/****************************************************************************** * * * Function: filter_evaluate_or * * * * Purpose: check if the lld data passes filter evaluation by or rule * * * * Parameters: filter - [IN] the lld filter * * jp_row - [IN] the lld data row * * * * Return value: SUCCEED - the lld data passed filter evaluation * * FAIL - otherwise * * * ******************************************************************************/ static int filter_evaluate_or(lld_filter_t *filter, struct zbx_json_parse *jp_row) { const char *__function_name = "filter_evaluate_or"; int i, ret = SUCCEED; char *value = NULL; size_t value_alloc = 0; zabbix_log(LOG_LEVEL_DEBUG, "In %s()", __function_name); for (i = 0; i < filter->conditions.values_num; i++) { lld_condition_t *condition = (lld_condition_t *)filter->conditions.values[i]; if (SUCCEED == (ret = zbx_json_value_by_name_dyn(jp_row, condition->macro, &value, &value_alloc))) { ret = (ZBX_REGEXP_MATCH == regexp_match_ex(&condition->regexps, value, condition->regexp, ZBX_CASE_SENSITIVE) ? SUCCEED : FAIL); } /* if any of conditions are true the evaluation returns true */ if (SUCCEED == ret) break; } zbx_free(value); zabbix_log(LOG_LEVEL_DEBUG, "End of %s():%s", __function_name, zbx_result_string(ret)); return ret; }
/****************************************************************************** * * * Function: filter_evaluate_expression * * * * Purpose: check if the lld data passes filter evaluation by custom * * expression * * * * Parameters: filter - [IN] the lld filter * * jp_row - [IN] the lld data row * * * * Return value: SUCCEED - the lld data passed filter evaluation * * FAIL - otherwise * * * * Comments: 1) replace {item_condition} references with action condition * * evaluation results (1 or 0) * * 2) call evaluate() to calculate the final result * * * ******************************************************************************/ static int filter_evaluate_expression(lld_filter_t *filter, struct zbx_json_parse *jp_row) { const char *__function_name = "filter_evaluate_expression"; int i, ret = FAIL, id_len; char *expression, id[ZBX_MAX_UINT64_LEN + 2], *p, error[256]; double result; zabbix_log(LOG_LEVEL_DEBUG, "In %s() expression:%s", __function_name, filter->expression); expression = zbx_strdup(NULL, filter->expression); for (i = 0; i < filter->conditions.values_num; i++) { char *value = NULL; size_t value_alloc = 0; lld_condition_t *condition = (lld_condition_t *)filter->conditions.values[i]; if (SUCCEED == (ret = zbx_json_value_by_name_dyn(jp_row, condition->macro, &value, &value_alloc))) { ret = (ZBX_REGEXP_MATCH == regexp_match_ex(&condition->regexps, value, condition->regexp, ZBX_CASE_SENSITIVE) ? SUCCEED : FAIL); } zbx_free(value); zbx_snprintf(id, sizeof(id), "{" ZBX_FS_UI64 "}", condition->id); id_len = strlen(id); p = expression; while (NULL != (p = strstr(p, id))) { *p = (SUCCEED == ret ? '1' : '0'); memset(p + 1, ' ', id_len - 1); p += id_len; } } if (SUCCEED == evaluate(&result, expression, error, sizeof(error))) ret = (SUCCEED != zbx_double_compare(result, 0) ? SUCCEED : FAIL); zbx_free(expression); zabbix_log(LOG_LEVEL_DEBUG, "End of %s():%s", __function_name, zbx_result_string(ret)); return ret; }
