[thirdparty/sarg.git] / squidguard_log.c

/*
 * SARG Squid Analysis Report Generator      http://sarg.sourceforge.net
 *                                                            1998, 2010
 *
 * SARG donations:
 *      please look at http://sarg.sourceforge.net/donations.php
 * Support:
 *     http://sourceforge.net/projects/sarg/forums/forum/363374
 * ---------------------------------------------------------------------
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program; if not, write to the Free Software
 *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
 *
 */

#include "include/conf.h"
#include "include/defs.h"

static char **files_done = NULL;
static int nfiles_done = 0;


static void read_log(const char *wentp, FILE *fp_ou)
{
   FILE *fp_in = NULL;
   char leks[5], sep[2], res[MAXLEN];
   char mon[10], hour[15];
   char list[MAXLEN];
   char wdata[127];
   int  idata=0;
   int  i;
   char *str;
   struct getwordstruct gwarea;
   struct getwordstruct gwarea1;

   if(debug) {
      getword_start(&gwarea,text[7]);
      if (getword(urly,sizeof(urly),&gwarea,' ')<0 || getword(href,sizeof(href),&gwarea,' ')<0) {
         printf("SARG: Maybe you have a broken record or garbage in your %s string.\n",text[7]);
         exit(1);
      }
      debuga("%s squidGuard %s: %s",urly,gwarea.current,wentp);
   }

   /* With squidGuard, you can log groups in only one log file.
      We must parse each log files only one time.  Example :
      dest porn {
          domainlist porn/domains
          urllist    porn/urls
          log file1.log
      }
      dest aggressive {
          domainlist aggressive/domains
          urllist    aggressive/urls
          log file2.log
      }
      dest audio-video {
          domainlist audio-video/domains
          urllist    audio-video/urls
          log file1.log
      }
   */
   for (i=0; i<nfiles_done; i++)
      if (!strcmp(wentp, files_done[i])) return;

   nfiles_done++;
   files_done = realloc(files_done, nfiles_done*sizeof(char *));
   if (!files_done) {
       perror("parse squidGuard - realloc");
       exit(EXIT_FAILURE);
   }
   files_done[nfiles_done-1] = strdup(wentp);
   if (!files_done[nfiles_done-1]) {
       perror("parse squidGuard - strdup");
       exit(EXIT_FAILURE);
   }

   if ((fp_in=fopen(wentp,"r"))==NULL) {
      fprintf(stderr, "SARG: (squidguard) %s: %s\n",text[8],wentp);
      exit(1);
   }

   while (fgets(buf,sizeof(buf),fp_in) != NULL) {
      getword_start(&gwarea,buf);
      if(SquidGuardLogFormat[0] != '\0') {
         getword_start(&gwarea1,SquidGuardLogFormat);
         leks[0]='\0';
         if (getword(leks,sizeof(leks),&gwarea1,'#')<0) {
            printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",wentp);
            exit(1);
         }
         while(strcmp(leks,"end") != 0) {
            if (getword(leks,sizeof(leks),&gwarea1,'#')<0 || getword(sep,sizeof(sep),&gwarea1,'#')<0) {
               printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",wentp);
               exit(1);
            }
            if(strcmp(leks,"end") != 0) {
               if (getword(res,sizeof(res),&gwarea,sep[0])<0) {
                  printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",wentp);
                  exit(1);
               }
               if(strcmp(leks,"year") == 0)
                  strcpy(year,res);
               else if(strcmp(leks,"year") == 0)
                  strcpy(year,res);
               else if(strcmp(leks,"mon") == 0)
                  strcpy(mon,res);
               else if(strcmp(leks,"day") == 0)
                  strcpy(day,res);
               else if(strcmp(leks,"hour") == 0)
                  strcpy(hour,res);
               else if(strcmp(leks,"list") == 0)
                  strcpy(list,res);
               else if(strcmp(leks,"ip") == 0)
                  strcpy(ip,res);
               else if(strcmp(leks,"user") == 0)
                  strcpy(user,res);
               else if(strcmp(leks,"url") == 0)
                  strcpy(url,res);
            }
         }
      } else {
         if (getword(year,sizeof(year),&gwarea,'-')<0 || getword(mon,sizeof(mon),&gwarea,'-')<0 ||
             getword(day,sizeof(day),&gwarea,' ')<0 || getword(hour,sizeof(hour),&gwarea,' ')<0 ||
             getword_skip(MAXLEN,&gwarea,'/')<0 || getword(list,sizeof(list),&gwarea,'/')<0 ||
             getword_skip(MAXLEN,&gwarea,' ')<0 || getword(url,sizeof(url),&gwarea,' ')<0 ||
             getword(ip,sizeof(ip),&gwarea,'/')<0 || getword_skip(MAXLEN,&gwarea,' ')<0 ||
             getword(user,sizeof(user),&gwarea,' ')<0) {
            printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",wentp);
            exit(1);
          }
          /*
          The URL may be "http://url:port/data" if the method is GET or simply "url:port/" if the method is CONNECT.
          The following code removes the protocol:// if it is detected and always truncates the URL after the domain name.
          It will fail if the URL doesn't start with the protocol and contains two consecutive / in the path (i.e.
          the URL is not normalized).
          */
          str=strchr(url,'/');
          if (str) {
             if (str[1]=='/') {
               str+=2;
               for (i=0 ; *str && *str!='/' ; i++) url[i]=*str++;
               url[i]='\0';
             } else {
               *str='\0';
             }
          }
      }

