a09866c508e14bd82c71a2e6e1d4fa1bd67a3f52,opennms-services/src/main/java/org/opennms/netmgt/syslogd/ConvertToEvent.java,ConvertToEvent,make,#InetAddress#number#number[]#number#String#number#number#UeiList#HideMessage#String#,160

Before Change


        ThreadCategory.setPrefix(LOG4J_CATEGORY);
        Category log = ThreadCategory.getInstance();

        log.debug("In the make part of UdpReceivedSyslog " + e.toString());

        // Build a basic event out of the syslog message

        Event event = new Event();
        event.setSource("syslogd");

        // Set nodeId

        long nodeId = SyslogdIPMgr.getNodeId(addr.toString().replaceAll("/",
                ""));
        // log.debug("Nodeid via SyslogdIPMgr " +
        // SyslogdIPMgr.getNodeId(addr.toString().replaceAll("/","")));

        if (nodeId != -1)
            event.setNodeid(nodeId);

        // Set event host
        //
        try {
            event.setHost(InetAddress.getLocalHost().getHostName());
        } catch (UnknownHostException uhE) {
            event.setHost("unresolved.host");
            log.warn("Failed to resolve local hostname", uhE);
        }

        event.setInterface(addr.toString().replaceAll("/", ""));

        event.setTime(org.opennms.netmgt.EventConstants.formatToString(new java.util.Date()));
        Logmsg logmsg = new Logmsg();
        logmsg.setDest("logndisplay");

        String message = new String(data, 0, len, "US-ASCII");

        // log.debug("The parsed message... " + message );

        int lbIdx = message.indexOf('<');
        int rbIdx = message.indexOf('>');

        if (lbIdx < 0 || rbIdx < 0 || lbIdx >= (rbIdx - 1)) {
            log.warn("Syslogd received an unparsable message!");
        }

        int priCode = 0;
        String priStr = message.substring(lbIdx + 1, rbIdx);

        try {
            priCode = Integer.parseInt(priStr);
        } catch (NumberFormatException ex) {
            log.debug("ERROR Bad priority code '" + priStr + "'");

        }

        int facility = SyslogDefs.extractFacility(priCode);
        int priority = SyslogDefs.extractPriority(priCode);

        String priorityTxt = SyslogDefs.getPriorityName(priority);
        // event.setSeverity(priorityTxt);
        // We leave the priority alone, this might need to be set.

        String facilityTxt = SyslogDefs.getFacilityName(facility);

        //Check for UEI matching or allow a simple standard one.

        event.setUei("uei.opennms.org/syslogd/" + facilityTxt + "/"
                + priorityTxt);

        // message = message.substring(rbIdx + 1, (message.length() - 1));

        message = message.substring(rbIdx + 1, (message.length()));

        //
        // Check to see if msg looks non-standard.
        // In this case, it means that there is not a standard
        // date in the front of the message text.
        //
        boolean stdMsg = true;

        if (message.length() < 16) {
            stdMsg = false;
        } else if (message.charAt(3) != ' ' || message.charAt(6) != ' '
                || message.charAt(9) != ':' || message.charAt(12) != ':'
                || message.charAt(15) != ' ') {
            stdMsg = false;
        }

        String timestamp;

        if (!stdMsg) {
            try {
                timestamp = SyslogTimeStamp.getInstance().format(new Date());
            } catch (IllegalArgumentException ex) {
                log.debug("ERROR INTERNAL DATE ERROR!");
                timestamp = "";
            }
        } else {
            timestamp = message.substring(0, 15);
            message = message.substring(16);
        }

        // These 2 debugs will aid in analyzing the regexpes as syslog seems
        // to differ alot
        // depending on implementation or message structure.

        log.debug("Message : " + message);
        log.debug("Pattern : " + matchPattern);
        log.debug("Host group: " + hostGroup);
        log.debug("Message group: " + messageGroup);

        // We will also here find out if, the host needs to
        // be replaced, the message matched to a UEI, and
        // last if we need to actually hide the message.
        // this being potentially helpful in avoiding showing
        // operator a password or other data that should be
        // confindential.

