[syslog-ng] [PATCH] [pdbtool] debug-id option

Balazs Scheidler bazsi at balabit.hu
Wed Aug 17 09:24:11 CEST 2011 

Hi,

Looks nice, however it'd probably make more sense to do this directly in
pdbtool test, wouldn't it?

e.g.

$ pdbtool test -p <id> --debug --color-out

On Mon, 2011-08-15 at 11:35 +0200, Balint Kovacs wrote:
> Hi,
> 
> While working with `pdbtool test`, I found that it's quite uncomfortable 
> to find problems with non-matching messages, as it only displays the ID 
> of the erroneous pattern. Right now you would need to copy the example 
> message and program name, and pass it to `pdbtool match` as arguments to 
> find out what's the exact issue and get a nice colorized output pointing 
> to the problematic part of the pattern.
> 
> To make that easier, I've done a small enhancement to pdbtool, an option 
> to do a full, colorized debug output on a given rule by only supplying 
> its ID. This would look something like (coloring lost in email):
> 
> blint at lyra:~/blah/syslog-ng-ose-mainline-3.4$ ./bin/pdbtool debug-id -p 
> /var/tmp/patterndb/system-bind.xml -r "b57a384f-c8be-41e9-bc10-735695dc63e7"
> Pattern matching part:
> unexpected RCODE (REFUSED) resolving 
> @QSTRING:.dict.arpa=hushmail.com/AAAA/IN@:@QSTRING:.dict.src=203.197.12.30 at deliberately 
> freaked up test message 53
> Matching part:
> unexpected RCODE (REFUSED) resolving 'hushmail.com/AAAA/IN': 203.197.12.30#
> Values:
> MESSAGE=unexpected RCODE (REFUSED) resolving 'hushmail.com/AAAA/IN': 
> 203.197.12.30#deliberately freaked up test message 53
> PROGRAM=named
> .classifier.class=unknown
> 
> The patch is against 3.4, but should apply to 3.3 as well.
> 
> Balint
> 
> commit 93ca04700f8706643fedea51936af02daa314766
> Author: Balint Kovacs<blint at balabit.hu>
> Date:   Mon Aug 15 11:07:50 2011 +0200
> 
>      [pdbtool] Implemented debug-id option
> 
>      Added a new option to pdbtool to test a specific rule against its
>      example message with colorizing debug turned on.
> 
>      Signed-off-by: Balint Kovacs<blint at balabit.hu>
> 
> diff --git a/modules/dbparser/pdbtool.c b/modules/dbparser/pdbtool.c
> index 64ccd17..f64012d 100644
> --- a/modules/dbparser/pdbtool.c
> +++ b/modules/dbparser/pdbtool.c
> @@ -640,6 +640,75 @@ static GOptionEntry match_options[] =
>     { NULL, 0, 0, G_OPTION_ARG_NONE, NULL, NULL }
>   };
> 
> +static gchar *rule_id = NULL;
> +
> +static gboolean
> +pdbtool_debug_id(int argc, char *argv[])
> +{
> +  PatternDB *patterndb;
> +  PDBExample *example;
> +  GList *examples = NULL;
> +  gboolean id_is_found = FALSE;
> +
> +  debug_pattern = TRUE;
> +  debug_pattern_parse = FALSE;
> +  color_out = TRUE;
> +  colors = full_colors;
> +
> +  if (!rule_id)
> +    {
> +      printf("Please specify a rule ID to be tested against its example message!\n");
> +      return FALSE;
> +    }
> +
> +  patterndb = pattern_db_new();
> +  if (!pdb_rule_set_load(patterndb->ruleset, configuration, patterndb_file,&examples))
> +    {
> +      pattern_db_free(patterndb);
> +      return FALSE;
> +    }
> +
> +    while (examples)
> +      {
> +        example = examples->data;
> +
> +        if (strcmp(example->rule->rule_id, rule_id) != 0)
> +          {
> +            examples = g_list_delete_link(examples, examples);
> +            continue;
> +          }
> +
> +        id_is_found = TRUE;
> +
> +        if (example->message&&  example->program)
> +          {
> +            match_message = example->message;
> +            match_program = example->  program;
> +            pdbtool_match(argc, argv);
> +          }
> +        examples = g_list_delete_link(examples, examples);
> +      }
> +
> +  pattern_db_free(patterndb);
> +
> +  if (!id_is_found)
> +    {
> +      printf("Could not find a corresponding ID in the patterndb file or the rule does not have an example message.\n");
> +      return FALSE;
> +    }
> +
> +  return TRUE;
> +}
> +
> +static GOptionEntry debug_id_options[] =
> +{
> +  { "pdb",       'p', 0, G_OPTION_ARG_STRING,&patterndb_file,
> +    "Name of the patterndb file", "<patterndb_file>" },
> +  { "ruleid",    'r', 0, G_OPTION_ARG_STRING,&rule_id,
> +    "ID of the patterndb rule to debug", "<rule_id>" },
> +  { NULL, 0, 0, G_OPTION_ARG_NONE, NULL, NULL }
> +};
> +
>   static gboolean test_validate = FALSE;
> 
>   static gboolean
> @@ -934,6 +1003,7 @@ static struct
>     { "dump", dump_options, "Dump pattern datebase tree", pdbtool_dump },
>     { "merge", merge_options, "Merge pattern databases", pdbtool_merge },
>     { "test", test_options, "Test pattern databases", pdbtool_test },
> +  { "debug-id", debug_id_options, "Test pattern databases", pdbtool_debug_id },
>     { "patternize", patternize_options, "Create a pattern database from logs", pdbtool_patternize },
>     { NULL, NULL },
>   };
> 
> 
> 
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
> 
> 

-- 
Bazsi

More information about the syslog-ng mailing list