[PATCH] basicfuncs: Implement a $(now) template function.
This implements a new basic template function: $(now), which will return the current time (seconds since the epoch) as of calling the template function. For the rare case that the time of template expansion is needed, or cached_gmtime() granularity is not enough. Signed-Off-By: Gergely Nagy <algernon@balabit.hu> --- modules/basicfuncs/basic-funcs.c | 12 ++++++++++++ 1 files changed, 12 insertions(+), 0 deletions(-) diff --git a/modules/basicfuncs/basic-funcs.c b/modules/basicfuncs/basic-funcs.c index 5e1fd5e..abe8c68 100644 --- a/modules/basicfuncs/basic-funcs.c +++ b/modules/basicfuncs/basic-funcs.c @@ -19,6 +19,17 @@ tf_echo(LogMessage *msg, gint argc, GString *argv[], GString *result) TEMPLATE_FUNCTION_SIMPLE(tf_echo); +static void +tf_now(LogMessage *msg, gint argc, GString *argv[], GString *result) +{ + GTimeVal tval; + + g_get_current_time(&tval); + g_string_append_printf (result, "%lu", tval.tv_sec); +} + +TEMPLATE_FUNCTION_SIMPLE(tf_now); + typedef struct _TFCondState { FilterExprNode *filter; @@ -158,6 +169,7 @@ static Plugin basicfuncs_plugins[] = TEMPLATE_FUNCTION_PLUGIN(tf_echo, "echo"), TEMPLATE_FUNCTION_PLUGIN(tf_grep, "grep"), TEMPLATE_FUNCTION_PLUGIN(tf_if, "if"), + TEMPLATE_FUNCTION_PLUGIN(tf_now, "now"), }; gboolean -- 1.7.0.4
On Wed, 2011-08-17 at 17:21 +0200, Gergely Nagy wrote:
This implements a new basic template function: $(now), which will return the current time (seconds since the epoch) as of calling the template function.
For the rare case that the time of template expansion is needed, or cached_gmtime() granularity is not enough.
Signed-Off-By: Gergely Nagy <algernon@balabit.hu> --- modules/basicfuncs/basic-funcs.c | 12 ++++++++++++ 1 files changed, 12 insertions(+), 0 deletions(-)
diff --git a/modules/basicfuncs/basic-funcs.c b/modules/basicfuncs/basic-funcs.c index 5e1fd5e..abe8c68 100644 --- a/modules/basicfuncs/basic-funcs.c +++ b/modules/basicfuncs/basic-funcs.c @@ -19,6 +19,17 @@ tf_echo(LogMessage *msg, gint argc, GString *argv[], GString *result)
TEMPLATE_FUNCTION_SIMPLE(tf_echo);
+static void +tf_now(LogMessage *msg, gint argc, GString *argv[], GString *result) +{ + GTimeVal tval; + + g_get_current_time(&tval); + g_string_append_printf (result, "%lu", tval.tv_sec); +}
Hmm.. the syslog-ng team in BalaBit have invented a SYSUPTIME macro to use in their SNMP destination (in PE 4.1), see their git tree on git.balabit.hu Maybe it'd be better to create SYSNOW for consistency. Hmm again, but SYSUPTIME returns the current time in hundreds of a second (as needed by SNMP), and the implementation is slow (reads /proc/uptime at every invocation). Also, it'd be nice to apply frac_digits() to both values. Hmmm the 3rd time. I'm not sure how to go forwards. I'm Ccing Robi (the documentation guy) if he has an opinion. Any good ideas how to resolve the inconsistencies?
