From 8a9e0cc68e3314b02065dcd3424201f25f176dfb Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Thu, 7 Jul 2011 16:35:51 +0200 Subject: milestone/[PARTWORK]: obtaining msg vars integrated, "==" works for strings --- runtime/msg.h | 1 + 1 file changed, 1 insertion(+) (limited to 'runtime/msg.h') diff --git a/runtime/msg.h b/runtime/msg.h index 01a1e059..19debb03 100644 --- a/runtime/msg.h +++ b/runtime/msg.h @@ -170,6 +170,7 @@ uchar *MsgGetProp(msg_t *pMsg, struct templateEntry *pTpe, size_t *pPropLen, unsigned short *pbMustBeFreed); char *textpri(char *pRes, size_t pResLen, int pri); rsRetVal msgGetMsgVar(msg_t *pThis, cstr_t *pstrPropName, var_t **ppVar); +es_str_t* msgGetMsgVarNew(msg_t *pThis, uchar *name); rsRetVal MsgEnableThreadSafety(void); uchar *getRcvFrom(msg_t *pM); void getTAG(msg_t *pM, uchar **ppBuf, int *piLen); -- cgit From 379bd30a5481056c2e5e71443149fb6b3b2295fc Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Fri, 8 Jul 2011 14:50:35 +0200 Subject: milestone/[PARTWORK]: integrated all variable types (msg/sys/cee) --- runtime/msg.h | 1 + 1 file changed, 1 insertion(+) (limited to 'runtime/msg.h') diff --git a/runtime/msg.h b/runtime/msg.h index 19debb03..55d2dfc0 100644 --- a/runtime/msg.h +++ b/runtime/msg.h @@ -178,6 +178,7 @@ char *getTimeReported(msg_t *pM, enum tplFormatTypes eFmt); char *getPRI(msg_t *pMsg); void getRawMsg(msg_t *pM, uchar **pBuf, int *piLen); rsRetVal msgGetCEEVar(msg_t *pThis, cstr_t *propName, var_t **ppVar); +es_str_t* msgGetCEEVarNew(msg_t *pMsg, char *name); /* TODO: remove these five (so far used in action.c) */ -- cgit From 66ab2a70e5bcc9637dfec89c6134abe10b96dde8 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Thu, 15 Mar 2012 17:25:26 +0100 Subject: added message property parsesuccess to indicate status of higher level parser run added message property parsesuccess to indicate if the last run higher-level parser could successfully parse the message or not (see property replacer html doc for details) --- runtime/msg.h | 2 ++ 1 file changed, 2 insertions(+) (limited to 'runtime/msg.h') diff --git a/runtime/msg.h b/runtime/msg.h index 55d2dfc0..4c209b8f 100644 --- a/runtime/msg.h +++ b/runtime/msg.h @@ -65,6 +65,7 @@ struct msg { int iRefCount; /* reference counter (0 = unused) */ sbool bDoLock; /* use the mutex? */ sbool bAlreadyFreed; /* aid to help detect a well-hidden bad bug -- TODO: remove when no longer needed */ + sbool bParseSuccess; /* set to reflect state of last executed higher level parser */ short iSeverity; /* the severity 0..7 */ short iFacility; /* Facility code 0 .. 23*/ short offAfterPRI; /* offset, at which raw message WITHOUT PRI part starts in pszRawMsg */ @@ -150,6 +151,7 @@ void MsgSetInputName(msg_t *pMsg, prop_t*); rsRetVal MsgSetAPPNAME(msg_t *pMsg, char* pszAPPNAME); rsRetVal MsgSetPROCID(msg_t *pMsg, char* pszPROCID); rsRetVal MsgSetMSGID(msg_t *pMsg, char* pszMSGID); +void MsgSetParseSuccess(msg_t *pMsg, int bSuccess); void MsgSetTAG(msg_t *pMsg, uchar* pszBuf, size_t lenBuf); void MsgSetRuleset(msg_t *pMsg, ruleset_t*); rsRetVal MsgSetFlowControlType(msg_t *pMsg, flowControl_t eFlowCtl); -- cgit From b88ba949f8d657034f808034321fabbd65bf8078 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Thu, 29 Mar 2012 18:04:12 +0200 Subject: added "date-unixtimestamp" property replacer option to format as a unix timestamp --- runtime/msg.h | 2 ++ 1 file changed, 2 insertions(+) (limited to 'runtime/msg.h') diff --git a/runtime/msg.h b/runtime/msg.h index 4c209b8f..ed2e9d04 100644 --- a/runtime/msg.h +++ b/runtime/msg.h @@ -121,6 +121,8 @@ struct msg { char pszTimestamp3339[CONST_LEN_TIMESTAMP_3339 + 1]; char pszTIMESTAMP_SecFrac[7]; /* Note: a pointer is 64 bits/8 char, so this is actually fewer than a pointer! */ char pszRcvdAt_SecFrac[7]; /* same as above. Both are fractional seconds for their respective timestamp */ + char pszTIMESTAMP_Unix[12]; /* almost as small as a pointer! */ + char pszRcvdAt_Unix[12]; }; -- cgit