The optional unix epoch timestamps parameters `since` and `until` are introduced in order to filter firewall logs files. If one of these flags is set, also rotated logfiles are included.
Filtering is now performed based on a callback function passed to `dump_fw_logfile`. This patch depends on the corresponding patch in the pve-common repository. Signed-off-by: Christian Ebner <c.eb...@proxmox.com> --- src/PVE/API2/Firewall/Host.pm | 34 ++++++++++++++++++++++++++++- src/PVE/API2/Firewall/VM.pm | 40 +++++++++++++++++++++++++++++++---- 2 files changed, 69 insertions(+), 5 deletions(-) diff --git a/src/PVE/API2/Firewall/Host.pm b/src/PVE/API2/Firewall/Host.pm index dfeccd0..cec440d 100644 --- a/src/PVE/API2/Firewall/Host.pm +++ b/src/PVE/API2/Firewall/Host.pm @@ -11,6 +11,7 @@ use PVE::Firewall; use PVE::API2::Firewall::Rules; +use Date::Parse qw(str2time); use base qw(PVE::RESTHandler); __PACKAGE__->register_method ({ @@ -172,6 +173,18 @@ __PACKAGE__->register_method({ minimum => 0, optional => 1, }, + since => { + type => 'integer', + minimum => 0, + description => "Display log since this UNIX epoch.", + optional => 1, + }, + until => { + type => 'integer', + minimum => 0, + description => "Display log until this UNIX epoch.", + optional => 1, + }, }, }, returns => { @@ -196,8 +209,27 @@ __PACKAGE__->register_method({ my $rpcenv = PVE::RPCEnvironment::get(); my $user = $rpcenv->get_user(); my $node = $param->{node}; + my $filename = "/var/log/pve-firewall.log"; + my ($start, $limit, $since, $until) = + $param->@{qw(start limit since until)}; + + my $filter = sub { + my ($line) = @_; + + if ($since || $until) { + my @words = split / /, $line; + my $timestamp = str2time($words[3], $words[4]); + return undef if $since && $timestamp < $since; + return undef if $until && $timestamp > $until; + } + + return $line; + }; + + my $include_rotated_logs = defined($since) || defined($until); - my ($count, $lines) = PVE::Tools::dump_logfile("/var/log/pve-firewall.log", $param->{start}, $param->{limit}); + my ($count, $lines) = PVE::Tools::dump_fw_logfile( + $filename, $start, $limit, $filter, $include_rotated_logs); $rpcenv->set_result_attrib('total', $count); diff --git a/src/PVE/API2/Firewall/VM.pm b/src/PVE/API2/Firewall/VM.pm index 48b8c5f..f245788 100644 --- a/src/PVE/API2/Firewall/VM.pm +++ b/src/PVE/API2/Firewall/VM.pm @@ -11,6 +11,7 @@ use PVE::API2::Firewall::Rules; use PVE::API2::Firewall::Aliases; +use Date::Parse qw(str2time); use base qw(PVE::RESTHandler); my $option_properties = $PVE::Firewall::vm_option_properties; @@ -176,6 +177,18 @@ sub register_handlers { minimum => 0, optional => 1, }, + since => { + type => 'integer', + minimum => 0, + description => "Display log since this UNIX epoch.", + optional => 1, + }, + until => { + type => 'integer', + minimum => 0, + description => "Display log until this UNIX epoch.", + optional => 1, + }, }, }, returns => { @@ -199,11 +212,30 @@ sub register_handlers { my $rpcenv = PVE::RPCEnvironment::get(); my $user = $rpcenv->get_user(); - my $vmid = $param->{vmid}; + my $filename = "/var/log/pve-firewall.log"; + my ($start, $limit, $vmid, $since, $until) = + $param->@{qw(start limit vmid since until)}; + + my $filter = sub { + my ($line) = @_; + my $reg = "^$vmid "; + + return undef if $line !~ m/$reg/; + + if ($since || $until) { + my @words = split / /, $line; + my $timestamp = str2time($words[3], $words[4]); + return undef if $since && $timestamp < $since; + return undef if $until && $timestamp > $until; + } + + return $line; + }; + + my $include_rotated_logs = defined($since) || defined($until); - my ($count, $lines) = PVE::Tools::dump_logfile("/var/log/pve-firewall.log", - $param->{start}, $param->{limit}, - "^$vmid "); + my ($count, $lines) = PVE::Tools::dump_fw_logfile( + $filename, $start, $limit, $filter, $include_rotated_logs); $rpcenv->set_result_attrib('total', $count); -- 2.30.2 _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel