[syslog-ng] [PATCH] [pdbtool] debug-id option
Balint Kovacs
balint.kovacs at balabit.com
Mon Aug 15 11:35:56 CEST 2011
Hi,
While working with `pdbtool test`, I found that it's quite uncomfortable
to find problems with non-matching messages, as it only displays the ID
of the erroneous pattern. Right now you would need to copy the example
message and program name, and pass it to `pdbtool match` as arguments to
find out what's the exact issue and get a nice colorized output pointing
to the problematic part of the pattern.
To make that easier, I've done a small enhancement to pdbtool, an option
to do a full, colorized debug output on a given rule by only supplying
its ID. This would look something like (coloring lost in email):
blint at lyra:~/blah/syslog-ng-ose-mainline-3.4$ ./bin/pdbtool debug-id -p
/var/tmp/patterndb/system-bind.xml -r "b57a384f-c8be-41e9-bc10-735695dc63e7"
Pattern matching part:
unexpected RCODE (REFUSED) resolving
@QSTRING:.dict.arpa=hushmail.com/AAAA/IN@:@QSTRING:.dict.src=203.197.12.30 at deliberately
freaked up test message 53
Matching part:
unexpected RCODE (REFUSED) resolving 'hushmail.com/AAAA/IN': 203.197.12.30#
Values:
MESSAGE=unexpected RCODE (REFUSED) resolving 'hushmail.com/AAAA/IN':
203.197.12.30#deliberately freaked up test message 53
PROGRAM=named
.classifier.class=unknown
The patch is against 3.4, but should apply to 3.3 as well.
Balint
commit 93ca04700f8706643fedea51936af02daa314766
Author: Balint Kovacs<blint at balabit.hu>
Date: Mon Aug 15 11:07:50 2011 +0200
[pdbtool] Implemented debug-id option
Added a new option to pdbtool to test a specific rule against its
example message with colorizing debug turned on.
Signed-off-by: Balint Kovacs<blint at balabit.hu>
diff --git a/modules/dbparser/pdbtool.c b/modules/dbparser/pdbtool.c
index 64ccd17..f64012d 100644
--- a/modules/dbparser/pdbtool.c
+++ b/modules/dbparser/pdbtool.c
@@ -640,6 +640,75 @@ static GOptionEntry match_options[] =
{ NULL, 0, 0, G_OPTION_ARG_NONE, NULL, NULL }
};
+static gchar *rule_id = NULL;
+
+static gboolean
+pdbtool_debug_id(int argc, char *argv[])
+{
+ PatternDB *patterndb;
+ PDBExample *example;
+ GList *examples = NULL;
+ gboolean id_is_found = FALSE;
+
+ debug_pattern = TRUE;
+ debug_pattern_parse = FALSE;
+ color_out = TRUE;
+ colors = full_colors;
+
+ if (!rule_id)
+ {
+ printf("Please specify a rule ID to be tested against its example message!\n");
+ return FALSE;
+ }
+
+ patterndb = pattern_db_new();
+ if (!pdb_rule_set_load(patterndb->ruleset, configuration, patterndb_file,&examples))
+ {
+ pattern_db_free(patterndb);
+ return FALSE;
+ }
+
+ while (examples)
+ {
+ example = examples->data;
+
+ if (strcmp(example->rule->rule_id, rule_id) != 0)
+ {
+ examples = g_list_delete_link(examples, examples);
+ continue;
+ }
+
+ id_is_found = TRUE;
+
+ if (example->message&& example->program)
+ {
+ match_message = example->message;
+ match_program = example-> program;
+ pdbtool_match(argc, argv);
+ }
+ examples = g_list_delete_link(examples, examples);
+ }
+
+ pattern_db_free(patterndb);
+
+ if (!id_is_found)
+ {
+ printf("Could not find a corresponding ID in the patterndb file or the rule does not have an example message.\n");
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+static GOptionEntry debug_id_options[] =
+{
+ { "pdb", 'p', 0, G_OPTION_ARG_STRING,&patterndb_file,
+ "Name of the patterndb file", "<patterndb_file>" },
+ { "ruleid", 'r', 0, G_OPTION_ARG_STRING,&rule_id,
+ "ID of the patterndb rule to debug", "<rule_id>" },
+ { NULL, 0, 0, G_OPTION_ARG_NONE, NULL, NULL }
+};
+
static gboolean test_validate = FALSE;
static gboolean
@@ -934,6 +1003,7 @@ static struct
{ "dump", dump_options, "Dump pattern datebase tree", pdbtool_dump },
{ "merge", merge_options, "Merge pattern databases", pdbtool_merge },
{ "test", test_options, "Test pattern databases", pdbtool_test },
+ { "debug-id", debug_id_options, "Test pattern databases", pdbtool_debug_id },
{ "patternize", patternize_options, "Create a pattern database from logs", pdbtool_patternize },
{ NULL, NULL },
};
More information about the syslog-ng
mailing list