Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Python > Reading files in /var/spool/rwho/whod.*

Reply
Thread Tools

Reading files in /var/spool/rwho/whod.*

 
 
Fredrik Normann
Guest
Posts: n/a
 
      06-27-2005
Hello,

I'm trying to read the binary files under /var/spool/rwho/ so I'm wondering if
anyone has done that before or could give me some clues on how to read those
files. I've tried to use the binascii module without any luck.

Best regards,
-fredrik-normann-
 
Reply With Quote
 
 
 
 
Fredrik Normann
Guest
Posts: n/a
 
      06-28-2005
Fredrik Normann wrote:
> Hello,
>
> I'm trying to read the binary files under /var/spool/rwho/ so I'm
> wondering if anyone has done that before or could give me some clues on
> how to read those files. I've tried to use the binascii module without
> any luck.


A friend of mine made this C-program, that does the trick

#include <protocols/rwhod.h>
#include <stdio.h>
#include <unistd.h>
#include <strings.h>

#include <time.h>
#include <sys/time.h>

#include <sys/types.h>
#include <netinet/in.h>
#include <inttypes.h>

#ifdef SOL
#include <stddef.h>
#else
#include <linux/stddef.h>
#endif

int main (int argc, char **argv)
{

char *filename, *binary;
FILE *fp;
struct whod entry;
struct outmp who;
size_t ret;
size_t cnt = 0;
char *user = (char*) malloc (;
char *timestr = (char*) malloc (512);
char *hostname = (char*) malloc (512);
int hostlen, ulen;
size_t prefix, we_len;

hostlen = 0;
ulen = 0;

struct timeval now;
struct tm *tptr;
time_t t;

binary = *argv;
ret = gettimeofday (&now, 0);
if (ret < 0) {
perror ("Error getting time of day");
exit (2);
}

if (argc < 2) {
printf ("%s: ERROR, no whod file specified\n", binary);
exit (1);
}

filename = *(argv + 1);

fp = fopen (filename, "r");
if (fp == NULL) {
perror ("Error opening file");
exit (3);
}

#ifdef SOL
ret = fread (&entry, 1, sizeof (entry), fp);
#else
ret = fread_unlocked (&entry, 1, sizeof (entry), fp);
#endif
if (ret < 0) {
perror ("Error reading file");
exit (4);
}

prefix = offsetof (struct whod, wd_we) / sizeof (struct whoent);
we_len = ret / sizeof (struct whoent) - prefix;

/* Find lengths of strings */
for (cnt = 0; cnt < we_len; cnt++) {
who = entry.wd_we[cnt].we_utmp;
strncpy (user, who.out_name, ;
if (strlen (user) > ulen)
ulen = strlen (user);
if ((strlen (entry.wd_hostname) + strlen (who.out_line) + 1) > hostlen)
hostlen = strlen (entry.wd_hostname) + strlen (who.out_line) + 1;
}

for (cnt = 0; cnt < we_len; cnt++) {
who = entry.wd_we[cnt].we_utmp;
strncpy (user, who.out_name, ;
strncpy (hostname, entry.wd_hostname, 512);
strcat (hostname, ":");
strncat (hostname, who.out_line, ;

t = now.tv_sec - ntohl (entry.wd_we[cnt].we_idle);

entry.wd_we[cnt].we_idle = ntohl (entry.wd_we[cnt].we_idle) / 60;

printf ("%-*s %-*s",
ulen, user,
hostlen, hostname);
if (entry.wd_we[cnt].we_idle >= 0) {
tptr = localtime (&t);
strftime (timestr, 512, "%a %b %d %H:%m", tptr);

printf (" %s ", timestr);
printf ("%5d:%02d",
entry.wd_we[cnt].we_idle / 60,
entry.wd_we[cnt].we_idle % 60);
}
printf ("\n");
}

fclose (fp);
}
 
Reply With Quote
 
 
 
 
Dennis Lee Bieber
Guest
Posts: n/a
 
      06-28-2005
On Mon, 27 Jun 2005 13:26:12 +0200, Fredrik Normann <(E-Mail Removed)>
declaimed the following in comp.lang.python:

> Hello,
>
> I'm trying to read the binary files under /var/spool/rwho/ so I'm wondering if
> anyone has done that before or could give me some clues on how to read those
> files. I've tried to use the binascii module without any luck.
>

Have you looked at the struct module?

