AddContextualDataSelector *
add_contextual_data_template_selector_new(GlobalConfig *cfg, const gchar *selector_template_string)
{
  AddContextualDataTemplateSelector *new_instance = g_new0(AddContextualDataTemplateSelector, 1);
  new_instance->selector_template_string = g_strdup(selector_template_string);
  new_instance->selector_template = log_template_new(cfg, NULL);
  new_instance->super.resolve = _resolve;
  new_instance->super.free = _free;
  new_instance->super.init = _init;
  new_instance->super.clone = _clone;

  return &new_instance->super;
}
Beispiel #2
0
LogRewrite *
log_rewrite_set_new(const gchar *new_value)
{
  LogRewriteSet *self = g_new0(LogRewriteSet, 1);
  
  log_rewrite_init(&self->super);
  self->super.free_fn = log_rewrite_set_free;
  self->super.process = log_rewrite_set_process;

  self->value_template = log_template_new(configuration, NULL, new_value);
  
  return &self->super;
}
Beispiel #3
0
LogRewrite *
log_rewrite_subst_new(const gchar *replacement)
{
  LogRewriteSubst *self = g_new0(LogRewriteSubst, 1);

  log_rewrite_init(&self->super);

  self->super.free_fn = log_rewrite_subst_free;
  self->super.process = log_rewrite_subst_process;
  
  self->replacement = log_template_new(configuration, NULL, replacement);
  return &self->super;
}
int
testcase_replace(const gchar *log, const gchar *re, gchar *replacement, const gchar *expected_result, const gint matcher_flags, LogMatcher *m)
{
  LogMessage *msg;
  LogTemplate *r;
  gchar *result;
  gssize length;
  gchar buf[1024];
  gssize msglen;
  NVHandle nonasciiz = log_msg_get_value_handle("NON-ASCIIZ");
  const gchar *value;
  GSockAddr *sa;

  sa = g_sockaddr_inet_new("10.10.10.10", 1010);
  msg = log_msg_new(log, strlen(log), sa, &parse_options);
  g_sockaddr_unref(sa);

  /* NOTE: we test how our matchers cope with non-zero terminated values. We don't change message_len, only the value */

  g_snprintf(buf, sizeof(buf), "%sAAAAAAAAAAAA", log_msg_get_value(msg, LM_V_MESSAGE, &msglen));
  log_msg_set_value(msg, log_msg_get_value_handle("MESSAGE2"), buf, -1);

  /* add a non-zero terminated indirect value which contains the whole message */
  log_msg_set_value_indirect(msg, nonasciiz, log_msg_get_value_handle("MESSAGE2"), 0, 0, msglen);

  log_matcher_set_flags(m, matcher_flags);

  log_matcher_compile(m, re);

  r = log_template_new(configuration, NULL);
  log_template_compile(r, replacement, NULL);

  NVTable *nv_table = nv_table_ref(msg->payload);
  value = log_msg_get_value(msg, nonasciiz, &msglen);
  result = log_matcher_replace(m, msg, nonasciiz, value, msglen, r, &length);
  value = log_msg_get_value(msg, nonasciiz, &msglen);
  nv_table_unref(nv_table);

  if (strncmp(result ? result : value, expected_result, result ? length : msglen) != 0)
    {
      fprintf(stderr, "Testcase failure. pattern=%s, result=%.*s, expected=%s\n", re, (gint) length, result ? result : value, expected_result);
      exit(1);
    }

  g_free(result);

  log_template_unref(r);
  log_matcher_unref(m);
  log_msg_unref(msg);
  return 0;
}
gboolean
synthetic_message_add_value_template_string(SyntheticMessage *self, GlobalConfig *cfg, const gchar *name, const gchar *value, GError **error)
{
  LogTemplate *value_template;
  gboolean result = FALSE;

  /* NOTE: we shouldn't use the name property for LogTemplate structs, see the comment at log_template_set_name() */
  value_template = log_template_new(cfg, name);
  if (log_template_compile(value_template, value, error))
    {
      synthetic_message_add_value_template(self, name, value_template);
      result = TRUE;
    }
  log_template_unref(value_template);
  return result;
}
void
test_pattern(const gchar *pattern, const gchar *rule, gboolean match)
{
  gboolean result;
  LogMessage *msg = log_msg_new_empty();
  static LogTemplate *templ;

  GString *res = g_string_sized_new(128);
  static TimeZoneInfo *tzinfo = NULL;

