static void grok_discover_global_init() { dgrok_init = 1; grok_init(&global_discovery_req1_grok); grok_compile(&global_discovery_req1_grok, ".\\b."); grok_init(&global_discovery_req2_grok); grok_compile(&global_discovery_req2_grok, "%\\{[^}]+\\}"); }
void grok_discover_init(grok_discover_t *gdt, grok_t *source_grok) { TCLIST *names = NULL; int i = 0, len = 0; if (dgrok_init == 0) { grok_discover_global_init(); } gdt->complexity_tree = tctreenew2(tccmpint32, NULL); gdt->base_grok = source_grok; gdt->logmask = source_grok->logmask; gdt->logdepth = source_grok->logdepth; names = grok_pattern_name_list(source_grok); len = tclistnum(names); /* for each pattern, create a grok. * Sort by complexity. * loop * for each pattern, try replacement * if no replacements, break */ for (i = 0; i < len; i++) { int namelen = 0; const char *name = tclistval(names, i, &namelen); int *key = malloc(sizeof(int)); grok_t *g = grok_new(); grok_clone(g, source_grok); char *gpattern; //if (asprintf(&gpattern, "%%{%.*s =~ /\\b/}", namelen, name) == -1) { if (asprintf(&gpattern, "%%{%.*s}", namelen, name) == -1) { perror("asprintf failed"); abort(); } grok_compile(g, gpattern); *key = complexity(g); /* Low complexity should be skipped */ if (*key > -20) { free((void *)g->pattern); free(key); grok_free_clone(g); free(g); continue; } *key *= 1000; /* Inflate so we can insert duplicates */ grok_log(gdt, LOG_DISCOVER, "Including pattern: (complexity: %d) %.*s", *(int *)key, namelen, name); while (!tctreeputkeep(gdt->complexity_tree, key, sizeof(int), g, sizeof(grok_t))) { *key--; } //grok_free_clone(g); //free(key); } tclistdel(names); }
void grok_matchconfig_init(grok_program_t *gprog, grok_matchconf_t *gmc) { gmc->grok_list = tclistnew(); gmc->shell = NULL; gmc->reaction = NULL; gmc->shellinput = NULL; gmc->matches = 0; if (mcgrok_init == 0) { grok_init(&global_matchconfig_grok); global_matchconfig_grok.logmask = gprog->logmask; global_matchconfig_grok.logdepth = gprog->logdepth; grok_patterns_import_from_string(&global_matchconfig_grok, "PATTERN \\%\\{%{NAME}(?:%{FILTER})?}"); grok_patterns_import_from_string(&global_matchconfig_grok, "NAME @?\\w+(?::\\w+)?(?:|\\w+)*"); grok_patterns_import_from_string(&global_matchconfig_grok, "FILTER (?:\\|\\w+)+"); grok_compile(&global_matchconfig_grok, "%{PATTERN}"); mcgrok_init = 1; } }