From 8a4061859e83d7e034a80c2f4b4d1b87807ca0ac Mon Sep 17 00:00:00 2001 From: Soner Tari Date: Thu, 2 Nov 2017 22:38:02 +0300 Subject: [PATCH] E2guardian uses syslog now, otherwise e2guardian v4.1.3 does not reopen the log file after rotation --- config/etc/e2guardian/e2guardian.conf | 2 +- config/etc/newsyslog.conf | 2 +- config/etc/syslog.conf | 1 + config/utmfw.files | 1 + config/utmfw.mtree | 1 + config/var/log/e2guardian/access.log | 0 ports/e2guardian/Makefile | 2 +- .../patches/patch-src_FatController_cpp | 18 +++ src/Model/e2guardianlogs.php | 130 +++++------------- src/View/e2guardian/include.accesslogs.php | 36 ----- src/View/lib/view.php | 2 + 11 files changed, 58 insertions(+), 137 deletions(-) create mode 100644 config/var/log/e2guardian/access.log diff --git a/config/etc/e2guardian/e2guardian.conf b/config/etc/e2guardian/e2guardian.conf index 3d1fd044..4d45ec4e 100644 --- a/config/etc/e2guardian/e2guardian.conf +++ b/config/etc/e2guardian/e2guardian.conf @@ -63,7 +63,7 @@ logfileformat = 1 # # Use syslog for access logging instead of logging to the file # at the defined or built-in "loglocation" -# logsyslog = off +logsyslog = on # Suffix to append to program name when logging through syslog # Default is the e2Guardian instance number diff --git a/config/etc/newsyslog.conf b/config/etc/newsyslog.conf index cf089f6c..9361c867 100644 --- a/config/etc/newsyslog.conf +++ b/config/etc/newsyslog.conf @@ -15,8 +15,8 @@ /var/log/pflog 600 99 10000 * ZB "pkill -HUP -u root -U root -t - -x pflogd" /var/log/clamd.log 644 99 10000 168 Z /var/log/freshclam.log 644 99 10000 168 Z +/var/log/e2guardian/access.log 644 99 10000 168 Z /var/log/e2guardian/e2guardian.log 644 99 10000 168 Z -/var/log/e2guardian/access.log 644 99 10000 168 Z /var/run/e2guardian.pid /var/log/snort/snort.log 644 99 10000 168 Z /var/log/snort/alert.log 644 99 10000 168 Z /var/log/snortips.log 644 99 10000 168 Z diff --git a/config/etc/syslog.conf b/config/etc/syslog.conf index db7a941d..076985ed 100644 --- a/config/etc/syslog.conf +++ b/config/etc/syslog.conf @@ -64,6 +64,7 @@ daemon.info /var/log/spamd.log !* !!e2guardian +local0.* /var/log/e2guardian/access.log *.* /var/log/e2guardian/e2guardian.log !* diff --git a/config/utmfw.files b/config/utmfw.files index e1577bf9..80d1622f 100644 --- a/config/utmfw.files +++ b/config/utmfw.files @@ -143,6 +143,7 @@ usr/local/share/e2guardian/languages/ukenglish/template.html,644,root,wheel usr/local/share/e2guardian/languages/ukenglish/template_nobypass.html,644,root,wheel var/cron/tabs/root,600,root,crontab var/log/doas,600,root,wheel +var/log/e2guardian/access.log,640,root,wheel var/log/e2guardian/e2guardian.log,640,root,wheel var/log/snort/snort.log,640,root,wheel var/log/snort/alert.log,640,root,wheel diff --git a/config/utmfw.mtree b/config/utmfw.mtree index f515f5db..c687cb50 100644 --- a/config/utmfw.mtree +++ b/config/utmfw.mtree @@ -30,6 +30,7 @@ tmp type=dir mode=0755 uid=506 gid=506 flags=none log type=dir mode=0755 uname=root gname=wheel doas