#!/bin/sh
#  Author: Jamie Strandboge <jamie@ubuntu.com>
#  Copyright (C) 2015 Canonical Ltd.
#
#  This script is distributed under the terms and conditions of the GNU General
#  Public License, Version 3 or later. See http://www.gnu.org/copyleft/gpl.html
#  for details.

set -e

logfile="/var/log/syslog"

usage() {
    cat <<EOM
Usage: `basename $0` <logfile>

If <logfile> is unspecified, use '$logfile'. If <logfile> is '-', use <stdin>.
EOM
}

if [ -n "$1" ]; then
    if [ "$1" = "-h" -o "$1" = "--help" ]; then
        usage
        exit 0
    fi

    logfile="$1"
    shift
fi

if [ "$logfile" = "-" ]; then
    logfile="/dev/stdin"
fi

grep 'audit: type=1326' -- "$logfile" | while read line ; do
    call=`echo "$line" | sed 's/.* \(syscall=[0-9]\+\) .*/\1/g' | cut -d '=' -f 2`
    name=`scmp_sys_resolver $call`
    echo "$line" | sed "s/ syscall=$call / syscall=$call($name) /"
done