        Pattern pattern = Pattern.compile(matchPattern);
        Matcher m = pattern.matcher(message);

        /*
        * We matched on a regexp for host/message pair.
        * This can be a forwarded message as in BSD Style
        * or syslog-ng.
        * We assume that the host is given to us
        * as an IP/Hostname and that the resolver
        * on the ONMS host actually can resolve the
        * node to match against nodeId.
         */

        // Antonio: Here seems to me a duplicated match
        // m is setted why i need to reassign?
        // What is wrong?
        // This is causing a trouble generating syslog events not needed
        // I added an else with trowing 
        // Bug # 3278
        if ((m = pattern.matcher(message)).matches()) {

            log.debug("Regexp matched message: " + message);
            log.debug("Host: " + m.group(hostGroup));
            log.debug("Message: " + m.group(messageGroup));

            // We will try and extract an IP address from
            // a hostname.....

            String myHost = "";

            try {
                InetAddress address = InetAddress.getByName(m.group(hostGroup));
                byte[] ipAddr = address.getAddress();

                // Convert to dot representation
                for (int i = 0; i < ipAddr.length; i++) {
                    if (i > 0) {
                        myHost += ".";
                    }
                    myHost += ipAddr[i] & 0xFF;
                }
            } catch (UnknownHostException e1) {
                log.info("Could not parse the host: " + e1);

            }

            if (!"".equals(myHost)) {
                nodeId = SyslogdIPMgr.getNodeId(myHost.replaceAll(
                        "/",
                        ""));

                if (nodeId != -1)
                  event.setNodeid(nodeId);
                  // Clean up for further processing....
                  event.setInterface(myHost.replaceAll("/", ""));
                message = m.group(messageGroup);
                log.debug("Regexp used to find node: " + event.getNodeid());
            }
        } else {
            log.error("Regexp not matched message: " + message);            
            throw new MessageDiscardedException();
        }

        // We will need these shortly
        Parms eventParms = new Parms();
        Parm eventParm = null;
        Value parmValue = null;
        
        Pattern msgPat;
        Matcher msgMat;

        // Time to verify UEI matching.

        for (UeiMatch uei : ueiList.getUeiMatchCollection()) {
            if (uei.getMatch().getType().equals("substr")) {
                if (log.isDebugEnabled()) {
                    log.debug("Attempting substring match for text of a Syslogd event to :" + uei.getMatch().getExpression());
                }
            	if (message.contains(uei.getMatch().getExpression())) {
            	    if (discardUei.equals(uei.getUei())) {
            	        if (log.isDebugEnabled()) {
            	            log.debug("Specified UEI '" + uei.getUei() + "' is same as discard-uei, discarding this message.");
            	            throw new MessageDiscardedException();
            	        }
            	    }
                    //We can pass a new UEI on this
                    log.debug("Changed the UEI of a Syslogd event, based on substring match, to :" + uei.getUei());
                    event.setUei(uei.getUei());
                    // I think we want to stop processing here so the first
                    // ueiMatch wins, right?
                    break;
                }
            } else if (uei.getMatch().getType().equals("regex")) {
                if (log.isDebugEnabled()) {
                    log.debug("Attempting regex match for text of a Syslogd event to :" + uei.getMatch().getExpression());
                }
                try {
            		msgPat = Pattern.compile(uei.getMatch().getExpression(), Pattern.MULTILINE);
            		msgMat = msgPat.matcher(message);
                } catch(PatternSyntaxException pse) {
            		log.error("Failed to compile regex pattern '"+uei.getMatch().getExpression()+"'", pse);
            		msgMat = null;
            	}
            	if ((msgMat != null) && (msgMat.matches())) {
                    if (discardUei.equals(uei.getUei())) {
                        if (log.isDebugEnabled()) {
                            log.debug("Specified UEI '" + uei.getUei() + "' is same as discard-uei, discarding this message.");
                            throw new MessageDiscardedException();
                        }
                    }
            	    // We matched a UEI
            		log.debug("Changed the UEI of a Syslogd event, based on regex match, to :" + uei.getUei());
            		event.setUei(uei.getUei());
            		if (msgMat.groupCount() > 0) {
            			for (int groupNum = 1; groupNum <= msgMat.groupCount(); groupNum++) {
            				log.debug("Added parm 'group"+groupNum+"' with value '"+msgMat.group(groupNum)+"' to Syslogd event based on regex match group");
            				eventParm = new Parm();
            				eventParm.setParmName("group"+groupNum);
            				parmValue = new Value();

