def _compile_params(item: str) -> Dict[str, Any]: compiled_params: Dict[str, Any] = {"reclassify_patterns": []} for rule in service_extra_conf(host_name(), item, cmk.base.config.logwatch_rules): if isinstance(rule, dict): compiled_params["reclassify_patterns"].extend( rule["reclassify_patterns"]) if "reclassify_states" in rule: # (mo) wondering during migration: doesn't this mean the last one wins? compiled_params["reclassify_states"] = rule[ "reclassify_states"] else: compiled_params["reclassify_patterns"].extend(rule) return compiled_params
def check_logwatch_ec_common( item: Optional[str], params: Mapping[str, Any], parsed: ClusterSection, *, service_level: int, ) -> CheckResult: yield from logwatch.check_errors(parsed) if item: # If this check has an item (logwatch.ec_single), only forward the information from this log if not any(item in node_data.logfiles for node_data in parsed.values() ) or not logwatch.ec_forwarding_enabled(params, item): return used_logfiles = [item] else: # Filter logfiles if some should be excluded used_logfiles = [ name for node_data in parsed.values() for name in node_data.logfiles if logwatch.ec_forwarding_enabled(params, name) ] # Check if the number of expected files matches the actual one if params.get("monitor_logfilelist"): if "expected_logfiles" not in params: yield Result( state=state.WARN, summary=( "You enabled monitoring the list of forwarded logfiles. " "You need to redo service discovery."), ) else: expected = params["expected_logfiles"] missing = [f for f in expected if f not in used_logfiles] if missing: yield Result( state=state.WARN, summary="Missing logfiles: %s" % (", ".join(missing)), ) exceeding = [f for f in used_logfiles if f not in expected] if exceeding: yield Result( state=state.WARN, summary="Newly appeared logfiles: %s" % (", ".join(exceeding)), ) # 3. create syslog message of each line # <128> Oct 24 10:44:27 Klappspaten /var/log/syslog: Oct 24 10:44:27 Klappspaten logger: asdasas # <facility+priority> timestamp hostname logfile: message facility = params.get("facility", 17) # default to "local1" syslog_messages = [] cur_time = int(time.time()) forwarded_logfiles = set([]) # Keep track of reclassifed lines rclfd_total = 0 rclfd_to_ignore = 0 logfile_reclassify_settings: Dict[str, Any] = {} def add_reclassify_settings(settings): if isinstance(settings, dict): logfile_reclassify_settings["reclassify_patterns"].extend( settings.get("reclassify_patterns", [])) if "reclassify_states" in settings: logfile_reclassify_settings["reclassify_states"] = settings[ "reclassify_states"] else: # legacy configuration logfile_reclassify_settings["reclassify_patterns"].extend(settings) for logfile in used_logfiles: lines = _filter_accumulated_lines(parsed, logfile) logfile_reclassify_settings["reclassify_patterns"] = [] logfile_reclassify_settings["reclassify_states"] = {} # Determine logwatch patterns specifically for this logfile if params.get("logwatch_reclassify"): logfile_settings = service_extra_conf( HostName(host_name()), logfile, cmk.base.config.logwatch_rules, ) for settings in logfile_settings: add_reclassify_settings(settings) for line in lines: rclfd_level = None if logfile_reclassify_settings: old_level, _text = line.split(" ", 1) level = logwatch.reclassify(Counter(), logfile_reclassify_settings, line[2:], old_level) if level != old_level: rclfd_total += 1 rclfd_level = level if level == "I": # Ignored lines are not forwarded rclfd_to_ignore += 1 continue syslog_messages.append( SyslogMessage( facility=facility, severity=logwatch_to_prio(rclfd_level or line[0]), timestamp=cur_time, host_name=host_name(), application=logfile, text=line[2:], service_level=service_level, )) forwarded_logfiles.add(logfile) try: if forwarded_logfiles: logfile_info = " from " + ",".join(forwarded_logfiles) else: logfile_info = "" result = logwatch_forward_messages(params.get("method"), item, syslog_messages) yield Result( state=state.OK, summary="Forwarded %d messages%s" % (result.num_forwarded, logfile_info), ) yield Metric("messages", result.num_forwarded) exc_txt = " (%s)" % result.exception if result.exception else "" if result.num_spooled: yield Result( state=state.WARN, summary="Spooled %d messages%s" % (result.num_spooled, exc_txt), ) if result.num_dropped: yield Result( state=state.CRIT, summary="Dropped %d messages%s" % (result.num_dropped, exc_txt), ) except Exception as exc: if cmk.utils.debug.enabled(): raise yield Result( state=state.CRIT, summary="Failed to forward messages (%s). Lost %d messages." % (exc, len(syslog_messages)), ) if rclfd_total: yield Result( state=state.OK, summary= "Reclassified %d messages through logwatch patterns (%d to IGNORE)" % (rclfd_total, rclfd_to_ignore), )