/****************************************************************************** * * * Function: filter_evaluate_and_or * * * * Purpose: check if the lld data passes filter evaluation by and/or rule * * * * Parameters: filter - [IN] the lld filter * * jp_row - [IN] the lld data row * * * * Return value: SUCCEED - the lld data passed filter evaluation * * FAIL - otherwise * * * ******************************************************************************/ static int filter_evaluate_and_or(lld_filter_t *filter, struct zbx_json_parse *jp_row) { const char *__function_name = "filter_evaluate_and_or"; int i, ret = SUCCEED, rc = SUCCEED; char *lastmacro = NULL, *value = NULL; size_t value_alloc = 0; zabbix_log(LOG_LEVEL_DEBUG, "In %s()", __function_name); for (i = 0; i < filter->conditions.values_num; i++) { lld_condition_t *condition = (lld_condition_t *)filter->conditions.values[i]; if (SUCCEED == (rc = zbx_json_value_by_name_dyn(jp_row, condition->macro, &value, &value_alloc))) { rc = (ZBX_REGEXP_MATCH == regexp_match_ex(&condition->regexps, value, condition->regexp, ZBX_CASE_SENSITIVE) ? SUCCEED : FAIL); } /* check if a new condition group has started */ if (NULL == lastmacro || 0 != strcmp(lastmacro, condition->macro)) { /* if any of condition groups are false the evaluation returns false */ if (FAIL == ret) goto out; ret = rc; } else { if (SUCCEED == rc) ret = rc; } lastmacro = condition->macro; } out: zbx_free(value); zabbix_log(LOG_LEVEL_DEBUG, "End of %s():%s", __function_name, zbx_result_string(ret)); return ret; }
static int lld_check_record(struct zbx_json_parse *jp_row, const char *f_macro, const char *f_regexp, zbx_vector_ptr_t *regexps) { const char *__function_name = "lld_check_record"; char *value = NULL; size_t value_alloc = 0; int res = SUCCEED; zabbix_log(LOG_LEVEL_DEBUG, "In %s() jp_row:'%.*s'", __function_name, jp_row->end - jp_row->start + 1, jp_row->start); if (SUCCEED == zbx_json_value_by_name_dyn(jp_row, f_macro, &value, &value_alloc)) res = regexp_match_ex(regexps, value, f_regexp, ZBX_CASE_SENSITIVE); zbx_free(value); zabbix_log(LOG_LEVEL_DEBUG, "End of %s():%s", __function_name, zbx_result_string(res)); return res; }
static void process_active_checks(char *server, unsigned short port) { register int i, s_count, p_count; char **pvalue; int now, send_err = SUCCEED, ret; unsigned long timestamp; char *source = NULL; char *value = NULL; unsigned short severity; long lastlogsize; char params[MAX_STRING_LEN]; char filename[MAX_STRING_LEN]; char pattern[MAX_STRING_LEN]; AGENT_RESULT result; zabbix_log( LOG_LEVEL_DEBUG, "In process_active_checks('%s',%u)",server, port); init_result(&result); now = (int)time(NULL); for(i=0; NULL != active_metrics[i].key && SUCCEED == send_err; i++) { if(active_metrics[i].nextcheck > now) continue; if(active_metrics[i].status != ITEM_STATUS_ACTIVE) continue; /* Special processing for log files */ if(strncmp(active_metrics[i].key,"log[",4) == 0) { do{ /* simple try realization */ if (parse_command(active_metrics[i].key, NULL, 0, params, MAX_STRING_LEN) != 2) break; if (num_param(params) > 2) break; if (get_param(params, 1, filename, sizeof(filename)) != 0) break; if (get_param(params, 2, pattern, sizeof(pattern)) != 0) *pattern = '\0'; s_count = 0; p_count = 0; lastlogsize = active_metrics[i].lastlogsize; while (SUCCEED == (ret = process_log(filename, &lastlogsize, &value))) { if (!value) /* EOF */ break; if (SUCCEED == regexp_match_ex(regexps, regexps_num, value, pattern, ZBX_CASE_SENSITIVE)) { send_err = process_value( server, port, CONFIG_HOSTNAME, active_metrics[i].key_orig, value, &lastlogsize, NULL, NULL, NULL ); s_count++; } p_count++; zbx_free(value); if (SUCCEED == send_err) active_metrics[i].lastlogsize = lastlogsize; else lastlogsize = active_metrics[i].lastlogsize; /* Do not flood ZABBIX server if file grows too fast */ if(s_count >= (MAX_LINES_PER_SECOND * active_metrics[i].refresh)) break; /* Do not flood local system if file grows too fast */ if(p_count >= (4 * MAX_LINES_PER_SECOND * active_metrics[i].refresh)) break; } if( FAIL == ret ) { active_metrics[i].status = ITEM_STATUS_NOTSUPPORTED; zabbix_log( LOG_LEVEL_WARNING, "Active check [%s] is not supported. Disabled.", active_metrics[i].key); send_err = process_value( server, port, CONFIG_HOSTNAME, active_metrics[i].key_orig, "ZBX_NOTSUPPORTED", &active_metrics[i].lastlogsize, NULL, NULL, NULL ); } }while(0); /* simple try realization */ } /* Special processing for eventlog */ else if(strncmp(active_metrics[i].key,"eventlog[",9) == 0) { do{ /* simple try realization */ if (parse_command(active_metrics[i].key, NULL, 0, params, MAX_STRING_LEN) != 2) break; if (num_param(params) > 2) break; if (get_param(params, 1, filename, sizeof(filename)) != 0) break; if (get_param(params, 2, pattern, sizeof(pattern)) != 0) *pattern = '\0'; s_count = 0; p_count = 0; lastlogsize = active_metrics[i].lastlogsize; while (SUCCEED == (ret = process_eventlog(filename, &lastlogsize, ×tamp, &source, &severity, &value))) { if (!value) /* EOF */ break; if (SUCCEED == regexp_match_ex(regexps, regexps_num, value, pattern, ZBX_CASE_SENSITIVE)) { send_err = process_value( server, port, CONFIG_HOSTNAME, active_metrics[i].key_orig, value, &lastlogsize, ×tamp, source, &severity ); s_count++; } p_count++; zbx_free(source); zbx_free(value); if (SUCCEED == send_err) active_metrics[i].lastlogsize = lastlogsize; else lastlogsize = active_metrics[i].lastlogsize; /* Do not flood ZABBIX server if file grows too fast */ if(s_count >= (MAX_LINES_PER_SECOND * active_metrics[i].refresh)) break; /* Do not flood local system if file grows too fast */ if(p_count >= (4 * MAX_LINES_PER_SECOND * active_metrics[i].refresh)) break; } if( FAIL == ret ) { active_metrics[i].status = ITEM_STATUS_NOTSUPPORTED; zabbix_log( LOG_LEVEL_WARNING, "Active check [%s] is not supported. Disabled.", active_metrics[i].key); send_err = process_value( server, port, CONFIG_HOSTNAME, active_metrics[i].key_orig, "ZBX_NOTSUPPORTED", &active_metrics[i].lastlogsize, NULL, NULL, NULL ); } }while(0); /* simple try realization NOTE: never loop */ } else { process(active_metrics[i].key, 0, &result); if( NULL == (pvalue = GET_TEXT_RESULT(&result)) ) pvalue = GET_MSG_RESULT(&result); if(pvalue) { zabbix_log( LOG_LEVEL_DEBUG, "For key [%s] received value [%s]", active_metrics[i].key, *pvalue); send_err = process_value( server, port, CONFIG_HOSTNAME, active_metrics[i].key_orig, *pvalue, NULL, NULL, NULL, NULL ); if( 0 == strcmp(*pvalue,"ZBX_NOTSUPPORTED") ) { active_metrics[i].status = ITEM_STATUS_NOTSUPPORTED; zabbix_log( LOG_LEVEL_WARNING, "Active check [%s] is not supported. Disabled.", active_metrics[i].key); } } free_result(&result); } active_metrics[i].nextcheck = (int)time(NULL)+active_metrics[i].refresh; } }
