#!/bin/bash

## Copyright (C) 2021 - 2025 ENCRYPTED SUPPORT LLC <adrelanos@whonix.org>
## See the file COPYING for copying conditions.

#### meta start
#### project Whonix
#### category tor and usability
#### gateway_only yes
#### description
## Tor log parsing command line utility.
#### meta end

if [ -f /usr/libexec/helper-scripts/pre.bsh ]; then
  source /usr/libexec/helper-scripts/pre.bsh
fi

cmd1="journalctl --boot --no-pager --output cat -u tor.service"
log1="$($cmd1)"

cmd2="journalctl --boot --no-pager --output cat -u tor@default.service"
log2="$($cmd2)"

## Vanguards does not exist in Trixie any longer.
#cmd3="journalctl --boot --no-pager --output cat -u vanguards.service"
#log3="$($cmd3)"

if [ -z "$log1" ]; then
  log1="empty"
fi

if [ -z "$log2" ]; then
  log2="empty"
fi

if [ -z "$log3" ]; then
  log3="empty"
fi

if [ "$log2" = "empty" ]; then
  echo "ERROR: Running command:

$cmd2

failed! This program needs to be run as root:

sudo $0

or this user '$(whoami)' needs to be a member of group 'systemd-journal'.

sudo adduser $(whoami) systemd-journal

Exiting." >&2
   exit 1
fi

#log_full="\
#${bold}tor.service:${reset}
#
#$log1
#
#${bold}tor@default.service:${reset}
#
#$log2
#
#${bold}vanguards.service:${reset}
#
#$log3"

log_full="\
${bold}tor.service:${reset}

$log1

${bold}tor@default.service:${reset}

$log2"

## https://www.whonix.org/wiki/Tor#Non-Issues
log_full="$(echo "$log_full" | grep --invert-match --fixed-strings -- "New control connection opened.")"
log_full="$(echo "$log_full" | grep --invert-match --fixed-strings -- "[notice] Opening HTTP tunnel listener")"
log_full="$(echo "$log_full" | grep --invert-match --fixed-strings -- "[notice] Opened HTTP tunnel listener")"
log_full="$(echo "$log_full" | grep --invert-match --fixed-strings -- "[notice] Opened Socks listener")"
log_full="$(echo "$log_full" | grep --invert-match --fixed-strings -- "[notice] Opening Socks listener")"
log_full="$(echo "$log_full" | grep --invert-match --fixed-strings -- "[notice] Opening DNS listener")"
log_full="$(echo "$log_full" | grep --invert-match --fixed-strings -- "[notice] Opened DNS listener")"
log_full="$(echo "$log_full" | grep --invert-match --fixed-strings -- "[notice] Opening Transparent pf/netfilter listener")"
log_full="$(echo "$log_full" | grep --invert-match --fixed-strings -- "[notice] Opened Transparent pf/netfilter listener")"
log_full="$(echo "$log_full" | grep --invert-match --fixed-strings -- "[notice] Opening Control listener on /run/tor/control")"
log_full="$(echo "$log_full" | grep --invert-match --fixed-strings -- "[notice] Opened Control listener on /run/tor/control")"

log_full="$(echo "$log_full" | grep --invert-match --fixed-strings -- "[notice] You configured a non-loopback address")"
log_full="$(echo "$log_full" | grep --invert-match --fixed-strings -- "opening log file")"
log_full="$(echo "$log_full" | grep --invert-match --fixed-strings -- "[notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.")"
log_full="$(echo "$log_full" | grep --invert-match --fixed-strings -- "[notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6.")"

log_full="$(echo "$log_full" | grep --invert-match --fixed-strings -- "[notice] New control connection opened.")"
log_full="$(echo "$log_full" | grep --invert-match --fixed-strings -- "[warn] Socks version 71 not recognized. (This port is not an HTTP proxy; did you want to use HTTPTunnelPort?)")"

## Use anon-verify instead.
## https://www.whonix.org/wiki/Tor#Configuration_Check
log_full="$(echo "$log_full" | grep --invert-match --fixed-strings -- "[notice] Read configuration file")"
log_full="$(echo "$log_full" | grep --invert-match --fixed-strings -- "[notice] Including configuration file")"
log_full="$(echo "$log_full" | grep --invert-match --fixed-strings -- "[notice] Processing configuration path")"

log_full="$(echo "$log_full" | grep --invert-match --fixed-strings -- "[notice] Option 'DisableNetwork' used more than once; all but the last value will be ignored.")"
log_full="$(echo "$log_full" | grep --invert-match --fixed-strings -- "[warn] Option 'ClientOnionAuthDir' used more than once; all but the last value will be ignored.")"
log_full="$(echo "$log_full" | grep --invert-match --fixed-strings -- "[warn] Option 'DisableNetwork' used more than once; all but the last value will be ignored.")"

echo "$log_full"
