2 * collectd - src/sysevent.c
4 * Permission is hereby granted, free of charge, to any person obtaining a
5 * copy of this software and associated documentation files (the "Software"),
6 * to deal in the Software without restriction, including without limitation
7 * the rights to use, copy, modify, merge, publish, distribute, sublicense,
8 * and/or sell copies of the Software, and to permit persons to whom the
9 * Software is furnished to do so, subject to the following conditions:
11 * The above copyright notice and this permission notice shall be included in
12 * all copies or substantial portions of the Software.
14 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
19 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
20 * DEALINGS IN THE SOFTWARE.
24 * Andrew Bays <abays at redhat.com>
31 #include "utils_complain.h"
32 #include "utils_ignorelist.h"
36 #include <netinet/in.h>
41 #include <sys/socket.h>
44 #include <yajl/yajl_common.h>
45 #include <yajl/yajl_gen.h>
47 #if HAVE_YAJL_YAJL_VERSION_H
48 #include <yajl/yajl_version.h>
50 #if defined(YAJL_MAJOR) && (YAJL_MAJOR > 1)
51 #include <yajl/yajl_tree.h>
52 #define HAVE_YAJL_V2 1
55 #define SYSEVENT_DOMAIN_FIELD "domain"
56 #define SYSEVENT_DOMAIN_VALUE "syslog"
57 #define SYSEVENT_EVENT_ID_FIELD "eventId"
58 #define SYSEVENT_EVENT_NAME_FIELD "eventName"
59 #define SYSEVENT_EVENT_NAME_VALUE "syslog message"
60 #define SYSEVENT_LAST_EPOCH_MICROSEC_FIELD "lastEpochMicrosec"
61 #define SYSEVENT_PRIORITY_FIELD "priority"
62 #define SYSEVENT_PRIORITY_VALUE_HIGH "high"
63 #define SYSEVENT_PRIORITY_VALUE_LOW "low"
64 #define SYSEVENT_PRIORITY_VALUE_MEDIUM "medium"
65 #define SYSEVENT_PRIORITY_VALUE_NORMAL "normal"
66 #define SYSEVENT_PRIORITY_VALUE_UNKNOWN "unknown"
67 #define SYSEVENT_REPORTING_ENTITY_NAME_FIELD "reportingEntityName"
68 #define SYSEVENT_REPORTING_ENTITY_NAME_VALUE "collectd sysevent plugin"
69 #define SYSEVENT_SEQUENCE_FIELD "sequence"
70 #define SYSEVENT_SEQUENCE_VALUE "0"
71 #define SYSEVENT_SOURCE_NAME_FIELD "sourceName"
72 #define SYSEVENT_SOURCE_NAME_VALUE "syslog"
73 #define SYSEVENT_START_EPOCH_MICROSEC_FIELD "startEpochMicrosec"
74 #define SYSEVENT_VERSION_FIELD "version"
75 #define SYSEVENT_VERSION_VALUE "1.0"
77 #define SYSEVENT_EVENT_SOURCE_HOST_FIELD "eventSourceHost"
78 #define SYSEVENT_EVENT_SOURCE_TYPE_FIELD "eventSourceType"
79 #define SYSEVENT_EVENT_SOURCE_TYPE_VALUE "host"
80 #define SYSEVENT_SYSLOG_FIELDS_FIELD "syslogFields"
81 #define SYSEVENT_SYSLOG_FIELDS_VERSION_FIELD "syslogFieldsVersion"
82 #define SYSEVENT_SYSLOG_FIELDS_VERSION_VALUE "1.0"
83 #define SYSEVENT_SYSLOG_MSG_FIELD "syslogMsg"
84 #define SYSEVENT_SYSLOG_PROC_FIELD "syslogProc"
85 #define SYSEVENT_SYSLOG_SEV_FIELD "syslogSev"
86 #define SYSEVENT_SYSLOG_TAG_FIELD "syslogTag"
87 #define SYSEVENT_SYSLOG_TAG_VALUE "NILVALUE"
98 long long unsigned int *timestamp;
104 static ignorelist_t *ignorelist = NULL;
106 static int sysevent_thread_loop = 0;
107 static int sysevent_thread_error = 0;
108 static pthread_t sysevent_thread_id;
109 static pthread_mutex_t sysevent_lock = PTHREAD_MUTEX_INITIALIZER;
110 static int sock = -1;
111 static int event_id = 0;
112 static circbuf_t ring;
114 static char *listen_ip;