+ +TEMPLATE_FUNCTION_SIMPLE(tf_now); + typedef struct _TFCondState { FilterExprNode *filter; @@ -158,6 +169,7 @@ static Plugin basicfuncs_plugins[] = TEMPLATE_FUNCTION_PLUGIN(tf_echo, "echo"), TEMPLATE_FUNCTION_PLUGIN(tf_grep, "grep"), TEMPLATE_FUNCTION_PLUGIN(tf_if, "if"), + TEMPLATE_FUNCTION_PLUGIN(tf_now, "now"), };
gboolean
-- Bazsi
Balazs Scheidler <bazsi@balabit.hu> writes:
Hmm.. the syslog-ng team in BalaBit have invented a SYSUPTIME macro to use in their SNMP destination (in PE 4.1), see their git tree on git.balabit.hu
Maybe it'd be better to create SYSNOW for consistency.
Hmm again, but SYSUPTIME returns the current time in hundreds of a second (as needed by SNMP), and the implementation is slow (reads /proc/uptime at every invocation).
Also, it'd be nice to apply frac_digits() to both values.
Hmmm the 3rd time. I'm not sure how to go forwards. I'm Ccing Robi (the documentation guy) if he has an opinion.
Any good ideas how to resolve the inconsistencies?
A SYSNOW macro sounds good to me. For consistency's sake, it could even return the current time in hundreths of seconds, like SYSUPTIME. For my use case, the speed of it is not a concern, so I don't mind it being slow. However, depending on how often cached_time (or however it was called) is updated, it might be an option to reuse that. Then we don't need to query the system time at every macro expansion. Just once per poll cycle, if I remember correctly. -- |8]
On Saturday, August 20, 2011 14:07 CEST, Balazs Scheidler <bazsi@balabit.hu> wrote:
On Wed, 2011-08-17 at 17:21 +0200, Gergely Nagy wrote:
This implements a new basic template function: $(now), which will return the current time (seconds since the epoch) as of calling the template function.
For the rare case that the time of template expansion is needed, or cached_gmtime() granularity is not enough.
Signed-Off-By: Gergely Nagy <algernon@balabit.hu> --- modules/basicfuncs/basic-funcs.c | 12 ++++++++++++ 1 files changed, 12 insertions(+), 0 deletions(-)
diff --git a/modules/basicfuncs/basic-funcs.c b/modules/basicfuncs/basic-funcs.c index 5e1fd5e..abe8c68 100644 --- a/modules/basicfuncs/basic-funcs.c +++ b/modules/basicfuncs/basic-funcs.c @@ -19,6 +19,17 @@ tf_echo(LogMessage *msg, gint argc, GString *argv[], GString *result)
TEMPLATE_FUNCTION_SIMPLE(tf_echo);
+static void +tf_now(LogMessage *msg, gint argc, GString *argv[], GString *result) +{ + GTimeVal tval; + + g_get_current_time(&tval); + g_string_append_printf (result, "%lu", tval.tv_sec); +}
Hmm.. the syslog-ng team in BalaBit have invented a SYSUPTIME macro to use in their SNMP destination (in PE 4.1), see their git tree on git.balabit.hu
Maybe it'd be better to create SYSNOW for consistency.
Hmm again, but SYSUPTIME returns the current time in hundreds of a second (as needed by SNMP), and the implementation is slow (reads /proc/uptime at every invocation).
Also, it'd be nice to apply frac_digits() to both values.
Hmmm the 3rd time. I'm not sure how to go forwards. I'm Ccing Robi (the documentation guy) if he has an opinion.
Any good ideas how to resolve the inconsistencies?
