a09866c508e14bd82c71a2e6e1d4fa1bd67a3f52,opennms-services/src/main/java/org/opennms/netmgt/syslogd/ConvertToEvent.java,ConvertToEvent,make,#InetAddress#number#number[]#number#String#number#number#UeiList#HideMessage#String#,160
Before Change
ThreadCategory.setPrefix(LOG4J_CATEGORY);
Category log = ThreadCategory.getInstance();
log.debug("In the make part of UdpReceivedSyslog " + e.toString());
// Build a basic event out of the syslog message
Event event = new Event();
event.setSource("syslogd");
// Set nodeId
long nodeId = SyslogdIPMgr.getNodeId(addr.toString().replaceAll("/",
""));
// log.debug("Nodeid via SyslogdIPMgr " +
// SyslogdIPMgr.getNodeId(addr.toString().replaceAll("/","")));
if (nodeId != -1)
event.setNodeid(nodeId);
// Set event host
//
try {
event.setHost(InetAddress.getLocalHost().getHostName());
} catch (UnknownHostException uhE) {
event.setHost("unresolved.host");
log.warn("Failed to resolve local hostname", uhE);
}
event.setInterface(addr.toString().replaceAll("/", ""));
event.setTime(org.opennms.netmgt.EventConstants.formatToString(new java.util.Date()));
Logmsg logmsg = new Logmsg();
logmsg.setDest("logndisplay");
String message = new String(data, 0, len, "US-ASCII");
// log.debug("The parsed message... " + message );
int lbIdx = message.indexOf('<');
int rbIdx = message.indexOf('>');
if (lbIdx < 0 || rbIdx < 0 || lbIdx >= (rbIdx - 1)) {
log.warn("Syslogd received an unparsable message!");
}
int priCode = 0;
String priStr = message.substring(lbIdx + 1, rbIdx);
try {
priCode = Integer.parseInt(priStr);
} catch (NumberFormatException ex) {
log.debug("ERROR Bad priority code '" + priStr + "'");
}
int facility = SyslogDefs.extractFacility(priCode);
int priority = SyslogDefs.extractPriority(priCode);
String priorityTxt = SyslogDefs.getPriorityName(priority);
// event.setSeverity(priorityTxt);
// We leave the priority alone, this might need to be set.
String facilityTxt = SyslogDefs.getFacilityName(facility);
//Check for UEI matching or allow a simple standard one.
event.setUei("uei.opennms.org/syslogd/" + facilityTxt + "/"
+ priorityTxt);
// message = message.substring(rbIdx + 1, (message.length() - 1));
message = message.substring(rbIdx + 1, (message.length()));
//
// Check to see if msg looks non-standard.
// In this case, it means that there is not a standard
// date in the front of the message text.
//
boolean stdMsg = true;
if (message.length() < 16) {
stdMsg = false;
} else if (message.charAt(3) != ' ' || message.charAt(6) != ' '
|| message.charAt(9) != ':' || message.charAt(12) != ':'
|| message.charAt(15) != ' ') {
stdMsg = false;
}
String timestamp;
if (!stdMsg) {
try {
timestamp = SyslogTimeStamp.getInstance().format(new Date());
} catch (IllegalArgumentException ex) {
log.debug("ERROR INTERNAL DATE ERROR!");
timestamp = "";
}
} else {
timestamp = message.substring(0, 15);
message = message.substring(16);
}
// These 2 debugs will aid in analyzing the regexpes as syslog seems
// to differ alot
// depending on implementation or message structure.
log.debug("Message : " + message);
log.debug("Pattern : " + matchPattern);
log.debug("Host group: " + hostGroup);
log.debug("Message group: " + messageGroup);
// We will also here find out if, the host needs to
// be replaced, the message matched to a UEI, and
// last if we need to actually hide the message.
// this being potentially helpful in avoiding showing
// operator a password or other data that should be
// confindential.
Pattern pattern = Pattern.compile(matchPattern);
Matcher m = pattern.matcher(message);
/*
* We matched on a regexp for host/message pair.
