[pve-devel] [RFC firewall] api: Add optional parameters `since` and `until` for timestamp filter

Christian Ebner c.ebner at proxmox.com
Thu Jan 5 10:18:03 CET 2023 

The optional unix epoch timestamps parameters `since` and `until` are introduced in order to filter
firewall logs files.

Since the `dump_logfile` function is used in multiple places, not neccessarily following the firewall
log output format, a specialized function `dump_fw_logfile` is introduced in the PVE::Tools,
with fallback to the previous `dump_logfile` function if none of the parameters is present.

This patch depends on the corresponding patch in the pve-common repository.

Signed-off-by: Christian Ebner <c.ebner at proxmox.com>
---
 src/PVE/API2/Firewall/Host.pm | 15 ++++++++++++++-
 src/PVE/API2/Firewall/VM.pm   | 18 +++++++++++++++---
 2 files changed, 29 insertions(+), 4 deletions(-)

diff --git a/src/PVE/API2/Firewall/Host.pm b/src/PVE/API2/Firewall/Host.pm
index dfeccd0..8470f7f 100644
--- a/src/PVE/API2/Firewall/Host.pm
+++ b/src/PVE/API2/Firewall/Host.pm
@@ -172,6 +172,18 @@ __PACKAGE__->register_method({
 		minimum => 0,
 		optional => 1,
 	    },
+	    since => {
+		type => 'integer',
+		minimum => 0,
+		description => "Display log since this UNIX epoch.",
+		optional => 1,
+	    },
+	    until => {
+		type => 'integer',
+		minimum => 0,
+		description => "Display log until this UNIX epoch.",
+		optional => 1,
+	    },
 	},
     },
     returns => {
@@ -197,7 +209,8 @@ __PACKAGE__->register_method({
 	my $user = $rpcenv->get_user();
 	my $node = $param->{node};
 
-	my ($count, $lines) = PVE::Tools::dump_logfile("/var/log/pve-firewall.log", $param->{start}, $param->{limit});
+	my($count, $lines) = PVE::Tools::dump_fw_logfile("/var/log/pve-firewall.log",
+		$param->{start}, $param->{limit}, undef, $param->{since}, $param->{until});
 
 	$rpcenv->set_result_attrib('total', $count);
 
diff --git a/src/PVE/API2/Firewall/VM.pm b/src/PVE/API2/Firewall/VM.pm
index 48b8c5f..a0c0f94 100644
--- a/src/PVE/API2/Firewall/VM.pm
+++ b/src/PVE/API2/Firewall/VM.pm
@@ -176,6 +176,18 @@ sub register_handlers {
 		    minimum => 0,
 		    optional => 1,
 		},
+		since => {
+		    type => 'integer',
+		    minimum => 0,
+		    description => "Display log since this UNIX epoch.",
+		    optional => 1,
+		},
+		until => {
+		    type => 'integer',
+		    minimum => 0,
+		    description => "Display log until this UNIX epoch.",
+		    optional => 1,
+		},
 	    },
 	},
 	returns => {
@@ -201,9 +213,9 @@ sub register_handlers {
 	    my $user = $rpcenv->get_user();
 	    my $vmid = $param->{vmid};
 
-	    my ($count, $lines) = PVE::Tools::dump_logfile("/var/log/pve-firewall.log",
-							   $param->{start}, $param->{limit},
-							   "^$vmid ");
+	    my ($count, $lines) = PVE::Tools::dump_fw_logfile("/var/log/pve-firewall.log",
+		$param->{start}, $param->{limit}, "^$vmid ", $param->{since},
+		$param->{until});
 
 	    $rpcenv->set_result_attrib('total', $count);
 
-- 
2.30.2

More information about the pve-devel mailing list