/****************************************************************************** * * * Function: process_trap_for_interface * * * * Purpose: add trap to all matching items for the specified interface * * * * Return value: SUCCEED - a matching item was found * * FAIL - no matching item was found (including fallback items) * * * * Author: Rudolfs Kreicbergs * * * ******************************************************************************/ static int process_trap_for_interface(zbx_uint64_t interfaceid, char *trap, zbx_timespec_t *ts) { DC_ITEM *items = NULL; const char *regex; char error[ITEM_ERROR_LEN_MAX]; size_t num, i; int ret = FAIL, fb = -1, *lastclocks = NULL, *errcodes = NULL; zbx_uint64_t *itemids = NULL; unsigned char *states = NULL; AGENT_RESULT *results = NULL; AGENT_REQUEST request; zbx_vector_ptr_t regexps; zbx_vector_ptr_create(®exps); num = DCconfig_get_snmp_items_by_interfaceid(interfaceid, &items); itemids = zbx_malloc(itemids, sizeof(zbx_uint64_t) * num); states = zbx_malloc(states, sizeof(unsigned char) * num); lastclocks = zbx_malloc(lastclocks, sizeof(int) * num); errcodes = zbx_malloc(errcodes, sizeof(int) * num); results = zbx_malloc(results, sizeof(AGENT_RESULT) * num); for (i = 0; i < num; i++) { init_result(&results[i]); errcodes[i] = FAIL; items[i].key = zbx_strdup(items[i].key, items[i].key_orig); if (SUCCEED != substitute_key_macros(&items[i].key, NULL, &items[i], NULL, MACRO_TYPE_ITEM_KEY, error, sizeof(error))) { SET_MSG_RESULT(&results[i], zbx_strdup(NULL, error)); errcodes[i] = NOTSUPPORTED; continue; } if (0 == strcmp(items[i].key, "snmptrap.fallback")) { fb = i; continue; } init_request(&request); if (SUCCEED != parse_item_key(items[i].key, &request)) goto next; if (0 != strcmp(get_rkey(&request), "snmptrap")) goto next; if (1 < get_rparams_num(&request)) goto next; if (NULL != (regex = get_rparam(&request, 0))) { if ('@' == *regex) { DCget_expressions_by_name(®exps, regex + 1); if (0 == regexps.values_num) { SET_MSG_RESULT(&results[i], zbx_dsprintf(NULL, "Global regular expression \"%s\" does not exist.", regex + 1)); errcodes[i] = NOTSUPPORTED; goto next; } } if (SUCCEED != regexp_match_ex(®exps, trap, regex, ZBX_CASE_SENSITIVE)) goto next; } if (SUCCEED == set_result_type(&results[i], items[i].value_type, items[i].data_type, trap)) errcodes[i] = SUCCEED; else errcodes[i] = NOTSUPPORTED; ret = SUCCEED; next: free_request(&request); } if (FAIL == ret && -1 != fb) { if (SUCCEED == set_result_type(&results[fb], items[fb].value_type, items[fb].data_type, trap)) errcodes[fb] = SUCCEED; else errcodes[fb] = NOTSUPPORTED; ret = SUCCEED; } for (i = 0; i < num; i++) { switch (errcodes[i]) { case SUCCEED: if (ITEM_VALUE_TYPE_LOG == items[i].value_type) { calc_timestamp(results[i].log->value, &results[i].log->timestamp, items[i].logtimefmt); } items[i].state = ITEM_STATE_NORMAL; dc_add_history(items[i].itemid, items[i].value_type, items[i].flags, &results[i], ts, items[i].state, NULL); itemids[i] = items[i].itemid; states[i] = items[i].state; lastclocks[i] = ts->sec; break; case NOTSUPPORTED: items[i].state = ITEM_STATE_NOTSUPPORTED; dc_add_history(items[i].itemid, items[i].value_type, items[i].flags, NULL, ts, items[i].state, results[i].msg); itemids[i] = items[i].itemid; states[i] = items[i].state; lastclocks[i] = ts->sec; break; } zbx_free(items[i].key); free_result(&results[i]); } zbx_free(results); DCrequeue_items(itemids, states, lastclocks, NULL, NULL, errcodes, num); zbx_free(errcodes); zbx_free(lastclocks); zbx_free(states); zbx_free(itemids); DCconfig_clean_items(items, NULL, num); zbx_free(items); zbx_regexp_clean_expressions(®exps); zbx_vector_ptr_destroy(®exps); dc_flush_history(); return ret; }