type=file mode=0600 uname=root gname=wheel e2guardian type=dir mode=0755 uid=589 gid=589 flags=none +access.log type=file mode=0640 uname=root gname=wheel e2guardian.log type=file mode=0640 uname=root gname=wheel .. #var/log/e2guardian imspector type=dir mode=0755 uid=702 gid=702 flags=none diff --git a/config/var/log/e2guardian/access.log b/config/var/log/e2guardian/access.log new file mode 100644 index 00000000..e69de29b diff --git a/ports/e2guardian/Makefile b/ports/e2guardian/Makefile index d0137154..703b91f9 100644 --- a/ports/e2guardian/Makefile +++ b/ports/e2guardian/Makefile @@ -26,7 +26,7 @@ AUTOCONF_VERSION = 2.69 AUTOMAKE_VERSION = 1.15 CONFIGURE_ENV = CPPFLAGS="-I${LOCALBASE}/include" \ - LDFLAGS="-L${LOCALBASE}/lib" + LDFLAGS="-L${LOCALBASE}/lib -pthread" CONFIGURE_ARGS = --localstatedir=/var \ --with-proxyuser=_e2guardian \ --with-proxygroup=_e2guardian \ diff --git a/ports/e2guardian/patches/patch-src_FatController_cpp b/ports/e2guardian/patches/patch-src_FatController_cpp index cc9afcb7..0de48d98 100644 --- a/ports/e2guardian/patches/patch-src_FatController_cpp +++ b/ports/e2guardian/patches/patch-src_FatController_cpp @@ -3,6 +3,24 @@ $OpenBSD$ Index: src/FatController.cpp --- src/FatController.cpp.orig +++ src/FatController.cpp +@@ -1071,7 +1071,7 @@ void log_listener(std::string log_location, bool logco + postdata + "\""; + break; + case 1: +- builtline = when + " " + who + " " + from + " " + where + " " + what + " " ++ builtline = (!logsyslog ? when + " " : "") + who + " " + from + " " + where + " " + what + " " + + how + " " + ssize + " " + sweight + " " + cat + " " + stringgroup + " " + + stringcode + " " + mimetype + " " + clienthost + " " + groupname + " " + + useragent + " " + params + " " + o.logid_1 + " " + o.logid_2 + " " + postdata; +@@ -1112,7 +1112,7 @@ void log_listener(std::string log_location, bool logco + if (!logsyslog) + *logfile << builtline << std::endl; // append the line + else +- syslog(LOG_INFO, "%s", builtline.c_str()); ++ syslog(LOG_LOCAL0|LOG_INFO, "%s", builtline.c_str()); + + // delete ipcpeersock; // close the connection + @@ -2026,12 +2026,11 @@ int fc_controlit() // gentlereload = false; continue; // OK to continue even if gentle failed - just continue to use previous lists diff --git a/src/Model/e2guardianlogs.php b/src/Model/e2guardianlogs.php index c35d383f..69f4f9c4 100644 --- a/src/Model/e2guardianlogs.php +++ b/src/Model/e2guardianlogs.php @@ -34,7 +34,6 @@ function ParseLogLine($logline, &$cols) { global $Re_Ip; - $re_datetime= '(\d+\.\d+\.\d+) (\d+:\d+:\d+)'; $re_pip= "($Re_Ip|-)"; $re_srcip= "($Re_Ip)"; $re_link= '(http:\/\/[^ \/]*|https:\/\/[^ \/]*)(\S*)'; @@ -48,46 +47,41 @@ function ParseLogLine($logline, &$cols) $re_num= '(-{0,1}\d+|)'; $re_restorempty= '(.