/******************************************************************************
* *
* Function: filter_evaluate_or *
* *
* Purpose: check if the lld data passes filter evaluation by or rule *
* *
* Parameters: filter - [IN] the lld filter *
* jp_row - [IN] the lld data row *
* *
* Return value: SUCCEED - the lld data passed filter evaluation *
* FAIL - otherwise *
* *
******************************************************************************/
static int filter_evaluate_or(lld_filter_t *filter, struct zbx_json_parse *jp_row)
{
const char *__function_name = "filter_evaluate_or";
int i, ret = SUCCEED;
char *value = NULL;
size_t value_alloc = 0;
zabbix_log(LOG_LEVEL_DEBUG, "In %s()", __function_name);
for (i = 0; i < filter->conditions.values_num; i++)
{
lld_condition_t *condition = (lld_condition_t *)filter->conditions.values[i];
if (SUCCEED == (ret = zbx_json_value_by_name_dyn(jp_row, condition->macro, &value, &value_alloc)))
{
ret = (ZBX_REGEXP_MATCH == regexp_match_ex(&condition->regexps, value, condition->regexp,
ZBX_CASE_SENSITIVE) ? SUCCEED : FAIL);
}
/* if any of conditions are true the evaluation returns true */
if (SUCCEED == ret)
break;
}
zbx_free(value);
zabbix_log(LOG_LEVEL_DEBUG, "End of %s():%s", __function_name, zbx_result_string(ret));
return ret;
}
/******************************************************************************
* *
* Function: filter_evaluate_expression *
* *
* Purpose: check if the lld data passes filter evaluation by custom *
* expression *
* *
* Parameters: filter - [IN] the lld filter *
* jp_row - [IN] the lld data row *
* *
* Return value: SUCCEED - the lld data passed filter evaluation *
* FAIL - otherwise *
* *
* Comments: 1) replace {item_condition} references with action condition *
* evaluation results (1 or 0) *
* 2) call evaluate() to calculate the final result *
* *
******************************************************************************/
static int filter_evaluate_expression(lld_filter_t *filter, struct zbx_json_parse *jp_row)
{
const char *__function_name = "filter_evaluate_expression";
int i, ret = FAIL, id_len;
char *expression, id[ZBX_MAX_UINT64_LEN + 2], *p, error[256];
double result;
zabbix_log(LOG_LEVEL_DEBUG, "In %s() expression:%s", __function_name, filter->expression);
expression = zbx_strdup(NULL, filter->expression);
for (i = 0; i < filter->conditions.values_num; i++)
{
char *value = NULL;
size_t value_alloc = 0;
lld_condition_t *condition = (lld_condition_t *)filter->conditions.values[i];
if (SUCCEED == (ret = zbx_json_value_by_name_dyn(jp_row, condition->macro, &value, &value_alloc)))
{
ret = (ZBX_REGEXP_MATCH == regexp_match_ex(&condition->regexps, value, condition->regexp,
ZBX_CASE_SENSITIVE) ? SUCCEED : FAIL);
}
zbx_free(value);
zbx_snprintf(id, sizeof(id), "{" ZBX_FS_UI64 "}", condition->id);
id_len = strlen(id);
p = expression;
while (NULL != (p = strstr(p, id)))
{
*p = (SUCCEED == ret ? '1' : '0');
memset(p + 1, ' ', id_len - 1);
p += id_len;
}
}
if (SUCCEED == evaluate(&result, expression, error, sizeof(error)))
ret = (SUCCEED != zbx_double_compare(result, 0) ? SUCCEED : FAIL);
zbx_free(expression);
zabbix_log(LOG_LEVEL_DEBUG, "End of %s():%s", __function_name, zbx_result_string(ret));
return ret;
}
/******************************************************************************
* *
* Function: filter_evaluate_and_or *
* *
* Purpose: check if the lld data passes filter evaluation by and/or rule *
* *