After Change


        String m_logPrefix = Syslogd.LOG4J_CATEGORY;
        ThreadCategory.setPrefix(m_logPrefix);
        ThreadCategory.setPrefix(LOG4J_CATEGORY);
        Category log = ThreadCategory.getInstance();

        if (log.isDebugEnabled())
            log.debug("In the make part of UdpReceivedSyslog " + e.toString());

        // Build a basic event out of the syslog message

        Event event = new Event();
        event.setSource("syslogd");

        // Set nodeId
        long nodeId = SyslogdIPMgr.getNodeId(addr.toString().replaceAll("/", ""));
        if (nodeId != -1)
            event.setNodeid(nodeId);

        // Set event host
        try {
            event.setHost(InetAddress.getLocalHost().getHostName());
        } catch (UnknownHostException uhE) {
            event.setHost("unresolved.host");
            log.warn("Failed to resolve local hostname", uhE);
        }

        event.setInterface(addr.toString().replaceAll("/", ""));

        event.setTime(org.opennms.netmgt.EventConstants.formatToString(new java.util.Date()));
        Logmsg logmsg = new Logmsg();
        logmsg.setDest("logndisplay");

        String message = new String(data, 0, len, "US-ASCII");

        int lbIdx = message.indexOf('<');
        int rbIdx = message.indexOf('>');

        if (lbIdx < 0 || rbIdx < 0 || lbIdx >= (rbIdx - 1)) {
            log.warn("Syslogd received an unparsable message!");
        }

        int priCode = 0;
        String priStr = message.substring(lbIdx + 1, rbIdx);

        try {
            priCode = Integer.parseInt(priStr);
        } catch (NumberFormatException ex) {
            log.debug("ERROR Bad priority code '" + priStr + "'");

        }

        int facility = SyslogDefs.extractFacility(priCode);
        int priority = SyslogDefs.extractPriority(priCode);

        String priorityTxt = SyslogDefs.getPriorityName(priority);
        // event.setSeverity(priorityTxt);
        // We leave the priority alone, this might need to be set.

        String facilityTxt = SyslogDefs.getFacilityName(facility);

        //Check for UEI matching or allow a simple standard one.

        event.setUei("uei.opennms.org/syslogd/" + facilityTxt + "/" + priorityTxt);

        // message = message.substring(rbIdx + 1, (message.length() - 1));
        message = message.substring(rbIdx + 1, (message.length()));

        // Check to see if message looks non-standard.
        // In this case, it means that there is not a standard
        // date in the front of the message text.
        boolean stdMsg = true;

        if (message.length() < 16) {
            stdMsg = false;
        } else if (message.charAt(3) != ' ' || message.charAt(6) != ' '
                || message.charAt(9) != ':' || message.charAt(12) != ':'
                || message.charAt(15) != ' ') {
            stdMsg = false;
        }

        String timestamp;

        if (!stdMsg) {
            try {
                timestamp = SyslogTimeStamp.getInstance().format(new Date());
            } catch (IllegalArgumentException ex) {
                log.debug("ERROR INTERNAL DATE ERROR!");
                timestamp = "";
            }
        } else {
            timestamp = message.substring(0, 15);
            message = message.substring(16);
        }

        // These 2 debugs will aid in analyzing the regexes as syslog seems
        // to differ a lot depending on implementation or message structure.

        boolean traceEnabled = log.isEnabledFor(Level.TRACE);

        if (traceEnabled) {
            log.log(Level.TRACE, "Message : " + message);
            log.log(Level.TRACE, "Pattern : " + matchPattern);
            log.log(Level.TRACE, "Host group: " + hostGroup);
            log.log(Level.TRACE, "Message group: " + messageGroup);
        }

        // We will also here find out if, the host needs to
        // be replaced, the message matched to a UEI, and
        // last if we need to actually hide the message.
        // this being potentially helpful in avoiding showing
        // operator a password or other data that should be
        // confidential.