      sprintf(warea,"%s%s%s",year,mon,day);
      sprintf(wdata,"%s%s%s",year,mon,day);
      idata = atoi(wdata);

      if(SquidguardIgnoreDate) {
         if(idata < dfrom || idata > duntil)
            continue;
      }

      if (strcmp(user,"-") == 0) {
         strcpy(user,ip);
         ip[0]='\0';
      }
      fprintf(fp_ou,"%s\t%s%s%s\t%s\t%s\t%s\t%s\n",user,year,mon,day,hour,ip,url,list);
      squidguard_count++;
   }
   if (fp_in) fclose(fp_in);
   return;
}


void squidguard_log(void)
{
   FILE *fp_ou = NULL, *fp_guard = NULL;
   char guard_in[MAXLEN];
   char guard_ou[MAXLEN];
   char logdir[MAXLEN];
   char year[10], day[10], mon[10];
   char user[MAXLEN];
   int  y;
   int cstatus;
   char *str;
   char *str2;

   str2 = user;

   if(strlen(SquidGuardConf) < 1 && strlen(SquidGuardLogAlternate) < 1)
     return;

   if (SquidGuardLogAlternate[0] != '\0')
      SquidGuardConf[0]='\0';

   sprintf(guard_in,"%s/squidguard.unsort",tmp);
   sprintf(guard_ou,"%s/squidguard.log",tmp);
   if((fp_ou=fopen(guard_in,"a"))==NULL) {
      fprintf(stderr, "SARG: (squidguard) %s: %s\n",text[8],guard_in);
      exit(1);
   }

   bzero(day, 3);
   bzero(mon, 4);
   bzero(year, 5);

   if(SquidguardIgnoreDate) {
      if(strcmp(df,"e") == 0) {
         strncpy(day,period,2);
         strncpy(mon,period+2,3);
         strncpy(year,period+5,4);
         conv_month(mon);
         sprintf(warea,"%s%s%s",year,mon,day);
         dfrom=atoi(warea);
         strncpy(day,period+10,2);
         strncpy(mon,period+12,3);
         strncpy(year,period+15,4);
         conv_month(mon);
         sprintf(warea,"%s%s%s",year,mon,day);
         duntil=atoi(warea);
      } else {
         strncpy(day,period+7,2);
         strncpy(mon,period+4,3);
         strncpy(year,period,4);
         conv_month(mon);
         sprintf(warea,"%s%s%s",year,mon,day);
         dfrom=atoi(warea);
         strncpy(day,period+17,2);
         strncpy(mon,period+14,3);
         strncpy(year,period+10,4);
         conv_month(mon);
         sprintf(warea,"%s%s%s",year,mon,day);
         duntil=atoi(warea);
      }
   }

   if(SquidGuardConf[0] != 0) {
      if(access(SquidGuardConf, R_OK) != 0) {
         debuga("Cannot open squidGuard config file: %s",SquidGuardConf);
         exit(1);
      }

      if((fp_guard=fopen(SquidGuardConf,"r"))==NULL) {
         fprintf(stderr, "SARG: (squidguard) %s: %s\n",text[8],SquidGuardConf);
         exit(1);
      }

      logdir[0]=0;
      while(fgets(buf,sizeof(buf),fp_guard)!=NULL) {
         fixendofline(buf);
         if((str=get_param_value("logdir",buf))!=NULL) {
            /*
            We want to tolerate spaces inside the directory name but we must also
            remove the trailing spaces left by the editor after the directory name.
            This should not be a problem as nobody use a file name with trailing spaces.
            */
            for (y=strlen(str)-1 ; y>=0 && (unsigned char)str[y]<=' ' ; y--);
            if (y>=sizeof(logdir)-1) y=sizeof(logdir)-2;
            logdir[y+1] = '\0';
            while (y>=0) {
               logdir[y] = str[y];
               y--;
            }
         } else if((str=get_param_value("log",buf))!=NULL) {
            if((str2=get_param_value("anonymous",str))!=NULL)
               str=str2;

