diff --git a/src/iterator.rs b/src/iterator.rs index 50a85e7..8564753 100644 --- a/src/iterator.rs +++ b/src/iterator.rs @@ -215,8 +215,7 @@ mod tests { assert_eq!(results[10].pid, 45); assert_eq!(results[10].thread_id, 588); assert_eq!(results[10].category, "device"); - assert_eq!(results[10].log_type, LogType::Default); - assert_eq!(results[10].event_type, EventType::Log); + assert_eq!(results[10].event_type, EventType::Log(LogType::Default)); assert_eq!(results[10].euid, 0); assert_eq!(results[10].boot_uuid, "80D194AF56A34C54867449D2130D41BB"); assert_eq!(results[10].timezone_name, "Pacific"); diff --git a/src/parser.rs b/src/parser.rs index 3552ea4..8e704e0 100755 --- a/src/parser.rs +++ b/src/parser.rs @@ -518,8 +518,7 @@ mod tests { assert_eq!(results[10].pid, 45); assert_eq!(results[10].thread_id, 588); assert_eq!(results[10].category, "device"); - assert_eq!(results[10].log_type, LogType::Default); - assert_eq!(results[10].event_type, EventType::Log); + assert_eq!(results[10].event_type, EventType::Log(LogType::Default)); assert_eq!(results[10].euid, 0); assert_eq!(results[10].boot_uuid, "80D194AF56A34C54867449D2130D41BB"); assert_eq!(results[10].timezone_name, "Pacific"); diff --git a/src/unified_log.rs b/src/unified_log.rs index 7ea48e0..212543e 100755 --- a/src/unified_log.rs +++ b/src/unified_log.rs @@ -40,27 +40,29 @@ pub enum LogType { Fault, Create, Useraction, - ProcessSignpostEvent, - ProcessSignpostStart, - ProcessSignpostEnd, - SystemSignpostEvent, - SystemSignpostStart, - SystemSignpostEnd, - ThreadSignpostEvent, - ThreadSignpostStart, - ThreadSignpostEnd, - Simpledump, - Statedump, - Loss, +} + +#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize)] +pub enum Signpost { + Unknown, + ProcessEvent, + ProcessStart, + ProcessEnd, + SystemEvent, + SystemStart, + SystemEnd, + ThreadEvent, + ThreadStart, + ThreadEnd, } #[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize)] pub enum EventType { Unknown, - Log, + Log(LogType), Activity, Trace, - Signpost, + Signpost(Signpost), Simpledump, Statedump, Loss, @@ -196,13 +198,13 @@ impl Iterator for LogIterator<'_> { time: timestamp, timestamp: unixepoch_to_iso(&(timestamp as i64)), category: String::new(), - log_type: LogData::get_log_type( + process: String::new(), + message: String::new(), + event_type: LogData::get_event_type( + firehose.unknown_log_activity_type, firehose.unknown_log_type, firehose.unknown_log_activity_type, ), - process: String::new(), - message: String::new(), - event_type: LogData::get_event_type(firehose.unknown_log_activity_type), euid: CatalogChunk::get_euid( &preamble.first_number_proc_id, &preamble.second_number_proc_id, @@ -322,7 +324,6 @@ impl Iterator for LogIterator<'_> { 0x7 => { // No message data in loss entries log_data.event_type = EventType::Loss; - log_data.log_type = LogType::Loss; } 0x2 => { log_data.activity_id = @@ -548,7 +549,6 @@ impl Iterator for LogIterator<'_> { time: timestamp, timestamp: unixepoch_to_iso(&(timestamp as i64)), category: String::new(), - log_type: LogType::Simpledump, process: String::new(), message: simpledump.message_string.to_owned(), event_type: EventType::Simpledump, @@ -620,7 +620,6 @@ impl Iterator for LogIterator<'_> { statedump.decoder_type, data_string ), - log_type: LogType::Statedump, euid: 0, boot_uuid: self.unified_log_data.header[0].boot_uuid.to_owned(), timezone_name: self.unified_log_data.header[0] @@ -654,7 +653,6 @@ pub struct LogData { pub time: f64, pub category: String, pub event_type: EventType, - pub log_type: LogType, pub process: String, pub process_uuid: String, pub message: String, @@ -798,38 +796,38 @@ impl LogData { /// Return log type based on parsed log data fn get_log_type(log_type: u8, activity_type: u8) -> LogType { match log_type { - 0x1 => { - let activity = 2; - if activity_type == activity { - LogType::Create - } else { - LogType::Info - } - } + 0x1 if activity_type == 0x2 => LogType::Create, + 0x1 => LogType::Info, 0x2 => LogType::Debug, 0x3 => LogType::Useraction, 0x10 => LogType::Error, 0x11 => LogType::Fault, - 0x80 => LogType::ProcessSignpostEvent, - 0x81 => LogType::ProcessSignpostStart, - 0x82 => LogType::ProcessSignpostEnd, - 0xc0 => LogType::SystemSignpostEvent, // Not seen but may exist? - 0xc1 => LogType::SystemSignpostStart, - 0xc2 => LogType::SystemSignpostEnd, - 0x40 => LogType::ThreadSignpostEvent, // Not seen but may exist? - 0x41 => LogType::ThreadSignpostStart, - 0x42 => LogType::ThreadSignpostEnd, _ => LogType::Default, } } + fn get_signpost(log_type: u8) -> Signpost { + match log_type { + 0x80 => Signpost::ProcessEvent, + 0x81 => Signpost::ProcessStart, + 0x82 => Signpost::ProcessEnd, + 0xc0 => Signpost::SystemEvent, // Not seen but may exist? + 0xc1 => Signpost::SystemStart, + 0xc2 => Signpost::SystemEnd, + 0x40 => Signpost::ThreadEvent, // Not seen but may exist? + 0x41 => Signpost::ThreadStart, + 0x42 => Signpost::ThreadEnd, + _ => Signpost::Unknown, + } + } + /// Return the log event type based on parsed log data - fn get_event_type(event_type: u8) -> EventType { + fn get_event_type(event_type: u8, log_type: u8, activity_type: u8) -> EventType { match event_type { - 0x4 => EventType::Log, + 0x4 => EventType::Log(Self::get_log_type(log_type, activity_type)), 0x2 => EventType::Activity, 0x3 => EventType::Trace, - 0x6 => EventType::Signpost, + 0x6 => EventType::Signpost(Self::get_signpost(log_type)), 0x7 => EventType::Loss, _ => EventType::Unknown, } @@ -1053,8 +1051,7 @@ mod tests { assert_eq!(results[0].pid, 45); assert_eq!(results[0].thread_id, 588); assert_eq!(results[0].category, "device"); - assert_eq!(results[0].log_type, LogType::Default); - assert_eq!(results[0].event_type, EventType::Log); + assert_eq!(results[0].event_type, EventType::Log(LogType::Default)); assert_eq!(results[0].euid, 0); assert_eq!(results[0].boot_uuid, "80D194AF56A34C54867449D2130D41BB"); assert_eq!(results[0].timezone_name, "Pacific"); @@ -1077,7 +1074,7 @@ mod tests { #[test] fn test_get_event_type() { let event_type = 0x2; - let event_string = LogData::get_event_type(event_type); + let event_string = LogData::get_event_type(event_type, u8::MAX, u8::MAX); assert_eq!(event_string, EventType::Activity); }