void
synthetic_message_apply(SyntheticMessage *self, CorrellationContext *context, LogMessage *msg, GString *buffer)
{
gint i;
if (self->tags)
{
for (i = 0; i < self->tags->len; i++)
log_msg_set_tag_by_id(msg, g_array_index(self->tags, LogTagId, i));
}
if (self->values)
{
for (i = 0; i < self->values->len; i++)
{
log_template_format_with_context(g_ptr_array_index(self->values, i),
context ? (LogMessage **) context->messages->pdata : &msg,
context ? context->messages->len : 1,
NULL, LTZ_LOCAL, 0, context ? context->key.session_id : NULL, buffer);
log_msg_set_value_by_name(msg,
((LogTemplate *) g_ptr_array_index(self->values, i))->name,
buffer->str,
buffer->len);
}
}
}
gboolean
fop_cmp_eval(FilterExprNode *s, LogMessage **msgs, gint num_msg)
{
FilterCmp *self = (FilterCmp *) s;
SBGString *left_buf = sb_gstring_acquire();
SBGString *right_buf = sb_gstring_acquire();
gboolean result = FALSE;
gint cmp;
log_template_format_with_context(self->left, msgs, num_msg, NULL, LTZ_LOCAL, 0, NULL, sb_gstring_string(left_buf));
log_template_format_with_context(self->right, msgs, num_msg, NULL, LTZ_LOCAL, 0, NULL, sb_gstring_string(right_buf));
if (self->cmp_op & FCMP_NUM)
{
gint l, r;
l = atoi(sb_gstring_string(left_buf)->str);
r = atoi(sb_gstring_string(right_buf)->str);
if (l == r)
cmp = 0;
else if (l < r)
cmp = -1;
else
cmp = 1;
}
else
{
cmp = strcmp(sb_gstring_string(left_buf)->str, sb_gstring_string(right_buf)->str);
}
if (cmp == 0)
{
result = self->cmp_op & FCMP_EQ;
}
else if (cmp < 0)
{
result = self->cmp_op & FCMP_LT || self->cmp_op == 0;
}
else
{
result = self->cmp_op & FCMP_GT || self->cmp_op == 0;
}
sb_gstring_release(left_buf);
sb_gstring_release(right_buf);
return result ^ s->comp;
}
static void
_execute_action_create_context(PatternDB *db, PDBProcessParams *process_params)
{
CorrellationKey key;
PDBAction *action = process_params->action;
PDBRule *rule = process_params->rule;
PDBContext *triggering_context = process_params->context;
LogMessage *triggering_msg = process_params->msg;
GString *buffer = process_params->buffer;
PDBContext *new_context;
LogMessage *context_msg;
SyntheticContext *syn_context;
SyntheticMessage *syn_message;
syn_context = &action->content.create_context.context;
syn_message = &action->content.create_context.message;
if (triggering_context)
{
context_msg = synthetic_message_generate_with_context(syn_message, &triggering_context->super, buffer);
log_template_format_with_context(syn_context->id_template,
(LogMessage **) triggering_context->super.messages->pdata, triggering_context->super.messages->len,
NULL, LTZ_LOCAL, 0, NULL, buffer);
}
else
{
context_msg = synthetic_message_generate_without_context(syn_message, triggering_msg, buffer);
log_template_format(syn_context->id_template,
triggering_msg,
NULL, LTZ_LOCAL, 0, NULL, buffer);
}
msg_debug("Explicit create-context action, starting a new context",
evt_tag_str("rule", rule->rule_id),
evt_tag_str("context", buffer->str),
evt_tag_int("context_timeout", syn_context->timeout),
evt_tag_int("context_expiration", timer_wheel_get_time(db->timer_wheel) + syn_context->timeout));
correllation_key_setup(&key, syn_context->scope, context_msg, buffer->str);
new_context = pdb_context_new(&key);
g_hash_table_insert(db->correllation.state, &new_context->super.key, new_context);
g_string_steal(buffer);
g_ptr_array_add(new_context->super.messages, context_msg);
new_context->super.timer = timer_wheel_add_timer(db->timer_wheel, rule->context.timeout, pattern_db_expire_entry,
correllation_context_ref(&new_context->super),
(GDestroyNotify) correllation_context_unref);
new_context->rule = pdb_rule_ref(rule);
}