115 static char *listen_port;
116 static int listen_buffer_size = 4096;
117 static int buffer_length = 10;
119 static int monitor_all_messages = 1;
122 static const char *rsyslog_keys[3] = {"@timestamp", "@source_host", "@message"};
123 static const char *rsyslog_field_keys[5] = {
124 "facility", "severity", "severity-num", "program", "processid"};
131 static int gen_message_payload(const char *msg, char *sev, int sev_num,
132 char *process, char *host,
133 long long unsigned int timestamp, char **buf) {
134 const unsigned char *buf2;
136 char json_str[DATA_MAX_NAME_LEN];
138 #if !defined(HAVE_YAJL_V2)
139 yajl_gen_config conf = {};
146 g = yajl_gen_alloc(NULL);
147 yajl_gen_config(g, yajl_gen_beautify, 0);
150 g = yajl_gen_alloc(&conf, NULL);
155 // *** BEGIN common event header ***
157 if (yajl_gen_map_open(g) != yajl_gen_status_ok)
161 if (yajl_gen_string(g, (u_char *)SYSEVENT_DOMAIN_FIELD,
162 strlen(SYSEVENT_DOMAIN_FIELD)) != yajl_gen_status_ok)
165 if (yajl_gen_string(g, (u_char *)SYSEVENT_DOMAIN_VALUE,
166 strlen(SYSEVENT_DOMAIN_VALUE)) != yajl_gen_status_ok)
170 if (yajl_gen_string(g, (u_char *)SYSEVENT_EVENT_ID_FIELD,
171 strlen(SYSEVENT_EVENT_ID_FIELD)) != yajl_gen_status_ok)
174 event_id = event_id + 1;
175 int event_id_len = sizeof(char) * sizeof(int) * 4 + 1;
176 memset(json_str, '\0', DATA_MAX_NAME_LEN);
177 snprintf(json_str, event_id_len, "%d", event_id);
179 if (yajl_gen_number(g, json_str, strlen(json_str)) != yajl_gen_status_ok) {
184 if (yajl_gen_string(g, (u_char *)SYSEVENT_EVENT_NAME_FIELD,
185 strlen(SYSEVENT_EVENT_NAME_FIELD)) != yajl_gen_status_ok)
188 int event_name_len = 0;
189 event_name_len = event_name_len + strlen(host); // host name
192 22; // "host", "rsyslog", "message", 3 spaces and null-terminator
193 memset(json_str, '\0', DATA_MAX_NAME_LEN);
194 snprintf(json_str, event_name_len, "host %s rsyslog message", host);
196 if (yajl_gen_string(g, (u_char *)json_str, strlen(json_str)) !=
197 yajl_gen_status_ok) {
202 if (yajl_gen_string(g, (u_char *)SYSEVENT_LAST_EPOCH_MICROSEC_FIELD,
203 strlen(SYSEVENT_LAST_EPOCH_MICROSEC_FIELD)) !=
207 int last_epoch_microsec_len =
208 sizeof(char) * sizeof(long long unsigned int) * 4 + 1;
209 memset(json_str, '\0', DATA_MAX_NAME_LEN);
210 snprintf(json_str, last_epoch_microsec_len, "%llu",
211 (long long unsigned int)CDTIME_T_TO_US(cdtime()));
213 if (yajl_gen_number(g, json_str, strlen(json_str)) != yajl_gen_status_ok) {
218 if (yajl_gen_string(g, (u_char *)SYSEVENT_PRIORITY_FIELD,
219 strlen(SYSEVENT_PRIORITY_FIELD)) != yajl_gen_status_ok)
224 if (yajl_gen_string(g, (u_char *)SYSEVENT_PRIORITY_VALUE_MEDIUM,
225 strlen(SYSEVENT_PRIORITY_VALUE_MEDIUM)) !=
230 if (yajl_gen_string(g, (u_char *)SYSEVENT_PRIORITY_VALUE_NORMAL,
231 strlen(SYSEVENT_PRIORITY_VALUE_NORMAL)) !=
237 if (yajl_gen_string(g, (u_char *)SYSEVENT_PRIORITY_VALUE_LOW,
238 strlen(SYSEVENT_PRIORITY_VALUE_LOW)) !=
243 if (yajl_gen_string(g, (u_char *)SYSEVENT_PRIORITY_VALUE_UNKNOWN,
244 strlen(SYSEVENT_PRIORITY_VALUE_UNKNOWN)) !=
250 // reportingEntityName
251 if (yajl_gen_string(g, (u_char *)SYSEVENT_REPORTING_ENTITY_NAME_FIELD,
252 strlen(SYSEVENT_REPORTING_ENTITY_NAME_FIELD)) !=
256 if (yajl_gen_string(g, (u_char *)SYSEVENT_REPORTING_ENTITY_NAME_VALUE,
