def _compile_params(item: str) -> Dict[str, Any]:
compiled_params: Dict[str, Any] = {"reclassify_patterns": []}
for rule in service_extra_conf(host_name(), item,
cmk.base.config.logwatch_rules):
if isinstance(rule, dict):
compiled_params["reclassify_patterns"].extend(
rule["reclassify_patterns"])
if "reclassify_states" in rule:
# (mo) wondering during migration: doesn't this mean the last one wins?
compiled_params["reclassify_states"] = rule[
"reclassify_states"]
else:
compiled_params["reclassify_patterns"].extend(rule)
return compiled_params
def check_logwatch_ec_common(
item: Optional[str],
params: Mapping[str, Any],
parsed: ClusterSection,
*,
service_level: int,
) -> CheckResult:
yield from logwatch.check_errors(parsed)
if item:
# If this check has an item (logwatch.ec_single), only forward the information from this log
if not any(item in node_data.logfiles for node_data in parsed.values()
) or not logwatch.ec_forwarding_enabled(params, item):
return
used_logfiles = [item]
else:
# Filter logfiles if some should be excluded
used_logfiles = [
name for node_data in parsed.values()
for name in node_data.logfiles
if logwatch.ec_forwarding_enabled(params, name)
]
# Check if the number of expected files matches the actual one
if params.get("monitor_logfilelist"):
if "expected_logfiles" not in params:
yield Result(
state=state.WARN,
summary=(
"You enabled monitoring the list of forwarded logfiles. "
"You need to redo service discovery."),
)
else:
expected = params["expected_logfiles"]
missing = [f for f in expected if f not in used_logfiles]
if missing:
yield Result(
state=state.WARN,
summary="Missing logfiles: %s" % (", ".join(missing)),
)
exceeding = [f for f in used_logfiles if f not in expected]
if exceeding:
yield Result(
state=state.WARN,
summary="Newly appeared logfiles: %s" %
(", ".join(exceeding)),
)
# 3. create syslog message of each line
# <128> Oct 24 10:44:27 Klappspaten /var/log/syslog: Oct 24 10:44:27 Klappspaten logger: asdasas
# <facility+priority> timestamp hostname logfile: message
facility = params.get("facility", 17) # default to "local1"
syslog_messages = []
cur_time = int(time.time())
forwarded_logfiles = set([])
# Keep track of reclassifed lines
rclfd_total = 0
rclfd_to_ignore = 0
logfile_reclassify_settings: Dict[str, Any] = {}
def add_reclassify_settings(settings):
if isinstance(settings, dict):
logfile_reclassify_settings["reclassify_patterns"].extend(
settings.get("reclassify_patterns", []))
if "reclassify_states" in settings:
logfile_reclassify_settings["reclassify_states"] = settings[
"reclassify_states"]
else: # legacy configuration
logfile_reclassify_settings["reclassify_patterns"].extend(settings)
for logfile in used_logfiles:
lines = _filter_accumulated_lines(parsed, logfile)
logfile_reclassify_settings["reclassify_patterns"] = []
logfile_reclassify_settings["reclassify_states"] = {}
# Determine logwatch patterns specifically for this logfile
if params.get("logwatch_reclassify"):
logfile_settings = service_extra_conf(
HostName(host_name()),
logfile,
cmk.base.config.logwatch_rules,
)
for settings in logfile_settings:
add_reclassify_settings(settings)
for line in lines:
rclfd_level = None
if logfile_reclassify_settings:
old_level, _text = line.split(" ", 1)
level = logwatch.reclassify(Counter(),
logfile_reclassify_settings,
line[2:], old_level)
if level != old_level:
rclfd_total += 1
rclfd_level = level
if level == "I": # Ignored lines are not forwarded
rclfd_to_ignore += 1
continue
syslog_messages.append(
SyslogMessage(
facility=facility,
severity=logwatch_to_prio(rclfd_level or line[0]),
timestamp=cur_time,
host_name=host_name(),
application=logfile,
text=line[2:],
service_level=service_level,
))
forwarded_logfiles.add(logfile)
try:
if forwarded_logfiles:
logfile_info = " from " + ",".join(forwarded_logfiles)
else:
logfile_info = ""
result = logwatch_forward_messages(params.get("method"), item,
syslog_messages)
yield Result(
state=state.OK,
summary="Forwarded %d messages%s" %
(result.num_forwarded, logfile_info),
)
yield Metric("messages", result.num_forwarded)
exc_txt = " (%s)" % result.exception if result.exception else ""
if result.num_spooled:
yield Result(
state=state.WARN,
summary="Spooled %d messages%s" %
(result.num_spooled, exc_txt),
)
if result.num_dropped:
yield Result(
state=state.CRIT,
summary="Dropped %d messages%s" %
(result.num_dropped, exc_txt),
)
except Exception as exc:
if cmk.utils.debug.enabled():
raise
yield Result(
state=state.CRIT,
summary="Failed to forward messages (%s). Lost %d messages." %
(exc, len(syslog_messages)),
)
if rclfd_total:
yield Result(
state=state.OK,
summary=
"Reclassified %d messages through logwatch patterns (%d to IGNORE)"
% (rclfd_total, rclfd_to_ignore),
)