*|)'; - // 2007.12.29 20:46:18 - 192.168.1.33 http://URL.com *DENIED* Banned site: URL.com GET 0 0 Cleaning Domains 1 403 - - - // 2007.12.29 20:10:15 - 192.168.1.34 http://URL.com GET 1632 0 1 404 text/html - - // 2007.12.29 20:09:57 - 192.168.1.34 http://URL.com *SCANNED* GET 5137 -20 1 200 text/html - - $re= "/^$re_datetime\s+$re_pip\s+$re_srcip\s+$re_link\s+$re_result\s+$re_mtd\s+$re_size\s+$re_ttl\s+$re_restorempty\s*$re_num\s+$re_num\s+$re_rest$/"; - if (preg_match($re, $logline, $match)) { - $cols['Date']= $match[1]; - $cols['Time']= $match[2]; - $cols['IPsrc']= $match[3]; - $cols['IP']= $match[4]; - $cols['Link']= $match[5].$match[6]; - $cols['Scan']= $match[7]; - $cols['Mtd']= $match[8]; - $cols['Size']= $match[9]; - $cols['TTL']= $match[10]; - $log= $match[11].' '.$match[12].' '.$match[13].' '.$match[14]; - /// @todo What are the other category names? - if (preg_match('/(\S+)\s+(Domains|URLs|Sites|Phrases)/', $log, $cats)) { - $cols['Cat']= $cats[1]; - } - $cols['Log']= $log; - return TRUE; - } - else { - $cols['IP']= _('Unknown'); - $cols['Link']= _('Unknown'); + if ($this->ParseSyslogLine($logline, $cols)) { + $cols['DateTime']= $cols['Date'].' '.$cols['Time']; - $re= "/^$re_datetime$re_result\s+$re_mtd\s+$re_nonempty\s+$re_nonempty\s+$re_nonempty\s+$re_link\s+$re_rest$/"; - if (preg_match($re, $logline, $match)) { - $cols['Date']= $match[1]; - $cols['Time']= $match[2]; - $cols['Mtd']= $match[4]; - $cols['Scan']= $match[6].' '.$match[3].' '.$match[5].' '.$match[7]; - $cols['Link']= $match[8].$match[9]; - $cols['Log']= $match[10]; - return TRUE; + // - 192.168.1.33 http://URL.com *DENIED* Banned site: URL.com GET 0 0 Cleaning Domains 1 403 - - + // - 192.168.1.34 http://URL.com GET 1632 0 1 404 text/html - + // - 192.168.1.34 http://URL.com *SCANNED* GET 5137 -20 1 200 text/html - + $re= "/^$re_pip\s+$re_srcip\s+$re_link\s+$re_result\s+$re_mtd\s+$re_size\s+$re_ttl\s+$re_restorempty\s*$re_num\s+$re_num\s+$re_rest$/"; + if (preg_match($re, $cols['Log'], $match)) { + $cols['IPsrc']= $match[1]; + $cols['IP']= $match[2]; + $cols['Link']= $match[3].$match[4]; + $cols['Scan']= $match[5]; + $cols['Mtd']= $match[6]; + $cols['Size']= $match[7]; + $cols['TTL']= $match[8]; + $log= $match[9].' '.$match[10].' '.$match[11].' '.$match[12]; + /// @todo What are the other category names? + if (preg_match('/(.+)\s+(Domains|URLs|Sites|Phrases)/', $log, $cats)) { + $cols['Cat']= $cats[1]; + } + $cols['Log']= $log; } - else if ($this->ParseSyslogLine($logline, $cols)) { - $cols['DateTime']= $cols['Date'].' '.$cols['Time']; - return TRUE; + else { + $cols['IP']= _('Unknown'); + $cols['Link']= _('Unknown'); + + $re= "/^$re_result\s+$re_mtd\s+$re_nonempty\s+$re_nonempty\s+$re_nonempty\s+$re_link\s+$re_rest$/"; + if (preg_match($re, $cols['Log'], $match)) { + $cols['Mtd']= $match[2]; + $cols['Scan']= $match[4].' '.$match[1].' '.$match[3].' '.$match[5]; + $cols['Link']= $match[6].$match[7]; + $cols['Log']= $match[8]; + } } + return TRUE; } return FALSE; } @@ -98,66 +92,6 @@ function PostProcessCols(&$cols) $cols['Proto']= $match[1]; $cols['Link']= $match[2]; } - - if (preg_match('/(\d+)\.(\d+)\.(\d+)/', $cols['Date'], $match)) { - $cols['Date']= $match[1].'.'.($match[2] + 0).'.'.