AddContextualDataSelector *
add_contextual_data_template_selector_new(GlobalConfig *cfg, const gchar *selector_template_string)
{
AddContextualDataTemplateSelector *new_instance = g_new0(AddContextualDataTemplateSelector, 1);
new_instance->selector_template_string = g_strdup(selector_template_string);
new_instance->selector_template = log_template_new(cfg, NULL);
new_instance->super.resolve = _resolve;
new_instance->super.free = _free;
new_instance->super.init = _init;
new_instance->super.clone = _clone;
return &new_instance->super;
}
LogRewrite *
log_rewrite_set_new(const gchar *new_value)
{
LogRewriteSet *self = g_new0(LogRewriteSet, 1);
log_rewrite_init(&self->super);
self->super.free_fn = log_rewrite_set_free;
self->super.process = log_rewrite_set_process;
self->value_template = log_template_new(configuration, NULL, new_value);
return &self->super;
}
LogRewrite *
log_rewrite_subst_new(const gchar *replacement)
{
LogRewriteSubst *self = g_new0(LogRewriteSubst, 1);
log_rewrite_init(&self->super);
self->super.free_fn = log_rewrite_subst_free;
self->super.process = log_rewrite_subst_process;
self->replacement = log_template_new(configuration, NULL, replacement);
return &self->super;
}
int
testcase_replace(const gchar *log, const gchar *re, gchar *replacement, const gchar *expected_result, const gint matcher_flags, LogMatcher *m)
{
LogMessage *msg;
LogTemplate *r;
gchar *result;
gssize length;
gchar buf[1024];
gssize msglen;
NVHandle nonasciiz = log_msg_get_value_handle("NON-ASCIIZ");
const gchar *value;
GSockAddr *sa;
sa = g_sockaddr_inet_new("10.10.10.10", 1010);
msg = log_msg_new(log, strlen(log), sa, &parse_options);
g_sockaddr_unref(sa);
/* NOTE: we test how our matchers cope with non-zero terminated values. We don't change message_len, only the value */
g_snprintf(buf, sizeof(buf), "%sAAAAAAAAAAAA", log_msg_get_value(msg, LM_V_MESSAGE, &msglen));
log_msg_set_value(msg, log_msg_get_value_handle("MESSAGE2"), buf, -1);
/* add a non-zero terminated indirect value which contains the whole message */
log_msg_set_value_indirect(msg, nonasciiz, log_msg_get_value_handle("MESSAGE2"), 0, 0, msglen);
log_matcher_set_flags(m, matcher_flags);
log_matcher_compile(m, re);
r = log_template_new(configuration, NULL);
log_template_compile(r, replacement, NULL);
NVTable *nv_table = nv_table_ref(msg->payload);
value = log_msg_get_value(msg, nonasciiz, &msglen);
result = log_matcher_replace(m, msg, nonasciiz, value, msglen, r, &length);
value = log_msg_get_value(msg, nonasciiz, &msglen);
nv_table_unref(nv_table);
if (strncmp(result ? result : value, expected_result, result ? length : msglen) != 0)
{
fprintf(stderr, "Testcase failure. pattern=%s, result=%.*s, expected=%s\n", re, (gint) length, result ? result : value, expected_result);
exit(1);
}
g_free(result);
log_template_unref(r);
log_matcher_unref(m);
log_msg_unref(msg);
return 0;
}
gboolean
synthetic_message_add_value_template_string(SyntheticMessage *self, GlobalConfig *cfg, const gchar *name, const gchar *value, GError **error)
{
LogTemplate *value_template;
gboolean result = FALSE;
/* NOTE: we shouldn't use the name property for LogTemplate structs, see the comment at log_template_set_name() */
value_template = log_template_new(cfg, name);
if (log_template_compile(value_template, value, error))
{
synthetic_message_add_value_template(self, name, value_template);
result = TRUE;
}
log_template_unref(value_template);
return result;
}
void
test_pattern(const gchar *pattern, const gchar *rule, gboolean match)
{
gboolean result;
LogMessage *msg = log_msg_new_empty();
static LogTemplate *templ;
GString *res = g_string_sized_new(128);
static TimeZoneInfo *tzinfo = NULL;
PDBInput input;
if (!tzinfo)
tzinfo = time_zone_info_new(NULL);
if (!templ)
{
templ = log_template_new(configuration, "dummy");
log_template_compile(templ, "$TEST", NULL);
}
log_msg_set_value(msg, LM_V_HOST, MYHOST, strlen(MYHOST));
log_msg_set_value(msg, LM_V_PROGRAM, "test", strlen(MYHOST));
