Issues in syslog.php - Fixed Issues - Inspection of "Fix cisco syslog parsing when logging timestamp is..." - librenms/librenms - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#3203)

by Tony

created 2016-03-09 20:31 UTC

includes/syslog.php (1 issue)

Labels

Duplication 1

Severity

Informational 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

// FIXME : use db functions properly
// $device_id_host = @dbFetchCell("SELECT device_id FROM devices WHERE `hostname` = '".mres($entry['host'])."' OR `sysName` = '".mres($entry['host'])."'");
// $device_id_ip = @dbFetchCell("SELECT device_id FROM ipv4_addresses AS A, ports AS I WHERE A.ipv4_address = '" . $entry['host']."' AND I.port_id = A.port_id");


function get_cache($host, $value) {
    global $dev_cache;

    if (!isset($dev_cache[$host][$value])) {
        switch ($value) {
        case 'device_id':
            // Try by hostname
            $dev_cache[$host]['device_id'] = dbFetchCell('SELECT `device_id` FROM devices WHERE `hostname` = ? OR `sysName` = ?', array($host, $host));
            // If failed, try by IP
            if (!is_numeric($dev_cache[$host]['device_id'])) {
                $dev_cache[$host]['device_id'] = dbFetchCell('SELECT `device_id` FROM `ipv4_addresses` AS A, `ports` AS I WHERE A.ipv4_address = ? AND I.port_id = A.port_id', array($host));
            }
            break;

        case 'os':
            $dev_cache[$host]['os'] = dbFetchCell('SELECT `os` FROM devices WHERE `device_id` = ?', array(get_cache($host, 'device_id')));
            break;

        case 'version':
            $dev_cache[$host]['version'] = dbFetchCell('SELECT `version` FROM devices WHERE `device_id`= ?', array(get_cache($host, 'device_id')));
            break;

        default:
            return null;
        }//end switch
    }//end if

    return $dev_cache[$host][$value];

}//end get_cache()


function process_syslog($entry, $update) {
    global $config, $dev_cache;

    foreach ($config['syslog_filter'] as $bi) {
        if (strpos($entry['msg'], $bi) !== false) {
            return $entry;
        }
    }

    $entry['host'] = preg_replace("/^::ffff:/", "", $entry['host']);
    $entry['device_id'] = get_cache($entry['host'], 'device_id');
    if ($entry['device_id']) {
        $os = get_cache($entry['host'], 'os');

        if (in_array($os, array('ios', 'iosxe', 'catos'))) {
            // multipart message
            if(strpos($entry['msg'], ':') !== false) {
                /* Split the following examples
                 * %CARD-SEVERITY-MSG:SLOT %FACILITY-SEVERITY-MNEMONIC: Message-text
                 * %FACILITY-SUBFACILITY-SEVERITY-MNEMONIC: Message-text
                 */
                $matches = array();
                if(preg_match('/^(?<program>%?[A-Za-z\d\-_]+(:[A-Z]* %[A-Z\d\-_]+)?): ?(?<msg>.*)/', $entry['msg'], $matches)) {

                    $entry['program'] = $matches['program'];
                    $entry['msg'] = $matches['msg'];
                }
                unset($matches);
            }
            else {
                // if this looks like a program (no groups of 2 or more lowercase letters), move it to program
                if (!preg_match('/[(a-z)]{2,}/', $entry['msg'])) {
                    $entry['program'] = $entry['msg'];
                    unset($entry['msg']);
               }
            }
        }
        else if ($os == 'linux' and get_cache($entry['host'], 'version') == 'Point') {
            // Cisco WAP200 and similar
            $matches = array();
            if (preg_match('#Log: \[(?P<program>.*)\] - (?P<msg>.*)#', $entry['msg'], $matches)) {
                $entry['msg']     = $matches['msg'];
                $entry['program'] = $matches['program'];
            }

