def set_fields_from_text(self, body_text):
self.fields_ord = []
self.fields = {}
for match in AuditRecord.key_value_pair_re.finditer(body_text):
key = match.group(1)
value = match.group(2)
value = value.strip('"')
try:
if key == "arch":
i = audit.audit_elf_to_machine(int(value, 16))
value = audit.audit_machine_to_name(i)
if key == "path":
value = '"%s"' % self.translate_path(value)
if key == "exit":
try:
value = errno.errorcode[abs(int(value))]
except:
pass
if key == "syscall":
syscall_name = audit.audit_syscall_to_name(int(value), audit.audit_detect_machine())
if syscall_name:
value = syscall_name
except ValueError:
pass
self.fields[key] = value
self.fields_ord.append(key)
def set_fields_from_text(self, body_text):
self.fields_ord = []
self.fields = {}
for match in AuditRecord.key_value_pair_re.finditer(body_text):
key = match.group(1)
value = match.group(2)
value = value.strip('"')
try:
if key == "arch":
i = audit.audit_elf_to_machine(int(value, 16))
value = audit.audit_machine_to_name(i)
if key == "path":
value = '"%s"' % self.translate_path(value)
if key == "exit":
try:
value = errno.errorcode[abs(int(value))]
except:
pass
if key == "syscall":
syscall_name = audit.audit_syscall_to_name(
int(value), audit.audit_detect_machine())
if syscall_name:
value = syscall_name
except ValueError:
pass
self.fields[key] = value
self.fields_ord.append(key)
def set_fields_from_text(self, body_text):
self.fields_ord = []
self.fields = {}
for match in AuditRecord.key_value_pair_re.finditer(body_text):
key = match.group(1)
value = match.group(2)
value = value.strip('"')
try:
if key == "arch":
i = audit.audit_elf_to_machine(int(value, 16))
value = audit.audit_machine_to_name(i)
if key in ["name", "path", "comm", "cmd", "exe", "cwd"]:
# audit uses " to distinguish plain text from hex in listed keys
if not match.group(2).startswith('"'):
value = self.translate_hex(value)
if key == "exit":
try:
value = errno.errorcode[abs(int(value))]
except:
pass
if key == "syscall":
syscall_name = audit.audit_syscall_to_name(int(value), audit.audit_detect_machine())
if syscall_name:
value = syscall_name
except ValueError:
pass
self.fields[key] = value
self.fields_ord.append(key)
def syscall_name(id):
try:
return audit.audit_syscall_to_name(id, machine_id)
except:
return str(id)
def syscall_name(id): try: return audit.audit_syscall_to_name(id, machine_id) except: return str(id)
def sc_to_name(sc):
return audit.audit_syscall_to_name(sc, machine)
def syscall_string(syscall, machine):
'''Return a string representing syscall on machine.'''
s = audit.audit_syscall_to_name(syscall, machine)
if s is None:
s = str(syscall)
return s