* Parameters: filter - [IN] the lld filter *
* jp_row - [IN] the lld data row *
* *
* Return value: SUCCEED - the lld data passed filter evaluation *
* FAIL - otherwise *
* *
******************************************************************************/
static int filter_evaluate_and_or(lld_filter_t *filter, struct zbx_json_parse *jp_row)
{
const char *__function_name = "filter_evaluate_and_or";
int i, ret = SUCCEED, rc = SUCCEED;
char *lastmacro = NULL, *value = NULL;
size_t value_alloc = 0;
zabbix_log(LOG_LEVEL_DEBUG, "In %s()", __function_name);
for (i = 0; i < filter->conditions.values_num; i++)
{
lld_condition_t *condition = (lld_condition_t *)filter->conditions.values[i];
if (SUCCEED == (rc = zbx_json_value_by_name_dyn(jp_row, condition->macro, &value, &value_alloc)))
{
rc = (ZBX_REGEXP_MATCH == regexp_match_ex(&condition->regexps, value, condition->regexp,
ZBX_CASE_SENSITIVE) ? SUCCEED : FAIL);
}
/* check if a new condition group has started */
if (NULL == lastmacro || 0 != strcmp(lastmacro, condition->macro))
{
/* if any of condition groups are false the evaluation returns false */
if (FAIL == ret)
goto out;
ret = rc;
}
else
{
if (SUCCEED == rc)
ret = rc;
}
lastmacro = condition->macro;
}
out:
zbx_free(value);
zabbix_log(LOG_LEVEL_DEBUG, "End of %s():%s", __function_name, zbx_result_string(ret));
return ret;
}
static int lld_check_record(struct zbx_json_parse *jp_row, const char *f_macro, const char *f_regexp,
zbx_vector_ptr_t *regexps)
{
const char *__function_name = "lld_check_record";
char *value = NULL;
size_t value_alloc = 0;
int res = SUCCEED;
zabbix_log(LOG_LEVEL_DEBUG, "In %s() jp_row:'%.*s'", __function_name,
jp_row->end - jp_row->start + 1, jp_row->start);
if (SUCCEED == zbx_json_value_by_name_dyn(jp_row, f_macro, &value, &value_alloc))
res = regexp_match_ex(regexps, value, f_regexp, ZBX_CASE_SENSITIVE);
zbx_free(value);
zabbix_log(LOG_LEVEL_DEBUG, "End of %s():%s", __function_name, zbx_result_string(res));
return res;
}
static void process_active_checks(char *server, unsigned short port)
{
register int i, s_count, p_count;
char **pvalue;
int now, send_err = SUCCEED, ret;
unsigned long timestamp;
char *source = NULL;
char *value = NULL;
unsigned short severity;
long lastlogsize;
char params[MAX_STRING_LEN];
char filename[MAX_STRING_LEN];
char pattern[MAX_STRING_LEN];
AGENT_RESULT result;
zabbix_log( LOG_LEVEL_DEBUG, "In process_active_checks('%s',%u)",server, port);
init_result(&result);
now = (int)time(NULL);
for(i=0; NULL != active_metrics[i].key && SUCCEED == send_err; i++)
{
if(active_metrics[i].nextcheck > now) continue;
if(active_metrics[i].status != ITEM_STATUS_ACTIVE) continue;
/* Special processing for log files */
if(strncmp(active_metrics[i].key,"log[",4) == 0)
{
do{ /* simple try realization */
if (parse_command(active_metrics[i].key, NULL, 0, params, MAX_STRING_LEN) != 2)
break;
if (num_param(params) > 2)
break;
if (get_param(params, 1, filename, sizeof(filename)) != 0)
break;
if (get_param(params, 2, pattern, sizeof(pattern)) != 0)
*pattern = '\0';
s_count = 0;
p_count = 0;
lastlogsize = active_metrics[i].lastlogsize;
while (SUCCEED == (ret = process_log(filename, &lastlogsize, &value))) {
if (!value) /* EOF */
break;
if (SUCCEED == regexp_match_ex(regexps, regexps_num, value, pattern, ZBX_CASE_SENSITIVE)) {
send_err = process_value(
server,
port,
CONFIG_HOSTNAME,
active_metrics[i].key_orig,
value,
&lastlogsize,
NULL,
NULL,
NULL
);
s_count++;