            unset($matches);
        }
        else if ($os == 'linux') {
            $matches = array();
            // pam_krb5(sshd:auth): authentication failure; logname=root uid=0 euid=0 tty=ssh ruser= rhost=123.213.132.231
            // pam_krb5[sshd:auth]: authentication failure; logname=root uid=0 euid=0 tty=ssh ruser= rhost=123.213.132.231
            if (preg_match('#^(?P<program>([^(:]+\([^)]+\)|[^\[:]+\[[^\]]+\])) ?: ?(?P<msg>.*)$#', $entry['msg'], $matches)) {
                $entry['msg']     = $matches['msg'];
                $entry['program'] = $matches['program'];
            } // SYSLOG CONNECTION BROKEN; FD='6', SERVER='AF_INET(123.213.132.231:514)', time_reopen='60'
            // pam_krb5: authentication failure; logname=root uid=0 euid=0 tty=ssh ruser= rhost=123.213.132.231
            // Disabled because broke this:
            // diskio.c: don't know how to handle 10 request
            // elseif($pos = strpos($entry['msg'], ';') or $pos = strpos($entry['msg'], ':')) {
            // $entry['program'] = substr($entry['msg'], 0, $pos);
            // $entry['msg'] = substr($entry['msg'], $pos+1);
            // }
            // fallback, better than nothing...
            else if (empty($entry['program']) and !empty($entry['facility'])) {
                $entry['program'] = $entry['facility'];
            }

            unset($matches);
        }
        else if ($os == 'procurve') {
            $matches = array();
            if (preg_match('/^(?P<program>[A-Za-z]+): {2}(?P<msg>.*)/', $entry['msg'], $matches)) {
                $entry['msg']     = $matches['msg']. " [". $entry['program']. "]";
                $entry['program'] = $matches['program'];
            }
            unset($matches);

        }//end if

        if (!isset($entry['program'])) {
            $entry['program'] = $entry['msg'];
            unset($entry['msg']);
        }

        $entry['program'] = strtoupper($entry['program']);
        $entry = array_map('trim', $entry);

        if ($update) {
            dbInsert(
                array(
                    'device_id' => $entry['device_id'],
                    'program'   => $entry['program'],
                    'facility'  => $entry['facility'],
                    'priority'  => $entry['priority'],
                    'level'     => $entry['level'],
                    'tag'       => $entry['tag'],
                    'msg'       => $entry['msg'],
                    'timestamp' => $entry['timestamp'],
                ),
                'syslog'
            );
        }

        unset($os);
    }//end if

    return $entry;

}//end process_syslog()


