Search in sources :

Example 6 with StreamRule

use of org.graylog2.plugin.streams.StreamRule in project graylog2-server by Graylog2.

the class StreamListFingerprint method buildFingerprint.

private String buildFingerprint(List<Stream> streams) {
    final MessageDigest sha1Digest = DigestUtils.getSha1Digest();
    final StringBuilder sb = new StringBuilder();
    for (Stream stream : Ordering.from(getStreamComparator()).sortedCopy(streams)) {
        sb.append(stream.hashCode());
        for (StreamRule rule : Ordering.from(getStreamRuleComparator()).sortedCopy(stream.getStreamRules())) {
            sb.append(rule.hashCode());
        }
        for (Output output : Ordering.from(getOutputComparator()).sortedCopy(stream.getOutputs())) {
            sb.append(output.hashCode());
        }
    }
    return String.valueOf(Hex.encodeHex(sha1Digest.digest(sb.toString().getBytes(StandardCharsets.US_ASCII))));
}
Also used : StreamRule(org.graylog2.plugin.streams.StreamRule) Output(org.graylog2.plugin.streams.Output) Stream(org.graylog2.plugin.streams.Stream) MessageDigest(java.security.MessageDigest)

Example 7 with StreamRule

use of org.graylog2.plugin.streams.StreamRule in project graylog2-server by Graylog2.

the class StreamRouterEngine method match.

/**
     * Returns a list of matching streams for the given message.
     *
     * @param message the message
     * @return the list of matching streams
     */
public List<Stream> match(Message message) {
    final Set<Stream> result = Sets.newHashSet();
    final Set<Stream> blackList = Sets.newHashSet();
    for (final Rule rule : rulesList) {
        if (blackList.contains(rule.getStream())) {
            continue;
        }
        final StreamRule streamRule = rule.getStreamRule();
        final StreamRuleType streamRuleType = streamRule.getType();
        final Stream.MatchingType matchingType = rule.getMatchingType();
        if (!ruleTypesNotNeedingFieldPresence.contains(streamRuleType) && !message.hasField(streamRule.getField())) {
            if (matchingType == Stream.MatchingType.AND) {
                result.remove(rule.getStream());
                // blacklist stream because it can't match anymore
                blackList.add(rule.getStream());
            }
            continue;
        }
        final Stream stream;
        if (streamRuleType != StreamRuleType.REGEX) {
            stream = rule.match(message);
        } else {
            stream = rule.matchWithTimeOut(message, streamProcessingTimeout, TimeUnit.MILLISECONDS);
        }
        if (stream == null) {
            if (matchingType == Stream.MatchingType.AND) {
                result.remove(rule.getStream());
                // blacklist stream because it can't match anymore
                blackList.add(rule.getStream());
            }
        } else {
            result.add(stream);
            if (matchingType == Stream.MatchingType.OR) {
                // blacklist stream because it is already matched
                blackList.add(rule.getStream());
            }
        }
    }
    final Stream defaultStream = defaultStreamProvider.get();
    boolean alreadyRemovedDefaultStream = false;
    for (Stream stream : result) {
        streamMetrics.markIncomingMeter(stream.getId());
        if (stream.getRemoveMatchesFromDefaultStream()) {
            if (alreadyRemovedDefaultStream || message.removeStream(defaultStream)) {
                alreadyRemovedDefaultStream = true;
                if (LOG.isTraceEnabled()) {
                    LOG.trace("Successfully removed default stream <{}> from message <{}>", defaultStream.getId(), message.getId());
                }
            } else {
                if (LOG.isWarnEnabled()) {
                    LOG.warn("Couldn't remove default stream <{}> from message <{}>", defaultStream.getId(), message.getId());
                }
            }
        }
    }
    // or someone removed it, in which case we don't mark it.
    if (!alreadyRemovedDefaultStream) {
        streamMetrics.markIncomingMeter(defaultStream.getId());
    }
    return ImmutableList.copyOf(result);
}
Also used : StreamRule(org.graylog2.plugin.streams.StreamRule) StreamRuleType(org.graylog2.plugin.streams.StreamRuleType) DefaultStream(org.graylog2.plugin.streams.DefaultStream) Stream(org.graylog2.plugin.streams.Stream) StreamRule(org.graylog2.plugin.streams.StreamRule)

Example 8 with StreamRule

use of org.graylog2.plugin.streams.StreamRule in project graylog2-server by Graylog2.

the class StreamRuleServiceImpl method loadForStreamId.

