Class: SyslogAnalyzer

Inherits:
Object
  • Object
show all
Defined in:
lib/monitor/server/syslog/syslog_analyzer.rb

Instance Method Summary collapse

Constructor Details

#initialize(buff) ⇒ SyslogAnalyzer

Returns a new instance of SyslogAnalyzer.



5
6
7
8
9
10
11
12
13
14
15
16
 
# File 'lib/monitor/server/syslog/syslog_analyzer.rb', line 5

def initialize(buff)
  @buff=buff

  @sender = Thread.start do
 	while $config.syslog_mon
    	   send_messages if buff.full?
    	   sleep(1)
         Thread.pass
 	 end
	$log.debug("end of SyslogAnalyzer thread")
  end
end

Instance Method Details

#extract_pri(pri_val) ⇒ Object 



54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
 
# File 'lib/monitor/server/syslog/syslog_analyzer.rb', line 54

def extract_pri(pri_val)

#info taken from RFC 3164

severity=Array.new(8,nil)
severity[0]="Emergency"
severity[1]="Alert"
severity[2]="Critical"
severity[3]="Error"
severity[4]="Warning"
severity[5]="Notice"
severity[6]="Informational"
severity[7]="Debug"

facility=Array.new(24,nil)
facility[0]="kernel messages"
facility[1]="user-level messages"
  facility[2]="mail system"
  facility[3]="system daemons"
  facility[4]="security/authorization messages (note 1)"
  facility[5]="messages generated internally by syslogd"
  facility[6]="line printer subsystem"
  facility[7]="network news subsystem"
  facility[8]="UUCP subsystem"
facility[9]="clock daemon (note 2)"
facility[10]="security/authorization messages (note 1)"
facility[11]="FTP daemon"
facility[12]="NTP subsystem"
facility[13]="log audit (note 1)"
facility[14]="log alert (note 1)"
facility[15]="clock daemon (note 2)"
  facility[16]="local use 0  (local0)"
  facility[17]="local use 1  (local1)"
  facility[18]="local use 2  (local2)"
  facility[19]="local use 3  (local3)"
  facility[20]="local use 4  (local4)"
  facility[21]="local use 5  (local5)"
  facility[22]="local use 6  (local6)"
  facility[23]="local use 7  (local7)"

for i in 0..severity.size()
	val=(pri_val.to_i()-i) % 8
	if val==0
		fsev=i
		ffacility=(pri_val.to_i()-i) / 8
		break
	end
end
#print "facility: ",facility[ffacility], " severity: ", severity[fsev],"\n"
return Array[facility[ffacility], severity[fsev]]
end

#format_syslog_packet(msg) ⇒ Object

extract: DATETIME|HOST<PRI>MSG



23
24
25
26
27
28
 
# File 'lib/monitor/server/syslog/syslog_analyzer.rb', line 23

def format_syslog_packet(msg)
 msg.scan(/^([^|]+)\|([\d.]+)<(\d+)>(.+)$/) do |date,src,pri,msg|
puts "dans format_syslog_packet"
  return pri, date, src, msg
 end
end

#get_threadObject 



18
19
20
 
# File 'lib/monitor/server/syslog/syslog_analyzer.rb', line 18

def get_thread
  @sender
end

#map_syslog_sev(sev) ⇒ Object

need syslog sev and return a gnms sev (an index of $status)



33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
 
# File 'lib/monitor/server/syslog/syslog_analyzer.rb', line 33

def map_syslog_sev(sev)
  case sev
  when "Emergency"
	  return 0
  when "Alert"
	  return 0
  when "Critical"
	  return 1
  when "Error"
	  return 1
  when "Warning"
	  return 2
  when "Notice"
	  return 3
  when "Informational"
	  return 4
  when "Debug"
	  return 4
  end
end