* This can be a forwarded message as in BSD Style
* or syslog-ng.
* We assume that the host is given to us
* as an IP/Hostname and that the resolver
* on the ONMS host actually can resolve the
* node to match against nodeId.
*/
// Antonio: Here seems to me a duplicated match
// m is setted why i need to reassign?
// What is wrong?
// This is causing a trouble generating syslog events not needed
// I added an else with trowing
// Bug # 3278
if ((m = pattern.matcher(message)).matches()) {
log.debug("Regexp matched message: " + message);
log.debug("Host: " + m.group(hostGroup));
log.debug("Message: " + m.group(messageGroup));
// We will try and extract an IP address from
// a hostname.....
String myHost = "";
try {
InetAddress address = InetAddress.getByName(m.group(hostGroup));
byte[] ipAddr = address.getAddress();
// Convert to dot representation
for (int i = 0; i < ipAddr.length; i++) {
if (i > 0) {
myHost += ".";
}
myHost += ipAddr[i] & 0xFF;
}
} catch (UnknownHostException e1) {
log.info("Could not parse the host: " + e1);
}
if (!"".equals(myHost)) {
nodeId = SyslogdIPMgr.getNodeId(myHost.replaceAll(
"/",
""));
if (nodeId != -1)
event.setNodeid(nodeId);
// Clean up for further processing....
event.setInterface(myHost.replaceAll("/", ""));
message = m.group(messageGroup);
log.debug("Regexp used to find node: " + event.getNodeid());
}
} else {
log.error("Regexp not matched message: " + message);
throw new MessageDiscardedException();
}
// We will need these shortly
Parms eventParms = new Parms();
Parm eventParm = null;
Value parmValue = null;
Pattern msgPat;
Matcher msgMat;
// Time to verify UEI matching.
for (UeiMatch uei : ueiList.getUeiMatchCollection()) {
if (uei.getMatch().getType().equals("substr")) {
if (log.isDebugEnabled()) {
log.debug("Attempting substring match for text of a Syslogd event to :" + uei.getMatch().getExpression());
}
if (message.contains(uei.getMatch().getExpression())) {
if (discardUei.equals(uei.getUei())) {
if (log.isDebugEnabled()) {
log.debug("Specified UEI '" + uei.getUei() + "' is same as discard-uei, discarding this message.");
throw new MessageDiscardedException();
}
}
//We can pass a new UEI on this
log.debug("Changed the UEI of a Syslogd event, based on substring match, to :" + uei.getUei());
event.setUei(uei.getUei());
// I think we want to stop processing here so the first
// ueiMatch wins, right?
break;
}
} else if (uei.getMatch().getType().equals("regex")) {
if (log.isDebugEnabled()) {
log.debug("Attempting regex match for text of a Syslogd event to :" + uei.getMatch().getExpression());
}
try {
msgPat = Pattern.compile(uei.getMatch().getExpression(), Pattern.MULTILINE);
msgMat = msgPat.matcher(message);
} catch(PatternSyntaxException pse) {
log.error("Failed to compile regex pattern '"+uei.getMatch().getExpression()+"'", pse);
msgMat = null;
}
if ((msgMat != null) && (msgMat.matches())) {
if (discardUei.equals(uei.getUei())) {
if (log.isDebugEnabled()) {
log.debug("Specified UEI '" + uei.getUei() + "' is same as discard-uei, discarding this message.");
throw new MessageDiscardedException();
}
}
// We matched a UEI
log.debug("Changed the UEI of a Syslogd event, based on regex match, to :" + uei.getUei());
event.setUei(uei.getUei());
if (msgMat.groupCount() > 0) {
for (int groupNum = 1; groupNum <= msgMat.groupCount(); groupNum++) {
log.debug("Added parm 'group"+groupNum+"' with value '"+msgMat.group(groupNum)+"' to Syslogd event based on regex match group");
eventParm = new Parm();
eventParm.setParmName("group"+groupNum);