            /*
            If logdir is defined, we prepend it to the log file name, otherwise, we assume
            the log directive provides an absolute file name to the log file. Therefore,
            we don't need to add an additionnal / at the beginning of the log file name.
            */
            y=(logdir[0]) ? sprintf(wentp,"%s/",logdir) : 0;
            /*
            Spaces are allowed in the name of the log file. The file name ends at the first #
            because it is assumed it is an end of line comment. Any space before the # is then
            removed. Any control character (i.e. a character with a code lower than 32) ends
            the file name. That includes the terminating zero.
            */
            while((unsigned char)*str>=' ' && *str!='#' && y<sizeof(wentp)-1)
               wentp[y++]=*str++;
            if(*str=='#') {
               str--;
               while(*str==' ' && y>0) {
                  str--;
                  y--;
               }
            }
            wentp[y]=0;
            read_log(wentp,fp_ou);
         }
      }
   } else {
      sprintf(wentp,"%s",SquidGuardLogAlternate);
      read_log(wentp,fp_ou);
   }

   if (fp_guard) fclose(fp_guard);
   if (fp_ou) fclose(fp_ou);

   if (files_done) {
      for (y=0; y<nfiles_done; y++)
         if (files_done[y]) free(files_done[y]);
      free(files_done);
   }

   if(debug) {
      debuga("%s: %s",text[54],guard_ou);
   }

   sprintf(tmp6,"sort -k 1,1 -k 2,2 -k 4,4 \"%s\" -o \"%s\"",guard_in, guard_ou);
   cstatus=system(tmp6);
   if (!WIFEXITED(cstatus) || WEXITSTATUS(cstatus)) {
      fprintf(stderr, "SARG: sort command return status %d\n",WEXITSTATUS(cstatus));
      fprintf(stderr, "SARG: sort command: %s\n",tmp6);
      exit(1);
   }

