diff options
| -rw-r--r-- | LogActio/__init__.py | 22 |
1 files changed, 21 insertions, 1 deletions
diff --git a/LogActio/__init__.py b/LogActio/__init__.py index eb11814..6456b91 100644 --- a/LogActio/__init__.py +++ b/LogActio/__init__.py @@ -43,13 +43,14 @@ class WatcherThread(threading.Thread): return self.__logfile - def AddRule(self, prefix, regex, threshold, timeframe, ratelimit, reporters): + def AddRule(self, prefix, regex, threshold, timeframe, ratelimit, resetrules, reporters): # Adds a rule specific for this log file rule = {"prefix": prefix, "regex": re.compile(regex), "threshold": int(threshold), "timeframe": timeframe and int(timeframe) or None, "ratelimit": ratelimit and int(ratelimit) or None, + "resetrules": resetrules, "lastseen": 0, "current_count": 0, "alerts_sent": 0, @@ -91,6 +92,7 @@ class WatcherThread(threading.Thread): continue now = int(time.time()) + resetlist = [] for alert in self.__rules: m = alert["regex"].match(line.splitlines()[0]) # If the received log line matches the regex @@ -117,6 +119,13 @@ class WatcherThread(threading.Thread): for r in rep: r.ProcessEvent(self.__logfile, alert["prefix"], info, alert["current_count"], alert["threshold"]) + + # If reset-rule-rate-limits is set, make a note to reset these + # counters after all alerts have been processed + if alert["resetrules"]: + for r in alert["resetrules"]: + resetlist.append(r) + alert["lastseen"] = 0 continue @@ -127,6 +136,14 @@ class WatcherThread(threading.Thread): else: alert["lastseen"] = now + # If we have some reset tasks scheduled, perform them now + for reset in resetlist: + for rule in self.__rules: + # Reset the lastsent and lastseen flags for the given rules + if rule["prefix"] == reset: + rule["lastsent"] = 0 + rule["lastseen"] = 0 + fp.close() return 0 @@ -145,6 +162,7 @@ class WatcherThread(threading.Thread): rep._Shutdown() + class LogActio(object): def __init__(self, cfgfile, daemon=False, pidfile=None, logger=None, stdout="/dev/null"): try: @@ -322,6 +340,8 @@ class LogActio(object): and self.__cfg.get(entry, "time-frame") or None), (self.__cfg.has_option(entry, "rate-limit") and self.__cfg.get(entry, "rate-limit") or None), + (self.__cfg.has_option(entry, "reset-rule-rate-limits") + and self.__cfg.get(entry, "reset-rule-rate-limits").split(",") or None), rulereps) if rulereps is not None and len(rulereps) > 0: self.__log(3, "Rule reporters prepared: [%s] => %s" % |