Add peer review changes

renukamanavalan · Jul 22, 2022 · 52e1590 · 52e1590
1 parent 7c4c78d
commit 52e1590
Show file tree

Hide file tree

Showing 6 changed files with 53 additions and 55 deletions.
diff --git a/src/sonic-eventd/rsyslog_plugin/rsyslog_plugin.cpp b/src/sonic-eventd/rsyslog_plugin/rsyslog_plugin.cpp
@@ -44,9 +44,14 @@ bool RsyslogPlugin::createRegexList() {
 
     for(long unsigned int i = 0; i < m_parser->m_regexList.size(); i++) {
         try {
-	    regexString = m_parser->m_regexList[i]["regex"];
+	    string timestampRegex = "^([a-zA-Z]{3})?\\s*([0-9]{1,2})?\\s*([0-9]{2}:[0-9]{2}:[0-9]{2}.[0-9]{0,6})?\\s*"; 
+            string eventRegex = m_parser->m_regexList[i]["regex"];
+	    regexString = timestampRegex + eventRegex; 
             string tag = m_parser->m_regexList[i]["tag"];
             vector<string> params = m_parser->m_regexList[i]["params"];
+	    vector<string> timestampParams = { "month", "day", "time" };
+	    params.insert(params.begin(), timestampParams.begin(), timestampParams.end());
+	    m_parser->m_regexList[i]["params"] = params;
             regex expr(regexString);
             expression = expr;
         } catch (domain_error& deException) {

diff --git a/src/sonic-eventd/rsyslog_plugin/syslog_parser.cpp b/src/sonic-eventd/rsyslog_plugin/syslog_parser.cpp
@@ -11,26 +11,26 @@
  *
 */
 
-void SyslogParser::addTimestamp(string message, event_params_t& paramMap) {
-    string formattedTimestamp = m_timestampFormatter->changeTimestampFormat(message);
-    if(formattedTimestamp.empty()) {
-        SWSS_LOG_ERROR("Message does not contain valid timestamp and cannot be formatted: %s.\n", message.c_str());
-	return;
-    }
-    paramMap["timestamp"] = formattedTimestamp;
-}
-
 bool SyslogParser::parseMessage(string message, string& eventTag, event_params_t& paramMap, lua_State* luaState) {
     for(long unsigned int i = 0; i < m_regexList.size(); i++) {
         smatch matchResults;
         vector<string> params = m_regexList[i]["params"];
-        if(!regex_search(message, matchResults, m_expressions[i]) || params.size() != matchResults.size() - 1) {
+        if(!regex_search(message, matchResults, m_expressions[i]) || params.size() != matchResults.size() - 1 || matchResults.size() < 4) {
             continue;
         }
+
+        if(!matchResults[1].str().empty() && !matchResults[2].str().empty() && !matchResults[3].str().empty()) { // found timestamp components
+            string formattedTimestamp = m_timestampFormatter->changeTimestampFormat({ matchResults[1].str(), matchResults[2].str(), matchResults[3].str() });
+	    if(!formattedTimestamp.empty()) {
+                paramMap["timestamp"] = formattedTimestamp;
+	    } else {
+                SWSS_LOG_ERROR("Timestamp is invalid and is not able to be formatted");
+	    }
+	}
         // found matching regex
         eventTag = m_regexList[i]["tag"];
-	// check params for lua code
-	for(long unsigned int j = 0; j < params.size(); j++) {
+	// check params for lua code	
+	for(long unsigned int j = 3; j < params.size(); j++) {
             auto delimPos = params[j].find(':');
 	    string resultValue = matchResults[j + 1].str();
 	    if(delimPos == string::npos) { // no lua code
@@ -59,13 +59,11 @@ bool SyslogParser::parseMessage(string message, string& eventTag, event_params_t
             paramMap[param] = lua_tostring(luaState, -1);
             lua_pop(luaState, 1);
 	}
-	addTimestamp(message, paramMap);
         return true;
     }
     return false;
 }
 
