[pve-devel] [PATCH firewall 1/1] api: Add optional parameters `since` and `until` for timestamp filter

Christian Ebner c.ebner at proxmox.com
Mon Jan 9 16:07:05 CET 2023


The optional unix epoch timestamps parameters `since` and `until` are introduced
in order to filter firewall logs files. If one of these flags is set, also
rotated logfiles are included.

Filtering is now performed based on a callback function passed to
`dump_fw_logfile`.

This patch depends on the corresponding patch in the pve-common repository.

Signed-off-by: Christian Ebner <c.ebner at proxmox.com>
---
 src/PVE/API2/Firewall/Host.pm | 34 ++++++++++++++++++++++++++++-
 src/PVE/API2/Firewall/VM.pm   | 40 +++++++++++++++++++++++++++++++----
 2 files changed, 69 insertions(+), 5 deletions(-)

diff --git a/src/PVE/API2/Firewall/Host.pm b/src/PVE/API2/Firewall/Host.pm
index dfeccd0..cec440d 100644
--- a/src/PVE/API2/Firewall/Host.pm
+++ b/src/PVE/API2/Firewall/Host.pm
@@ -11,6 +11,7 @@ use PVE::Firewall;
 use PVE::API2::Firewall::Rules;
 
 
+use Date::Parse qw(str2time);
 use base qw(PVE::RESTHandler);
 
 __PACKAGE__->register_method ({
@@ -172,6 +173,18 @@ __PACKAGE__->register_method({
 		minimum => 0,
 		optional => 1,
 	    },
+	    since => {
+		type => 'integer',
+		minimum => 0,
+		description => "Display log since this UNIX epoch.",
+		optional => 1,
+	    },
+	    until => {
+		type => 'integer',
+		minimum => 0,
+		description => "Display log until this UNIX epoch.",
+		optional => 1,
+	    },
 	},
     },
     returns => {
@@ -196,8 +209,27 @@ __PACKAGE__->register_method({
 	my $rpcenv = PVE::RPCEnvironment::get();
 	my $user = $rpcenv->get_user();
 	my $node = $param->{node};
+	my $filename = "/var/log/pve-firewall.log";
+	my ($start, $limit, $since, $until) =
+	    $param->@{qw(start limit since until)};
+
+	my $filter = sub {
+	    my ($line) = @_;
+
+	    if ($since || $until) {
+		my @words = split / /, $line;
+		my $timestamp = str2time($words[3], $words[4]);
+		return undef if $since && $timestamp < $since;
+		return undef if $until && $timestamp > $until;
+	    }
+
+	    return $line;
+	};
+	
+	my $include_rotated_logs = defined($since) || defined($until);
 
-	my ($count, $lines) = PVE::Tools::dump_logfile("/var/log/pve-firewall.log", $param->{start}, $param->{limit});
+	my ($count, $lines) = PVE::Tools::dump_fw_logfile(
+	    $filename, $start, $limit, $filter, $include_rotated_logs);
 
 	$rpcenv->set_result_attrib('total', $count);
 
diff --git a/src/PVE/API2/Firewall/VM.pm b/src/PVE/API2/Firewall/VM.pm
index 48b8c5f..f245788 100644
--- a/src/PVE/API2/Firewall/VM.pm
+++ b/src/PVE/API2/Firewall/VM.pm
@@ -11,6 +11,7 @@ use PVE::API2::Firewall::Rules;
 use PVE::API2::Firewall::Aliases;
 
 
+use Date::Parse qw(str2time);
 use base qw(PVE::RESTHandler);
 
 my $option_properties = $PVE::Firewall::vm_option_properties;
@@ -176,6 +177,18 @@ sub register_handlers {
 		    minimum => 0,
 		    optional => 1,
 		},
+		since => {
+		    type => 'integer',
+		    minimum => 0,
+		    description => "Display log since this UNIX epoch.",
+		    optional => 1,
+		},
+		until => {
+		    type => 'integer',
+		    minimum => 0,
+		    description => "Display log until this UNIX epoch.",
+		    optional => 1,
+		},
 	    },
 	},
 	returns => {
@@ -199,11 +212,30 @@ sub register_handlers {
 
 	    my $rpcenv = PVE::RPCEnvironment::get();
 	    my $user = $rpcenv->get_user();
-	    my $vmid = $param->{vmid};
+	    my $filename = "/var/log/pve-firewall.log";
+	    my ($start, $limit, $vmid, $since, $until) = 
+		$param->@{qw(start limit vmid since until)};
+
+	    my $filter = sub {
+		my ($line) = @_;
+		my $reg = "^$vmid ";
+
+		return undef if $line !~ m/$reg/;
+
+		if ($since || $until) {
+		    my @words = split / /, $line;
+		    my $timestamp = str2time($words[3], $words[4]);
+		    return undef if $since && $timestamp < $since;
+		    return undef if $until && $timestamp > $until;
+		}
+
+		return $line;
+	    };
+
+	    my $include_rotated_logs = defined($since) || defined($until);
 
-	    my ($count, $lines) = PVE::Tools::dump_logfile("/var/log/pve-firewall.log",
-							   $param->{start}, $param->{limit},
-							   "^$vmid ");
+	    my ($count, $lines) = PVE::Tools::dump_fw_logfile(
+		$filename, $start, $limit, $filter, $include_rotated_logs);
 
 	    $rpcenv->set_result_attrib('total', $count);
 
-- 
2.30.2






More information about the pve-devel mailing list