package org.araqne.logparser.krsyslog.secuwiz;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import org.araqne.log.api.V1LogParser;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class SecuwizSslLogParser extends V1LogParser {
private final Logger slog = LoggerFactory.getLogger(SecuwizSslLogParser.class);
@Override
public Map<String, Object> parse(Map<String, Object> params) {
String line = (String) params.get("line");
if (line == null)
return null;
try {
SimpleDateFormat sdf = new SimpleDateFormat("MMM dd HH:mm:ss", Locale.ENGLISH);
Map<String, Object> m = new HashMap<String, Object>();
int msgIndex;
msgIndex = parseHeader(line, m, sdf) + 1;
String logType = (String) m.get("log_type");
String data = line.substring(msgIndex);
String[] tokens = tokenizeLine(data.trim(), ",");
if (logType.equals("logger"))
parseLoggerLog(tokens, m);
else if (logType.equals("access_log"))
parseAccessLog(tokens, m);
else if (logType.equals("system_log")) {
m.put("message", data);
}
return m;
} catch (Throwable t) {
slog.debug("araqne syslog parser: cannot parse secuwiz ssl vpn log => " + line, t);
return null;
}
}
private void parseAccessLog(String[] tokens, Map<String, Object> m) {
for (int i = 0; i < tokens.length; i++) {
String keyValue = tokens[i];
String[] split = tokenizeLine(keyValue, "=");
String key = split[0];
if (key.equals("serverIP"))
key = "server_ip";
else if (key.equals("ID"))
key = "id";
else if (key.equals("clientIP"))
key = "client_ip";
else if (key.equals("natIP"))
key = "nat_ip";
String value = split[1];
m.put(key, value.isEmpty() ? null : value);
}
}
private void parseLoggerLog(String[] tokens, Map<String, Object> m) {
List<String> columns = Arrays.asList("connect_id", "user_virtual_ip", "login_out_tag", "user_real_ip");
for (int i = 0; i < columns.size(); i++) {
String value = tokens[i];
m.put(columns.get(i), value.isEmpty() ? null : value);
}
}
private int parseHeader(String line, Map<String, Object> m, SimpleDateFormat sdf) throws ParseException {
List<String> columns = Arrays.asList("sys_svr_time", "source_ip", "vpn_time", "hostname", "log_type");
int s = 0;
int e = 0;
for (String column : columns) {
Object value = null;
if (column.endsWith("_time")) {
e = s + 15;
Date d = sdf.parse(line.substring(s, e));
Calendar c = Calendar.getInstance();
int year = c.get(Calendar.YEAR);
c.setTime(d);
c.set(Calendar.YEAR, year);
value = c.getTime();
} else if (column.equals("log_type")) {
e = line.indexOf(":", s);
value = line.substring(s, e);
} else {
e = line.indexOf(" ", s);
value = line.substring(s, e);
}
m.put(column, value);
s = e + 1;
}
return e;
}
private String[] tokenizeLine(String line, String delimiter) {
int last = 0;
List<String> tokenizedLine = new ArrayList<String>(32);
while (true) {
int p = line.indexOf(delimiter, last);
String token = null;
if (p >= 0)
token = line.substring(last, p);
else
token = line.substring(last);
tokenizedLine.add(token);
if (p < 0)
break;
last = ++p;
}
return tokenizedLine.toArray(new String[0]);
}
}