diff options
author | David Sommerseth <davids@redhat.com> | 2012-09-21 01:22:56 +0200 |
---|---|---|
committer | David Sommerseth <davids@redhat.com> | 2012-09-21 01:28:33 +0200 |
commit | 57add453dbfd974e73dda9faaf03f2b44709c2db (patch) | |
tree | 79cf2a12c4273762b263fce435aa4e940b2c4db5 | |
parent | a0807122264b80546cae7069b1e643de265ceb0b (diff) | |
download | logactio-57add453dbfd974e73dda9faaf03f2b44709c2db.tar.gz logactio-57add453dbfd974e73dda9faaf03f2b44709c2db.tar.xz logactio-57add453dbfd974e73dda9faaf03f2b44709c2db.zip |
Added a rate-limit variable to [Rule:*] sections
This will avoid sending more reports if it happens within the
given amount of seconds since the last report for this rule.
So if you have this set to 10 seconds and this rule matches
a log line every second, the time between each report will be
10 seconds. The rate-limit is kind of defining 1 report per
X seconds.
Signed-off-by: David Sommerseth <davids@redhat.com>
-rw-r--r-- | LogActio/__init__.py | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/LogActio/__init__.py b/LogActio/__init__.py index 4a2b523..eb11814 100644 --- a/LogActio/__init__.py +++ b/LogActio/__init__.py @@ -43,15 +43,17 @@ class WatcherThread(threading.Thread): return self.__logfile - def AddRule(self, prefix, regex, threshold, timeframe, reporters): + def AddRule(self, prefix, regex, threshold, timeframe, ratelimit, reporters): # Adds a rule specific for this log file rule = {"prefix": prefix, "regex": re.compile(regex), "threshold": int(threshold), "timeframe": timeframe and int(timeframe) or None, + "ratelimit": ratelimit and int(ratelimit) or None, "lastseen": 0, "current_count": 0, "alerts_sent": 0, + "lastsent": 0, "reporters": reporters} self.__rules.append(rule) @@ -96,12 +98,15 @@ class WatcherThread(threading.Thread): alert["current_count"] += 1 # If the threshold has been reached and within the given time frame, - # report the incident + # report the incident. Also, if we have an rate-limit, only send + # a report it is 'rate-limit seconds' since last report. if (alert["threshold"] == 0 or ((alert["current_count"] % alert["threshold"] == 0) and (alert["timeframe"] is None - or now <= (alert["lastseen"] + alert["timeframe"])))): + or now <= (alert["lastseen"] + alert["timeframe"]))) + and (alert["ratelimit"] is None or now > (alert["lastsent"] + alert["ratelimit"]))): alert["alerts_sent"] += 1 + alert["lastsent"] = now info = "|".join(m.groups()) # Gather regex exctracted info if len(info) == 0: info = None @@ -315,6 +320,8 @@ class LogActio(object): self.__cfg.get(entry, "threshold"), (self.__cfg.has_option(entry, "time-frame") and self.__cfg.get(entry, "time-frame") or None), + (self.__cfg.has_option(entry, "rate-limit") + and self.__cfg.get(entry, "rate-limit") or None), rulereps) if rulereps is not None and len(rulereps) > 0: self.__log(3, "Rule reporters prepared: [%s] => %s" % |