   unlink(guard_in);
   return;
}
Commit	Line	Data
25697a35	1	/*
94ff9470	2	* SARG Squid Analysis Report Generator http://sarg.sourceforge.net
1164c474	3	* 1998, 2010
25697a35 GS	4	*
	5	* SARG donations:
	6	* please look at http://sarg.sourceforge.net/donations.php
1164c474 FM	7	* Support:
1164c474 FM	8	* http://sourceforge.net/projects/sarg/forums/forum/363374
25697a35 GS	9	* ---------------------------------------------------------------------
	10	*
	11	* This program is free software; you can redistribute it and/or modify
	12	* it under the terms of the GNU General Public License as published by
	13	* the Free Software Foundation; either version 2 of the License, or
	14	* (at your option) any later version.
	15	*
	16	* This program is distributed in the hope that it will be useful,
	17	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	18	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	19	* GNU General Public License for more details.
	20	*
	21	* You should have received a copy of the GNU General Public License
	22	* along with this program; if not, write to the Free Software
	23	* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
	24	*
	25	*/
	26
	27	#include "include/conf.h"
5f3cfd1d	28	#include "include/defs.h"
25697a35	29
d6e703cc FM	30	static char **files_done = NULL;
	31	static int nfiles_done = 0;
	32
	33
5f3cfd1d	34	static void read_log(const char wentp, FILE fp_ou)
491b862f GS	35	{
491b862f GS	36	FILE *fp_in = NULL;
491b862f GS	37	char leks[5], sep[2], res[MAXLEN];
	38	char mon[10], hour[15];
	39	char list[MAXLEN];
	40	char wdata[127];
	41	int idata=0;
d6e703cc	42	int i;
06e3cc62	43	char *str;
9c7c6346 FM	44	struct getwordstruct gwarea;
9c7c6346 FM	45	struct getwordstruct gwarea1;
491b862f GS	46
491b862f GS	47	if(debug) {
9c7c6346 FM	48	getword_start(&gwarea,text[7]);
9c7c6346 FM	49	if (getword(urly,sizeof(urly),&gwarea,' ')<0 \|\| getword(href,sizeof(href),&gwarea,' ')<0) {
4bcb77cf FM	50	printf("SARG: Maybe you have a broken record or garbage in your %s string.\n",text[7]);
	51	exit(1);
	52	}
9c7c6346	53	debuga("%s squidGuard %s: %s",urly,gwarea.current,wentp);
491b862f	54	}
d6e703cc FM	55
	56	/* With squidGuard, you can log groups in only one log file.
	57	We must parse each log files only one time. Example :
	58	dest porn {
	59	domainlist porn/domains
	60	urllist porn/urls
	61	log file1.log
	62	}
	63	dest aggressive {
	64	domainlist aggressive/domains
	65	urllist aggressive/urls
	66	log file2.log
	67	}
	68	dest audio-video {
	69	domainlist audio-video/domains
	70	urllist audio-video/urls
	71	log file1.log
	72	}
	73	*/
	74	for (i=0; i<nfiles_done; i++)
	75	if (!strcmp(wentp, files_done[i])) return;
06e3cc62	76
d6e703cc FM	77	nfiles_done++;
	78	files_done = realloc(files_done, nfiles_donesizeof(char ));
	79	if (!files_done) {
	80	perror("parse squidGuard - realloc");
	81	exit(EXIT_FAILURE);
	82	}
	83	files_done[nfiles_done-1] = strdup(wentp);
	84	if (!files_done[nfiles_done-1]) {
	85	perror("parse squidGuard - strdup");
	86	exit(EXIT_FAILURE);
	87	}
	88
491b862f GS	89	if ((fp_in=fopen(wentp,"r"))==NULL) {
	90	fprintf(stderr, "SARG: (squidguard) %s: %s\n",text[8],wentp);
	91	exit(1);
	92	}
06e3cc62	93
491b862f	94	while (fgets(buf,sizeof(buf),fp_in) != NULL) {
9c7c6346 FM	95	getword_start(&gwarea,buf);
	96	if(SquidGuardLogFormat[0] != '\0') {
	97	getword_start(&gwarea1,SquidGuardLogFormat);
491b862f	98	leks[0]='\0';
9c7c6346	99	if (getword(leks,sizeof(leks),&gwarea1,'#')<0) {
4bcb77cf FM	100	printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",wentp);
	101	exit(1);
	102	}
491b862f	103	while(strcmp(leks,"end") != 0) {
9c7c6346	104	if (getword(leks,sizeof(leks),&gwarea1,'#')<0 \|\| getword(sep,sizeof(sep),&gwarea1,'#')<0) {
4bcb77cf FM	105	printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",wentp);