 SyslogParser::SyslogParser() {
-    string timestampFormatRegex = "([a-zA-Z]{3})\\s*([0-9]{1,2})\\s*([0-9]{2}:[0-9]{2}:[0-9]{2}.[0-9]{0,6}).*";
-    m_timestampFormatter = unique_ptr<TimestampFormatter>(new TimestampFormatter(timestampFormatRegex));
+    m_timestampFormatter = unique_ptr<TimestampFormatter>(new TimestampFormatter());
 }
diff --git a/src/sonic-eventd/rsyslog_plugin/syslog_parser.h b/src/sonic-eventd/rsyslog_plugin/syslog_parser.h
@@ -29,7 +29,6 @@ class SyslogParser {
     unique_ptr<TimestampFormatter> m_timestampFormatter;
     vector<regex> m_expressions;
     json m_regexList = json::array();
-    void addTimestamp(string message, event_params_t& paramDict);
     bool parseMessage(string message, string& tag, event_params_t& paramDict, lua_State* luaState);
     SyslogParser();
 };

diff --git a/src/sonic-eventd/rsyslog_plugin/timestamp_formatter.cpp b/src/sonic-eventd/rsyslog_plugin/timestamp_formatter.cpp
@@ -1,6 +1,7 @@
 #include <iostream>
 #include "timestamp_formatter.h"
 #include "logger.h"
+#include "events.h"
 
 using namespace std;
 
@@ -13,7 +14,7 @@ using namespace std;
  *
  */
 
-const unordered_map<string, string> g_monthDict {
+static const unordered_map<string, string> g_monthDict {
     { "Jan", "01" },
     { "Feb", "02" },
     { "Mar", "03" },
@@ -47,34 +48,27 @@ string TimestampFormatter::getYear(string timestamp) {
     return year;
 }
 
-string TimestampFormatter::changeTimestampFormat(string message) {
-    smatch dateComponents;
-    string formattedTimestamp; // need to change format of Mmm dd hh:mm:ss.SSSSSS to YYYY-mm-ddThh:mm:ss.SSSSSSZ
-    if(!regex_search(message, dateComponents, m_expression) || dateComponents.size() != 4) { //whole,month,day,time
-        SWSS_LOG_ERROR("Timestamp unable to be broken down into components.\n");
-        return ""; // empty string is error
+string TimestampFormatter::changeTimestampFormat(vector<string> dateComponents) {
+    if(dateComponents.size() < 3) {
+        SWSS_LOG_ERROR("Timestamp formatter unable to format due to invalid input");
+        return "";
     }
+    string formattedTimestamp; // need to change format of Mmm dd hh:mm:ss.SSSSSS to YYYY-mm-ddThh:mm:ss.SSSSSSZ
     string month;
-    auto it = g_monthDict.find(dateComponents[1].str());
+    auto it = g_monthDict.find(dateComponents[0]);
     if(it != g_monthDict.end()) {
         month = it->second;
     } else {
         SWSS_LOG_ERROR("Timestamp month was given in wrong format.\n");
         return "";
     }
-    string day = dateComponents[2].str();
+    string day = dateComponents[1];
     if(day.size() == 1) { // convert 1 -> 01
        day.insert(day.begin(), '0');
     }
-    string time = dateComponents[3].str();
+    string time = dateComponents[2];
     string currentTimestamp = month + day + time;
     string year = getYear(currentTimestamp);
-
     formattedTimestamp = year + "-" + month + "-" + day + "T" + time + "Z";
     return formattedTimestamp;
 }
-
-TimestampFormatter::TimestampFormatter(string timestampFormatRegex) {
-    regex expr(timestampFormatRegex);
-    m_expression = expr;
-}
diff --git a/src/sonic-eventd/rsyslog_plugin/timestamp_formatter.h b/src/sonic-eventd/rsyslog_plugin/timestamp_formatter.h
@@ -1,9 +1,13 @@
 #ifndef TIMESTAMP_FORMATTER_H
 #define TIMESTAMP_FORMATTER_H
+
 #include <iostream>
 #include <string>
 #include <regex>
 #include <ctime>
+#include <vector>
+
+using namespace std;
 