  PDBInput input;

  if (!tzinfo)
    tzinfo = time_zone_info_new(NULL);
  if (!templ)
    {
      templ = log_template_new(configuration, "dummy");
      log_template_compile(templ, "$TEST", NULL);
    }

  log_msg_set_value(msg, LM_V_HOST, MYHOST, strlen(MYHOST));
  log_msg_set_value(msg, LM_V_PROGRAM, "test", strlen(MYHOST));
  log_msg_set_value(msg, LM_V_MESSAGE, pattern, strlen(pattern));

  result = pattern_db_process(patterndb, PDB_INPUT_WRAP_MESSAGE(&input, msg));

  log_template_format(templ, msg, NULL, LTZ_LOCAL, 0, NULL, res);

  if (strcmp(res->str, pattern) == 0)
    {
       test_msg("Rule: '%s' Value '%s' is inserted into $TEST res:(%s)\n", rule, pattern, res->str);
    }

  if ((match && !result) || (!match && result))
     {
       test_fail("FAIL: Value '%s' is %smatching for pattern '%s' \n", rule, !!result ? "" : "not ", pattern);
     }
   else
    {
       test_msg("Value '%s' is %smatching for pattern '%s' \n", rule, !!result ? "" : "not ", pattern);
     }

  g_string_free(res, TRUE);

  log_msg_unref(msg);
}
Beispiel #7
0
LogDriver *
afamqp_dd_new(GlobalConfig *cfg)
{
    AMQPDestDriver *self = g_new0(AMQPDestDriver, 1);

    log_threaded_dest_driver_init_instance(&self->super);

    self->super.super.super.super.init = afamqp_dd_init;
    self->super.super.super.super.free_fn = afamqp_dd_free;

    self->super.worker.thread_init = afamqp_worker_thread_init;
    self->super.worker.disconnect = afamqp_dd_disconnect;
    self->super.worker.insert = afamqp_worker_insert;

    self->super.format.stats_instance = afamqp_dd_format_stats_instance;
    self->super.format.persist_name = afamqp_dd_format_persist_name;
    self->super.stats_source = SCS_AMQP;

    self->routing_key_template = log_template_new(cfg, NULL);

    afamqp_dd_set_vhost((LogDriver *) self, "/");
    afamqp_dd_set_host((LogDriver *) self, "127.0.0.1");
    afamqp_dd_set_port((LogDriver *) self, 5672);
    afamqp_dd_set_exchange((LogDriver *) self, "syslog");
    afamqp_dd_set_exchange_type((LogDriver *) self, "fanout");
    afamqp_dd_set_routing_key((LogDriver *) self, "");
    afamqp_dd_set_persistent((LogDriver *) self, TRUE);
    afamqp_dd_set_exchange_declare((LogDriver *) self, FALSE);

    init_sequence_number(&self->seq_num);

    self->max_entries = 256;
    self->entries = g_new(amqp_table_entry_t, self->max_entries);

    log_template_options_defaults(&self->template_options);
    afamqp_dd_set_value_pairs(&self->super.super.super, value_pairs_new_default(cfg));

    return (LogDriver *) self;
}
Beispiel #8
0
#include <string.h>

gboolean success = TRUE;
gboolean verbose = FALSE;
MsgFormatOptions parse_options;

void
testcase(LogMessage *msg, gchar *template, gchar *expected)
{
  LogTemplate *templ;
  GString *res = g_string_sized_new(128);
  GError *error = NULL;
  LogMessage *context[2] = { msg, msg };
  const gchar *context_id = "test-context-id";

  templ = log_template_new(configuration, "dummy");
  if (!log_template_compile(templ, template, &error))
    {
      fprintf(stderr, "FAIL: error compiling template, template=%s, error=%s\n", template, error->message);
      g_clear_error(&error);
      success = FALSE;
      goto error;
    }
  log_template_format_with_context(templ, context, 2, NULL, LTZ_LOCAL, 999, context_id, res);

  if (strcmp(res->str, expected) != 0)
    {
      fprintf(stderr, "FAIL: template test failed, template=%s, [%s] <=> [%s]\n", template, res->str, expected);
      success = FALSE;
    }
  else if (verbose)
Beispiel #9
0
  log_msg_set_value_by_name(msg, ".unix.gid", "1000", -1);
  log_msg_set_value_by_name(msg, ".unix.cmd", "command", -1);
  log_msg_set_value_by_name(msg, ".json.foo", "bar", -1);
  log_msg_set_value_by_name(msg, ".json.sub.value1", "subvalue1", -1);
  log_msg_set_value_by_name(msg, ".json.sub.value2", "subvalue2", -1);
  log_msg_set_value_by_name(msg, "escaping", "binary stuff follows \"\xad árvíztűrőtükörfúrógép", -1);
  log_msg_set_value_by_name(msg, "escaping2", "\xc3", -1);
  log_msg_set_value_by_name(msg, "null", "binary\0stuff", 12);

  return msg;
}

LogTemplate *
compile_template(const gchar *template, gboolean escaping)
{
  LogTemplate *templ = log_template_new(configuration, NULL);
  gboolean success;
  GError *error = NULL;

  log_template_set_escape(templ, escaping);
  success = log_template_compile(templ, template, &error);
  expect_true(success, "template expected to compile cleanly,"
              " but it didn't, template=%s, error=%s",
              template, error ? error->message : "(none)");
  g_clear_error(&error);

  return templ;
}

void
assert_template_format(const gchar *template, const gchar *expected)