($match[3] + 0); - } - - $time= explode(':', $cols['Time'], 3); - $cols['Time']= sprintf('%02d', $time[0]).':'.sprintf('%02d', $time[1]).':'.sprintf('%02d', $time[2]); - } - - function GetDateRegexp($date) - { - // Match all years - $re= '.*\.'; - if ($date['Month'] == '') { - $re.= '.*'; - } - else { - $re.= ($date['Month'] + 0).'\.'; - if ($date['Day'] == '') { - $re.= '.*'; - } - else { - $re.= ($date['Day'] + 0); - } - } - return $re; - } - - function formatDateHourRegexp($month, $day, $hour, $minute) - { - global $Re_MonthNumbersNoLeadingZeros, $Re_DaysNoLeadingZeros; - - // 2017.9.7 1:06:16 - $reYear= '20[[:digit:]][[:digit:]]'; - - if ($month != '') { - $reMonth= $month + 0; - } else { - $reMonth= '(' . $Re_MonthNumbersNoLeadingZeros . ')'; - } - - if ($day != '') { - $reDay= $day + 0; - } else { - $reDay= '(' . $Re_DaysNoLeadingZeros . ')'; - } - - if ($hour != '') { - $reHour= $hour + 0; - } else { - $reHour= '([[:digit:]]|[[:digit:]][[:digit:]])'; - } - - if ($minute != '') { - $reMinute= $minute; - } else { - $reMinute= '([[:digit:]][[:digit:]])'; - } - - return "^$reYear.$reMonth.$reDay $reHour:$reMinute:"; } } ?> diff --git a/src/View/e2guardian/include.accesslogs.php b/src/View/e2guardian/include.accesslogs.php index 802a93eb..e612c1f8 100644 --- a/src/View/e2guardian/include.accesslogs.php +++ b/src/View/e2guardian/include.accesslogs.php @@ -54,42 +54,6 @@ function __construct() $this->LogsHelpMsg= _HELPWINDOW('Among web filter log messages are page denials, virus scan results, denial bypasses or exceptions. However, some details can be found in HTTP proxy logs only, such as the sizes of file downloads if the download manager is engaged.'); } - /** - * Builds a DG specific string from $date. - * - * The datetimes in log lines are different for each module. - * Does the opposite of FormatDateArray() - * - * @param array $date Datetime struct - * @return string Date - */ - function FormatDate($date) - { - return date('Y').'.'.($date['Month'] + 0).'.'.($date['Day'] + 0); - } - - /** - * Builds a DG specific $date from string. - */ - function FormatDateArray($datestr, &$date) - { - global $MonthNumbers; - - if (preg_match('/^(\d+)\.(\d+)\.(\d+)$/', $datestr, $match)) { - $date['Month']= $match[2] + 0; - $date['Day']= $match[3] + 0; - return TRUE; - } - else if (preg_match('/(\w+)\s+(\d+)/', $datestr, $match)) { - if (array_key_exists($match[1], $MonthNumbers)) { - $date['Month']= $MonthNumbers[$match[1]] + 0; - $date['Day']= $match[2] + 0; - return TRUE; - } - } - return FALSE; - } - function FormatLogCols(&$cols) { $link= $cols['Link']; diff --git a/src/View/lib/view.php b/src/View/lib/view.php index 3ac8a48e..02be814c 100644 --- a/src/View/lib/view.php +++ b/src/View/lib/view.php @@ -548,6 +548,8 @@ function IsDateRange($date) * Generic date array to string formatter. * * Assumes standard syslog date format for the output string. + * The datetimes in log lines may be different for each module. + * Does the opposite of FormatDateArray(). * * @param array $date Datetime struct. * @return string Date string.