org.jwall.web.audit.io
Class AuditFormat

java.lang.Object
  org.jwall.web.audit.io.AuditFormat

public abstract class AuditFormat
extends Object

This class defines several constants for AuditLog file formats. In addition to that it provides a simple static guess-method for a best-effort guess of a file or input-stream. This will result in either a code for a log-format or -1 if no proper format has been found.

Author:

Christian Bockerman <chris@jwall.org>

Field Summary

static int	APACHE_ACCESS_LOG
static String[]	FORMAT_NAMES This array holds names of the known formats
static int	IRONBEE_AUDIT_LOG
static int	MOD_SECURITY_1_X_SERIAL_LOG
static int	MOD_SECURITY_2_X_CONCURRENT_LOG
static int	MOD_SECURITY_2_X_SERIAL_LOG
static int	UNKNOWN_FORMAT

Constructor Summary

AuditFormat()

Method Summary

static AuditEventReader	createReader(String filename, boolean tail) This method creates the appropriate reader for a file, denoted by filename.
static int	guessFormat(File inFile)
static int	guessFormat(InputStream in) Return the most probable audit-format for the given input-string.
static boolean	isAccessLog(BufferedReader r) This method checks whether the reader is attached to some standard access-log input.
static boolean	isConcurrent2xLog(BufferedReader r) This method tries to determine whether the reader produces lines in the format of the ModSecurity 2.x concurrent audit-log files.
static boolean	isSerial1xLog(BufferedReader r) This method tries to determine whether the reader produces lines in the format of the ModSecurity 1.x serial audit-log files.
static boolean	isSerial2xLog(BufferedReader r) This method tries to determine whether the reader produces lines in the format of the ModSecurity 2.x serial audit-log files.

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

UNKNOWN_FORMAT

public static final int UNKNOWN_FORMAT

See Also:

Constant Field Values

APACHE_ACCESS_LOG

public static final int APACHE_ACCESS_LOG

See Also:

Constant Field Values

MOD_SECURITY_1_X_SERIAL_LOG

public static final int MOD_SECURITY_1_X_SERIAL_LOG

See Also:

Constant Field Values

MOD_SECURITY_2_X_SERIAL_LOG

public static final int MOD_SECURITY_2_X_SERIAL_LOG

See Also:

Constant Field Values

MOD_SECURITY_2_X_CONCURRENT_LOG

public static final int MOD_SECURITY_2_X_CONCURRENT_LOG

See Also:

Constant Field Values

IRONBEE_AUDIT_LOG

public static final int IRONBEE_AUDIT_LOG

See Also:

Constant Field Values

FORMAT_NAMES

public static final String[] FORMAT_NAMES

This array holds names of the known formats

Constructor Detail

AuditFormat

public AuditFormat()

Method Detail

guessFormat

public static int guessFormat(File inFile)
                       throws IOException

Throws:

IOException

guessFormat

public static int guessFormat(InputStream in)
                       throws IOException

Return the most probable audit-format for the given input-string.

Parameters:

in - The input-stream to guess the audit-format from.

Returns:

The code of the input-format that was found to be matching.

Throws:

IOException

isAccessLog

public static boolean isAccessLog(BufferedReader r)
                           throws IOException

This method checks whether the reader is attached to some standard access-log input. Currently there is no auto-detection of customized access-log formats, i.e. this method will return true only if the lines read from the reader are matching Apache's standard access-logs.

Parameters:

r - The reader to read input data from.

Returns:

true, if the lines read from the reader are in standard access-log format.

Throws:

IOException

isConcurrent2xLog

public static boolean isConcurrent2xLog(BufferedReader r)
                                 throws IOException

This method tries to determine whether the reader produces lines in the format of the ModSecurity 2.x concurrent audit-log files. The reader is supposed to read the index-file of the concurrent audit-log setup.

Parameters:

r - The reader used to read audit-data from the index-file source.

Returns:

true if the audit-log data could be parsed using the ModSecurity 2.x index audit-format.

Throws:

IOException - In case an I/O (read) error occurred.

isSerial1xLog

public static boolean isSerial1xLog(BufferedReader r)
                             throws IOException

This method tries to determine whether the reader produces lines in the format of the ModSecurity 1.x serial audit-log files.

Parameters:

r - The reader to read audit-data from.

Returns:

true if the audit-log data could be parsed using the ModSecurity 1.x audit-format.

Throws:

IOException - In case an I/O (read) error occurred.

isSerial2xLog

public static boolean isSerial2xLog(BufferedReader r)
                             throws IOException

This method tries to determine whether the reader produces lines in the format of the ModSecurity 2.x serial audit-log files.

Parameters:

r - The reader to read audit-data from.

Returns:

true if the audit-log data could be parsed using the ModSecurity 2.x audit-format.

Throws:

IOException - In case an I/O (read) error occurred.

createReader

public static AuditEventReader createReader(String filename,
                                            boolean tail)
                                     throws IOException,
                                            AuditFormatException

This method creates the appropriate reader for a file, denoted by filename.

Parameters:

filename - The file from which audit-log data is to be read.

tail - Indicates, whether the reader should skip to the last line of the file and only read new data which is appended.

Returns:

An instance of the AuditEventReader interface that is able to read audit-events from the given file.

Throws:

IOException - In case an I/O error occurred when trying open/read the file.

AuditFormatException - If the audit-format of the file could not be determined.