static void process_active_checks(char *server, unsigned short port) { const char *__function_name = "process_active_checks"; register int i, s_count, p_count; char **pvalue; int now, send_err = SUCCEED, ret; char *value = NULL, *item_value = NULL; zbx_uint64_t lastlogsize; int mtime; char params[MAX_STRING_LEN], filename[MAX_STRING_LEN]; char pattern[MAX_STRING_LEN], output_template[MAX_STRING_LEN]; /* checks `log', `eventlog', `logrt' may contain parameter, which overrides CONFIG_MAX_LINES_PER_SECOND */ char maxlines_persec_str[16]; int maxlines_persec; #ifdef _WINDOWS unsigned long timestamp, logeventid; unsigned short severity; char key_severity[MAX_STRING_LEN], str_severity[32] /* for `regex_match_ex' */; char key_source[MAX_STRING_LEN], *provider = NULL, *source = NULL; char key_logeventid[MAX_STRING_LEN], str_logeventid[8] /* for `regex_match_ex' */; OSVERSIONINFO versionInfo; zbx_uint64_t keywords; EVT_HANDLE eventlog6_render_context = NULL; EVT_HANDLE eventlog6_query = NULL; zbx_uint64_t eventlog6_firstid = 0; zbx_uint64_t eventlog6_lastid = 0; #endif char encoding[32]; char tmp[16]; AGENT_RESULT result; zabbix_log(LOG_LEVEL_DEBUG, "In %s('%s',%hu)", __function_name, server, port); init_result(&result); now = (int)time(NULL); for (i = 0; NULL != active_metrics[i].key && SUCCEED == send_err; i++) { if (active_metrics[i].nextcheck > now) continue; if (ITEM_STATE_NORMAL != active_metrics[i].state) continue; /* special processing for log files without rotation */ if (0 == strncmp(active_metrics[i].key, "log[", 4)) { ret = FAIL; do { /* simple try realization */ if (ZBX_COMMAND_WITH_PARAMS != parse_command(active_metrics[i].key, NULL, 0, params, sizeof(params))) { break; } if (6 < num_param(params)) break; if (0 != get_param(params, 1, filename, sizeof(filename))) break; if (0 != get_param(params, 2, pattern, sizeof(pattern))) *pattern = '\0'; if (0 != get_param(params, 3, encoding, sizeof(encoding))) *encoding = '\0'; zbx_strupper(encoding); if (0 != get_param(params, 4, maxlines_persec_str, sizeof(maxlines_persec_str)) || '\0' == *maxlines_persec_str) maxlines_persec = CONFIG_MAX_LINES_PER_SECOND; else if (MIN_VALUE_LINES > (maxlines_persec = atoi(maxlines_persec_str)) || MAX_VALUE_LINES < maxlines_persec) break; if (0 != get_param(params, 5, tmp, sizeof(tmp))) *tmp = '\0'; if ('\0' == *tmp || 0 == strcmp(tmp, "all")) active_metrics[i].skip_old_data = 0; else if (0 != strcmp(tmp, "skip")) break; if (0 != get_param(params, 6, output_template, sizeof(output_template))) *output_template = '\0'; s_count = 0; p_count = 0; lastlogsize = active_metrics[i].lastlogsize; while (SUCCEED == (ret = process_log(filename, &lastlogsize, &value, encoding, active_metrics[i].skip_old_data))) { active_metrics[i].skip_old_data = 0; /* End of file. The file could become empty, must save `lastlogsize'. */ if (NULL == value) { active_metrics[i].lastlogsize = lastlogsize; break; } if (SUCCEED == regexp_sub_ex(®exps, value, pattern, ZBX_CASE_SENSITIVE, output_template, &item_value)) { send_err = process_value(server, port, CONFIG_HOSTNAME, active_metrics[i].key_orig, item_value, &lastlogsize, NULL, NULL, NULL, NULL, NULL, 1); zbx_free(item_value); s_count++; } p_count++; zbx_free(value); if (SUCCEED == send_err) active_metrics[i].lastlogsize = lastlogsize; else { /* buffer is full, stop processing active checks */ /* till the buffer is cleared */ lastlogsize = active_metrics[i].lastlogsize; goto ret; } /* do not flood Zabbix