parmValue = new Value();
After Change
String m_logPrefix = Syslogd.LOG4J_CATEGORY;
ThreadCategory.setPrefix(m_logPrefix);
ThreadCategory.setPrefix(LOG4J_CATEGORY);
Category log = ThreadCategory.getInstance();
if (log.isDebugEnabled())
log.debug("In the make part of UdpReceivedSyslog " + e.toString());
// Build a basic event out of the syslog message
Event event = new Event();
event.setSource("syslogd");
// Set nodeId
long nodeId = SyslogdIPMgr.getNodeId(addr.toString().replaceAll("/", ""));
if (nodeId != -1)
event.setNodeid(nodeId);
// Set event host
try {
event.setHost(InetAddress.getLocalHost().getHostName());
} catch (UnknownHostException uhE) {
event.setHost("unresolved.host");
log.warn("Failed to resolve local hostname", uhE);
}
event.setInterface(addr.toString().replaceAll("/", ""));
event.setTime(org.opennms.netmgt.EventConstants.formatToString(new java.util.Date()));
Logmsg logmsg = new Logmsg();
logmsg.setDest("logndisplay");
String message = new String(data, 0, len, "US-ASCII");
int lbIdx = message.indexOf('<');
int rbIdx = message.indexOf('>');
if (lbIdx < 0 || rbIdx < 0 || lbIdx >= (rbIdx - 1)) {
log.warn("Syslogd received an unparsable message!");
}
int priCode = 0;
String priStr = message.substring(lbIdx + 1, rbIdx);
try {
priCode = Integer.parseInt(priStr);
} catch (NumberFormatException ex) {
log.debug("ERROR Bad priority code '" + priStr + "'");
}
int facility = SyslogDefs.extractFacility(priCode);
int priority = SyslogDefs.extractPriority(priCode);
String priorityTxt = SyslogDefs.getPriorityName(priority);
// event.setSeverity(priorityTxt);
// We leave the priority alone, this might need to be set.
String facilityTxt = SyslogDefs.getFacilityName(facility);
//Check for UEI matching or allow a simple standard one.
event.setUei("uei.opennms.org/syslogd/" + facilityTxt + "/" + priorityTxt);
// message = message.substring(rbIdx + 1, (message.length() - 1));
message = message.substring(rbIdx + 1, (message.length()));
// Check to see if message looks non-standard.
// In this case, it means that there is not a standard
// date in the front of the message text.
boolean stdMsg = true;
if (message.length() < 16) {
stdMsg = false;
} else if (message.charAt(3) != ' ' || message.charAt(6) != ' '
|| message.charAt(9) != ':' || message.charAt(12) != ':'
|| message.charAt(15) != ' ') {
stdMsg = false;
}
String timestamp;
if (!stdMsg) {
try {
timestamp = SyslogTimeStamp.getInstance().format(new Date());
} catch (IllegalArgumentException ex) {
log.debug("ERROR INTERNAL DATE ERROR!");
timestamp = "";
}
} else {
timestamp = message.substring(0, 15);
message = message.substring(16);
}
// These 2 debugs will aid in analyzing the regexes as syslog seems
// to differ a lot depending on implementation or message structure.
boolean traceEnabled = log.isEnabledFor(Level.TRACE);
if (traceEnabled) {
log.log(Level.TRACE, "Message : " + message);
log.log(Level.TRACE, "Pattern : " + matchPattern);
log.log(Level.TRACE, "Host group: " + hostGroup);
log.log(Level.TRACE, "Message group: " + messageGroup);
}
// We will also here find out if, the host needs to
// be replaced, the message matched to a UEI, and
// last if we need to actually hide the message.
// this being potentially helpful in avoiding showing
// operator a password or other data that should be
// confidential.
Pattern pattern = Pattern.compile(matchPattern);
Matcher m = pattern.matcher(message);
/*
* We matched on a regexp for host/message pair.
* This can be a forwarded message as in BSD Style
* or syslog-ng.