}
p_count++;
zbx_free(value);
if (SUCCEED == send_err)
active_metrics[i].lastlogsize = lastlogsize;
else
lastlogsize = active_metrics[i].lastlogsize;
/* Do not flood ZABBIX server if file grows too fast */
if(s_count >= (MAX_LINES_PER_SECOND * active_metrics[i].refresh)) break;
/* Do not flood local system if file grows too fast */
if(p_count >= (4 * MAX_LINES_PER_SECOND * active_metrics[i].refresh)) break;
}
if( FAIL == ret )
{
active_metrics[i].status = ITEM_STATUS_NOTSUPPORTED;
zabbix_log( LOG_LEVEL_WARNING, "Active check [%s] is not supported. Disabled.",
active_metrics[i].key);
send_err = process_value(
server,
port,
CONFIG_HOSTNAME,
active_metrics[i].key_orig,
"ZBX_NOTSUPPORTED",
&active_metrics[i].lastlogsize,
NULL,
NULL,
NULL
);
}
}while(0); /* simple try realization */
}
/* Special processing for eventlog */
else if(strncmp(active_metrics[i].key,"eventlog[",9) == 0)
{
do{ /* simple try realization */
if (parse_command(active_metrics[i].key, NULL, 0, params, MAX_STRING_LEN) != 2)
break;
if (num_param(params) > 2)
break;
if (get_param(params, 1, filename, sizeof(filename)) != 0)
break;
if (get_param(params, 2, pattern, sizeof(pattern)) != 0)
*pattern = '\0';
s_count = 0;
p_count = 0;
lastlogsize = active_metrics[i].lastlogsize;
while (SUCCEED == (ret = process_eventlog(filename, &lastlogsize,
×tamp, &source, &severity, &value)))
{
if (!value) /* EOF */
break;
if (SUCCEED == regexp_match_ex(regexps, regexps_num, value, pattern, ZBX_CASE_SENSITIVE)) {
send_err = process_value(
server,
port,
CONFIG_HOSTNAME,
active_metrics[i].key_orig,
value,
&lastlogsize,
×tamp,
source,
&severity
);
s_count++;
}
p_count++;
zbx_free(source);
zbx_free(value);
if (SUCCEED == send_err)
active_metrics[i].lastlogsize = lastlogsize;
else
lastlogsize = active_metrics[i].lastlogsize;
/* Do not flood ZABBIX server if file grows too fast */
if(s_count >= (MAX_LINES_PER_SECOND * active_metrics[i].refresh)) break;
/* Do not flood local system if file grows too fast */
if(p_count >= (4 * MAX_LINES_PER_SECOND * active_metrics[i].refresh)) break;
}
if( FAIL == ret )
{
active_metrics[i].status = ITEM_STATUS_NOTSUPPORTED;
zabbix_log( LOG_LEVEL_WARNING, "Active check [%s] is not supported. Disabled.",
active_metrics[i].key);
send_err = process_value(
server,
port,
CONFIG_HOSTNAME,
active_metrics[i].key_orig,
"ZBX_NOTSUPPORTED",
&active_metrics[i].lastlogsize,
NULL,
NULL,
NULL
);
}
}while(0); /* simple try realization NOTE: never loop */
}
else
{
process(active_metrics[i].key, 0, &result);
if( NULL == (pvalue = GET_TEXT_RESULT(&result)) )
pvalue = GET_MSG_RESULT(&result);
if(pvalue)
{
zabbix_log( LOG_LEVEL_DEBUG, "For key [%s] received value [%s]", active_metrics[i].key, *pvalue);
send_err = process_value(
server,
port,
CONFIG_HOSTNAME,
active_metrics[i].key_orig,
*pvalue,
NULL,
NULL,
NULL,
NULL
);
if( 0 == strcmp(*pvalue,"ZBX_NOTSUPPORTED") )
{
active_metrics[i].status = ITEM_STATUS_NOTSUPPORTED;
zabbix_log( LOG_LEVEL_WARNING, "Active check [%s] is not supported. Disabled.", active_metrics[i].key);
}
}
free_result(&result);
}
active_metrics[i].nextcheck = (int)time(NULL)+active_metrics[i].refresh;
}
}
/******************************************************************************
* *
* Function: process_trap_for_interface *
* *
* Purpose: add trap to all matching items for the specified interface *
* *
* Return value: SUCCEED - a matching item was found *
* FAIL - no matching item was found (including fallback items) *