	106	exit(1);
	107	}
491b862f	108	if(strcmp(leks,"end") != 0) {
9c7c6346	109	if (getword(res,sizeof(res),&gwarea,sep[0])<0) {
4bcb77cf FM	110	printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",wentp);
	111	exit(1);
	112	}
491b862f GS	113	if(strcmp(leks,"year") == 0)
	114	strcpy(year,res);
	115	else if(strcmp(leks,"year") == 0)
	116	strcpy(year,res);
	117	else if(strcmp(leks,"mon") == 0)
	118	strcpy(mon,res);
	119	else if(strcmp(leks,"day") == 0)
	120	strcpy(day,res);
	121	else if(strcmp(leks,"hour") == 0)
	122	strcpy(hour,res);
	123	else if(strcmp(leks,"list") == 0)
	124	strcpy(list,res);
	125	else if(strcmp(leks,"ip") == 0)
	126	strcpy(ip,res);
	127	else if(strcmp(leks,"user") == 0)
	128	strcpy(user,res);
	129	else if(strcmp(leks,"url") == 0)
	130	strcpy(url,res);
	131	}
	132	}
	133	} else {
9c7c6346 FM	134	if (getword(year,sizeof(year),&gwarea,'-')<0 \|\| getword(mon,sizeof(mon),&gwarea,'-')<0 \|\|
	135	getword(day,sizeof(day),&gwarea,' ')<0 \|\| getword(hour,sizeof(hour),&gwarea,' ')<0 \|\|
	136	getword_skip(MAXLEN,&gwarea,'/')<0 \|\| getword(list,sizeof(list),&gwarea,'/')<0 \|\|
c11e2033	137	getword_skip(MAXLEN,&gwarea,' ')<0 \|\| getword(url,sizeof(url),&gwarea,' ')<0 \|\|
9c7c6346 FM	138	getword(ip,sizeof(ip),&gwarea,'/')<0 \|\| getword_skip(MAXLEN,&gwarea,' ')<0 \|\|
9c7c6346 FM	139	getword(user,sizeof(user),&gwarea,' ')<0) {
4bcb77cf FM	140	printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",wentp);
	141	exit(1);
	142	}
c11e2033 FM	143	/*
	144	The URL may be "http://url:port/data" if the method is GET or simply "url:port/" if the method is CONNECT.
	145	The following code removes the protocol:// if it is detected and always truncates the URL after the domain name.
	146	It will fail if the URL doesn't start with the protocol and contains two consecutive / in the path (i.e.
	147	the URL is not normalized).
	148	*/
06e3cc62	149	str=strchr(url,'/');
c11e2033 FM	150	if (str) {
	151	if (str[1]=='/') {
	152	str+=2;
	153	for (i=0 ; str && str!='/' ; i++) url[i]=*str++;
	154	url[i]='\0';
	155	} else {
	156	*str='\0';
	157	}
	158	}
491b862f GS	159	}
	160
	161	sprintf(warea,"%s%s%s",year,mon,day);
	162	sprintf(wdata,"%s%s%s",year,mon,day);
	163	idata = atoi(wdata);
	164
e6414a9d	165	if(SquidguardIgnoreDate) {
28e2bf65	166	if(idata < dfrom \|\| idata > duntil)
491b862f GS	167	continue;
	168	}
	169
	170	if (strcmp(user,"-") == 0) {
	171	strcpy(user,ip);
c11e2033	172	ip[0]='\0';
491b862f	173	}
120d768c	174	fprintf(fp_ou,"%s\t%s%s%s\t%s\t%s\t%s\t%s\n",user,year,mon,day,hour,ip,url,list);
491b862f GS	175	squidguard_count++;
	176	}
	177	if (fp_in) fclose(fp_in);
	178	return;
	179	}
	180
	181
32e71fa4	182	void squidguard_log(void)
25697a35	183	{
491b862f	184	FILE fp_ou = NULL, fp_guard = NULL;
25697a35 GS	185	char guard_in[MAXLEN];
	186	char guard_ou[MAXLEN];
	187	char logdir[MAXLEN];
491b862f	188	char year[10], day[10], mon[10];
25697a35	189	char user[MAXLEN];
5f3cfd1d	190	int y;
456d78a5	191	int cstatus;
5f3cfd1d FM	192	char *str;
5f3cfd1d FM	193	char *str2;
25697a35	194
d6e703cc FM	195	str2 = user;
d6e703cc FM	196
491b862f	197	if(strlen(SquidGuardConf) < 1 && strlen(SquidGuardLogAlternate) < 1)
25697a35 GS	198	return;
25697a35 GS	199
9c7c6346	200	if (SquidGuardLogAlternate[0] != '\0')
491b862f	201	SquidGuardConf[0]='\0';
25697a35 GS	202
	203	sprintf(guard_in,"%s/squidguard.unsort",tmp);
	204	sprintf(guard_ou,"%s/squidguard.log",tmp);
25697a35 GS	205	if((fp_ou=fopen(guard_in,"a"))==NULL) {
	206	fprintf(stderr, "SARG: (squidguard) %s: %s\n",text[8],guard_in);
	207	exit(1);
	208	}
	209
491b862f GS	210	bzero(day, 3);
	211	bzero(mon, 4);
	212	bzero(year, 5);
	213
e6414a9d	214	if(SquidguardIgnoreDate) {
491b862f	215	if(strcmp(df,"e") == 0) {
d6e703cc FM	216	strncpy(day,period,2);
	217	strncpy(mon,period+2,3);
	218	strncpy(year,period+5,4);