        Pattern pattern = Pattern.compile(matchPattern);
        Matcher m = pattern.matcher(message);

        /*
        * We matched on a regexp for host/message pair.
        * This can be a forwarded message as in BSD Style
        * or syslog-ng.
        * We assume that the host is given to us
        * as an IP/Hostname and that the resolver
        * on the ONMS host actually can resolve the
        * node to match against nodeId.
         */

        if (m.matches()) {

            if (traceEnabled) {
                log.log(Level.TRACE, "Regexp matched message: " + message);
                log.log(Level.TRACE, "Host: " + m.group(hostGroup));
                log.log(Level.TRACE, "Message: " + m.group(messageGroup));
            }

            // We will try to extract an IP address from a hostname.....
            String myHost = "";

            try {
                InetAddress address = InetAddress.getByName(m.group(hostGroup));
                byte[] ipAddr = address.getAddress();

                // Convert to dot representation
                for (int i = 0; i < ipAddr.length; i++) {
                    if (i > 0) {
                        myHost += ".";
                    }
                    myHost += ipAddr[i] & 0xFF;
                }
            } catch (UnknownHostException e1) {
                log.warn("Could not parse the host: " + e1);

            }

            if (!"".equals(myHost)) {
                nodeId = SyslogdIPMgr.getNodeId(myHost.replaceAll("/", ""));

                if (nodeId != -1) {
                    event.setNodeid(nodeId);
                }
                // Clean up for further processing....
                event.setInterface(myHost.replaceAll("/", ""));
                message = m.group(messageGroup);
                if (traceEnabled) {
                    log.log(Level.TRACE, "Regexp used to find node: " + event.getNodeid());
                }
            }
        } else {
            log.warn("Regexp not matched: " + message);            
            throw new MessageDiscardedException();
        }

        // We will need these shortly
        Parms eventParms = new Parms();
        Parm eventParm = null;
        Value parmValue = null;
        
        Pattern msgPat;
        Matcher msgMat;

        // Time to verify UEI matching.

        for (UeiMatch uei : ueiList.getUeiMatchCollection()) {
            if (uei.getMatch().getType().equals("substr")) {
                if (traceEnabled) {
                    log.log(Level.TRACE, "Attempting substring match for text of a Syslogd event to :" + uei.getMatch().getExpression());
                }
            	if (message.contains(uei.getMatch().getExpression())) {
            	    if (discardUei.equals(uei.getUei())) {
            	        if (traceEnabled) {
            	            log.log(Level.TRACE, "Specified UEI '" + uei.getUei() + "' is same as discard-uei, discarding this message.");
            	            throw new MessageDiscardedException();
            	        }
            	    }
                    //We can pass a new UEI on this
            	    if (traceEnabled) {
            	        log.log(Level.TRACE, "Changed the UEI of a Syslogd event, based on substring match, to :" + uei.getUei());
            	    }
                    event.setUei(uei.getUei());
                    // I think we want to stop processing here so the first
                    // ueiMatch wins, right?
                    break;
                }
            } else if (uei.getMatch().getType().equals("regex")) {
                if (traceEnabled) {
                    log.log(Level.TRACE, "Attempting regex match for text of a Syslogd event to :" + uei.getMatch().getExpression());
                }
                try {
            		msgPat = Pattern.compile(uei.getMatch().getExpression(), Pattern.MULTILINE);
            		msgMat = msgPat.matcher(message);
                } catch(PatternSyntaxException pse) {
            		log.warn("Failed to compile regex pattern '"+uei.getMatch().getExpression()+"'", pse);
            		msgMat = null;
            	}
            	if ((msgMat != null) && (msgMat.matches())) {
                    if (discardUei.equals(uei.getUei())) {
                        if (log.isDebugEnabled()) {
                            log.debug("Specified UEI '" + uei.getUei() + "' is same as discard-uei, discarding this message.");
                        }
                        throw new MessageDiscardedException();
                    }

                    // We matched a UEI
                    if (traceEnabled) {
                        log.log(Level.TRACE, "Changed the UEI of a Syslogd event, based on regex match, to :" + uei.getUei());
                    }
                    event.setUei(uei.getUei());
            		if (msgMat.groupCount() > 0) {
            			for (int groupNum = 1; groupNum <= msgMat.groupCount(); groupNum++) {
            			    if (traceEnabled) {
            			        log.log(Level.TRACE, "Added parm 'group"+groupNum+"' with value '"+msgMat.group(groupNum)+"' to Syslogd event based on regex match group");
            			    }
            				eventParm = new Parm();
            				eventParm.setParmName("group"+groupNum);