* *
* Author: Rudolfs Kreicbergs *
* *
******************************************************************************/
static int process_trap_for_interface(zbx_uint64_t interfaceid, char *trap, zbx_timespec_t *ts)
{
DC_ITEM *items = NULL;
const char *regex;
char error[ITEM_ERROR_LEN_MAX];
size_t num, i;
int ret = FAIL, fb = -1, *lastclocks = NULL, *errcodes = NULL;
zbx_uint64_t *itemids = NULL;
unsigned char *states = NULL;
AGENT_RESULT *results = NULL;
AGENT_REQUEST request;
zbx_vector_ptr_t regexps;
zbx_vector_ptr_create(®exps);
num = DCconfig_get_snmp_items_by_interfaceid(interfaceid, &items);
itemids = zbx_malloc(itemids, sizeof(zbx_uint64_t) * num);
states = zbx_malloc(states, sizeof(unsigned char) * num);
lastclocks = zbx_malloc(lastclocks, sizeof(int) * num);
errcodes = zbx_malloc(errcodes, sizeof(int) * num);
results = zbx_malloc(results, sizeof(AGENT_RESULT) * num);
for (i = 0; i < num; i++)
{
init_result(&results[i]);
errcodes[i] = FAIL;
items[i].key = zbx_strdup(items[i].key, items[i].key_orig);
if (SUCCEED != substitute_key_macros(&items[i].key, NULL, &items[i], NULL,
MACRO_TYPE_ITEM_KEY, error, sizeof(error)))
{
SET_MSG_RESULT(&results[i], zbx_strdup(NULL, error));
errcodes[i] = NOTSUPPORTED;
continue;
}
if (0 == strcmp(items[i].key, "snmptrap.fallback"))
{
fb = i;
continue;
}
init_request(&request);
if (SUCCEED != parse_item_key(items[i].key, &request))
goto next;
if (0 != strcmp(get_rkey(&request), "snmptrap"))
goto next;
if (1 < get_rparams_num(&request))
goto next;
if (NULL != (regex = get_rparam(&request, 0)))
{
if ('@' == *regex)
{
DCget_expressions_by_name(®exps, regex + 1);
if (0 == regexps.values_num)
{
SET_MSG_RESULT(&results[i], zbx_dsprintf(NULL,
"Global regular expression \"%s\" does not exist.", regex + 1));
errcodes[i] = NOTSUPPORTED;
goto next;
}
}
if (SUCCEED != regexp_match_ex(®exps, trap, regex, ZBX_CASE_SENSITIVE))
goto next;
}
if (SUCCEED == set_result_type(&results[i], items[i].value_type, items[i].data_type, trap))
errcodes[i] = SUCCEED;
else
errcodes[i] = NOTSUPPORTED;
ret = SUCCEED;
next:
free_request(&request);
}
if (FAIL == ret && -1 != fb)
{
if (SUCCEED == set_result_type(&results[fb], items[fb].value_type, items[fb].data_type, trap))
errcodes[fb] = SUCCEED;
else
errcodes[fb] = NOTSUPPORTED;
ret = SUCCEED;
}
for (i = 0; i < num; i++)
{
switch (errcodes[i])
{
case SUCCEED:
if (ITEM_VALUE_TYPE_LOG == items[i].value_type)
{
calc_timestamp(results[i].log->value, &results[i].log->timestamp,
items[i].logtimefmt);
}
items[i].state = ITEM_STATE_NORMAL;
dc_add_history(items[i].itemid, items[i].value_type, items[i].flags, &results[i],
ts, items[i].state, NULL);
itemids[i] = items[i].itemid;
states[i] = items[i].state;
lastclocks[i] = ts->sec;
break;
case NOTSUPPORTED:
items[i].state = ITEM_STATE_NOTSUPPORTED;
dc_add_history(items[i].itemid, items[i].value_type, items[i].flags, NULL,
ts, items[i].state, results[i].msg);
itemids[i] = items[i].itemid;
states[i] = items[i].state;
lastclocks[i] = ts->sec;
break;
}
zbx_free(items[i].key);
free_result(&results[i]);
}
zbx_free(results);
DCrequeue_items(itemids, states, lastclocks, NULL, NULL, errcodes, num);
zbx_free(errcodes);
zbx_free(lastclocks);
zbx_free(states);
zbx_free(itemids);
DCconfig_clean_items(items, NULL, num);
zbx_free(items);
zbx_regexp_clean_expressions(®exps);
zbx_vector_ptr_destroy(®exps);
dc_flush_history();
return ret;
}
static void process_active_checks(char *server, unsigned short port)