491b862f GS	219	conv_month(mon);
	220	sprintf(warea,"%s%s%s",year,mon,day);
	221	dfrom=atoi(warea);
d6e703cc FM	222	strncpy(day,period+10,2);
	223	strncpy(mon,period+12,3);
	224	strncpy(year,period+15,4);
491b862f GS	225	conv_month(mon);
	226	sprintf(warea,"%s%s%s",year,mon,day);
	227	duntil=atoi(warea);
	228	} else {
d6e703cc FM	229	strncpy(day,period+7,2);
	230	strncpy(mon,period+4,3);
	231	strncpy(year,period,4);
491b862f GS	232	conv_month(mon);
	233	sprintf(warea,"%s%s%s",year,mon,day);
	234	dfrom=atoi(warea);
d6e703cc FM	235	strncpy(day,period+17,2);
	236	strncpy(mon,period+14,3);
	237	strncpy(year,period+10,4);
491b862f GS	238	conv_month(mon);
	239	sprintf(warea,"%s%s%s",year,mon,day);
	240	duntil=atoi(warea);
25697a35	241	}
491b862f	242	}
25697a35	243
120d768c	244	if(SquidGuardConf[0] != 0) {
491b862f	245	if(access(SquidGuardConf, R_OK) != 0) {
d2fe0c32	246	debuga("Cannot open squidGuard config file: %s",SquidGuardConf);
491b862f GS	247	exit(1);
491b862f GS	248	}
25697a35	249
491b862f GS	250	if((fp_guard=fopen(SquidGuardConf,"r"))==NULL) {
	251	fprintf(stderr, "SARG: (squidguard) %s: %s\n",text[8],SquidGuardConf);
	252	exit(1);
	253	}
5f3cfd1d FM	254
5f3cfd1d FM	255	logdir[0]=0;
491b862f	256	while(fgets(buf,sizeof(buf),fp_guard)!=NULL) {
9c7c6346	257	fixendofline(buf);
5f3cfd1d	258	if((str=get_param_value("logdir",buf))!=NULL) {
9c7c6346 FM	259	/*
	260	We want to tolerate spaces inside the directory name but we must also
	261	remove the trailing spaces left by the editor after the directory name.
	262	This should not be a problem as nobody use a file name with trailing spaces.
	263	*/
	264	for (y=strlen(str)-1 ; y>=0 && (unsigned char)str[y]<=' ' ; y--);
	265	if (y>=sizeof(logdir)-1) y=sizeof(logdir)-2;
	266	logdir[y+1] = '\0';
	267	while (y>=0) {
	268	logdir[y] = str[y];
	269	y--;
4bcb77cf	270	}
5f3cfd1d FM	271	} else if((str=get_param_value("log",buf))!=NULL) {
	272	if((str2=get_param_value("anonymous",str))!=NULL)
	273	str=str2;
d6e703cc	274
5f3cfd1d FM	275	/*
	276	If logdir is defined, we prepend it to the log file name, otherwise, we assume
	277	the log directive provides an absolute file name to the log file. Therefore,
	278	we don't need to add an additionnal / at the beginning of the log file name.
	279	*/
	280	y=(logdir[0]) ? sprintf(wentp,"%s/",logdir) : 0;
	281	/*
	282	Spaces are allowed in the name of the log file. The file name ends at the first #
	283	because it is assumed it is an end of line comment. Any space before the # is then
	284	removed. Any control character (i.e. a character with a code lower than 32) ends
	285	the file name. That includes the terminating zero.
	286	*/
	287	while((unsigned char)str>=' ' && str!='#' && y<sizeof(wentp)-1)
	288	wentp[y++]=*str++;
	289	if(*str=='#') {
	290	str--;
	291	while(*str==' ' && y>0) {
	292	str--;
	293	y--;
4bcb77cf	294	}
d6e703cc	295	}
5f3cfd1d	296	wentp[y]=0;
491b862f	297	read_log(wentp,fp_ou);
25697a35	298	}
25697a35	299	}
491b862f GS	300	} else {
	301	sprintf(wentp,"%s",SquidGuardLogAlternate);
	302	read_log(wentp,fp_ou);
	303	}
	304
	305	if (fp_guard) fclose(fp_guard);
	306	if (fp_ou) fclose(fp_ou);
	307
c274f011 FM	308	if (files_done) {
	309	for (y=0; y<nfiles_done; y++)
	310	if (files_done[y]) free(files_done[y]);
	311	free(files_done);
	312	}
	313
491b862f	314	if(debug) {
d2fe0c32	315	debuga("%s: %s",text[54],guard_ou);
25697a35 GS	316	}
25697a35 GS	317
9a2efbd0	318	sprintf(tmp6,"sort -k 1,1 -k 2,2 -k 4,4 \"%s\" -o \"%s\"",guard_in, guard_ou);
456d78a5 FM	319	cstatus=system(tmp6);
	320	if (!WIFEXITED(cstatus) \|\| WEXITSTATUS(cstatus)) {
	321	fprintf(stderr, "SARG: sort command return status %d\n",WEXITSTATUS(cstatus));
	322	fprintf(stderr, "SARG: sort command: %s\n",tmp6);
	323	exit(1);
	324	}
491b862f	325
25697a35 GS	326	unlink(guard_in);
	327	return;
	328	}