Hi, I vote for a macro, unless we want to keep macros as things that refer to data or metadata related to logmessages, and move everything that queries the system or some other environment into template functions. But I guess that would be an overkill, so a macro is fine. If we can rename it to something more meaningful, that's a bonus, for example: $CURRENT_TIME, or $SYS_CURRENT_TIME. As for the frac_digits question: I think these macro should apply the frac_digits settings, because if someone would like to use the $CURRENT_TIME macro to replace the timestamp of a message (that is, to use the timestamp when the message was actually processed instead of when ot was received), he might need to have more accurate timestamps than two digits. Robert
+ +TEMPLATE_FUNCTION_SIMPLE(tf_now); + typedef struct _TFCondState { FilterExprNode *filter; @@ -158,6 +169,7 @@ static Plugin basicfuncs_plugins[] = TEMPLATE_FUNCTION_PLUGIN(tf_echo, "echo"), TEMPLATE_FUNCTION_PLUGIN(tf_grep, "grep"), TEMPLATE_FUNCTION_PLUGIN(tf_if, "if"), + TEMPLATE_FUNCTION_PLUGIN(tf_now, "now"), };
gboolean
-- Bazsi
On Sat, 2011-08-20 at 20:41 +0200, Fekete Róbert wrote:
On Saturday, August 20, 2011 14:07 CEST, Balazs Scheidler <bazsi@balabit.hu> wrote:
On Wed, 2011-08-17 at 17:21 +0200, Gergely Nagy wrote:
This implements a new basic template function: $(now), which will return the current time (seconds since the epoch) as of calling the template function.
For the rare case that the time of template expansion is needed, or cached_gmtime() granularity is not enough.
Signed-Off-By: Gergely Nagy <algernon@balabit.hu> --- modules/basicfuncs/basic-funcs.c | 12 ++++++++++++ 1 files changed, 12 insertions(+), 0 deletions(-)
diff --git a/modules/basicfuncs/basic-funcs.c b/modules/basicfuncs/basic-funcs.c index 5e1fd5e..abe8c68 100644 --- a/modules/basicfuncs/basic-funcs.c +++ b/modules/basicfuncs/basic-funcs.c @@ -19,6 +19,17 @@ tf_echo(LogMessage *msg, gint argc, GString *argv[], GString *result)
TEMPLATE_FUNCTION_SIMPLE(tf_echo);
+static void +tf_now(LogMessage *msg, gint argc, GString *argv[], GString *result) +{ + GTimeVal tval; + + g_get_current_time(&tval); + g_string_append_printf (result, "%lu", tval.tv_sec); +}
Hmm.. the syslog-ng team in BalaBit have invented a SYSUPTIME macro to use in their SNMP destination (in PE 4.1), see their git tree on git.balabit.hu
Maybe it'd be better to create SYSNOW for consistency.
Hmm again, but SYSUPTIME returns the current time in hundreds of a second (as needed by SNMP), and the implementation is slow (reads /proc/uptime at every invocation).
Also, it'd be nice to apply frac_digits() to both values.
Hmmm the 3rd time. I'm not sure how to go forwards. I'm Ccing Robi (the documentation guy) if he has an opinion.
Any good ideas how to resolve the inconsistencies?
Hi, I vote for a macro, unless we want to keep macros as things that refer to data or metadata related to logmessages, and move everything that queries the system or some other environment into template functions. But I guess that would be an overkill, so a macro is fine. If we can rename it to something more meaningful, that's a bonus, for example: $CURRENT_TIME, or $SYS_CURRENT_TIME.
As for the frac_digits question: I think these macro should apply the frac_digits settings, because if someone would like to use the $CURRENT_TIME macro to replace the timestamp of a message (that is, to use the timestamp when the message was actually processed instead of when ot was received), he might need to have more accurate timestamps than two digits.
Discussing this IRL, we came to the conclusion, that it'd make sense to introduce a 3rd set of date related macros. Right now we have R_ (for received) and S_ (for stamp) macros, e.g. R_DATE and S_DATE, and we'd create a set for C_ aka current time. This way the day/month/etc macros would be available as well, and not just the UNIX time. Algernon said he would propose a patch to do this. -- Bazsi
Gergely Nagy <algernon@balabit.hu> writes:
This implements a new basic template function: $(now), which will return the current time (seconds since the epoch) as of calling the template function.
Disregard this patch, I sent another, that implements a C_* family of macros instead. -- |8]
participants (3)
-
Balazs Scheidler
-
Fekete Róbert
-
Gergely Nagy