 /***
  *
@@ -13,13 +17,11 @@
 
 class TimestampFormatter {
 public:
-    std::string changeTimestampFormat(std::string message);
-    TimestampFormatter(std::string timestampFormatRegex);
-    std::string m_storedTimestamp;
-    std::string m_storedYear;
+    string changeTimestampFormat(vector<string> dateComponents);
+    string m_storedTimestamp;
+    string m_storedYear;
 private:
-    std::regex m_expression;
-    std::string getYear(std::string timestamp);
+    string getYear(string timestamp);
 };
 
 #endif
diff --git a/src/sonic-eventd/rsyslog_plugin_tests/rsyslog_plugin_ut.cpp b/src/sonic-eventd/rsyslog_plugin_tests/rsyslog_plugin_ut.cpp
@@ -22,11 +22,11 @@ using json = nlohmann::json;
 TEST(syslog_parser, matching_regex) {    
     json jList = json::array();
     vector<regex> testExpressions;
-    string regexString = "message (.*) other_data (.*) even_more_data (.*)";
+    string regexString = "^([a-zA-Z]{3})?\\s*([0-9]{1,2})?\\s*([0-9]{2}:[0-9]{2}:[0-9]{2}.[0-9]{0,6})?\\s*message (.*) other_data (.*) even_more_data (.*)";
     json jTest;
     jTest["tag"] = "test_tag";
     jTest["regex"] = regexString;
-    jTest["params"] = { "message", "other_data", "even_more_data" };
+    jTest["params"] = { "month", "day", "time", "message", "other_data", "even_more_data" };
     jList.push_back(jTest);
     regex expression(regexString);
     testExpressions.push_back(expression);
@@ -56,11 +56,11 @@ TEST(syslog_parser, matching_regex) {
 TEST(syslog_parser, matching_regex_timestamp) {    
     json jList = json::array();
     vector<regex> testExpressions;
-    string regexString = "message (.*) other_data (.*)";
+    string regexString = "^([a-zA-Z]{3})?\\s*([0-9]{1,2})?\\s*([0-9]{2}:[0-9]{2}:[0-9]{2}.[0-9]{0,6})?\\s*message (.*) other_data (.*)";
     json jTest;
     jTest["tag"] = "test_tag";
     jTest["regex"] = regexString;
-    jTest["params"] = { "message", "other_data" };
+    jTest["params"] = { "month", "day", "time", "message", "other_data" };
     jList.push_back(jTest);
     regex expression(regexString);
     testExpressions.push_back(expression);
@@ -90,11 +90,11 @@ TEST(syslog_parser, matching_regex_timestamp) {
 TEST(syslog_parser, no_matching_regex) {
     json jList = json::array();
     vector<regex> testExpressions;
-    string regexString = "no match";
+    string regexString = "^([a-zA-Z]{3})?\\s*([0-9]{1,2})?\\s*([0-9]{2}:[0-9]{2}:[0-9]{2}.[0-9]{0,6})?\s*no match";
     json jTest;
     jTest["tag"] = "test_tag";
     jTest["regex"] = regexString;
-    jTest["params"] = vector<string>();
+    jTest["params"] = { "month", "day", "time" };
     jList.push_back(jTest);
     regex expression(regexString);
     testExpressions.push_back(expression);
@@ -117,11 +117,11 @@ TEST(syslog_parser, no_matching_regex) {
 TEST(syslog_parser, lua_code_valid_1) {
     json jList = json::array();
     vector<regex> testExpressions;
-    string regexString = ".* (sent|received) (?:to|from) .* ([0-9]{2,3}.[0-9]{2,3}.[0-9]{2,3}.[0-9]{2,3}) active ([1-9]{1,3})/([1-9]{1,3}) .*";
+    string regexString = "^([a-zA-Z]{3})?\\s*([0-9]{1,2})?\\s*([0-9]{2}:[0-9]{2}:[0-9]{2}.[0-9]{0,6})?\\s*.* (sent|received) (?:to|from) .* ([0-9]{2,3}.[0-9]{2,3}.[0-9]{2,3}.[0-9]{2,3}) active ([1-9]{1,3})/([1-9]{1,3}) .*";
     json jTest;
     jTest["tag"] = "test_tag";
     jTest["regex"] = regexString;
-    jTest["params"] = { "is-sent:ret=tostring(arg==\"sent\")", "ip", "major-code", "minor-code" };
+    jTest["params"] = { "month", "day", "time", "is-sent:ret=tostring(arg==\"sent\")", "ip", "major-code", "minor-code" };
     jList.push_back(jTest);
     regex expression(regexString);
     testExpressions.push_back(expression);
@@ -152,11 +152,11 @@ TEST(syslog_parser, lua_code_valid_1) {
 TEST(syslog_parser, lua_code_valid_2) {
     json jList = json::array();
     vector<regex> testExpressions;
-    string regexString = ".* (sent|received) (?:to|from) .* ([0-9]{2,3}.[0-9]{2,3}.[0-9]{2,3}.[0-9]{2,3}) active ([1-9]{1,3})/([1-9]{1,3}) .*";
+    string regexString = "([a-zA-Z]{3})?\\s*([0-9]{1,2})?\\s*([0-9]{2}:[0-9]{2}:[0-9]{2}.[0-9]{0,6})?\\s*.* (sent|received) (?:to|from) .* ([0-9]{2,3}.[0-9]{2,3}.[0-9]{2,3}.[0-9]{2,3}) active ([1-9]{1,3})/([1-9]{1,3}) .*";
     json jTest;
     jTest["tag"] = "test_tag";
     jTest["regex"] = regexString;
-    jTest["params"] = { "is-sent:ret=tostring(arg==\"sent\")", "ip", "major-code", "minor-code" };
+    jTest["params"] = { "month", "day", "time", "is-sent:ret=tostring(arg==\"sent\")", "ip", "major-code", "minor-code" };
     jList.push_back(jTest);
     regex expression(regexString);
     testExpressions.push_back(expression);
@@ -169,14 +169,15 @@ TEST(syslog_parser, lua_code_valid_2) {
     expectedDict["ip"] = "10.10.24.216";
     expectedDict["major-code"] = "6";
     expectedDict["minor-code"] = "2";
+    expectedDict["timestamp"] = "2022-12-03T12:36:24.503424Z";
 