--
> ================================================== ============ <
> http://www.velocityreviews.com/forums/(E-Mail Removed) | Wulfraed Dennis Lee Bieber KD6MOG <
> (E-Mail Removed) | Bestiaria Support Staff <
> ================================================== ============ <
> Home Page: <http://www.dm.net/~wulfraed/> <
> Overflow Page: <http://wlfraed.home.netcom.com/> <

 
Reply With Quote
 
Fredrik Normann
Guest
Posts: n/a
 
      06-30-2005
Dennis Lee Bieber wrote:
> On Mon, 27 Jun 2005 13:26:12 +0200, Fredrik Normann <(E-Mail Removed)>
> declaimed the following in comp.lang.python:
>
>
>>Hello,
>>
>>I'm trying to read the binary files under /var/spool/rwho/ so I'm wondering if
>>anyone has done that before or could give me some clues on how to read those
>>files. I've tried to use the binascii module without any luck.
>>

>
> Have you looked at the struct module?
>


Thanks for the tip. A friend of mine helped me with making this small script:


#!/usr/bin/env python

"""whod file parser.

Made by: Igor V. Rafienko

This tiny script tries to grock whod files.
"""


from struct import calcsize, unpack, pack
from socket import ntohl
import time





outmp_format = '8s8s4s'
whoent_format = '%ds4s' % calcsize(outmp_format)
almost_whod = 'cc2s4s4s32s12s4s'


def make_string(s):
"""Stupid C. Chop the string off at the first '\0'."""

index = s.find('\0')
if index != -1:
return s[:index]
# fi
# end make_string


def make_time(seconds):
"""Convert from seconds since Epoch to ISO8601."""

return time.strftime("%Y-%m-%dT%H:%M:%S", time.localtime(seconds))
# end make_time


def make_int(binary):
"""Convert binary from network representation to host int."""

assert len(binary) == 4, "ints are 4 bytes long here"

if calcsize("i") == 4:
return ntohl(unpack("i", binary)[0])
elif calcsize("l") == 4:
return ntohl(unpack("l", binary)[0])
else:
raise "Dammit! no suitable integral type"
# fi
# end make_int


def parse_one_outmp(binary_data):
"""Parse an outmp struct."""

out_line, out_name, out_time = unpack(outmp_format, binary_data)
out_time = make_int(out_time)

return out_line, out_name, out_time
# end parse_one_outmp


def parse_one_whoent(binary_data):
"""Parse a whoent struct."""

outmp_part, we_idle = unpack(whoent_format, binary_data)

we_idle = make_int(we_idle)
out_line, out_name, out_time = parse_one_outmp(outmp_part)

return out_line, out_name, out_time, we_idle
# end parse_one_whoent


def parse_one_file(binary_data):
"""Parse the entire thing."""

# First we parse everything, except for the whoent-array
prefix = unpack(almost_whod, binary_data[:calcsize(almost_whod)])

print "prefix has %d elemenets" % len(prefix)
print "wd_vers:", ord(prefix[0])
print "wd_type:", ord(prefix[1])
print "wd_fill:", make_string(prefix[2])
print "wd_sendtime:", make_time(make_int(prefix[3]))
print "wd_recvtime:", make_time(make_int(prefix[4]))
print "wd_host: ", make_string(prefix[5])
load = prefix[6]
print "wd_load avg: %d, %d, %d" % tuple([make_int(x) for x in
(load[:4], load[4:8], load[8:])])
print "wd_boottime", make_time(make_int(prefix[7]))

sz = calcsize(whoent_format)
array_data = binary_data[calcsize(almost_whod):]
assert len(array_data) % sz == 0, "Aiee! corrupt chunk?"
whoent_chunks = [ array_data[sz*x:sz*(x+1)] for x in range(len(array_data)
/ sz) ]
print "%d whoent chunks" % len(whoent_chunks)

for out_line, out_name, out_time, we_idle in [parse_one_whoent(x)
for x in whoent_chunks]:
print "\tout_line:", make_string(out_line)
print "\tout_name:", make_string(out_name)
print "\tout_time:", make_time(out_time)
print "\twe_idle:", we_idle
# od
# end parse_one_file
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Reading files inside zip files from Javascript Narendra Sisodiya Javascript 7 12-08-2009 02:15 AM
UnauthorizedAccessException when reading XML files (no problem when reading other file-types) blabla120@gmx.net ASP .Net 0 09-15-2006 02:08 PM
ASP.NET Reading problem (reading .xls) Wael Soliman ASP .Net 2 01-03-2005 05:33 PM
reading the DB vs. reading a text file...performance preference? Darrel ASP .Net 3 11-11-2004 02:27 PM
JAR files reading list files rob hadow Java 4 05-21-2004 04:41 PM



Advertisments