From b9d3cdceabf91bc28f8f6d31cfe9332724e37bbf Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Wed, 1 Dec 2010 08:46:20 +0100 Subject: milestone: added mmnormalize (compiles, but untested) --- runtime/msg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'runtime/msg.c') diff --git a/runtime/msg.c b/runtime/msg.c index 82565f18..346389fc 100644 --- a/runtime/msg.c +++ b/runtime/msg.c @@ -1198,7 +1198,7 @@ char *getProtocolVersionString(msg_t *pM) } -static inline void +void getRawMsg(msg_t *pM, uchar **pBuf, int *piLen) { if(pM == NULL) { -- cgit v1.2.3 From cbfa21f8230d211cc1dfc3284c8d4437b6c5ebc1 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Wed, 1 Dec 2010 09:37:13 +0100 Subject: mmnormalize loads & runs (basic testing done) --- runtime/msg.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'runtime/msg.c') diff --git a/runtime/msg.c b/runtime/msg.c index 346389fc..5318cb75 100644 --- a/runtime/msg.c +++ b/runtime/msg.c @@ -37,6 +37,7 @@ #include #include #include +#include #if HAVE_MALLOC_H # include #endif @@ -707,6 +708,7 @@ static inline rsRetVal msgBaseConstruct(msg_t **ppThis) pM->pRcvFromIP = NULL; pM->rcvFrom.pRcvFrom = NULL; pM->pRuleset = NULL; + pM->event = NULL; memset(&pM->tRcvdAt, 0, sizeof(pM->tRcvdAt)); memset(&pM->tTIMESTAMP, 0, sizeof(pM->tTIMESTAMP)); pM->TAG.pszTAG = NULL; @@ -833,6 +835,8 @@ CODESTARTobjDestruct(msg) rsCStrDestruct(&pThis->pCSPROCID); if(pThis->pCSMSGID != NULL) rsCStrDestruct(&pThis->pCSMSGID); + if(pThis->event != NULL) + ee_deleteEvent(pThis->event); # ifndef HAVE_ATOMIC_BUILTINS MsgUnlock(pThis); # endif -- cgit v1.2.3 From 471f07f45a382c29f74e1c676bd081c3b304d7db Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Wed, 1 Dec 2010 10:19:50 +0100 Subject: milestone: template supports CEE output via %$!all-json% --- runtime/msg.c | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) (limited to 'runtime/msg.c') diff --git a/runtime/msg.c b/runtime/msg.c index 5318cb75..479b2ba3 100644 --- a/runtime/msg.c +++ b/runtime/msg.c @@ -445,6 +445,10 @@ rsRetVal propNameToID(cstr_t *pCSPropName, propid_t *pPropID) *pPropID = PROP_SYS_MINUTE; } else if(!strcmp((char*) pName, "$myhostname")) { *pPropID = PROP_SYS_MYHOSTNAME; + } else if(!strcmp((char*) pName, "$!all-json")) { + *pPropID = PROP_CEE_ALL_JSON; + } else if(!strncmp((char*) pName, "$!", 2)) { + *pPropID = PROP_CEE; } else { *pPropID = PROP_INVALID; iRet = RS_RET_VAR_NOT_FOUND; @@ -2265,7 +2269,7 @@ static uchar *getNOW(eNOWType eNow) *pPropLen = sizeof("**OUT OF MEMORY**") - 1; \ return(UCHAR_CONSTANT("**OUT OF MEMORY**"));} uchar *MsgGetProp(msg_t *pMsg, struct templateEntry *pTpe, - propid_t propID, size_t *pPropLen, + propid_t propid, size_t *pPropLen, unsigned short *pbMustBeFreed) { uchar *pRes; /* result pointer */ @@ -2274,6 +2278,7 @@ uchar *MsgGetProp(msg_t *pMsg, struct templateEntry *pTpe, uchar *pBuf; int iLen; short iOffs; + es_str_t *str; /* for CEE handling, temp. string */ BEGINfunc assert(pMsg != NULL); @@ -2287,7 +2292,7 @@ uchar *MsgGetProp(msg_t *pMsg, struct templateEntry *pTpe, *pbMustBeFreed = 0; - switch(propID) { + switch(propid) { case PROP_MSG: pRes = getMSG(pMsg); bufLen = getMSGLen(pMsg); @@ -2420,11 +2425,18 @@ uchar *MsgGetProp(msg_t *pMsg, struct templateEntry *pTpe, case PROP_SYS_MYHOSTNAME: pRes = glbl.GetLocalHostName(); break; + case PROP_CEE_ALL_JSON: + str = es_newStr(512); + ee_fmtEventToJSON(pMsg->event, &str); + pRes = (uchar*) es_str2cstr(str, "#000"); + es_deleteStr(str); + *pbMustBeFreed = 1; /* all of these functions allocate dyn. memory */ + break; default: /* there is no point in continuing, we may even otherwise render the * error message unreadable. rgerhards, 2007-07-10 */ - dbgprintf("invalid property id: '%d'\n", propID); + dbgprintf("invalid property id: '%d'\n", propid); *pbMustBeFreed = 0; *pPropLen = sizeof("**INVALID PROPERTY NAME**") - 1; return UCHAR_CONSTANT("**INVALID PROPERTY NAME**"); -- cgit v1.2.3 From b030fe7b1f8fb26dad24ce23243f11603b5c9d4e Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Wed, 1 Dec 2010 11:35:04 +0100 Subject: milestone: ability to use normalized names in templates --- runtime/msg.c | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) (limited to 'runtime/msg.c') diff --git a/runtime/msg.c b/runtime/msg.c index 479b2ba3..7299b5bf 100644 --- a/runtime/msg.c +++ b/runtime/msg.c @@ -2227,6 +2227,40 @@ static uchar *getNOW(eNOWType eNow) #undef tmpBUFSIZE /* clean up */ +/* Get a CEE-Property from libee. This function probably should be + * placed somewhere else, but this smells like a big restructuring + * useful in any case. So for the time being, I'll simply leave the + * function here, as the context seems good enough. -- rgerhards, 2010-12-01 + */ +static inline void +getCEEPropVal(msg_t *pMsg, struct templateEntry *pTpe, uchar **pRes, unsigned short *pbMustBeFreed) +{ + struct ee_field *field; + es_str_t *str; + + if(*pbMustBeFreed) + free(*pRes); + *pRes = NULL; + + if(pMsg->event == NULL) goto finalize_it; + if((field = ee_getEventField(pMsg->event, pTpe->data.field.propName)) == NULL) + goto finalize_it; + /* right now, we always extract data from the first field value. A reason for this + * is that as of now (2010-12-01) liblognorm never populates more than one ;) + */ + if((str = ee_getFieldValueAsStr(field, 0)) == NULL) goto finalize_it; + *pRes = (unsigned char*) es_str2cstr(str, "#000"); + es_deleteStr(str); + *pbMustBeFreed = 1; + +finalize_it: + if(*pRes == NULL) { + /* could not find any value, so set it to empty */ + *pRes = (unsigned char*)""; + *pbMustBeFreed = 0; + } +} + /* This function returns a string-representation of the * requested message property. This is a generic function used * to abstract properties so that these can be easier @@ -2432,6 +2466,9 @@ uchar *MsgGetProp(msg_t *pMsg, struct templateEntry *pTpe, es_deleteStr(str); *pbMustBeFreed = 1; /* all of these functions allocate dyn. memory */ break; + case PROP_CEE: + getCEEPropVal(pMsg, pTpe, &pRes, pbMustBeFreed); + break; default: /* there is no point in continuing, we may even otherwise render the * error message unreadable. rgerhards, 2007-07-10 -- cgit v1.2.3 From 48877c8ef41787d59a062ab07f5b6ee37eba7ce1 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Wed, 1 Dec 2010 17:28:36 +0100 Subject: milestone: added support for CEE-properties in property-based filters --- runtime/msg.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) (limited to 'runtime/msg.c') diff --git a/runtime/msg.c b/runtime/msg.c index 7299b5bf..cca9d5f6 100644 --- a/runtime/msg.c +++ b/runtime/msg.c @@ -530,6 +530,10 @@ uchar *propIDToName(propid_t propID) return UCHAR_CONSTANT("$MINUTE"); case PROP_SYS_MYHOSTNAME: return UCHAR_CONSTANT("$MYHOSTNAME"); + case PROP_CEE: + return UCHAR_CONSTANT("*CEE-based property*"); + case PROP_CEE_ALL_JSON: + return UCHAR_CONSTANT("$!all-json"); default: return UCHAR_CONSTANT("*invalid property id*"); } @@ -2233,7 +2237,7 @@ static uchar *getNOW(eNOWType eNow) * function here, as the context seems good enough. -- rgerhards, 2010-12-01 */ static inline void -getCEEPropVal(msg_t *pMsg, struct templateEntry *pTpe, uchar **pRes, unsigned short *pbMustBeFreed) +getCEEPropVal(msg_t *pMsg, es_str_t *propName, uchar **pRes, int *buflen, unsigned short *pbMustBeFreed) { struct ee_field *field; es_str_t *str; @@ -2243,7 +2247,7 @@ getCEEPropVal(msg_t *pMsg, struct templateEntry *pTpe, uchar **pRes, unsigned sh *pRes = NULL; if(pMsg->event == NULL) goto finalize_it; - if((field = ee_getEventField(pMsg->event, pTpe->data.field.propName)) == NULL) + if((field = ee_getEventField(pMsg->event, propName)) == NULL) goto finalize_it; /* right now, we always extract data from the first field value. A reason for this * is that as of now (2010-12-01) liblognorm never populates more than one ;) @@ -2251,6 +2255,7 @@ getCEEPropVal(msg_t *pMsg, struct templateEntry *pTpe, uchar **pRes, unsigned sh if((str = ee_getFieldValueAsStr(field, 0)) == NULL) goto finalize_it; *pRes = (unsigned char*) es_str2cstr(str, "#000"); es_deleteStr(str); + *buflen = (int) ustrlen(*pRes); *pbMustBeFreed = 1; finalize_it: @@ -2303,7 +2308,7 @@ finalize_it: *pPropLen = sizeof("**OUT OF MEMORY**") - 1; \ return(UCHAR_CONSTANT("**OUT OF MEMORY**"));} uchar *MsgGetProp(msg_t *pMsg, struct templateEntry *pTpe, - propid_t propid, size_t *pPropLen, + propid_t