void synthetic_message_apply(SyntheticMessage *self, CorrellationContext *context, LogMessage *msg, GString *buffer) { gint i; if (self->tags) { for (i = 0; i < self->tags->len; i++) log_msg_set_tag_by_id(msg, g_array_index(self->tags, LogTagId, i)); } if (self->values) { for (i = 0; i < self->values->len; i++) { log_template_format_with_context(g_ptr_array_index(self->values, i), context ? (LogMessage **) context->messages->pdata : &msg, context ? context->messages->len : 1, NULL, LTZ_LOCAL, 0, context ? context->key.session_id : NULL, buffer); log_msg_set_value_by_name(msg, ((LogTemplate *) g_ptr_array_index(self->values, i))->name, buffer->str, buffer->len); } } }
gboolean fop_cmp_eval(FilterExprNode *s, LogMessage **msgs, gint num_msg) { FilterCmp *self = (FilterCmp *) s; SBGString *left_buf = sb_gstring_acquire(); SBGString *right_buf = sb_gstring_acquire(); gboolean result = FALSE; gint cmp; log_template_format_with_context(self->left, msgs, num_msg, NULL, LTZ_LOCAL, 0, NULL, sb_gstring_string(left_buf)); log_template_format_with_context(self->right, msgs, num_msg, NULL, LTZ_LOCAL, 0, NULL, sb_gstring_string(right_buf)); if (self->cmp_op & FCMP_NUM) { gint l, r; l = atoi(sb_gstring_string(left_buf)->str); r = atoi(sb_gstring_string(right_buf)->str); if (l == r) cmp = 0; else if (l < r) cmp = -1; else cmp = 1; } else { cmp = strcmp(sb_gstring_string(left_buf)->str, sb_gstring_string(right_buf)->str); } if (cmp == 0) { result = self->cmp_op & FCMP_EQ; } else if (cmp < 0) { result = self->cmp_op & FCMP_LT || self->cmp_op == 0; } else { result = self->cmp_op & FCMP_GT || self->cmp_op == 0; } sb_gstring_release(left_buf); sb_gstring_release(right_buf); return result ^ s->comp; }
static void _execute_action_create_context(PatternDB *db, PDBProcessParams *process_params) { CorrellationKey key; PDBAction *action = process_params->action; PDBRule *rule = process_params->rule; PDBContext *triggering_context = process_params->context; LogMessage *triggering_msg = process_params->msg; GString *buffer = process_params->buffer; PDBContext *new_context; LogMessage *context_msg; SyntheticContext *syn_context; SyntheticMessage *syn_message; syn_context = &action->content.create_context.context; syn_message = &action->content.create_context.message; if (triggering_context) { context_msg = synthetic_message_generate_with_context(syn_message, &triggering_context->super, buffer); log_template_format_with_context(syn_context->id_template, (LogMessage **) triggering_context->super.messages->pdata, triggering_context->super.messages->len, NULL, LTZ_LOCAL, 0, NULL, buffer); } else { context_msg = synthetic_message_generate_without_context(syn_message, triggering_msg, buffer); log_template_format(syn_context->id_template, triggering_msg, NULL, LTZ_LOCAL, 0, NULL, buffer); } msg_debug("Explicit create-context action, starting a new context", evt_tag_str("rule", rule->rule_id), evt_tag_str("context", buffer->str), evt_tag_int("context_timeout", syn_context->timeout), evt_tag_int("context_expiration", timer_wheel_get_time(db->timer_wheel) + syn_context->timeout)); correllation_key_setup(&key, syn_context->scope, context_msg, buffer->str); new_context = pdb_context_new(&key); g_hash_table_insert(db->correllation.state, &new_context->super.key, new_context); g_string_steal(buffer); g_ptr_array_add(new_context->super.messages, context_msg); new_context->super.timer = timer_wheel_add_timer(db->timer_wheel, rule->context.timeout, pattern_db_expire_entry, correllation_context_ref(&new_context->super), (GDestroyNotify) correllation_context_unref); new_context->rule = pdb_rule_ref(rule); }