[syslog-ng] [PATCH] basicfuncs: Implement a $(now) template function.

Sat Aug 20 20:41:51 CEST 2011

On Saturday, August 20, 2011 14:07 CEST, Balazs Scheidler <bazsi at balabit.hu> wrote: 

> On Wed, 2011-08-17 at 17:21 +0200, Gergely Nagy wrote:
> > This implements a new basic template function: $(now), which will
> > return the current time (seconds since the epoch) as of calling the
> > template function.
> > 
> > For the rare case that the time of template expansion is needed, or
> > cached_gmtime() granularity is not enough.
> > 
> > Signed-Off-By: Gergely Nagy <algernon at balabit.hu>
> > ---
> >  modules/basicfuncs/basic-funcs.c |   12 ++++++++++++
> >  1 files changed, 12 insertions(+), 0 deletions(-)
> > 
> > diff --git a/modules/basicfuncs/basic-funcs.c b/modules/basicfuncs/basic-funcs.c
> > index 5e1fd5e..abe8c68 100644
> > --- a/modules/basicfuncs/basic-funcs.c
> > +++ b/modules/basicfuncs/basic-funcs.c
> > @@ -19,6 +19,17 @@ tf_echo(LogMessage *msg, gint argc, GString *argv[], GString *result)
> >  
> >  TEMPLATE_FUNCTION_SIMPLE(tf_echo);
> >  
> > +static void
> > +tf_now(LogMessage *msg, gint argc, GString *argv[], GString *result)
> > +{
> > +  GTimeVal tval;
> > +
> > +  g_get_current_time(&tval);
> > +  g_string_append_printf (result, "%lu", tval.tv_sec);
> > +}
> 
> Hmm.. the syslog-ng team in BalaBit have invented a SYSUPTIME macro to
> use in their SNMP destination (in PE 4.1), see their git tree on
> git.balabit.hu
> 
> Maybe it'd be better to create SYSNOW for consistency. 
> 
> Hmm again, but SYSUPTIME returns the current time in hundreds of a
> second (as needed by SNMP), and the implementation is slow
> (reads /proc/uptime at every invocation).
> 
> Also, it'd be nice to apply frac_digits() to both values.
> 
> Hmmm the 3rd time. I'm not sure how to go forwards. I'm Ccing Robi (the
> documentation guy) if he has an opinion.
> 
> Any good ideas how to resolve the inconsistencies?

Hi, I vote for a macro, unless we want to keep macros as things that refer to data or metadata related to logmessages, and move everything that queries the system or some other environment into template functions. 
But I guess that would be an overkill, so a macro is fine. If we can rename it to something more meaningful, that's a bonus, for example: $CURRENT_TIME, or $SYS_CURRENT_TIME.

As for the frac_digits question: I think these macro should apply the frac_digits settings, because if someone would like to use the $CURRENT_TIME macro to replace the timestamp of a message (that is, to use the timestamp when the message was actually processed instead of when ot was received), he might need to have more accurate timestamps than two digits.

Robert

> 
> > +
> > +TEMPLATE_FUNCTION_SIMPLE(tf_now);
> > +
> >  typedef struct _TFCondState
> >  {
> >    FilterExprNode *filter;
> > @@ -158,6 +169,7 @@ static Plugin basicfuncs_plugins[] =
> >    TEMPLATE_FUNCTION_PLUGIN(tf_echo, "echo"),
> >    TEMPLATE_FUNCTION_PLUGIN(tf_grep, "grep"),
> >    TEMPLATE_FUNCTION_PLUGIN(tf_if, "if"),
> > +  TEMPLATE_FUNCTION_PLUGIN(tf_now, "now"),
> >  };
> >  
> >  gboolean
> 
> -- 
> Bazsi
> 