log_msg_set_value(msg, LM_V_MESSAGE, pattern, strlen(pattern));
result = pattern_db_process(patterndb, PDB_INPUT_WRAP_MESSAGE(&input, msg));
log_template_format(templ, msg, NULL, LTZ_LOCAL, 0, NULL, res);
if (strcmp(res->str, pattern) == 0)
{
test_msg("Rule: '%s' Value '%s' is inserted into $TEST res:(%s)\n", rule, pattern, res->str);
}
if ((match && !result) || (!match && result))
{
test_fail("FAIL: Value '%s' is %smatching for pattern '%s' \n", rule, !!result ? "" : "not ", pattern);
}
else
{
test_msg("Value '%s' is %smatching for pattern '%s' \n", rule, !!result ? "" : "not ", pattern);
}
g_string_free(res, TRUE);
log_msg_unref(msg);
}
LogDriver *
afamqp_dd_new(GlobalConfig *cfg)
{
AMQPDestDriver *self = g_new0(AMQPDestDriver, 1);
log_threaded_dest_driver_init_instance(&self->super);
self->super.super.super.super.init = afamqp_dd_init;
self->super.super.super.super.free_fn = afamqp_dd_free;
self->super.worker.thread_init = afamqp_worker_thread_init;
self->super.worker.disconnect = afamqp_dd_disconnect;
self->super.worker.insert = afamqp_worker_insert;
self->super.format.stats_instance = afamqp_dd_format_stats_instance;
self->super.format.persist_name = afamqp_dd_format_persist_name;
self->super.stats_source = SCS_AMQP;
self->routing_key_template = log_template_new(cfg, NULL);
afamqp_dd_set_vhost((LogDriver *) self, "/");
afamqp_dd_set_host((LogDriver *) self, "127.0.0.1");
afamqp_dd_set_port((LogDriver *) self, 5672);
afamqp_dd_set_exchange((LogDriver *) self, "syslog");
afamqp_dd_set_exchange_type((LogDriver *) self, "fanout");
afamqp_dd_set_routing_key((LogDriver *) self, "");
afamqp_dd_set_persistent((LogDriver *) self, TRUE);
afamqp_dd_set_exchange_declare((LogDriver *) self, FALSE);
init_sequence_number(&self->seq_num);
self->max_entries = 256;
self->entries = g_new(amqp_table_entry_t, self->max_entries);
log_template_options_defaults(&self->template_options);
afamqp_dd_set_value_pairs(&self->super.super.super, value_pairs_new_default(cfg));
return (LogDriver *) self;
}
#include <string.h>
gboolean success = TRUE;
gboolean verbose = FALSE;
MsgFormatOptions parse_options;
void
testcase(LogMessage *msg, gchar *template, gchar *expected)
{
LogTemplate *templ;
GString *res = g_string_sized_new(128);
GError *error = NULL;
LogMessage *context[2] = { msg, msg };
const gchar *context_id = "test-context-id";
templ = log_template_new(configuration, "dummy");
if (!log_template_compile(templ, template, &error))
{
fprintf(stderr, "FAIL: error compiling template, template=%s, error=%s\n", template, error->message);
g_clear_error(&error);
success = FALSE;
goto error;
}
log_template_format_with_context(templ, context, 2, NULL, LTZ_LOCAL, 999, context_id, res);
if (strcmp(res->str, expected) != 0)
{
fprintf(stderr, "FAIL: template test failed, template=%s, [%s] <=> [%s]\n", template, res->str, expected);
success = FALSE;
}
else if (verbose)
log_msg_set_value_by_name(msg, ".unix.gid", "1000", -1);
log_msg_set_value_by_name(msg, ".unix.cmd", "command", -1);
log_msg_set_value_by_name(msg, ".json.foo", "bar", -1);
log_msg_set_value_by_name(msg, ".json.sub.value1", "subvalue1", -1);
log_msg_set_value_by_name(msg, ".json.sub.value2", "subvalue2", -1);
log_msg_set_value_by_name(msg, "escaping", "binary stuff follows \"\xad árvíztűrőtükörfúrógép", -1);
log_msg_set_value_by_name(msg, "escaping2", "\xc3", -1);
log_msg_set_value_by_name(msg, "null", "binary\0stuff", 12);
return msg;
}
LogTemplate *
compile_template(const gchar *template, gboolean escaping)
{
LogTemplate *templ = log_template_new(configuration, NULL);
gboolean success;
GError *error = NULL;
log_template_set_escape(templ, escaping);
success = log_template_compile(templ, template, &error);
expect_true(success, "template expected to compile cleanly,"
" but it didn't, template=%s, error=%s",
template, error ? error->message : "(none)");
g_clear_error(&error);
return templ;
}
void
assert_template_format(const gchar *template, const gchar *expected)
