Add conversion from field type to string and use it to improve logging
This commit is contained in:
Aleksei Nikiforov
parent
559944866f
commit
0ea79509b8
@ -180,14 +180,14 @@ void auparse_callback(auparse_state_t *au, auparse_cb_event_t cb_event_type, voi
|
||||
|
||||
if (database_type.empty() || database_name.empty())
|
||||
{
|
||||
fprintf(stderr, "Couldn't find matching database entry for field with name \"%s\" and type %d\n", field_name.c_str(), (int) field_type);
|
||||
fprintf(stderr, "Couldn't find matching database entry for field with name \"%s\" and type \"%s\"\n", field_name.c_str(), field_type_to_string(field_type).c_str());
|
||||
continue;
|
||||
}
|
||||
|
||||
if (!check_field_type(field_type, database_type, field_name))
|
||||
{
|
||||
fprintf(stderr, "Warning: expected datatype doesn't match database datatype for field \"%s\": expected \"%s\", actual %d\n",
|
||||
field_name.c_str(), database_type.c_str(), field_type);
|
||||
fprintf(stderr, "Warning: expected datatype doesn't match database datatype for field \"%s\": expected \"%s\", actual \"%s\"\n",
|
||||
field_name.c_str(), database_type.c_str(), field_type_to_string(field_type).c_str());
|
||||
}
|
||||
|
||||
std::shared_ptr<AbstractRecordField> data_ptr;
|
||||
|
||||
@ -141,6 +141,68 @@ bool check_field_type(auparse_type_t field_type, const std::string &database_typ
|
||||
}
|
||||
}
|
||||
|
||||
std::string field_type_to_string(auparse_type_t field_type)
|
||||
{
|
||||
#define field_type_macro(T) { T, #T }
|
||||
|
||||
static const std::map<auparse_type_t, std::string> s_field_type_to_string_map = {
|
||||
field_type_macro(AUPARSE_TYPE_UNCLASSIFIED),
|
||||
field_type_macro(AUPARSE_TYPE_UID),
|
||||
field_type_macro(AUPARSE_TYPE_GID),
|
||||
field_type_macro(AUPARSE_TYPE_SYSCALL),
|
||||
field_type_macro(AUPARSE_TYPE_ARCH),
|
||||
field_type_macro(AUPARSE_TYPE_EXIT),
|
||||
field_type_macro(AUPARSE_TYPE_ESCAPED),
|
||||
field_type_macro(AUPARSE_TYPE_PERM),
|
||||
field_type_macro(AUPARSE_TYPE_MODE),
|
||||
field_type_macro(AUPARSE_TYPE_SOCKADDR),
|
||||
field_type_macro(AUPARSE_TYPE_FLAGS),
|
||||
field_type_macro(AUPARSE_TYPE_PROMISC),
|
||||
field_type_macro(AUPARSE_TYPE_CAPABILITY),
|
||||
field_type_macro(AUPARSE_TYPE_SUCCESS),
|
||||
field_type_macro(AUPARSE_TYPE_A0),
|
||||
field_type_macro(AUPARSE_TYPE_A1),
|
||||
field_type_macro(AUPARSE_TYPE_A2),
|
||||
field_type_macro(AUPARSE_TYPE_A3),
|
||||
field_type_macro(AUPARSE_TYPE_SIGNAL),
|
||||
field_type_macro(AUPARSE_TYPE_LIST),
|
||||
field_type_macro(AUPARSE_TYPE_TTY_DATA),
|
||||
field_type_macro(AUPARSE_TYPE_SESSION),
|
||||
field_type_macro(AUPARSE_TYPE_CAP_BITMAP),
|
||||
field_type_macro(AUPARSE_TYPE_NFPROTO),
|
||||
field_type_macro(AUPARSE_TYPE_ICMPTYPE),
|
||||
field_type_macro(AUPARSE_TYPE_PROTOCOL),
|
||||
field_type_macro(AUPARSE_TYPE_ADDR),
|
||||
field_type_macro(AUPARSE_TYPE_PERSONALITY),
|
||||
field_type_macro(AUPARSE_TYPE_SECCOMP),
|
||||
field_type_macro(AUPARSE_TYPE_OFLAG),
|
||||
field_type_macro(AUPARSE_TYPE_MMAP),
|
||||
field_type_macro(AUPARSE_TYPE_MODE_SHORT),
|
||||
field_type_macro(AUPARSE_TYPE_MAC_LABEL),
|
||||
field_type_macro(AUPARSE_TYPE_PROCTITLE),
|
||||
field_type_macro(AUPARSE_TYPE_HOOK),
|
||||
field_type_macro(AUPARSE_TYPE_NETACTION),
|
||||
field_type_macro(AUPARSE_TYPE_MACPROTO),
|
||||
field_type_macro(AUPARSE_TYPE_IOCTL_REQ),
|
||||
field_type_macro(AUPARSE_TYPE_ESCAPED_KEY),
|
||||
field_type_macro(AUPARSE_TYPE_ESCAPED_FILE),
|
||||
field_type_macro(AUPARSE_TYPE_FANOTIFY)
|
||||
};
|
||||
|
||||
#undef field_type_macro
|
||||
|
||||
auto iter = s_field_type_to_string_map.find(field_type);
|
||||
if (iter != s_field_type_to_string_map.end())
|
||||
{
|
||||
return iter->second;
|
||||
}
|
||||
else
|
||||
{
|
||||
fprintf(stderr, "Warning: unknown field type for field type id \"%d\"\n", field_type);
|
||||
return "unknown";
|
||||
}
|
||||
}
|
||||
|
||||
AbstractRecordField::AbstractRecordField(const std::string &name)
|
||||
: m_name(name)
|
||||
{
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
/*
|
||||
* auditd-plugin-clickhouse is an auditd plugin for sending auditd data
|
||||
* to clickhouse DB.
|
||||
* Copyright (C) 2019 Aleksei Nikiforov <darktemplar@basealt.ru>
|
||||
* Copyright (C) 2019-2020 Aleksei Nikiforov <darktemplar@basealt.ru>
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
@ -37,6 +37,7 @@
|
||||
#include <clickhouse-cpp/columns/column.h>
|
||||
|
||||
bool check_field_type(auparse_type_t field_type, const std::string &database_type, const std::string &database_field_name);
|
||||
std::string field_type_to_string(auparse_type_t field_type);
|
||||
|
||||
class AbstractRecordField
|
||||
{
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user