{
const char *__function_name = "process_active_checks";
register int i, s_count, p_count;
char **pvalue;
int now, send_err = SUCCEED, ret;
char *value = NULL, *item_value = NULL;
zbx_uint64_t lastlogsize;
int mtime;
char params[MAX_STRING_LEN], filename[MAX_STRING_LEN];
char pattern[MAX_STRING_LEN], output_template[MAX_STRING_LEN];
/* checks `log', `eventlog', `logrt' may contain parameter, which overrides CONFIG_MAX_LINES_PER_SECOND */
char maxlines_persec_str[16];
int maxlines_persec;
#ifdef _WINDOWS
unsigned long timestamp, logeventid;
unsigned short severity;
char key_severity[MAX_STRING_LEN], str_severity[32] /* for `regex_match_ex' */;
char key_source[MAX_STRING_LEN], *provider = NULL, *source = NULL;
char key_logeventid[MAX_STRING_LEN], str_logeventid[8] /* for `regex_match_ex' */;
OSVERSIONINFO versionInfo;
zbx_uint64_t keywords;
EVT_HANDLE eventlog6_render_context = NULL;
EVT_HANDLE eventlog6_query = NULL;
zbx_uint64_t eventlog6_firstid = 0;
zbx_uint64_t eventlog6_lastid = 0;
#endif
char encoding[32];
char tmp[16];
AGENT_RESULT result;
zabbix_log(LOG_LEVEL_DEBUG, "In %s('%s',%hu)", __function_name, server, port);
init_result(&result);
now = (int)time(NULL);
for (i = 0; NULL != active_metrics[i].key && SUCCEED == send_err; i++)
{
if (active_metrics[i].nextcheck > now)
continue;
if (ITEM_STATE_NORMAL != active_metrics[i].state)
continue;
/* special processing for log files without rotation */
if (0 == strncmp(active_metrics[i].key, "log[", 4))
{
ret = FAIL;
do
{
/* simple try realization */
if (ZBX_COMMAND_WITH_PARAMS != parse_command(active_metrics[i].key, NULL, 0,
params, sizeof(params)))
{
break;
}
if (6 < num_param(params))
break;
if (0 != get_param(params, 1, filename, sizeof(filename)))
break;
if (0 != get_param(params, 2, pattern, sizeof(pattern)))
*pattern = '\0';
if (0 != get_param(params, 3, encoding, sizeof(encoding)))
*encoding = '\0';
zbx_strupper(encoding);
if (0 != get_param(params, 4, maxlines_persec_str, sizeof(maxlines_persec_str)) ||
'\0' == *maxlines_persec_str)
maxlines_persec = CONFIG_MAX_LINES_PER_SECOND;
else if (MIN_VALUE_LINES > (maxlines_persec = atoi(maxlines_persec_str)) ||
MAX_VALUE_LINES < maxlines_persec)
break;
if (0 != get_param(params, 5, tmp, sizeof(tmp)))
*tmp = '\0';
if ('\0' == *tmp || 0 == strcmp(tmp, "all"))
active_metrics[i].skip_old_data = 0;
else if (0 != strcmp(tmp, "skip"))
break;
if (0 != get_param(params, 6, output_template, sizeof(output_template)))
*output_template = '\0';
s_count = 0;
p_count = 0;
lastlogsize = active_metrics[i].lastlogsize;
while (SUCCEED == (ret = process_log(filename, &lastlogsize, &value, encoding,
active_metrics[i].skip_old_data)))
{
active_metrics[i].skip_old_data = 0;
/* End of file. The file could become empty, must save `lastlogsize'. */
if (NULL == value)
{
active_metrics[i].lastlogsize = lastlogsize;
break;
}
if (SUCCEED == regexp_sub_ex(®exps, value, pattern, ZBX_CASE_SENSITIVE,
output_template, &item_value))
{
send_err = process_value(server, port, CONFIG_HOSTNAME,
active_metrics[i].key_orig, item_value, &lastlogsize,
NULL, NULL, NULL, NULL, NULL, 1);
zbx_free(item_value);
s_count++;
}
p_count++;
zbx_free(value);
if (SUCCEED == send_err)
active_metrics[i].lastlogsize = lastlogsize;
else
{
/* buffer is full, stop processing active checks */
/* till the buffer is cleared */
lastlogsize = active_metrics[i].lastlogsize;
goto ret;
}