propid, es_str_t *propName, size_t *pPropLen, unsigned short *pbMustBeFreed) { uchar *pRes; /* result pointer */ @@ -2460,14 +2465,13 @@ uchar *MsgGetProp(msg_t *pMsg, struct templateEntry *pTpe, pRes = glbl.GetLocalHostName(); break; case PROP_CEE_ALL_JSON: - str = es_newStr(512); ee_fmtEventToJSON(pMsg->event, &str); pRes = (uchar*) es_str2cstr(str, "#000"); es_deleteStr(str); *pbMustBeFreed = 1; /* all of these functions allocate dyn. memory */ break; case PROP_CEE: - getCEEPropVal(pMsg, pTpe, &pRes, pbMustBeFreed); + getCEEPropVal(pMsg, propName, &pRes, &bufLen, pbMustBeFreed); break; default: /* there is no point in continuing, we may even otherwise render the @@ -2481,6 +2485,7 @@ uchar *MsgGetProp(msg_t *pMsg, struct templateEntry *pTpe, /* If we did not receive a template pointer, we are already done... */ if(pTpe == NULL) { + *pPropLen = (bufLen == -1) ? ustrlen(pRes) : bufLen; return pRes; } @@ -3096,7 +3101,7 @@ msgGetMsgVar(msg_t *pThis, cstr_t *pstrPropName, var_t **ppVar) /* always call MsgGetProp() without a template specifier */ /* TODO: optimize propNameToID() call -- rgerhards, 2009-06-26 */ propNameToID(pstrPropName, &propid); - pszProp = (uchar*) MsgGetProp(pThis, NULL, propid, &propLen, &bMustBeFreed); + pszProp = (uchar*) MsgGetProp(pThis, NULL, propid, NULL, &propLen, &bMustBeFreed); /* now create a string object out of it and hand that over to the var */ CHKiRet(rsCStrConstructFromszStr(&pstrProp, pszProp)); -- cgit v1.2.3 From 4618773be685488e081bebb397db32851dc16782 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Fri, 3 Dec 2010 17:11:03 +0100 Subject: milestone: added support for CEE-variables to RainerScript --- runtime/msg.c | 57 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) (limited to 'runtime/msg.c') diff --git a/runtime/msg.c b/runtime/msg.c index cca9d5f6..65ea101f 100644 --- a/runtime/msg.c +++ b/runtime/msg.c @@ -3074,6 +3074,61 @@ uchar *MsgGetProp(msg_t *pMsg, struct templateEntry *pTpe, } +/* The function returns a cee variable suitable for use with RainerScript. Most importantly, this means + * that the value is returned in a var_t object. The var_t is constructed inside this function and + * MUST be freed by the caller. + * Note that we need to do a lot of conversions between es_str_t and cstr -- this will go away once + * we have moved larger parts of rsyslog to es_str_t. Acceptable for the moment, especially as we intend + * to rewrite the script engine as well! + * rgerhards, 2010-12-03 + */ +rsRetVal +msgGetCEEVar(msg_t *pMsg, cstr_t *propName, var_t **ppVar) +{ + DEFiRet; + var_t *pVar; + cstr_t *pstrProp; + es_str_t *str = NULL; + es_str_t *epropName = NULL; + struct ee_field *field; + + ISOBJ_TYPE_assert(pMsg, msg); + ASSERT(propName != NULL); + ASSERT(ppVar != NULL); + + /* make sure we have a var_t instance */ + CHKiRet(var.Construct(&pVar)); + CHKiRet(var.ConstructFinalize(pVar)); + + epropName = es_newStrFromBuf((char*)propName->pBuf, propName->iStrLen); + if((field = ee_getEventField(pMsg->event, epropName)) != NULL) { + /* right now, we always extract data from the first field value. A reason for this + * is that as of now (2010-12-01) liblognorm never populates more than one ;) + */ + str = ee_getFieldValueAsStr(field, 0); + } + + if(str == NULL) { + CHKiRet(cstrConstruct(&pstrProp)); + CHKiRet(cstrFinalize(pstrProp)); + } else { + CHKiRet(cstrConstructFromESStr(&pstrProp, str)); + } + + /* now create a string object out of it and hand that over to the var */ + CHKiRet(var.SetString(pVar, pstrProp)); + es_deleteStr(str); + + /* finally store var */ + *ppVar = pVar; + +finalize_it: + if(epropName != NULL) + es_deleteStr(epropName); + RETiRet; +} + + /* The returns a message variable suitable for use with RainerScript. Most importantly, this means * that the value is returned in a var_t object. The var_t is constructed inside this function and * MUST be freed by the caller. @@ -3116,6 +3171,8 @@ finalize_it: RETiRet; } + + /* This function can be used as a generic way to set properties. * We have to handle a lot of legacy, so our return value is not always * 100% correct (called functions do not always provide one, should -- cgit v1.2.3