257 strlen(SYSEVENT_REPORTING_ENTITY_NAME_VALUE)) !=
262 if (yajl_gen_string(g, (u_char *)SYSEVENT_SEQUENCE_FIELD,
263 strlen(SYSEVENT_SEQUENCE_FIELD)) != yajl_gen_status_ok)
266 if (yajl_gen_number(g, SYSEVENT_SEQUENCE_VALUE,
267 strlen(SYSEVENT_SEQUENCE_VALUE)) != yajl_gen_status_ok)
271 if (yajl_gen_string(g, (u_char *)SYSEVENT_SOURCE_NAME_FIELD,
272 strlen(SYSEVENT_SOURCE_NAME_FIELD)) != yajl_gen_status_ok)
275 if (yajl_gen_string(g, (u_char *)SYSEVENT_SOURCE_NAME_VALUE,
276 strlen(SYSEVENT_SOURCE_NAME_VALUE)) != yajl_gen_status_ok)
279 // startEpochMicrosec
280 if (yajl_gen_string(g, (u_char *)SYSEVENT_START_EPOCH_MICROSEC_FIELD,
281 strlen(SYSEVENT_START_EPOCH_MICROSEC_FIELD)) !=
285 int start_epoch_microsec_len =
286 sizeof(char) * sizeof(long long unsigned int) * 4 + 1;
287 memset(json_str, '\0', DATA_MAX_NAME_LEN);
288 snprintf(json_str, start_epoch_microsec_len, "%llu",
289 (long long unsigned int)timestamp);
291 if (yajl_gen_number(g, json_str, strlen(json_str)) != yajl_gen_status_ok) {
296 if (yajl_gen_string(g, (u_char *)SYSEVENT_VERSION_FIELD,
297 strlen(SYSEVENT_VERSION_FIELD)) != yajl_gen_status_ok)
300 if (yajl_gen_number(g, SYSEVENT_VERSION_VALUE,
301 strlen(SYSEVENT_VERSION_VALUE)) != yajl_gen_status_ok)
304 // *** END common event header ***
306 // *** BEGIN syslog fields ***
308 if (yajl_gen_string(g, (u_char *)SYSEVENT_SYSLOG_FIELDS_FIELD,
309 strlen(SYSEVENT_SYSLOG_FIELDS_FIELD)) !=
313 if (yajl_gen_map_open(g) != yajl_gen_status_ok)
317 if (yajl_gen_string(g, (u_char *)SYSEVENT_EVENT_SOURCE_HOST_FIELD,
318 strlen(SYSEVENT_EVENT_SOURCE_HOST_FIELD)) !=
322 if (yajl_gen_string(g, (u_char *)host, strlen(host)) != yajl_gen_status_ok)
326 if (yajl_gen_string(g, (u_char *)SYSEVENT_EVENT_SOURCE_TYPE_FIELD,
327 strlen(SYSEVENT_EVENT_SOURCE_TYPE_FIELD)) !=
331 if (yajl_gen_string(g, (u_char *)SYSEVENT_EVENT_SOURCE_TYPE_VALUE,
332 strlen(SYSEVENT_EVENT_SOURCE_TYPE_VALUE)) !=
336 // syslogFieldsVersion
337 if (yajl_gen_string(g, (u_char *)SYSEVENT_SYSLOG_FIELDS_VERSION_FIELD,
338 strlen(SYSEVENT_SYSLOG_FIELDS_VERSION_FIELD)) !=
342 if (yajl_gen_number(g, SYSEVENT_SYSLOG_FIELDS_VERSION_VALUE,
343 strlen(SYSEVENT_SYSLOG_FIELDS_VERSION_VALUE)) !=
349 if (yajl_gen_string(g, (u_char *)SYSEVENT_SYSLOG_MSG_FIELD,
350 strlen(SYSEVENT_SYSLOG_MSG_FIELD)) !=
354 if (yajl_gen_string(g, (u_char *)msg, strlen(msg)) != yajl_gen_status_ok)
359 if (process != NULL) {
360 if (yajl_gen_string(g, (u_char *)SYSEVENT_SYSLOG_PROC_FIELD,
361 strlen(SYSEVENT_SYSLOG_PROC_FIELD)) !=
365 if (yajl_gen_string(g, (u_char *)process, strlen(process)) !=
372 if (yajl_gen_string(g, (u_char *)SYSEVENT_SYSLOG_SEV_FIELD,
373 strlen(SYSEVENT_SYSLOG_SEV_FIELD)) !=
377 if (yajl_gen_string(g, (u_char *)sev, strlen(sev)) != yajl_gen_status_ok)
382 if (yajl_gen_string(g, (u_char *)SYSEVENT_SYSLOG_TAG_FIELD,
383 strlen(SYSEVENT_SYSLOG_TAG_FIELD)) != yajl_gen_status_ok)
386 if (yajl_gen_string(g, (u_char *)SYSEVENT_SYSLOG_TAG_VALUE,
387 strlen(SYSEVENT_SYSLOG_TAG_VALUE)) != yajl_gen_status_ok)
390 if (yajl_gen_map_close(g) != yajl_gen_status_ok)
393 // *** END syslog fields ***
395 if (yajl_gen_map_close(g) != yajl_gen_status_ok)
398 if (yajl_gen_get_buf(g, &buf2, &len) != yajl_gen_status_ok)
