From 6f461860f9ea6f2e5ea13041af1fae9c4539a9fd Mon Sep 17 00:00:00 2001 From: Adam Amstrong Date: Fri, 13 May 2011 00:13:57 +0000 Subject: [PATCH] sort of fix syslog. ish. git-svn-id: http://www.observium.org/svn/observer/trunk@2295 61d68cd4-352d-0410-923a-c4978735b2b8 --- includes/syslog.php | 67 +++++++++++++++++++++++++++++---------------- syslog.php | 4 +-- 2 files changed, 45 insertions(+), 26 deletions(-) diff --git a/includes/syslog.php b/includes/syslog.php index 24c345e34b..c1b4c2b5ea 100755 --- a/includes/syslog.php +++ b/includes/syslog.php @@ -3,62 +3,81 @@ function process_syslog ($entry, $update) { global $config; + global $dev_cache; foreach($config['syslog_filter'] as $bi) { - if (strstr($entry['msg'], $bi)) { + if (strpos($entry['msg'], $bi) !== FALSE) { $delete = 1; } } + + if (strpos($entry['msg'], "diskio.c: don't know how to handle") !== FALSE) + { + $delete = 1; + } - $device_id_host = @mysql_result(mysql_query("SELECT device_id FROM devices WHERE `hostname` = '".$entry['host']."' OR `sysName` = '".$entry['host']."'"),0); - if($device_id_host) { - $entry['device_id'] = $device_id_host; + if($dev_cache[$entry[host]]) + { + $entry['device_id'] = $dev_cache[$entry[host]]; } else { - $device_id_ip = @mysql_result(mysql_query("SELECT device_id FROM ipv4_addresses AS A, ports AS I WHERE - A.ipv4_address = '" . $entry['host']."' AND I.interface_id = A.interface_id"),0); - if($device_id_ip) { - $entry['device_id'] = $device_id_ip; + $device_id_host = @mysql_result(mysql_query("SELECT device_id FROM devices WHERE `hostname` = '".$entry['host']."' OR `sysName` = '".$entry['host']."'"),0); + if($device_id_host) { + $dev_cache[$entry[host]] = $device_id_host; + $entry['device_id'] = $device_id_host; + } else { + $device_id_ip = @mysql_result(mysql_query("SELECT device_id FROM ipv4_addresses AS A, ports AS I WHERE + A.ipv4_address = '" . $entry['host']."' AND I.interface_id = A.interface_id"),0); + if($device_id_ip) { + $entry['device_id'] = $device_id_ip; + $dev_cache[$entry[host]] = $device_id_ip; + } } } if($entry['device_id'] && !$delete) { $os = mysql_result(mysql_query("SELECT `os` FROM `devices` WHERE `device_id` = '".$entry['device_id']."'"),0); + if($os == "ios" || $os == "iosxe") { - if(strstr($entry[msg], "%")) { - $entry['msg'] = preg_replace("/^%(.+?):\ /", "\\1||", $entry['msg']); - list(,$entry[msg]) = split(": %", $entry['msg']); - $entry['msg'] = "%" . $entry['msg']; - $entry['msg'] = preg_replace("/^%(.+?):\ /", "\\1||", $entry['msg']); + if(strpos($entry[msg], "%") !== FALSE) { + +# list(,$entry[msg]) = split(": %", $entry['msg'], 2); +# $entry['msg'] = "%" . $entry['msg']; +# $entry['msg'] = preg_replace("/^%(.+?):\ /", "\\1||", $entry['msg']); } else { $entry['msg'] = preg_replace("/^.*[0-9]:/", "", $entry['msg']); $entry['msg'] = preg_replace("/^[0-9][0-9]\ [A-Z]{3}:/", "", $entry['msg']); - $entry['msg'] = preg_replace("/^(.+?):\ /", "\\1||", $entry['msg']); +# $entry['msg'] = preg_replace("/^(.+?):\ /", "\\1||", $entry['msg']); } $entry['msg'] = preg_replace("/^.+\.[0-9]{3}:/", "", $entry['msg']); - $entry['msg'] = preg_replace("/^.+-Traceback=/", "Traceback||", $entry['msg']); + $entry['msg'] = preg_replace("/^.+-Traceback=/", "Traceback:", $entry['msg']); - list($entry['program'], $entry['msg']) = explode("||", $entry['msg']); + list($entry['program'], $entry['msg']) = explode(":", $entry['msg'], 2); + $entry['program'] = str_replace("%", "", $entry['program']); $entry['msg'] = preg_replace("/^[0-9]+:/", "", $entry['msg']); if(!$entry['program']) { - $entry['msg'] = preg_replace("/^([0-9A-Z\-]+?):\ /", "\\1||", $entry['msg']); - list($entry['program'], $entry['msg']) = explode("||", $entry['msg']); + #$entry['msg'] = preg_replace("/^([0-9A-Z\-]+?):\ /", "\\1||", $entry['msg']); + list($entry['program'], $entry['msg']) = explode(":", $entry['msg'], 2); } if(!$entry['msg']) { $entry['msg'] = $entry['program']; unset ($entry['program']); } } else { - $program = preg_quote($entry['program'],'/'); - $entry['msg'] = preg_replace("/^$program:\ /", "", $entry['msg']); + #$program = preg_quote($entry['program'],'/'); + #$entry['msg'] = preg_replace("/^$program:\ /", "", $entry['msg']); # if(preg_match("/^[a-zA-Z\/]+\[[0-9]+\]:/", $entry['msg'])) { - $entry['msg'] = preg_replace("/^(.+?)\[[0-9]+\]:\ /", "\\1||", $entry['msg']); - if(!strstr($entry['msg'], "||")) { $entry['msg'] = preg_replace("/^(.+?):\ /", "\\1||", $entry['msg']);} - list($entry['program'], $entry['msg']) = explode("||", $entry['msg']); - $entry['program'] = preg_replace("@\-[0-9]+@", "", $entry['program']); + #$entry['msg'] = preg_replace("/^(.+?)\[[0-9]+\]:\ /", "\\1||", $entry['msg']); + #if(strpos($entry['msg'], "||") !== FALSE) { $entry['msg'] = preg_replace("/^(.+?):\ /", "\\1||", $entry['msg']);} + #00:38:39.139606 + if(!$entry['program']) { + # list($entry['program'], $entry['msg']) = explode(":", $entry['msg'], 2); + } +# $entry['program'] = preg_replace("@\-[0-9]+@", "", $entry['program']); # } } + $entry['program'] = strtoupper($entry['program']); $x = "UPDATE `syslog` set `device_id` = '".$entry['device_id']."', `program` = '".$entry['program']."', `msg` = '" . mres($entry['msg']) . "', processed = '1' WHERE `seq` = '" . $entry['seq'] . "'"; $x = "INSERT INTO `syslog` (`device_id`,`program`,`facility`,`priority`, `level`, `tag`, `msg`, `timestamp`) "; diff --git a/syslog.php b/syslog.php index 223126249e..add869c87a 100755 --- a/syslog.php +++ b/syslog.php @@ -11,10 +11,10 @@ $i = "1"; $s = fopen('php://stdin','r'); while ($line = fgets($s)) { - list($entry['host'],$entry['facility'],$entry['priority'], $entry['level'], $entry['tag'], $entry['timestamp'], $entry['msg']) = explode("||", trim($line)); + list($entry['host'],$entry['facility'],$entry['priority'], $entry['level'], $entry['tag'], $entry['timestamp'], $entry['msg'], $entry['program']) = explode("||", trim($line)); process_syslog($entry, 1); unset($entry); unset($line); $i++; } -?> \ No newline at end of file +?>