/* do not flood Zabbix server if file grows too fast */
if (s_count >= (maxlines_persec * active_metrics[i].refresh))
break;
/* do not flood local system if file grows too fast */
if (p_count >= (4 * maxlines_persec * active_metrics[i].refresh))
break;
} /* while processing a log */
}
while (0); /* simple try realization */
if (FAIL == ret)
{
active_metrics[i].state = ITEM_STATE_NOTSUPPORTED;
zabbix_log(LOG_LEVEL_WARNING, "active check \"%s\" is not supported",
active_metrics[i].key);
process_value(server, port, CONFIG_HOSTNAME, active_metrics[i].key_orig, NULL,
&active_metrics[i].lastlogsize, NULL, NULL, NULL, NULL, NULL, 0);
}
}
/* special processing for log files with rotation */
else if (0 == strncmp(active_metrics[i].key, "logrt[", 6))
{
ret = FAIL;
do
{
/* simple try realization */
if (ZBX_COMMAND_WITH_PARAMS != parse_command(active_metrics[i].key, NULL, 0,
params, sizeof(params)))
{
break;
}
if (6 < num_param(params))
break;
if (0 != get_param(params, 1, filename, sizeof(filename)))
break;
if (0 != get_param(params, 2, pattern, sizeof(pattern)))
*pattern = '\0';
if (0 != get_param(params, 3, encoding, sizeof(encoding)))
*encoding = '\0';
zbx_strupper(encoding);
if (0 != get_param(params, 4, maxlines_persec_str, sizeof(maxlines_persec_str)) ||
'\0' == *maxlines_persec_str)
maxlines_persec = CONFIG_MAX_LINES_PER_SECOND;
else if (MIN_VALUE_LINES > (maxlines_persec = atoi(maxlines_persec_str)) ||
MAX_VALUE_LINES < maxlines_persec)
break;
if (0 != get_param(params, 5, tmp, sizeof(tmp)))
*tmp = '\0';
if ('\0' == *tmp || 0 == strcmp(tmp, "all"))
active_metrics[i].skip_old_data = 0;
else if (0 != strcmp(tmp, "skip"))
break;
if (0 != get_param(params, 6, output_template, sizeof(output_template)))
*output_template = '\0';
s_count = 0;
p_count = 0;
lastlogsize = active_metrics[i].lastlogsize;
mtime = active_metrics[i].mtime;
while (SUCCEED == (ret = process_logrt(filename, &lastlogsize, &mtime, &value,
encoding, active_metrics[i].skip_old_data)))
{
active_metrics[i].skip_old_data = 0;
/* End of file. The file could become empty,*/
/* must save `lastlogsize' and `mtime'. */
if (NULL == value)
{
active_metrics[i].lastlogsize = lastlogsize;
active_metrics[i].mtime = mtime;
break;
}
if (SUCCEED == regexp_sub_ex(®exps, value, pattern, ZBX_CASE_SENSITIVE,
output_template, &item_value))
{
send_err = process_value(server, port, CONFIG_HOSTNAME,
active_metrics[i].key_orig, item_value, &lastlogsize,
&mtime, NULL, NULL, NULL, NULL, 1);
zbx_free(item_value);
s_count++;
}
p_count++;
zbx_free(value);
if (SUCCEED == send_err)
{
active_metrics[i].lastlogsize = lastlogsize;
active_metrics[i].mtime = mtime;
}
else
{
/* buffer is full, stop processing active checks */
/* till the buffer is cleared */
lastlogsize = active_metrics[i].lastlogsize;
mtime = active_metrics[i].mtime;
goto ret;
}
/* do not flood Zabbix server if file grows too fast */
if (s_count >= (maxlines_persec * active_metrics[i].refresh))
break;
/* do not flood local system if file grows too fast */
if (p_count >= (4 * maxlines_persec * active_metrics[i].refresh))
break;
} /* while processing a log */
}
while (0); /* simple try realization */
if (FAIL == ret)
{
active_metrics[i].state = ITEM_STATE_NOTSUPPORTED;
zabbix_log(LOG_LEVEL_WARNING, "active check \"%s\" is not supported",
active_metrics[i].key);
process_value(server, port, CONFIG_HOSTNAME, active_metrics[i].key_orig, NULL,
&active_metrics[i].lastlogsize, &active_metrics[i].mtime,
