import re, typing
from struct import pack
-from time import strftime, gmtime
-
## Regular expressions for matching tinydns/dnscache log lines. We
## compile these once here rather than within the corresponding
words[i] += f" (id {id})"
def decode_ip(words, i):
+ r"""
+ Helper function to decode the ip field in a dnscache log
+ entry.
+
+ A single "serverip" field is present in the lame, nodata,
+ nxdomain, and rr entry types.
+
+ Parameters
+ ----------
+
+ words : list
+ The ``words`` list (a list of fields) from
+ :func:`handle_dnscache_log`.
+
+ i : int
+ The index of the ip field within ``words``
+
+ Returns
+ -------
+
+ Nothing; the ``i``th entry in the ``words`` list is modified
+ in-place.
+
+ Examples
+ --------
+
+ >>> words = ["foo", "bar", "7f000001", "quux"]
+ >>> decode_ip(words, 2)
+ >>> words
+ ['foo', 'bar', '127.0.0.1', 'quux']
+
+ >>> words = ["foo", "00000000000000000000ffff7f000001", "bar", "quux"]
+ >>> decode_ip(words, 1)
+ >>> words
+ ['foo', '0000:0000:0000:0000:0000:ffff:7f00:0001', 'bar', 'quux']
+
+ """
words[i] = convert_ip(words[i])
def decode_ttl(words, i):
elif event in ("tcpopen", "tcpclose"):
decode_client(words, 0)
- return f"{timestamp} {event} " + " ".join(words)
+ # Reconstitute "data" (i.e. everything after the timestamp and the
+ # event) from "words", which was originally obtained by splitting
+ # "data".
+ data = " ".join(words)
+ return f"{timestamp} {event} {data}"
projects / djbdns-logparse.git / blobdiff