These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | // FIXME : use db functions properly |
||
4 | // $device_id_host = @dbFetchCell("SELECT device_id FROM devices WHERE `hostname` = '".mres($entry['host'])."' OR `sysName` = '".mres($entry['host'])."'"); |
||
5 | // $device_id_ip = @dbFetchCell("SELECT device_id FROM ipv4_addresses AS A, ports AS I WHERE A.ipv4_address = '" . $entry['host']."' AND I.port_id = A.port_id"); |
||
6 | |||
7 | |||
8 | function get_cache($host, $value) { |
||
9 | global $dev_cache; |
||
10 | |||
11 | if (!isset($dev_cache[$host][$value])) { |
||
12 | switch ($value) { |
||
13 | case 'device_id': |
||
14 | // Try by hostname |
||
15 | $dev_cache[$host]['device_id'] = dbFetchCell('SELECT `device_id` FROM devices WHERE `hostname` = ? OR `sysName` = ?', array($host, $host)); |
||
16 | // If failed, try by IP |
||
17 | if (!is_numeric($dev_cache[$host]['device_id'])) { |
||
18 | $dev_cache[$host]['device_id'] = dbFetchCell('SELECT `device_id` FROM `ipv4_addresses` AS A, `ports` AS I WHERE A.ipv4_address = ? AND I.port_id = A.port_id', array($host)); |
||
19 | } |
||
20 | break; |
||
21 | |||
22 | View Code Duplication | case 'os': |
|
23 | $dev_cache[$host]['os'] = dbFetchCell('SELECT `os` FROM devices WHERE `device_id` = ?', array(get_cache($host, 'device_id'))); |
||
24 | break; |
||
25 | |||
26 | View Code Duplication | case 'version': |
|
27 | $dev_cache[$host]['version'] = dbFetchCell('SELECT `version` FROM devices WHERE `device_id`= ?', array(get_cache($host, 'device_id'))); |
||
28 | break; |
||
29 | |||
30 | default: |
||
31 | return null; |
||
32 | }//end switch |
||
33 | }//end if |
||
34 | |||
35 | return $dev_cache[$host][$value]; |
||
36 | |||
37 | }//end get_cache() |
||
38 | |||
39 | |||
40 | function process_syslog($entry, $update) { |
||
41 | global $config, $dev_cache; |
||
42 | |||
43 | foreach ($config['syslog_filter'] as $bi) { |
||
44 | if (strpos($entry['msg'], $bi) !== false) { |
||
45 | return $entry; |
||
46 | } |
||
47 | } |
||
48 | |||
49 | $entry['host'] = preg_replace("/^::ffff:/", "", $entry['host']); |
||
50 | $entry['device_id'] = get_cache($entry['host'], 'device_id'); |
||
51 | if ($entry['device_id']) { |
||
52 | $os = get_cache($entry['host'], 'os'); |
||
53 | |||
54 | if (in_array($os, array('ios', 'iosxe', 'catos'))) { |
||
55 | // multipart message |
||
56 | if(strpos($entry['msg'], ':') !== false) { |
||
57 | /* Split the following examples |
||
58 | * %CARD-SEVERITY-MSG:SLOT %FACILITY-SEVERITY-MNEMONIC: Message-text |
||
59 | * %FACILITY-SUBFACILITY-SEVERITY-MNEMONIC: Message-text |
||
60 | */ |
||
61 | $matches = array(); |
||
62 | View Code Duplication | if(preg_match('/^(?<program>%?[A-Za-z\d\-_]+(:[A-Z]* %[A-Z\d\-_]+)?): ?(?<msg>.*)/', $entry['msg'], $matches)) { |
|
0 ignored issues
–
show
|
|||
63 | $entry['program'] = $matches['program']; |
||
64 | $entry['msg'] = $matches['msg']; |
||
65 | } |
||
66 | unset($matches); |
||
67 | } |
||
68 | else { |
||
69 | // if this looks like a program (no groups of 2 or more lowercase letters), move it to program |
||
70 | View Code Duplication | if (!preg_match('/[(a-z)]{2,}/', $entry['msg'])) { |
|
71 | $entry['program'] = $entry['msg']; |
||
72 | unset($entry['msg']); |
||
73 | } |
||
74 | } |
||
75 | } |
||
76 | else if ($os == 'linux' and get_cache($entry['host'], 'version') == 'Point') { |
||
77 | // Cisco WAP200 and similar |
||
78 | $matches = array(); |
||
79 | View Code Duplication | if (preg_match('#Log: \[(?P<program>.*)\] - (?P<msg>.*)#', $entry['msg'], $matches)) { |
|
80 | $entry['msg'] = $matches['msg']; |
||
81 | $entry['program'] = $matches['program']; |
||
82 | } |
||
83 | |||
84 | unset($matches); |
||
85 | } |
||
86 | else if ($os == 'linux') { |
||
87 | $matches = array(); |
||
88 | // pam_krb5(sshd:auth): authentication failure; logname=root uid=0 euid=0 tty=ssh ruser= rhost=123.213.132.231 |
||
89 | // pam_krb5[sshd:auth]: authentication failure; logname=root uid=0 euid=0 tty=ssh ruser= rhost=123.213.132.231 |
||
90 | if (preg_match('#^(?P<program>([^(:]+\([^)]+\)|[^\[:]+\[[^\]]+\])) ?: ?(?P<msg>.*)$#', $entry['msg'], $matches)) { |
||
91 | $entry['msg'] = $matches['msg']; |
||
92 | $entry['program'] = $matches['program']; |
||
93 | } // SYSLOG CONNECTION BROKEN; FD='6', SERVER='AF_INET(123.213.132.231:514)', time_reopen='60' |
||
94 | // pam_krb5: authentication failure; logname=root uid=0 euid=0 tty=ssh ruser= rhost=123.213.132.231 |
||
95 | // Disabled because broke this: |
||
96 | // diskio.c: don't know how to handle 10 request |
||
97 | // elseif($pos = strpos($entry['msg'], ';') or $pos = strpos($entry['msg'], ':')) { |
||
98 | // $entry['program'] = substr($entry['msg'], 0, $pos); |
||
99 | // $entry['msg'] = substr($entry['msg'], $pos+1); |
||
100 | // } |
||
101 | // fallback, better than nothing... |
||
102 | else if (empty($entry['program']) and !empty($entry['facility'])) { |
||
103 | $entry['program'] = $entry['facility']; |
||
104 | } |
||
105 | |||
106 | unset($matches); |
||
107 | } |
||
108 | else if ($os == 'procurve') { |
||
109 | $matches = array(); |
||
110 | if (preg_match('/^(?P<program>[A-Za-z]+): {2}(?P<msg>.*)/', $entry['msg'], $matches)) { |
||
111 | $entry['msg'] = $matches['msg']. " [". $entry['program']. "]"; |
||
112 | $entry['program'] = $matches['program']; |
||
113 | } |
||
114 | unset($matches); |
||
115 | |||
116 | }//end if |
||
117 | |||
118 | if (!isset($entry['program'])) { |
||
119 | $entry['program'] = $entry['msg']; |
||
120 | unset($entry['msg']); |
||
121 | } |
||
122 | |||
123 | $entry['program'] = strtoupper($entry['program']); |
||
124 | $entry = array_map('trim', $entry); |
||
125 | |||
126 | if ($update) { |
||
127 | dbInsert( |
||
128 | array( |
||
129 | 'device_id' => $entry['device_id'], |
||
130 | 'program' => $entry['program'], |
||
131 | 'facility' => $entry['facility'], |
||
132 | 'priority' => $entry['priority'], |
||
133 | 'level' => $entry['level'], |
||
134 | 'tag' => $entry['tag'], |
||
135 | 'msg' => $entry['msg'], |
||
136 | 'timestamp' => $entry['timestamp'], |
||
137 | ), |
||
138 | 'syslog' |
||
139 | ); |
||
140 | } |
||
141 | |||
142 | unset($os); |
||
143 | }//end if |
||
144 | |||
145 | return $entry; |
||
146 | |||
147 | }//end process_syslog() |
||
148 |
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.
You can also find more detailed suggestions in the “Code” section of your repository.