diff options
| author | David Sommerseth <davids@redhat.com> | 2012-09-28 04:08:38 +0200 |
|---|---|---|
| committer | David Sommerseth <davids@redhat.com> | 2012-09-28 04:08:38 +0200 |
| commit | d1860488b78a9e59dbe62f4c6a9c888c1d6d50d3 (patch) | |
| tree | cc66ac71a6646fe7f0ab13408fb182d321240e84 | |
| parent | 57add453dbfd974e73dda9faaf03f2b44709c2db (diff) | |
| download | logactio-d1860488b78a9e59dbe62f4c6a9c888c1d6d50d3.tar.gz logactio-d1860488b78a9e59dbe62f4c6a9c888c1d6d50d3.tar.xz logactio-d1860488b78a9e59dbe62f4c6a9c888c1d6d50d3.zip | |
Added 'reset-rule-rate-limits' variable to [Rules:*] sections
This variable takes a comma separated list of rule names, for the
same log file, which will reset the any active processing
limitations. This can make one rule enforce another rule to
become active again if 'rate-limit' or 'time-frame' limitations
for that rule is stopping it from reacting.
A useful scenario for this feature is if there is a rule which only
reports about connection issues f.ex. only once an hour. If the
connection comes back again another rule can report about this
instantly. Without this feature enabled, it can take up to one
hour before the report about the newly broken connection is sent.
By enabling this feature, the "connection OK" rule can reset the
rate-limit and/or time-frame restrictions on the "broken connection"
rule and thus force a report instantly if the connection breaks
again - regardless of the rate-limit/time-frame limitation.
Signed-off-by: David Sommerseth <davids@redhat.com>
| -rw-r--r-- | LogActio/__init__.py | 22 |
1 files changed, 21 insertions, 1 deletions
diff --git a/LogActio/__init__.py b/LogActio/__init__.py index eb11814..6456b91 100644 --- a/LogActio/__init__.py +++ b/LogActio/__init__.py @@ -43,13 +43,14 @@ class WatcherThread(threading.Thread): return self.__logfile - def AddRule(self, prefix, regex, threshold, timeframe, ratelimit, reporters): + def AddRule(self, prefix, regex, threshold, timeframe, ratelimit, resetrules, reporters): # Adds a rule specific for this log file rule = {"prefix": prefix, "regex": re.compile(regex), "threshold": int(threshold), "timeframe": timeframe and int(timeframe) or None, "ratelimit": ratelimit and int(ratelimit) or None, + "resetrules": resetrules, "lastseen": 0, "current_count": 0, "alerts_sent": 0, @@ -91,6 +92,7 @@ class WatcherThread(threading.Thread): continue now = int(time.time()) + resetlist = [] for alert in self.__rules: m = alert["regex"].match(line.splitlines()[0]) # If the received log line matches the regex @@ -117,6 +119,13 @@ class WatcherThread(threading.Thread): for r in rep: r.ProcessEvent(self.__logfile, alert["prefix"], info, alert["current_count"], alert["threshold"]) + + # If reset-rule-rate-limits is set, make a note to reset these + # counters after all alerts have been processed + if alert["resetrules"]: + for r in alert["resetrules"]: + resetlist.append(r) + alert["lastseen"] = 0 continue @@ -127,6 +136,14 @@ class WatcherThread(threading.Thread): else: alert["lastseen"] = now + # If we have some reset tasks scheduled, perform them now + for reset in resetlist: + for rule in self.__rules: + # Reset the lastsent and lastseen flags for the given rules + if rule["prefix"] == reset: + rule["lastsent"] = 0 + rule["lastseen"] = 0 + fp.close() return 0 @@ -145,6 +162,7 @@ class WatcherThread(threading.Thread): rep._Shutdown() + class LogActio(object): def __init__(self, cfgfile, daemon=False, pidfile=None, logger=None, stdout="/dev/null"): try: @@ -322,6 +340,8 @@ class LogActio(object): and self.__cfg.get(entry, "time-frame") or None), (self.__cfg.has_option(entry, "rate-limit") and self.__cfg.get(entry, "rate-limit") or None), + (self.__cfg.has_option(entry, "reset-rule-rate-limits") + and self.__cfg.get(entry, "reset-rule-rate-limits").split(",") or None), rulereps) if rulereps is not None and len(rulereps) > 0: self.__log(3, "Rule reporters prepared: [%s] => %s" % |