/** * Extract and assign process id * * @param sevent * syslog structured message * @param tevent * tracking event */ protected void assignPid(StructuredSyslogServerEvent sevent, TrackingEvent tevent) { tevent.getOperation().setPID(0); String pid = sevent.getProcessId(); if (pid != null && !pid.isEmpty()) { try { tevent.getOperation().setPID(Long.parseLong(sevent.getProcessId())); } catch (NumberFormatException e) { } } tevent.getOperation().setTID(tevent.getOperation().getPID()); }
/** * Process syslog message based on RFC5424 * * @param facility * syslog facility name * @param event * syslog message * @param tevent * tracking event * * @return tracking event */ protected TrackingEvent processRFC3164(String facility, SyslogServerEventIF event, TrackingEvent tevent) { Map<String, Object> map = parseAttributes(event); String appName = map.get("appl.name").toString(); String serverName = map.get("server.name").toString(); Long pid = (Long) map.get("appl.pid"); tevent.setTag(facility, serverName, appName); tevent.getOperation().setPID(pid); tevent.getOperation().setTID(pid); tevent.getOperation().setResource(appName); tevent.getOperation().setName(facility); // set the appropriate source SourceFactory factory = logger.getConfiguration().getSourceFactory(); Source rootSource = factory.getRootSource().getSource(SourceType.DATACENTER); tevent.setSource(factory.newSource(appName, SourceType.APPL, factory.newSource(serverName, SourceType.SERVER, rootSource))); return tevent; }
@Override protected void _log(TrackingEvent event) throws IOException { writeLine(new ProducerRecord<>(getName(), event.getOperation().getName(), getEventFormatter().format(event))); }
@Override public boolean filter(EventSink sink, TrackingEvent event) { if (elapsedUsec >= 0 && event.getOperation().getElapsedTimeUsec() < elapsedUsec) { return false; } if (waitUsec >= 0 && event.getOperation().getWaitTimeUsec() < waitUsec) { return false; } if (msgPattern != null && !msgPattern.matcher(event.getMessagePattern()).matches()) { return false; } if (isDuplicate(event, event.getMessage())) { return false; } if (ttl != TTL.TTL_CONTEXT) { event.setTTL(ttl); } return passLevel(event.getSeverity(), sink); }
@Override public TrackingEvent newEvent(OpLevel severity, String opName, String correlator, String msg, Object... args) { long start = System.nanoTime(); try { if (!isTrackingEnabled(severity, opName, correlator, msg, args)) { return NULL_EVENT; } TrackingEvent event = new TrackingEvent(this, getSource(), severity, opName, correlator, msg, args); event.getOperation().setUser(tConfig.getSource().getUser()); return event; } finally { countOverheadNanos(System.nanoTime() - start); } }
@Override public TrackingEvent newEvent(String opName, String msg, Object... args) { long start = System.nanoTime(); try { if (!isTrackingEnabled(OpLevel.NONE, opName, msg, args)) { return NULL_EVENT; } TrackingEvent event = new TrackingEvent(this, getSource(), OpLevel.NONE, opName, (String) null, msg, args); event.getOperation().setUser(tConfig.getSource().getUser()); return event; } finally { countOverheadNanos(System.nanoTime() - start); } }
@Override public TrackingEvent newEvent(OpLevel severity, String opName, Collection<String> correlators, String msg, Object... args) { long start = System.nanoTime(); try { if (!isTrackingEnabled(severity, opName, correlators, msg, args)) { return NULL_EVENT; } TrackingEvent event = new TrackingEvent(this, getSource(), severity, opName, correlators, msg, args); event.getOperation().setUser(tConfig.getSource().getUser()); return event; } finally { countOverheadNanos(System.nanoTime() - start); } }