401 *buf = malloc(strlen((char *)buf2) + 1);
405 ERROR("sysevent plugin: gen_message_payload malloc failed");
409 sstrncpy(*buf, (char *)buf2, strlen((char *)buf2) + 1);
417 ERROR("sysevent plugin: gen_message_payload failed to generate JSON");
421 static void *sysevent_thread(void *arg) /* {{{ */
423 pthread_mutex_lock(&sysevent_lock);
425 while (sysevent_thread_loop > 0) {
428 pthread_mutex_unlock(&sysevent_lock);
433 char buffer[listen_buffer_size];
434 struct sockaddr_storage src_addr;
435 socklen_t src_addr_len = sizeof(src_addr);
437 memset(buffer, '\0', listen_buffer_size);
439 ssize_t count = recvfrom(sock, buffer, sizeof(buffer), 0,
440 (struct sockaddr *)&src_addr, &src_addr_len);
443 ERROR("sysevent plugin: failed to receive data: %s", strerror(errno));
445 } else if (count >= sizeof(buffer)) {
446 WARNING("sysevent plugin: datagram too large for buffer: truncated");
449 // 2. Push to buffer if there is room, otherwise raise warning
451 pthread_mutex_lock(&sysevent_lock);
453 int next = ring.head + 1;
454 if (next >= ring.maxLen)
457 if (next == ring.tail) {
458 WARNING("sysevent plugin: ring buffer full");
460 DEBUG("sysevent plugin: writing %s", buffer);
462 strncpy(ring.buffer[ring.head], buffer, sizeof(buffer));
463 ring.timestamp[ring.head] =
464 (long long unsigned int)CDTIME_T_TO_US(cdtime());
468 pthread_mutex_unlock(&sysevent_lock);
473 pthread_mutex_lock(&sysevent_lock);
476 WARNING("sysevent plugin: problem with thread status: %d", status);
477 sysevent_thread_error = 1;
481 if (sysevent_thread_loop <= 0)
483 } /* while (sysevent_thread_loop > 0) */
485 pthread_mutex_unlock(&sysevent_lock);
487 // pthread_exit instead of return?
489 } /* }}} void *sysevent_thread */
491 static int start_thread(void) /* {{{ */
495 pthread_mutex_lock(&sysevent_lock);
497 if (sysevent_thread_loop != 0) {
498 pthread_mutex_unlock(&sysevent_lock);
502 sysevent_thread_loop = 1;
503 sysevent_thread_error = 0;
505 DEBUG("sysevent plugin: starting thread");
507 status = plugin_thread_create(&sysevent_thread_id, /* attr = */ NULL,
509 /* arg = */ (void *)0, "sysevent");
511 sysevent_thread_loop = 0;
512 ERROR("sysevent plugin: starting thread failed.");
513 pthread_mutex_unlock(&sysevent_lock);
517 pthread_mutex_unlock(&sysevent_lock);
519 } /* }}} int start_thread */
521 static int stop_thread(int shutdown) /* {{{ */
525 pthread_mutex_lock(&sysevent_lock);
527 if (sysevent_thread_loop == 0) {
528 pthread_mutex_unlock(&sysevent_lock);
532 sysevent_thread_loop = 0;
533 pthread_mutex_unlock(&sysevent_lock);
536 // Since the thread is blocking, calling pthread_join
537 // doesn't actually succeed in stopping it. It will stick around
538 // until a message is received on the socket (at which
539 // it will realize that "sysevent_thread_loop" is 0 and will
540 // break out of the read loop and be allowed to die). This is
541 // fine when the process isn't supposed to be exiting, but in
542 // the case of a process shutdown, we don't want to have an
543 // idle thread hanging around. Calling pthread_cancel here in
544 // the case of a shutdown is just assures that the thread is
545 // gone and that the process has been fully terminated.