NULL, NULL, NULL, NULL, 0);
}
}
/* special processing for eventlog */
else if (0 == strncmp(active_metrics[i].key, "eventlog[", 9))
{
ret = FAIL;
#ifdef _WINDOWS
do
{
/* simple try realization */
if (ZBX_COMMAND_WITH_PARAMS != parse_command(active_metrics[i].key, NULL, 0,
params, sizeof(params)))
{
break;
}
if (7 < num_param(params))
break;
if (0 != get_param(params, 1, filename, sizeof(filename)))
break;
if (0 != get_param(params, 2, pattern, sizeof(pattern)))
*pattern = '\0';
if (0 != get_param(params, 3, key_severity, sizeof(key_severity)))
*key_severity = '\0';
if (0 != get_param(params, 4, key_source, sizeof(key_source)))
*key_source = '\0';
if (0 != get_param(params, 5, key_logeventid, sizeof(key_logeventid)))
*key_logeventid = '\0';
if (0 != get_param(params, 6, maxlines_persec_str, sizeof(maxlines_persec_str)) ||
'\0' == *maxlines_persec_str)
maxlines_persec = CONFIG_MAX_LINES_PER_SECOND;
else if (MIN_VALUE_LINES > (maxlines_persec = atoi(maxlines_persec_str)) ||
MAX_VALUE_LINES < maxlines_persec)
break;
if (0 != get_param(params, 7, tmp, sizeof(tmp)))
*tmp = '\0';
if ('\0' == *tmp || 0 == strcmp(tmp, "all"))
active_metrics[i].skip_old_data = 0;
else if (0 != strcmp(tmp, "skip"))
break;
s_count = 0;
p_count = 0;
lastlogsize = active_metrics[i].lastlogsize;
versionInfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
GetVersionEx(&versionInfo);
if (versionInfo.dwMajorVersion >= 6) /* Windows Vista, 7 or Server 2008 */
{
__try
{
if (SUCCEED != initialize_eventlog6(filename, &lastlogsize,
&eventlog6_firstid, &eventlog6_lastid,
&eventlog6_render_context, &eventlog6_query))
{
finalize_eventlog6(&eventlog6_render_context, &eventlog6_query);
break;
}
while (SUCCEED == (ret = process_eventlog6(filename, &lastlogsize,
×tamp, &provider, &source, &severity, &value,
&logeventid, &eventlog6_firstid, &eventlog6_lastid,
&eventlog6_render_context, &eventlog6_query,
&keywords, active_metrics[i].skip_old_data)))
{
active_metrics[i].skip_old_data = 0;
/* End of file. */
/* The eventlog could become empty, must save `lastlogsize'. */
if (NULL == value)
{
active_metrics[i].lastlogsize = lastlogsize;
break;
}
switch (severity)
{
case WINEVENT_LEVEL_LOG_ALWAYS:
case WINEVENT_LEVEL_INFO:
if (0 != (keywords &
WINEVENT_KEYWORD_AUDIT_FAILURE))
{
severity = ITEM_LOGTYPE_FAILURE_AUDIT;
strscpy(str_severity, AUDIT_FAILURE);
break;
}
else if (0 != (keywords &
WINEVENT_KEYWORD_AUDIT_SUCCESS))
{
severity = ITEM_LOGTYPE_SUCCESS_AUDIT;
strscpy(str_severity, AUDIT_SUCCESS);
break;
}
else
severity = ITEM_LOGTYPE_INFORMATION;
strscpy(str_severity, INFORMATION_TYPE);
break;
case WINEVENT_LEVEL_WARNING:
severity = ITEM_LOGTYPE_WARNING;
strscpy(str_severity, WARNING_TYPE);
break;
case WINEVENT_LEVEL_ERROR:
severity = ITEM_LOGTYPE_ERROR;
strscpy(str_severity, ERROR_TYPE);
break;
case WINEVENT_LEVEL_CRITICAL:
severity = ITEM_LOGTYPE_CRITICAL;
strscpy(str_severity, CRITICAL_TYPE);
break;
case WINEVENT_LEVEL_VERBOSE:
severity = ITEM_LOGTYPE_VERBOSE;
strscpy(str_severity, VERBOSE_TYPE);
break;
}
zbx_snprintf(str_logeventid, sizeof(str_logeventid), "%lu",
logeventid);
if (SUCCEED == regexp_match_ex(®exps, value, pattern, ZBX_CASE_SENSITIVE) &&
SUCCEED == regexp_match_ex(®exps, str_severity, key_severity,
ZBX_IGNORE_CASE) &&
SUCCEED == regexp_match_ex(®exps, provider, key_source,
ZBX_IGNORE_CASE) &&
SUCCEED == regexp_match_ex(®exps, str_logeventid,
key_logeventid, ZBX_CASE_SENSITIVE))
{
send_err = process_value(server, port, CONFIG_HOSTNAME,
