wneessen/logranger
1
1
Fork 0
mirror of https://github.com/wneessen/logranger.git synced 2024-11-22 12:50:50 +01:00
Code Issues Projects Releases Packages Wiki Activity

Improve log message processing and action execution in server.go

Browse source 
Added a new function to process log messages and match them against the ruleset. This function will also handle action execution when a match is found. Additionally, added error handling and a layer of fault tolerance within the action configuration process. As a result, if an error arises while configuring an action, the error is logged and skipped, allowing for the rest of the actions to execute.
This commit is contained in:
Winni Neessen 2023-12-25 21:30:44 +01:00
parent 9089cd80ca
commit a26c565119
Signed by: wneessen
GPG key ID: 5F3AF39B820C119D
1 changed files with 16 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
server.go
View file

@ -177,6 +177,12 @@ ReadLoop:
} }
} }
// processMessage processes a log message by matching it against the ruleset and executing
// the corresponding actions if a match is found. It takes a parsesyslog.LogMsg as input
// and returns an error if there was an error while processing the actions.
// The method first checks if the ruleset is not nil. If it is nil, no actions will be
// executed. For each rule in the ruleset, it checks if the log message matches the
// rule's regular expression.
func (s *Server) processMessage(lm parsesyslog.LogMsg) error { func (s *Server) processMessage(lm parsesyslog.LogMsg) error {
if s.ruleset != nil { if s.ruleset != nil {
for _, r := range s.ruleset.Rule { for _, r := range s.ruleset.Rule {
@ -188,16 +194,25 @@ func (s *Server) processMessage(lm parsesyslog.LogMsg) error {
} }
mg := r.Regexp.FindStringSubmatch(lm.Message.String()) mg := r.Regexp.FindStringSubmatch(lm.Message.String())
for n, a := range actions.Actions { for n, a := range actions.Actions {
s.log.Debug("trying to execute action", slog.String("action_name", n)) bt := time.Now()
if err := a.Config(r.Actions); err != nil { if err := a.Config(r.Actions); err != nil {
s.log.Error("failed to config action", LogErrKey, err, s.log.Error("failed to config action", LogErrKey, err,
slog.String("action", n), slog.String("rule_id", r.ID)) slog.String("action", n), slog.String("rule_id", r.ID))
continue continue
} }
s.log.Debug("log message matches rule, executing action",
slog.String("action", n), slog.String("rule_id", r.ID))
if err := a.Process(lm, mg); err != nil { if err := a.Process(lm, mg); err != nil {
s.log.Error("failed to process action", LogErrKey, err, s.log.Error("failed to process action", LogErrKey, err,
slog.String("action", n), slog.String("rule_id", r.ID)) slog.String("action", n), slog.String("rule_id", r.ID))
} }
if s.conf.Log.Extended {
pt := time.Since(bt)
s.log.Debug("action processing benchmark",
slog.Duration("processing_time", pt),
slog.String("processing_time_human", pt.String()),
slog.String("action", n), slog.String("rule_id", r.ID))
}
} }
} }
} }