547 DEBUG("sysevent plugin: Canceling thread for process shutdown");
549 status = pthread_cancel(sysevent_thread_id);
552 ERROR("sysevent plugin: Unable to cancel thread: %d (%s)", status,
557 status = pthread_join(sysevent_thread_id, /* return = */ NULL);
559 ERROR("sysevent plugin: Stopping thread failed.");
564 pthread_mutex_lock(&sysevent_lock);
565 memset(&sysevent_thread_id, 0, sizeof(sysevent_thread_id));
566 sysevent_thread_error = 0;
567 pthread_mutex_unlock(&sysevent_lock);
569 DEBUG("sysevent plugin: Finished requesting stop of thread");
572 } /* }}} int stop_thread */
574 static int sysevent_init(void) /* {{{ */
578 ring.maxLen = buffer_length;
579 ring.buffer = (char **)malloc(buffer_length * sizeof(char *));
581 if (ring.buffer == NULL)
583 ERROR("sysevent plugin: sysevent_init malloc failed");
587 for (int i = 0; i < buffer_length; i++) {
588 ring.buffer[i] = malloc(listen_buffer_size);
591 ring.timestamp = (long long unsigned int *)malloc(
592 buffer_length * sizeof(long long unsigned int));
595 const char *hostname = listen_ip;
596 const char *portname = listen_port;
597 struct addrinfo hints;
598 memset(&hints, 0, sizeof(hints));
599 hints.ai_family = AF_UNSPEC;
600 hints.ai_socktype = SOCK_DGRAM;
601 hints.ai_protocol = 0;
602 hints.ai_flags = AI_PASSIVE | AI_ADDRCONFIG;
603 struct addrinfo *res = 0;
605 int err = getaddrinfo(hostname, portname, &hints, &res);
608 ERROR("sysevent plugin: failed to resolve local socket address (err=%d)",
614 sock = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
616 ERROR("sysevent plugin: failed to open socket: %s", strerror(errno));
621 if (bind(sock, res->ai_addr, res->ai_addrlen) == -1) {
622 ERROR("sysevent plugin: failed to bind socket: %s", strerror(errno));
630 DEBUG("sysevent plugin: socket created and bound");
632 return (start_thread());
633 } /* }}} int sysevent_init */
635 static int sysevent_config_add_listen(const oconfig_item_t *ci) /* {{{ */
637 if (ci->values_num != 2 || ci->values[0].type != OCONFIG_TYPE_STRING ||
638 ci->values[1].type != OCONFIG_TYPE_STRING) {
639 ERROR("sysevent plugin: The `%s' config option needs "
640 "two string arguments (ip and port).",
645 listen_ip = strdup(ci->values[0].value.string);
646 listen_port = strdup(ci->values[1].value.string);
651 static int sysevent_config_add_buffer_size(const oconfig_item_t *ci) /* {{{ */
655 if (cf_util_get_int(ci, &tmp) != 0)
657 else if ((tmp >= 1024) && (tmp <= 65535))
658 listen_buffer_size = tmp;
661 "sysevent plugin: The `BufferSize' must be between 1024 and 65535.");
668 static int sysevent_config_add_buffer_length(const oconfig_item_t *ci) /* {{{ */
672 if (cf_util_get_int(ci, &tmp) != 0)
674 else if ((tmp >= 3) && (tmp <= 4096))
677 WARNING("sysevent plugin: The `Bufferlength' must be between 3 and 4096.");
684 static int sysevent_config_add_regex_filter(const oconfig_item_t *ci) /* {{{ */
686 if (ci->values_num != 1 || ci->values[0].type != OCONFIG_TYPE_STRING) {
687 ERROR("sysevent plugin: The `%s' config option needs "
688 "one string argument, a regular expression.",
694 if (ignorelist == NULL)
695 ignorelist = ignorelist_create(/* invert = */ 1);
697 int status = ignorelist_add(ignorelist, ci->values[0].value.string);
700 ERROR("sysevent plugin: invalid regular expression: %s",
701 ci->values[0].value.string);
705 monitor_all_messages = 0;
707 WARNING("sysevent plugin: The plugin has been compiled without support "
