) {
+					$cols['Mtd']= $match[2];
+					$cols['Scan']= $match[4].' '.$match[1].' '.$match[3].' '.$match[5];
+					$cols['Link']= $match[6].$match[7];
+					$cols['Log']= $match[8];
+				}
 			}
+			return TRUE;
 		}
 		return FALSE;
 	}
@@ -98,66 +92,6 @@ function PostProcessCols(&$cols)
 			$cols['Proto']= $match[1];
 			$cols['Link']= $match[2];
 		}
-
-		if (preg_match('/(\d+)\.(\d+)\.(\d+)/', $cols['Date'], $match)) {
-			$cols['Date']= $match[1].'.'.($match[2] + 0).'.'.($match[3] + 0);
-		}
-
-		$time= explode(':', $cols['Time'], 3);
-		$cols['Time']= sprintf('%02d', $time[0]).':'.sprintf('%02d', $time[1]).':'.sprintf('%02d', $time[2]);
-	}
-
-	function GetDateRegexp($date)
-	{
-		// Match all years
-		$re= '.*\.';
-		if ($date['Month'] == '') {
-			$re.= '.*';
-		}
-		else {
-			$re.= ($date['Month'] + 0).'\.';
-			if ($date['Day'] == '') {
-				$re.= '.*';
-			}
-			else {
-				$re.= ($date['Day'] + 0);
-			}
-		}
-		return $re;
-	}
-
-	function formatDateHourRegexp($month, $day, $hour, $minute)
-	{
-		global $Re_MonthNumbersNoLeadingZeros, $Re_DaysNoLeadingZeros;
-
-		// 2017.9.7 1:06:16
-		$reYear= '20[[:digit:]][[:digit:]]';
-
-		if ($month != '') {
-			$reMonth= $month + 0;
-		} else {
-			$reMonth= '(' . $Re_MonthNumbersNoLeadingZeros . ')';
-		}
-
-		if ($day != '') {
-			$reDay= $day + 0;
-		} else {
-			$reDay= '(' . $Re_DaysNoLeadingZeros . ')';
-		}
-
-		if ($hour != '') {
-			$reHour= $hour + 0;
-		} else {
-			$reHour= '([[:digit:]]|[[:digit:]][[:digit:]])';
-		}
-
-		if ($minute != '') {
-			$reMinute= $minute;
-		} else {
-			$reMinute= '([[:digit:]][[:digit:]])';
-		}
-
-		return "^$reYear.$reMonth.$reDay $reHour:$reMinute:";
 	}
 }
 ?>

src/View/e2guardian/include.accesslogs.php

@@ -54,42 +54,6 @@ function __construct()
 		$this->LogsHelpMsg= _HELPWINDOW('Among web filter log messages are page denials, virus scan results, denial bypasses or exceptions. However, some details can be found in HTTP proxy logs only, such as the sizes of file downloads if the download manager is engaged.');
 	}
 
-	/**
-	 * Builds a DG specific string from $date.
-	 *
-	 * The datetimes in log lines are different for each module.
-	 * Does the opposite of FormatDateArray()
-	 *
-	 * @param array $date Datetime struct
-	 * @return string Date
-	 */
-	function FormatDate($date)
-	{
-		return date('Y').'.'.($date['Month'] + 0).'.'.($date['Day'] + 0);
-	}
-
-	/**
-	 * Builds a DG specific $date from string.
-	 */
-	function FormatDateArray($datestr, &$date)
-	{
-		global $MonthNumbers;
-
-		if (preg_match('/^(\d+)\.(\d+)\.(\d+)$/', $datestr, $match)) {
-			$date['Month']= $match[2] + 0;
-			$date['Day']= $match[3] + 0;
-			return TRUE;
-		}
-		else if (preg_match('/(\w+)\s+(\d+)/', $datestr, $match)) {
-			if (array_key_exists($match[1], $MonthNumbers)) {
-				$date['Month']= $MonthNumbers[$match[1]] + 0;
-				$date['Day']= $match[2] + 0;
-				return TRUE;
-			}
-		}
-		return FALSE;
-	}
-
 	function FormatLogCols(&$cols)
 	{
 		$link= $cols['Link'];

src/View/lib/view.php

@@ -548,6 +548,8 @@ function IsDateRange($date)
 	 * Generic date array to string formatter.
 	 *
 	 * Assumes standard syslog date format for the output string.
+	 * The datetimes in log lines may be different for each module.
+	 * Does the opposite of FormatDateArray().
 	 *
 	 * @param array $date Datetime struct.
 	 * @return string Date string.