@Override public TrackingEvent newEvent(OpLevel severity, OpType opType, String opName, Collection<String> correlators, Collection<String> tags, String msg, Object... args) { long start = System.nanoTime(); try { if (!isTrackingEnabled(severity, opName, correlators, tags, msg, args)) { return NULL_EVENT; } TrackingEvent event = new TrackingEvent(this, getSource(), severity, opType, opName, correlators, tags, msg, args); event.getOperation().setUser(tConfig.getSource().getUser()); return event; } finally { countOverheadNanos(System.nanoTime() - start); } }
@Override public TrackingEvent newEvent(OpLevel severity, String opName, Collection<String> correlators, byte[] msg, Object... args) { long start = System.nanoTime(); try { if (!isTrackingEnabled(severity, opName, correlators, msg, args)) { return NULL_EVENT; } TrackingEvent event = new TrackingEvent(this, getSource(), severity, opName, correlators, msg, args); event.getOperation().setUser(tConfig.getSource().getUser()); return event; } finally { countOverheadNanos(System.nanoTime() - start); } }
@Override public TrackingEvent newEvent(OpLevel severity, String opName, String correlator, byte[] msg, Object... args) { long start = System.nanoTime(); try { if (!isTrackingEnabled(severity, opName, correlator, msg, args)) { return NULL_EVENT; } TrackingEvent event = new TrackingEvent(this, getSource(), severity, opName, correlator, msg, args); event.getOperation().setUser(tConfig.getSource().getUser()); return event; } finally { countOverheadNanos(System.nanoTime() - start); } }
@Override public TrackingEvent newEvent(OpLevel severity, OpType opType, String opName, String correlator, String tag, byte[] msg, Object... args) { long start = System.nanoTime(); try { if (!isTrackingEnabled(severity, opName, correlator, tag, msg, args)) { return NULL_EVENT; } TrackingEvent event = new TrackingEvent(this, getSource(), severity, opType, opName, correlator, tag, msg, args); event.getOperation().setUser(tConfig.getSource().getUser()); return event; } finally { countOverheadNanos(System.nanoTime() - start); } }
@Override public TrackingEvent newEvent(OpLevel severity, OpType opType, String opName, Collection<String> correlators, Collection<String> tags, byte[] msg, Object... args) { long start = System.nanoTime(); try { if (!isTrackingEnabled(severity, opName, correlators, tags, msg, args)) { return NULL_EVENT; } TrackingEvent event = new TrackingEvent(this, getSource(), severity, opType, opName, correlators, tags, msg, args); event.getOperation().setUser(tConfig.getSource().getUser()); return event; } finally { countOverheadNanos(System.nanoTime() - start); } }
/** * Extract syslog name/value pairs if available in within the message * * @param event * syslog event message * @param tevent * tracking event * @return map of parsed out event attributes (name=value pairs) */ protected Map<String, Object> extractVariables(SyslogServerEventIF event, TrackingEvent tevent) { Map<String, Object> attr = parseVariables(event.getMessage()); if (attr != null && attr.size() > 0) { extractSpecialKeys(attr, tevent); PropertySnapshot snap = new PropertySnapshot(SNAPSHOT_CAT_SYSLOG_VARS, tevent.getOperation().getResource(), tevent.getSeverity()); snap.addAll(attr); tevent.getOperation().addSnapshot(snap); } return attr; }