708 "for the \"RegexFilter\" option.");
714 static int sysevent_config(oconfig_item_t *ci) /* {{{ */
716 for (int i = 0; i < ci->children_num; i++) {
717 oconfig_item_t *child = ci->children + i;
719 if (strcasecmp("Listen", child->key) == 0)
720 sysevent_config_add_listen(child);
721 else if (strcasecmp("BufferSize", child->key) == 0)
722 sysevent_config_add_buffer_size(child);
723 else if (strcasecmp("BufferLength", child->key) == 0)
724 sysevent_config_add_buffer_length(child);
725 else if (strcasecmp("RegexFilter", child->key) == 0)
726 sysevent_config_add_regex_filter(child);
728 WARNING("sysevent plugin: Option `%s' is not allowed here.", child->key);
733 } /* }}} int sysevent_config */
735 static void sysevent_dispatch_notification(const char *message,
739 long long unsigned int timestamp) {
741 notification_t n = {NOTIF_OKAY, cdtime(), "", "", "sysevent",
746 // If we have a parsed-JSON node to work with, use that
748 char process[listen_buffer_size];
749 char severity[listen_buffer_size];
750 char sev_num_str[listen_buffer_size];
751 char msg[listen_buffer_size];
752 char hostname_str[listen_buffer_size];
756 const char *msg_path[] = {rsyslog_keys[2], (const char *)0};
757 yajl_val msg_v = yajl_tree_get(*node, msg_path, yajl_t_string);
760 memset(msg, '\0', listen_buffer_size);
761 snprintf(msg, listen_buffer_size, "%s%c", YAJL_GET_STRING(msg_v), '\0');
765 const char *severity_path[] = {"@fields", rsyslog_field_keys[1],
767 yajl_val severity_v = yajl_tree_get(*node, severity_path, yajl_t_string);
769 if (severity_v != NULL) {
770 memset(severity, '\0', listen_buffer_size);
771 snprintf(severity, listen_buffer_size, "%s%c",
772 YAJL_GET_STRING(severity_v), '\0');
776 const char *sev_num_str_path[] = {"@fields", rsyslog_field_keys[2],
778 yajl_val sev_num_str_v =
779 yajl_tree_get(*node, sev_num_str_path, yajl_t_string);
781 if (sev_num_str_v != NULL) {
782 memset(sev_num_str, '\0', listen_buffer_size);
783 snprintf(sev_num_str, listen_buffer_size, "%s%c",
784 YAJL_GET_STRING(sev_num_str_v), '\0');
786 sev_num = atoi(sev_num_str);
789 n.severity = NOTIF_FAILURE;
793 const char *process_path[] = {"@fields", rsyslog_field_keys[3],
795 yajl_val process_v = yajl_tree_get(*node, process_path, yajl_t_string);
797 if (process_v != NULL) {
798 memset(process, '\0', listen_buffer_size);
799 snprintf(process, listen_buffer_size, "%s%c", YAJL_GET_STRING(process_v),
804 const char *hostname_path[] = {rsyslog_keys[1], (const char *)0};
805 yajl_val hostname_v = yajl_tree_get(*node, hostname_path, yajl_t_string);
807 if (hostname_v != NULL) {
808 memset(hostname_str, '\0', listen_buffer_size);
809 snprintf(hostname_str, listen_buffer_size, "%s%c",
810 YAJL_GET_STRING(hostname_v), '\0');
814 (msg_v != NULL ? msg : NULL), (severity_v != NULL ? severity : NULL),
815 (sev_num_str_v != NULL ? sev_num : -1),
816 (process_v != NULL ? process : NULL),
817 (hostname_v != NULL ? hostname_str : hostname_g), timestamp, &buf);
819 // Data was not sent in JSON format, so just treat the whole log entry
820 // as the message (and we'll be unable to acquire certain data, so the
822 // generated below will be less informative)
824 gen_message_payload(message, NULL, -1, NULL, hostname_g, timestamp, &buf);
827 gen_message_payload(message, NULL, -1, NULL, hostname_g, timestamp, &buf);
830 sstrncpy(n.host, hostname_g, sizeof(n.host));
831 sstrncpy(n.type, "gauge", sizeof(n.type));
833 notification_meta_t *m = calloc(1, sizeof(*m));
