[pve-devel] [RFC common 1/1] tools: Add specialized `dump_fw_logfile` for `since` and `until` filtering of firewall logs

[Wolfgang Bumiller]

On Thu, Jan 05, 2023 at 10:18:04AM +0100, Christian Ebner wrote:
> This furhter includes the contents of rotated logfiles if present. All files are scanned in
> sequential order, as there is no guarantee that the rotated logs contain only entries for
> a single day.
> 
> Signed-off-by: Christian Ebner <c.ebner at proxmox.com>
> ---
>  src/PVE/Tools.pm | 80 ++++++++++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 80 insertions(+)
> 
> diff --git a/src/PVE/Tools.pm b/src/PVE/Tools.pm
> index cdbee6d..fdbf0e1 100644
> --- a/src/PVE/Tools.pm
> +++ b/src/PVE/Tools.pm
> @@ -4,6 +4,7 @@ use strict;
>  use warnings;
>  
>  use Date::Format qw(time2str);
> +use Date::Parse qw(str2time);
>  use Digest::MD5;
>  use Digest::SHA;
>  use Encode;
> @@ -17,6 +18,7 @@ use IO::Handle;
>  use IO::Pipe;
>  use IO::Select;
>  use IO::Socket::IP;
> +use IO::Zlib;
>  use IPC::Open3;
>  use JSON;
>  use POSIX qw(EINTR EEXIST EOPNOTSUPP);
> @@ -1320,6 +1322,84 @@ sub dump_logfile {
>      return ($count, $lines);
>  }
>  
> +sub dump_fw_logfile {

So initially I thought, With this being firewall-specific I'd rather put
this in pve-firewall I think.
But given the 'HACK' and the copying of the $start/$limit/$filter
portion, maybe just split dump_logfile into a reusable part to which you
provide the IO handle and running $count as parameter instead of the
filename (IO handle because of the zlib part), and which recognizes when
`$filter` is a `sub` to call instead of just a regex (`ref($filter) eq
'CODE'), or simply add those 2 parameters to dump_logfile directly.
At least I'd prefer more code reuse if it's already in this module.