Package org.jwall.audit.server

Source Code of org.jwall.audit.server.AuditEventStreamHandler

/*
*  Copyright (C) 2007-2014 Christian Bockermann <chris@jwall.org>
*
*  This file is part of the  web-audit  library.
*
*  web-audit library is free software; you can redistribute it and/or modify
*  it under the terms of the GNU General Public License as published by
*  the Free Software Foundation; either version 3 of the License, or
*  (at your option) any later version.
*
*  The  web-audit  library is distributed in the hope that it will be useful,
*  but WITHOUT ANY WARRANTY; without even the implied warranty of
*  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
*  GNU General Public License for more details.
*
*  You should have received a copy of the GNU General Public License
*  along with this program.  If not, see <http://www.gnu.org/licenses/>.
*
*/
package org.jwall.audit.server;

import java.io.EOFException;
import java.io.File;
import java.io.InputStream;
import java.net.Socket;
import java.text.DecimalFormat;
import java.util.Collection;
import java.util.zip.GZIPInputStream;

import org.jwall.web.audit.AuditEvent;
import org.jwall.web.audit.AuditEventListener;
import org.jwall.web.audit.io.AuditEventWriter;
import org.jwall.web.audit.io.ModSecurity2AuditWriter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

public class AuditEventStreamHandler extends Thread implements AuditEventListener {

  static Logger log = LoggerFactory.getLogger( AuditEventStreamHandler.class );
  Long start;
  Integer count = 0;
  Socket socket;
  AuditEventWriter writer;
  final static DecimalFormat fmt = new DecimalFormat( "0.00" );
  AuditEventListener store = null;
  SyslogReceiver parent;
  boolean gzip = false;
 
  public AuditEventStreamHandler( SyslogReceiver parent, Socket socket, boolean gzip ) throws Exception {
    this.parent = parent;
    this.socket = socket;
    this.gzip = gzip;
    //writer = new ConcurrentAuditWriter( new File( "/tmp/" + socket.getInetAddress().getHostAddress() ) );
    File outFile = new File( File.separator + "tmp" + File.separator + socket.getInetAddress().getHostAddress() + "-" + socket.getPort() + "-audit.log" );
    System.out.println( "Writing to " + outFile.getAbsolutePath() );
    writer = new ModSecurity2AuditWriter( outFile );
  }

  public void setEventStore( AuditEventListener store ){
    this.store = store;
  }
 

  /**
   * @see java.lang.Thread#run()
   */
  public void run(){

    try {

      //BufferedReader r = new BufferedReader( new InputStreamReader( socket.getInputStream() ) );
      //PrintStream out = new PrintStream( new FileOutputStream( "/tmp/" + socket.getInetAddress().getHostAddress() + "-audit.log" ) );
      //String line = r.readLine();
      start = System.currentTimeMillis();
      InputStream in = null;
      if( gzip )
        in = new GZIPInputStream( socket.getInputStream() );
      else
        in = socket.getInputStream();
     
      ModSecurity2AuditStream reader = new ModSecurity2AuditStream( in, this );
      AuditEvent evt = reader.readNext();
      while( evt != null && !socket.isClosed() ){
        //out.println( line );
        //line = r.readLine();
        eventArrived( evt );
        evt = reader.readNext();
      }
      System.out.println( "Connection closed." );

    } catch (EOFException eof){
      System.out.println( "Connection closed." );
    } catch (Exception e) {
      e.printStackTrace();
    }
   
   
  }


  @Override
  public void eventArrived(AuditEvent evt) {
    try {
     
      if( store != null ){
        store.eventArrived( evt );
      }
     
      count++;
     
      if( count % 1000 == 0 ){
        Long time = (System.currentTimeMillis() - start) ;
        log.info( count +" events received in " + ((int)(time/1000)) + " seconds (" + fmt.format( ((1000*count.doubleValue() ) / time.doubleValue())  ) + " events/second)" );
      }
    } catch (Exception e) {
      e.printStackTrace();
    }
  }


  @Override
  public void eventsArrived(Collection<AuditEvent> events) {
    for( AuditEvent e : events )
      eventArrived( e );
  }
}
TOP

Related Classes of org.jwall.audit.server.AuditEventStreamHandler

TOP
Copyright © 2018 www.massapi.com. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.