838 ERROR("sysevent plugin: unable to allocate metadata: %s",
839 sstrerror(errno, errbuf, sizeof(errbuf)));
843 sstrncpy(m->name, "ves", sizeof(m->name));
844 m->nm_value.nm_string = sstrdup(buf);
845 m->type = NM_TYPE_STRING;
848 DEBUG("sysevent plugin: notification message: %s",
849 n.meta->nm_value.nm_string);
851 DEBUG("sysevent plugin: dispatching message");
853 plugin_dispatch_notification(&n);
854 plugin_notification_meta_free(n.meta);
856 // malloc'd in gen_message_payload
861 static int sysevent_read(void) /* {{{ */
863 if (sysevent_thread_error != 0) {
864 ERROR("sysevent plugin: The sysevent thread had a problem (%d). Restarting "
866 sysevent_thread_error);
873 } /* if (sysevent_thread_error != 0) */
875 pthread_mutex_lock(&sysevent_lock);
877 while (ring.head != ring.tail) {
878 long long unsigned int timestamp;
880 char *match_str = NULL;
881 int next = ring.tail + 1;
883 if (next >= ring.maxLen)
886 DEBUG("sysevent plugin: reading from ring buffer: %s",
887 ring.buffer[ring.tail]);
889 timestamp = ring.timestamp[ring.tail];
892 // Try to parse JSON, and if it fails, fall back to plain string
893 yajl_val node = NULL;
896 node = yajl_tree_parse((const char *)ring.buffer[ring.tail], errbuf,
902 // If we have any regex filters, we need to see if the message portion of
903 // the data matches any of them (otherwise we're not interested)
904 if (monitor_all_messages == 0) {
905 char json_val[listen_buffer_size];
906 const char *path[] = {"@message", (const char *)0};
907 yajl_val v = yajl_tree_get(node, path, yajl_t_string);
909 memset(json_val, '\0', listen_buffer_size);
911 snprintf(json_val, listen_buffer_size, "%s%c", YAJL_GET_STRING(v),
914 match_str = (char *)&json_val;
917 // non-JSON rsyslog data
919 // If we have any regex filters, we need to see if the message data
920 // matches any of them (otherwise we're not interested)
921 if (monitor_all_messages == 0)
922 match_str = ring.buffer[ring.tail];
925 // If we have any regex filters, we need to see if the message data
926 // matches any of them (otherwise we're not interested)
927 if (monitor_all_messages == 0)
928 match_str = ring.buffer[ring.tail];
931 // If we care about matching, do that comparison here
932 if (match_str != NULL) {
935 if (ignorelist_match(ignorelist, match_str) != 0)
938 DEBUG("sysevent plugin: regex filter match");
942 if (is_match == 1 && node != NULL) {
943 sysevent_dispatch_notification(NULL, &node, timestamp);
944 yajl_tree_free(node);
945 } else if (is_match == 1)
946 sysevent_dispatch_notification(ring.buffer[ring.tail], NULL, timestamp);
949 sysevent_dispatch_notification(ring.buffer[ring.tail], timestamp);
955 pthread_mutex_unlock(&sysevent_lock);
958 } /* }}} int sysevent_read */
960 static int sysevent_shutdown(void) /* {{{ */
964 DEBUG("sysevent plugin: Shutting down thread.");
965 if (stop_thread(1) < 0)
969 status = close(sock);
971 ERROR("sysevent plugin: failed to close socket %d: %d (%s)", sock, status,
981 for (int i = 0; i < buffer_length; i++) {
982 free(ring.buffer[i]);
986 free(ring.timestamp);
989 } /* }}} int sysevent_shutdown */
991 void module_register(void) {
992 plugin_register_complex_config("sysevent", sysevent_config);
993 plugin_register_init("sysevent", sysevent_init);
994 plugin_register_read("sysevent", sysevent_read);
995 plugin_register_shutdown("sysevent", sysevent_shutdown);
996 } /* void module_register */
projects / collectd.git / blob