active_metrics[i].key_orig, value, &lastlogsize,
NULL, ×tamp, provider, &severity, &logeventid, 1);
s_count++;
}
p_count++;
zbx_free(source);
zbx_free(provider);
zbx_free(value);
if (SUCCEED == send_err)
active_metrics[i].lastlogsize = lastlogsize;
else
{
/* buffer is full, stop processing active checks*/
/* till the buffer is cleared */
lastlogsize = active_metrics[i].lastlogsize;
goto ret;
}
/* do not flood Zabbix server if file grows too fast */
if (s_count >= (maxlines_persec * active_metrics[i].refresh))
break;
/* do not flood local system if file grows too fast */
if (p_count >= (4 * maxlines_persec * active_metrics[i].refresh))
break;
} /* while processing an eventlog */
finalize_eventlog6(&eventlog6_render_context, &eventlog6_query);
}
__except (DelayLoadDllExceptionFilter(GetExceptionInformation()))
{
zabbix_log(LOG_LEVEL_WARNING, "failed to process eventlog");
break;
}
}
else if (versionInfo.dwMajorVersion < 6) /* Windows versions before Vista */
{
while (SUCCEED == (ret = process_eventlog(filename, &lastlogsize,
×tamp, &source, &severity, &value, &logeventid,
active_metrics[i].skip_old_data)))
{
active_metrics[i].skip_old_data = 0;
/* End of file. */
/* The eventlog could become empty, must save `lastlogsize'. */
if (NULL == value)
{
active_metrics[i].lastlogsize = lastlogsize;
break;
}
switch (severity)
{
case EVENTLOG_SUCCESS:
case EVENTLOG_INFORMATION_TYPE:
severity = ITEM_LOGTYPE_INFORMATION;
strscpy(str_severity, INFORMATION_TYPE);
break;
case EVENTLOG_WARNING_TYPE:
severity = ITEM_LOGTYPE_WARNING;
strscpy(str_severity, WARNING_TYPE);
break;
case EVENTLOG_ERROR_TYPE:
severity = ITEM_LOGTYPE_ERROR;
strscpy(str_severity, ERROR_TYPE);
break;
case EVENTLOG_AUDIT_FAILURE:
severity = ITEM_LOGTYPE_FAILURE_AUDIT;
strscpy(str_severity, AUDIT_FAILURE);
break;
case EVENTLOG_AUDIT_SUCCESS:
severity = ITEM_LOGTYPE_SUCCESS_AUDIT;
strscpy(str_severity, AUDIT_SUCCESS);
break;
}
zbx_snprintf(str_logeventid, sizeof(str_logeventid), "%lu", logeventid);
if (SUCCEED == regexp_match_ex(®exps, value, pattern, ZBX_CASE_SENSITIVE) &&
SUCCEED == regexp_match_ex(®exps, str_severity, key_severity,
ZBX_IGNORE_CASE) &&
SUCCEED == regexp_match_ex(®exps, source, key_source,
ZBX_IGNORE_CASE) &&
SUCCEED == regexp_match_ex(®exps, str_logeventid,
key_logeventid, ZBX_CASE_SENSITIVE))
{
send_err = process_value(server, port, CONFIG_HOSTNAME,
active_metrics[i].key_orig, value, &lastlogsize,
NULL, ×tamp, source, &severity, &logeventid, 1);
s_count++;
}
p_count++;
zbx_free(source);
zbx_free(value);
if (SUCCEED == send_err)
active_metrics[i].lastlogsize = lastlogsize;
else
{
/* buffer is full, stop processing active checks */
/* till the buffer is cleared */
lastlogsize = active_metrics[i].lastlogsize;
goto ret;
}
/* do not flood Zabbix server if file grows too fast */
if (s_count >= (maxlines_persec * active_metrics[i].refresh))
break;
/* do not flood local system if file grows too fast */
if (p_count >= (4 * maxlines_persec * active_metrics[i].refresh))
break;
} /* while processing an eventlog */
}
break;
}
while (0); /* simple try realization */
#endif /* _WINDOWS */
if (FAIL == ret)
{
active_metrics[i].state = ITEM_STATE_NOTSUPPORTED;
zabbix_log(LOG_LEVEL_WARNING, "active check \"%s\" is not supported",
active_metrics[i].key);
process_value(server, port, CONFIG_HOSTNAME, active_metrics[i].key_orig, NULL,
&active_metrics[i].lastlogsize, NULL, NULL, NULL, NULL, NULL, 0);
}
}