* We assume that the host is given to us
* as an IP/Hostname and that the resolver
* on the ONMS host actually can resolve the
* node to match against nodeId.
*/
if (m.matches()) {
if (traceEnabled) {
log.log(Level.TRACE, "Regexp matched message: " + message);
log.log(Level.TRACE, "Host: " + m.group(hostGroup));
log.log(Level.TRACE, "Message: " + m.group(messageGroup));
}
// We will try to extract an IP address from a hostname.....
String myHost = "";
try {
InetAddress address = InetAddress.getByName(m.group(hostGroup));
byte[] ipAddr = address.getAddress();
// Convert to dot representation
for (int i = 0; i < ipAddr.length; i++) {
if (i > 0) {
myHost += ".";
}
myHost += ipAddr[i] & 0xFF;
}
} catch (UnknownHostException e1) {
log.warn("Could not parse the host: " + e1);
}
if (!"".equals(myHost)) {
nodeId = SyslogdIPMgr.getNodeId(myHost.replaceAll("/", ""));
if (nodeId != -1) {
event.setNodeid(nodeId);
}
// Clean up for further processing....
event.setInterface(myHost.replaceAll("/", ""));
message = m.group(messageGroup);
if (traceEnabled) {
log.log(Level.TRACE, "Regexp used to find node: " + event.getNodeid());
}
}
} else {
log.warn("Regexp not matched: " + message);
throw new MessageDiscardedException();
}
// We will need these shortly
Parms eventParms = new Parms();
Parm eventParm = null;
Value parmValue = null;
Pattern msgPat;
Matcher msgMat;
// Time to verify UEI matching.
for (UeiMatch uei : ueiList.getUeiMatchCollection()) {
if (uei.getMatch().getType().equals("substr")) {
if (traceEnabled) {
log.log(Level.TRACE, "Attempting substring match for text of a Syslogd event to :" + uei.getMatch().getExpression());
}
if (message.contains(uei.getMatch().getExpression())) {
if (discardUei.equals(uei.getUei())) {
if (traceEnabled) {
log.log(Level.TRACE, "Specified UEI '" + uei.getUei() + "' is same as discard-uei, discarding this message.");
throw new MessageDiscardedException();
}
}
//We can pass a new UEI on this
if (traceEnabled) {
log.log(Level.TRACE, "Changed the UEI of a Syslogd event, based on substring match, to :" + uei.getUei());
}
event.setUei(uei.getUei());
// I think we want to stop processing here so the first
// ueiMatch wins, right?
break;
}
} else if (uei.getMatch().getType().equals("regex")) {
if (traceEnabled) {
log.log(Level.TRACE, "Attempting regex match for text of a Syslogd event to :" + uei.getMatch().getExpression());
}
try {
msgPat = Pattern.compile(uei.getMatch().getExpression(), Pattern.MULTILINE);
msgMat = msgPat.matcher(message);
} catch(PatternSyntaxException pse) {
log.warn("Failed to compile regex pattern '"+uei.getMatch().getExpression()+"'", pse);
msgMat = null;
}
if ((msgMat != null) && (msgMat.matches())) {
if (discardUei.equals(uei.getUei())) {
if (log.isDebugEnabled()) {
log.debug("Specified UEI '" + uei.getUei() + "' is same as discard-uei, discarding this message.");
}
throw new MessageDiscardedException();
}
// We matched a UEI
if (traceEnabled) {
log.log(Level.TRACE, "Changed the UEI of a Syslogd event, based on regex match, to :" + uei.getUei());
}
event.setUei(uei.getUei());
if (msgMat.groupCount() > 0) {
for (int groupNum = 1; groupNum <= msgMat.groupCount(); groupNum++) {
if (traceEnabled) {
log.log(Level.TRACE, "Added parm 'group"+groupNum+"' with value '"+msgMat.group(groupNum)+"' to Syslogd event based on regex match group");
}
eventParm = new Parm();
eventParm.setParmName("group"+groupNum);