[Bro] aux/cf/cf.c patch

[Mcclelland-Bane, Randy]

The following is an optional patch to the 'cf' utility for the 1.0
source. The -t option is probably useful to everyone, though others may
not want to use the strict mode by default.
This patch has two functions.

1. Makes 'strict' -s mode the default. -s now toggles the strict mode
off.
2. Adds a 'tignore' -t option to strip 't=' off the start of each line,
as in the 'alarm' logs .

If the first character on a line is not a digit, the program checks
whether the next two characters are 't='. If so, the buffer is
incremented by two. If the third character is a digit and not a date,
the entire line is printed, including the t=. Otherwise the t= is
stripped.

ie: 

# cat test
t=1132621348.281816 no=AddressScan na=NOTICE_ALARM_ALWA
t=blah blah
t=134123412

t
t=
134123412.271717 blah blah

# cat test | cf
t=1132621348.281816 no=AddressScan na=NOTICE_ALARM_ALWA
t=blah blah
t=134123412
t
t=
Apr  2 01:30:12 blah blah

# cat test | cf -t
Nov 21 17:02:28 no=AddressScan na=NOTICE_ALARM_ALWA
blah blah
t=134123412
t

Apr  2 01:30:12 blah blah

# cat test | cf -st
Nov 21 17:02:28 no=AddressScan na=NOTICE_ALARM_ALWA
blah blah
Apr  2 01:30:12
t

Apr  2 01:30:12 blah blah

Cheers,

Randy



# cd bro-1.0/aux/cf
# patch -u < patchfile
# more cf.c.patch
--- cf.c.orig   Wed Dec  8 20:25:29 2004
+++ cf.c        Tue Nov 29 13:02:45 2005
@@ -42,7 +42,8 @@
 extern int optind, opterr;

 int preserve = 0;
-int strict = 0;
+int strict = 1;
+int tignore = 0;
 int utc = 0;
 char *fmt = "%b %e %H:%M:%S";
 char *lfmt = "%b %e %H:%M:%S %Y";
@@ -69,7 +70,7 @@
                argv0 = argv[0];

        opterr = 0;
-       while ((op = getopt(argc, argv, "f:lpsu")) != EOF)
+       while ((op = getopt(argc, argv, "f:lpstu")) != EOF)
                switch (op) {

                case 'f':
@@ -85,9 +86,13 @@
                        break;

                case 's':
-                       ++strict;
+                       --strict;
                        break;

+                case 't':
+                        ++tignore;
+                        break;
+
                case 'u':
                        ++utc;
                        break;
@@ -133,7 +138,16 @@
        while (fgets(buf, sizeof(buf), fin)) {
                bp = buf;
                dotbp = NULL;
-               if (isdigit(*bp)) {
+
+                if (tignore) {
+                       if (*bp == 't' ) {
+                               bp++;
+                                if(*bp == '=') { bp++; }
+                               else { bp--;}
+                       }
+                 }
+
+               if (isdigit(*bp) ) {
                        t = atol(bp);
                        ++bp;
                        dot_count = 0;
@@ -171,6 +185,6 @@
        extern char version[];

        (void)fprintf(stderr, "%s version %s\n", argv0, version);
-       (void)fprintf(stderr, "usage: %s [-f fmt] [-lpsu] [file ...]\n",
argv0);
+       (void)fprintf(stderr, "usage: %s [-f fmt] [-lpstu]
[file ...]\n", argv0);
        exit(1);
 }