private boolean isDuplicate(TrackingEvent event, String msg) { if (msgTracker != null) { String key = dupUseSoundex? soundex.soundex(msg): msg; long hitCount = msgTracker.hitAndGetCount(key); if ((hitCount > 1) && (msgTracker.getHitAge(msg, TimeUnit.SECONDS) < dupTimeoutSec)) { msgTracker.missAndGetCount(key); return true; } else if (dupAppendStats && (event != null && hitCount > 1)) { event.getOperation().addProperty(new Property("_hitCount", hitCount, ValueTypes.VALUE_TYPE_COUNTER)); event.getOperation().addProperty(new Property("_missCount", msgTracker.getMissCount(key), ValueTypes.VALUE_TYPE_COUNTER)); event.getOperation().addProperty(new Property("_hit_last_age_ms", msgTracker.getHitAge(msg, TimeUnit.MILLISECONDS), ValueTypes.VALUE_TYPE_AGE_MSEC)); event.getOperation().addProperty(new Property("_miss_last_age_ms", msgTracker.getMissAge(msg, TimeUnit.MILLISECONDS), ValueTypes.VALUE_TYPE_AGE_MSEC)); } } return false; } }
@Override public TrackingEvent newEvent(OpLevel severity, OpType opType, String opName, String correlator, String tag, String msg, Object... args) { long start = System.nanoTime(); try { if (!isTrackingEnabled(severity, opName, correlator, tag, msg, args)) { return NULL_EVENT; } TrackingEvent event = new TrackingEvent(this, getSource(), severity, opType, opName, correlator, tag, msg, args); event.getOperation().setUser(tConfig.getSource().getUser()); return event; } finally { countOverheadNanos(System.nanoTime() - start); } }
@Override protected void _log(TrackingEvent event) { writeLine(event.getSeverity(), getEventFormatter().format(event), event.getOperation().getThrowable()); }
/** * Create a new log event instance * * @param sink * sink associated with the event * @param msg * tracking event instance */ public SinkLogEvent(EventSink sink, TrackingEvent msg) { super(sink); logObj = msg; error = msg.getOperation().getThrowable(); level = msg.getSeverity(); evSrc = msg.getSource(); argList = msg.getMessageArgs(); ttl = msg.getTTL(); }
/** * Extract syslog structured data if available (part of RFC 5424) * * @param sevent * syslog structured message * @param tevent * tracking event */ protected void extractStructuredData(StructuredSyslogServerEvent sevent, TrackingEvent tevent) { StructuredSyslogMessage sm = sevent.getStructuredMessage(); Map<?, ?> map = sm.getStructuredData(); if (map != null && !map.isEmpty()) { PropertySnapshot snap = new PropertySnapshot(SNAPSHOT_CAT_SYSLOG_MAP, sevent.getApplicationName(), tevent.getSeverity()); snap.addAll(map); tevent.getOperation().addSnapshot(snap); } }
@Override public void log(TrackingEvent event) { _checkState(); boolean doLog = filterCheck ? isLoggable(event) : true; if (doLog) { try { if (!_limiter(1, event.getSize())) { return; } if (ttl != TTL.TTL_CONTEXT) { event.setTTL(ttl); } _log(event.sign()); loggedEvents.incrementAndGet(); loggedSnaps.addAndGet(event.getOperation().getSnapshotCount()); lastTime.set(System.currentTimeMillis()); errorState = false; if (!logListeners.isEmpty()) { notifyListeners(new SinkLogEvent(this, event)); } } catch (Throwable ex) { notifyListeners(new SinkLogEvent(this, event), ex); } } }
/** * Process syslog message based on RFC5424 * * @param facility * syslog facility name * @param sevent * syslog structured message * @param tevent * tracking event * * @return tracking event */ protected TrackingEvent processRFC5424(String facility, StructuredSyslogServerEvent sevent, TrackingEvent tevent) { // RFC 5424 tevent.getOperation().setName(facility); tevent.getOperation().setResource(sevent.getApplicationName()); tevent.setTag(facility, sevent.getHost(), sevent.getApplicationName(), sevent.getStructuredMessage().getMessageId()); assignPid(sevent, tevent); // set the appropriate source SourceFactory factory = logger.getConfiguration().getSourceFactory(); Source rootSource = factory.getRootSource().getSource(SourceType.DATACENTER); tevent.setSource(factory.newSource(sevent.getApplicationName(), SourceType.APPL, factory.newSource(sevent.getHost(), SourceType.SERVER, rootSource))); // process structured event attributes into snapshot extractStructuredData(sevent, tevent); return tevent; }