     unique_ptr<SyslogParser> parser(new SyslogParser());
     parser->m_expressions = testExpressions;
     parser->m_regexList = jList;
     lua_State* luaState = luaL_newstate();
     luaL_openlibs(luaState);
 
-    bool success = parser->parseMessage("NOTIFICATION: received from neighbor 10.10.24.216 active 6/2 (Administrative Shutdown) 0 bytes", tag, paramDict, luaState);
+    bool success = parser->parseMessage("Dec  3 12:36:24.503424 NOTIFICATION: received from neighbor 10.10.24.216 active 6/2 (Administrative Shutdown) 0 bytes", tag, paramDict, luaState);
     EXPECT_EQ(true, success);
     EXPECT_EQ("test_tag", tag);
     EXPECT_EQ(expectedDict, paramDict);
@@ -230,12 +231,11 @@ TEST(rsyslog_plugin, onMessage_noParams) {
 }
 
 TEST(timestampFormatter, changeTimestampFormat) {
-    string timestampFormatRegex = "([a-zA-Z]{3}) ([0-9]{1,2}) ([0-9]{2}:[0-9]{2}:[0-9]{2}.[0-9]{0,6})";
-    unique_ptr<TimestampFormatter> formatter(new TimestampFormatter(timestampFormatRegex));
+    unique_ptr<TimestampFormatter> formatter(new TimestampFormatter());
 
-    string timestampOne = "Jul 20 10:09:40.230874";
-    string timestampTwo = "Jan 1 00:00:00.000000";
-    string timestampThree = "Dec 31 23:59:59.000000"; 
+    vector<string> timestampOne = { "Jul", "20", "10:09:40.230874" };
+    vector<string> timestampTwo = { "Jan", "1", "00:00:00.000000" };
+    vector<string> timestampThree = { "Dec", "31", "23:59:59.000000" }; 
 
     string formattedTimestampOne = formatter->changeTimestampFormat(timestampOne);
     EXPECT_EQ("2022-07-20T10:09:40.230874Z", formattedTimestampOne);