server if file grows too fast */ if (s_count >= (maxlines_persec * active_metrics[i].refresh)) break; /* do not flood local system if file grows too fast */ if (p_count >= (4 * maxlines_persec * active_metrics[i].refresh)) break; } /* while processing a log */ } while (0); /* simple try realization */ if (FAIL == ret) { active_metrics[i].state = ITEM_STATE_NOTSUPPORTED; zabbix_log(LOG_LEVEL_WARNING, "active check \"%s\" is not supported", active_metrics[i].key); process_value(server, port, CONFIG_HOSTNAME, active_metrics[i].key_orig, NULL, &active_metrics[i].lastlogsize, NULL, NULL, NULL, NULL, NULL, 0); } } /* special processing for log files with rotation */ else if (0 == strncmp(active_metrics[i].key, "logrt[", 6)) { ret = FAIL; do { /* simple try realization */ if (ZBX_COMMAND_WITH_PARAMS != parse_command(active_metrics[i].key, NULL, 0, params, sizeof(params))) { break; } if (6 < num_param(params)) break; if (0 != get_param(params, 1, filename, sizeof(filename))) break; if (0 != get_param(params, 2, pattern, sizeof(pattern))) *pattern = '\0'; if (0 != get_param(params, 3, encoding, sizeof(encoding))) *encoding = '\0'; zbx_strupper(encoding); if (0 != get_param(params, 4, maxlines_persec_str, sizeof(maxlines_persec_str)) || '\0' == *maxlines_persec_str) maxlines_persec = CONFIG_MAX_LINES_PER_SECOND; else if (MIN_VALUE_LINES > (maxlines_persec = atoi(maxlines_persec_str)) || MAX_VALUE_LINES < maxlines_persec) break; if (0 != get_param(params, 5, tmp, sizeof(tmp))) *tmp = '\0'; if ('\0' == *tmp || 0 == strcmp(tmp, "all")) active_metrics[i].skip_old_data = 0; else if (0 != strcmp(tmp, "skip")) break; if (0 != get_param(params, 6, output_template, sizeof(output_template))) *output_template = '\0'; s_count = 0; p_count = 0; lastlogsize = active_metrics[i].lastlogsize; mtime = active_metrics[i].mtime; while (SUCCEED == (ret = process_logrt(filename, &lastlogsize, &mtime, &value, encoding, active_metrics[i].skip_old_data))) { active_metrics[i].skip_old_data = 0; /* End of file. The file could become empty,*/ /* must save `lastlogsize' and `mtime'. */ if (NULL == value) { active_metrics[i].lastlogsize = lastlogsize; active_metrics[i].mtime = mtime; break; } if (SUCCEED == regexp_sub_ex(®exps, value, pattern, ZBX_CASE_SENSITIVE, output_template, &item_value)) { send_err = process_value(server, port, CONFIG_HOSTNAME, active_metrics[i].key_orig, item_value, &lastlogsize, &mtime, NULL, NULL, NULL, NULL, 1); zbx_free(item_value); s_count++; } p_count++; zbx_free(value); if (SUCCEED == send_err) { active_metrics[i].lastlogsize = lastlogsize; active_metrics[i].mtime = mtime; } else { /* buffer is full, stop processing active checks */ /* till the buffer is cleared */ lastlogsize = active_metrics[i].lastlogsize; mtime = active_metrics[i].mtime; goto ret; } /* do not flood Zabbix server if file grows too fast */ if (s_count >= (maxlines_persec * active_metrics[i].refresh)) break; /* do not flood local system if file grows too fast */ if (p_count >= (4 * maxlines_persec * active_metrics[i].refresh)) break; } /* while processing a log */ } while (0); /* simple try realization */ if (FAIL == ret) { active_metrics[i].state = ITEM_STATE_NOTSUPPORTED; zabbix_log(LOG_LEVEL_WARNING, "active check \"%s\" is not supported", active_metrics[i].key); process_value(server, port, CONFIG_HOSTNAME, active_metrics[i].key_orig, NULL, &active_metrics[i].lastlogsize, &active_metrics[i].mtime, NULL, NULL, NULL, NULL, 