@Override
public List<StreamRule> loadForStreamId(String streamId) throws NotFoundException {
    ObjectId id = new ObjectId(streamId);
    final List<StreamRule> streamRules = new ArrayList<>();
    final List<DBObject> respStreamRules = query(StreamRuleImpl.class, new BasicDBObject(StreamRuleImpl.FIELD_STREAM_ID, id));
    for (DBObject streamRule : respStreamRules) {
        streamRules.add(toStreamRule(streamRule));
    }
    return streamRules;
}
Also used : BasicDBObject(com.mongodb.BasicDBObject) ObjectId(org.bson.types.ObjectId) StreamRule(org.graylog2.plugin.streams.StreamRule) ArrayList(java.util.ArrayList) BasicDBObject(com.mongodb.BasicDBObject) DBObject(com.mongodb.DBObject)

Example 9 with StreamRule

use of org.graylog2.plugin.streams.StreamRule in project graylog2-server by Graylog2.

the class StreamServiceImpl method load.

public Stream load(ObjectId id) throws NotFoundException {
    final DBObject o = get(StreamImpl.class, id);
    if (o == null) {
        throw new NotFoundException("Stream <" + id + "> not found!");
    }
    final List<StreamRule> streamRules = streamRuleService.loadForStreamId(id.toHexString());
    final Set<Output> outputs = loadOutputsForRawStream(o);
    @SuppressWarnings("unchecked") final Map<String, Object> fields = o.toMap();
    return new StreamImpl((ObjectId) o.get("_id"), fields, streamRules, outputs, getIndexSet(o));
}
Also used : StreamRule(org.graylog2.plugin.streams.StreamRule) Output(org.graylog2.plugin.streams.Output) NotFoundException(org.graylog2.database.NotFoundException) DBObject(com.mongodb.DBObject) BasicDBObject(com.mongodb.BasicDBObject) DBObject(com.mongodb.DBObject) BasicDBObject(com.mongodb.BasicDBObject)

Example 10 with StreamRule

use of org.graylog2.plugin.streams.StreamRule in project graylog2-server by Graylog2.

the class RegexMatcher method match.

@Override
public boolean match(Message msg, StreamRule rule) {
    if (msg.getField(rule.getField()) == null)
        return rule.getInverted();
    try {
        final Pattern pattern = patternCache.get(rule.getValue());
        final CharSequence charSequence = new InterruptibleCharSequence(msg.getField(rule.getField()).toString());
        return rule.getInverted() ^ pattern.matcher(charSequence).find();
    } catch (ExecutionException e) {
        LOG.error("Unable to get pattern from regex cache: ", e);
    }
    return false;
}
Also used : Pattern(java.util.regex.Pattern) InterruptibleCharSequence(org.graylog2.utilities.InterruptibleCharSequence) InterruptibleCharSequence(org.graylog2.utilities.InterruptibleCharSequence) ExecutionException(java.util.concurrent.ExecutionException)

Aggregations

StreamRule (org.graylog2.plugin.streams.StreamRule)85 Message (org.graylog2.plugin.Message)65 Test (org.junit.Test)64 Stream (org.graylog2.plugin.streams.Stream)13 Timed (com.codahale.metrics.annotation.Timed)7 ApiOperation (io.swagger.annotations.ApiOperation)7 ObjectId (org.bson.types.ObjectId)6 Produces (javax.ws.rs.Produces)5 BasicDBObject (com.mongodb.BasicDBObject)4 DBObject (com.mongodb.DBObject)4 ApiResponses (io.swagger.annotations.ApiResponses)4 Consumes (javax.ws.rs.Consumes)4 POST (javax.ws.rs.POST)4 Path (javax.ws.rs.Path)4 AuditEvent (org.graylog2.audit.jersey.AuditEvent)4 NotFoundException (org.graylog2.database.NotFoundException)4 URI (java.net.URI)3 Map (java.util.Map)3 BadRequestException (javax.ws.rs.BadRequestException)3 NoAuditEvent (org.graylog2.audit.jersey.NoAuditEvent)3