1		<?php
2
3		// FIXME : use db functions properly
4		// $device_id_host = @dbFetchCell("SELECT device_id FROM devices WHERE `hostname` = '".mres($entry['host'])."' OR `sysName` = '".mres($entry['host'])."'");
5		// $device_id_ip = @dbFetchCell("SELECT device_id FROM ipv4_addresses AS A, ports AS I WHERE A.ipv4_address = '" . $entry['host']."' AND I.port_id = A.port_id");
6
7
8		function get_cache($host, $value) {
9		global $dev_cache;
10
11		if (!isset($dev_cache[$host][$value])) {
12		switch ($value) {
13		case 'device_id':
14		// Try by hostname
15		$dev_cache[$host]['device_id'] = dbFetchCell('SELECT `device_id` FROM devices WHERE `hostname` = ? OR `sysName` = ?', array($host, $host));
16		// If failed, try by IP
17		if (!is_numeric($dev_cache[$host]['device_id'])) {
18		$dev_cache[$host]['device_id'] = dbFetchCell('SELECT `device_id` FROM `ipv4_addresses` AS A, `ports` AS I WHERE A.ipv4_address = ? AND I.port_id = A.port_id', array($host));
19		}
20		break;
21
22	View Code Duplication	case 'os':
23		$dev_cache[$host]['os'] = dbFetchCell('SELECT `os` FROM devices WHERE `device_id` = ?', array(get_cache($host, 'device_id')));
24		break;
25
26	View Code Duplication	case 'version':
27		$dev_cache[$host]['version'] = dbFetchCell('SELECT `version` FROM devices WHERE `device_id`= ?', array(get_cache($host, 'device_id')));
28		break;
29
30		default:
31		return null;
32		}//end switch
33		}//end if
34
35		return $dev_cache[$host][$value];
36
37		}//end get_cache()
38
39
40		function process_syslog($entry, $update) {
41		global $config, $dev_cache;
42
43		foreach ($config['syslog_filter'] as $bi) {
44		if (strpos($entry['msg'], $bi) !== false) {
45		return $entry;
46		}
47		}
48
49		$entry['host'] = preg_replace("/^::ffff:/", "", $entry['host']);
50		$entry['device_id'] = get_cache($entry['host'], 'device_id');
51		if ($entry['device_id']) {
52		$os = get_cache($entry['host'], 'os');
53
54		if (in_array($os, array('ios', 'iosxe', 'catos'))) {
55		// multipart message
56		if(strpos($entry['msg'], ':') !== false) {
57		/* Split the following examples
58		* %CARD-SEVERITY-MSG:SLOT %FACILITY-SEVERITY-MNEMONIC: Message-text
59		* %FACILITY-SUBFACILITY-SEVERITY-MNEMONIC: Message-text
60		*/
61		$matches = array();
62	View Code Duplication	if(preg_match('/^(?<program>%?[A-Za-z\d\-_]+(:[A-Z]* %[A-Z\d\-_]+)?): ?(?<msg>.*)/', $entry['msg'], $matches)) {
		0 ignored issues – show Duplication introduced 2016-02-27 22:07 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
63		$entry['program'] = $matches['program'];
64		$entry['msg'] = $matches['msg'];
65		}
66		unset($matches);
67		}
68		else {
69		// if this looks like a program (no groups of 2 or more lowercase letters), move it to program
70	View Code Duplication	if (!preg_match('/[(a-z)]{2,}/', $entry['msg'])) {
71		$entry['program'] = $entry['msg'];
72		unset($entry['msg']);
73		}
74		}
75		}
76		else if ($os == 'linux' and get_cache($entry['host'], 'version') == 'Point') {
77		// Cisco WAP200 and similar
78		$matches = array();
79	View Code Duplication	if (preg_match('#Log: \[(?P<program>.)\] - (?P<msg>.)#', $entry['msg'], $matches)) {
80		$entry['msg'] = $matches['msg'];
81		$entry['program'] = $matches['program'];
82		}
83
84		unset($matches);
85		}
86		else if ($os == 'linux') {
87		$matches = array();
88		// pam_krb5(sshd:auth): authentication failure; logname=root uid=0 euid=0 tty=ssh ruser= rhost=123.213.132.231
89		// pam_krb5[sshd:auth]: authentication failure; logname=root uid=0 euid=0 tty=ssh ruser= rhost=123.213.132.231
90		if (preg_match('#^(?P<program>([^(:]+\([^)]+\)\|[^\[:]+\[[^\]]+\])) ?: ?(?P<msg>.*)$#', $entry['msg'], $matches)) {
91		$entry['msg'] = $matches['msg'];
92		$entry['program'] = $matches['program'];
93		} // SYSLOG CONNECTION BROKEN; FD='6', SERVER='AF_INET(123.213.132.231:514)', time_reopen='60'
94		// pam_krb5: authentication failure; logname=root uid=0 euid=0 tty=ssh ruser= rhost=123.213.132.231
95		// Disabled because broke this:
96		// diskio.c: don't know how to handle 10 request
97		// elseif($pos = strpos($entry['msg'], ';') or $pos = strpos($entry['msg'], ':')) {
98		// $entry['program'] = substr($entry['msg'], 0, $pos);
99		// $entry['msg'] = substr($entry['msg'], $pos+1);
100		// }
101		// fallback, better than nothing...
102		else if (empty($entry['program']) and !empty($entry['facility'])) {
103		$entry['program'] = $entry['facility'];
104		}
105
106		unset($matches);
107		}
108		else if ($os == 'procurve') {
109		$matches = array();
110		if (preg_match('/^(?P<program>[A-Za-z]+): {2}(?P<msg>.*)/', $entry['msg'], $matches)) {
111		$entry['msg'] = $matches['msg']. " [". $entry['program']. "]";
112		$entry['program'] = $matches['program'];
113		}
114		unset($matches);
115
116		}//end if
117
118		if (!isset($entry['program'])) {
119		$entry['program'] = $entry['msg'];
120		unset($entry['msg']);
121		}
122
123		$entry['program'] = strtoupper($entry['program']);
124		$entry = array_map('trim', $entry);
125
126		if ($update) {
127		dbInsert(
128		array(
129		'device_id' => $entry['device_id'],
130		'program' => $entry['program'],
131		'facility' => $entry['facility'],
132		'priority' => $entry['priority'],
133		'level' => $entry['level'],
134		'tag' => $entry['tag'],
135		'msg' => $entry['msg'],
136		'timestamp' => $entry['timestamp'],
137		),
138		'syslog'
139		);
140		}
141
142		unset($os);
143		}//end if
144
145		return $entry;
146
147		}//end process_syslog()
148

librenms / librenms

Pull Request — master (#3203)

includes/syslog.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like