0); } } /* special processing for eventlog */ else if (0 == strncmp(active_metrics[i].key, "eventlog[", 9)) { ret = FAIL; #ifdef _WINDOWS do { /* simple try realization */ if (ZBX_COMMAND_WITH_PARAMS != parse_command(active_metrics[i].key, NULL, 0, params, sizeof(params))) { break; } if (7 < num_param(params)) break; if (0 != get_param(params, 1, filename, sizeof(filename))) break; if (0 != get_param(params, 2, pattern, sizeof(pattern))) *pattern = '\0'; if (0 != get_param(params, 3, key_severity, sizeof(key_severity))) *key_severity = '\0'; if (0 != get_param(params, 4, key_source, sizeof(key_source))) *key_source = '\0'; if (0 != get_param(params, 5, key_logeventid, sizeof(key_logeventid))) *key_logeventid = '\0'; if (0 != get_param(params, 6, maxlines_persec_str, sizeof(maxlines_persec_str)) || '\0' == *maxlines_persec_str) maxlines_persec = CONFIG_MAX_LINES_PER_SECOND; else if (MIN_VALUE_LINES > (maxlines_persec = atoi(maxlines_persec_str)) || MAX_VALUE_LINES < maxlines_persec) break; if (0 != get_param(params, 7, tmp, sizeof(tmp))) *tmp = '\0'; if ('\0' == *tmp || 0 == strcmp(tmp, "all")) active_metrics[i].skip_old_data = 0; else if (0 != strcmp(tmp, "skip")) break; s_count = 0; p_count = 0; lastlogsize = active_metrics[i].lastlogsize; versionInfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO); GetVersionEx(&versionInfo); if (versionInfo.dwMajorVersion >= 6) /* Windows Vista, 7 or Server 2008 */ { __try { if (SUCCEED != initialize_eventlog6(filename, &lastlogsize, &eventlog6_firstid, &eventlog6_lastid, &eventlog6_render_context, &eventlog6_query)) { finalize_eventlog6(&eventlog6_render_context, &eventlog6_query); break; } while (SUCCEED == (ret = process_eventlog6(filename, &lastlogsize, ×tamp, &provider, &source, &severity, &value, &logeventid, &eventlog6_firstid, &eventlog6_lastid, &eventlog6_render_context, &eventlog6_query, &keywords, active_metrics[i].skip_old_data))) { active_metrics[i].skip_old_data = 0; /* End of file. */ /* The eventlog could become empty, must save `lastlogsize'. */ if (NULL == value) { active_metrics[i].lastlogsize = lastlogsize; break; } switch (severity) { case WINEVENT_LEVEL_LOG_ALWAYS: case WINEVENT_LEVEL_INFO: if (0 != (keywords & WINEVENT_KEYWORD_AUDIT_FAILURE)) { severity = ITEM_LOGTYPE_FAILURE_AUDIT; strscpy(str_severity, AUDIT_FAILURE); break; } else if (0 != (keywords & WINEVENT_KEYWORD_AUDIT_SUCCESS)) { severity = ITEM_LOGTYPE_SUCCESS_AUDIT; strscpy(str_severity, AUDIT_SUCCESS); break; } else severity = ITEM_LOGTYPE_INFORMATION; strscpy(str_severity, INFORMATION_TYPE); break; case WINEVENT_LEVEL_WARNING: severity = ITEM_LOGTYPE_WARNING; strscpy(str_severity, WARNING_TYPE); break; case WINEVENT_LEVEL_ERROR: severity = ITEM_LOGTYPE_ERROR; strscpy(str_severity, ERROR_TYPE); break; case WINEVENT_LEVEL_CRITICAL: severity = ITEM_LOGTYPE_CRITICAL; strscpy(str_severity, CRITICAL_TYPE); break; case WINEVENT_LEVEL_VERBOSE: severity = ITEM_LOGTYPE_VERBOSE; strscpy(str_severity, VERBOSE_TYPE); break; } zbx_snprintf(str_logeventid, sizeof(str_logeventid), "%lu", logeventid); if (SUCCEED == regexp_match_ex(®exps, value, pattern, ZBX_CASE_SENSITIVE) && SUCCEED == regexp_match_ex(®exps, str_severity, key_severity, ZBX_IGNORE_CASE) && SUCCEED == regexp_match_ex(®exps, provider, key_source, ZBX_IGNORE_CASE) && SUCCEED == regexp_match_ex(®exps, str_logeventid, key_logeventid, ZBX_CASE_SENSITIVE)) { send_err = process_value(server, port, CONFIG_HOSTNAME, active_metrics[i].key_orig, value, &lastlogsize, NULL, ×tamp, provider, &severity, &logeventid, 1); s_count++; } p_count++; zbx_free(source); zbx_free(provider); zbx_free(value); if (SUCCEED == send_err) active_metrics[i].lastlogsize = lastlogsize; else { /* buffer is full, stop processing active checks*/ /* till the buffer is cleared */ lastlogsize = active_metrics[i].lastlogsize; goto ret; } /* do not flood Zabbix server if file grows too fast */ if (s_count >= (maxlines_persec * active_metrics[i].refresh)) break; /* do not flood local system if file grows too fast */ if (p_count >= (4 * maxlines_persec * active_metrics[i].refresh)) break; } /* while processing an eventlog */ finalize_eventlog6(&eventlog6_render_context, &eventlog6_query); } __except (DelayLoadDllExceptionFilter(GetExceptionInformation())) { zabbix_log(LOG_LEVEL_WARNING, "failed to process eventlog"); break; } } else if (versionInfo.dwMajorVersion < 6) /* Windows versions before Vista */ { while (SUCCEED == (ret = process_eventlog(filename, &lastlogsize, ×tamp, &source, &severity, &value, &logeventid, active_metrics[i].skip_old_data))) { active_metrics[i].skip_old_data = 0; /* End of file. */ /* The eventlog could become empty, must save `lastlogsize'. */ if (NULL == value) { active_metrics[i].lastlogsize = lastlogsize; break; } switch (severity) { case EVENTLOG_SUCCESS: case EVENTLOG_INFORMATION_TYPE: severity = ITEM_LOGTYPE_INFORMATION; strscpy(str_severity, INFORMATION_TYPE); break; case EVENTLOG_WARNING_TYPE: severity = ITEM_LOGTYPE_WARNING; strscpy(str_severity, WARNING_TYPE); break; case EVENTLOG_ERROR_TYPE: severity = ITEM_LOGTYPE_ERROR; strscpy(str_severity, ERROR_TYPE); break; case EVENTLOG_AUDIT_FAILURE: severity = ITEM_LOGTYPE_FAILURE_AUDIT; strscpy(str_severity, AUDIT_FAILURE); break; case EVENTLOG_AUDIT_SUCCESS: severity = ITEM_LOGTYPE_SUCCESS_AUDIT; strscpy(str_severity, AUDIT_SUCCESS); break; } zbx_snprintf(str_logeventid, sizeof(str_logeventid), "%lu", logeventid); if (SUCCEED == regexp_match_ex(®exps, value, pattern, ZBX_CASE_SENSITIVE) && SUCCEED == regexp_match_ex(®exps, str_severity, key_severity, ZBX_IGNORE_CASE) && SUCCEED == regexp_match_ex(®exps, source, key_source, ZBX_IGNORE_CASE) && SUCCEED == regexp_match_ex(®exps, str_logeventid, key_logeventid, ZBX_CASE_SENSITIVE)) { send_err = process_value(server, port, CONFIG_HOSTNAME, active_metrics[i].key_orig, value, &lastlogsize, NULL, ×tamp, source, &severity, &logeventid, 1); s_count++; } p_count++; zbx_free(source); zbx_free(value); if (SUCCEED == send_err) active_metrics[i].lastlogsize = lastlogsize; else { /* buffer is full, stop processing active checks */ /* till the buffer is cleared */ lastlogsize = active_metrics[i].lastlogsize; goto ret; } /* do not flood Zabbix server if file grows too fast */ if (s_count >= (maxlines_persec * active_metrics[i].refresh)) break; /* do not flood local system if file grows too fast */ if (p_count >= (4 * maxlines_persec * active_metrics[i].refresh)) break; } /* while processing an eventlog */ } break; } while (0); /* simple try realization */ #endif /* _WINDOWS */ if (FAIL == ret) { active_metrics[i].state = ITEM_STATE_NOTSUPPORTED; zabbix_log(LOG_LEVEL_WARNING, "active check \"%s\" is not supported", active_metrics[i].key); process_value(server, port, CONFIG_HOSTNAME, active_metrics[i].key_orig, NULL, &active_metrics[i].lastlogsize, NULL, NULL, NULL, NULL, NULL, 0); } }