Skip to content

Commit fe6e33d

Browse files
Move trap/syslog filter code from EventManagerBase into new module.
This will aid with the Python 3 conversion. ZEN-35265
1 parent db30ab6 commit fe6e33d

File tree

11 files changed

+402
-277
lines changed

11 files changed

+402
-277
lines changed

src/Products/ZenEvents/EventManagerBase.py

Lines changed: 254 additions & 261 deletions
Large diffs are not rendered by default.

src/Products/ZenEvents/filters.py

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,30 @@
1+
import unicodedata
2+
3+
import six
4+
5+
6+
def load_trap_filters():
7+
import os.path
8+
9+
path = os.path.join(os.path.dirname(__file__), "trap_filters.txt")
10+
with open(path) as f:
11+
return f.read()
12+
13+
14+
def load_syslog_parsers():
15+
import json
16+
import os.path
17+
18+
path = os.path.join(os.path.dirname(__file__), "syslog_parsers.json")
19+
with open(path) as f:
20+
return json.load(f, object_pairs_hook=_as_bytes)
21+
22+
23+
def _as_bytes(pairs):
24+
return {str(k): _encode(v) for k, v in pairs}
25+
26+
27+
def _encode(value):
28+
if isinstance(value, six.text_type):
29+
return unicodedata.normalize("NFKD", value).encode("ascii", "ignore")
30+
return value
Lines changed: 87 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,87 @@
1+
[
2+
{
3+
"description": "generic mark",
4+
"expr": "^(?P<summary>-- (?P<eventClassKey>MARK) --)",
5+
"keep": true
6+
},
7+
{
8+
"description": "Cisco UCS: 2010 Oct 19 15:47:45 CDT: snmpd: SNMP Operation (GET) failed. Reason:2 reqId (257790979) errno (42) error index (1)",
9+
"expr": "^: \\d{4} \\w{3}\\s+\\d{1,2}\\s+\\d{1,2}:\\d\\d:\\d\\d \\w{3}: %(?P<eventClassKey>[^:]+): (?P<summary>.*)",
10+
"keep": true
11+
},
12+
{
13+
"description": "ntsyslog windows msg",
14+
"expr": "^(?P<component>.+)\\[(?P<ntseverity>\\D+)\\] (?P<ntevid>\\d+) (?P<summary>.*)",
15+
"keep": true
16+
},
17+
{
18+
"description": "cisco msg with card indicator",
19+
"expr": "%CARD-\\S+:(SLOT\\d+) %(?P<eventClassKey>\\S+): (?P<summary>.*)",
20+
"keep": true
21+
},
22+
{
23+
"description": "cisco standard msg",
24+
"expr": "%(?P<eventClassKey>(?P<component>\\S+)-(?P<overwriteSeverity>\\d)-\\S+): *(?P<summary>.*)",
25+
"keep": true
26+
},
27+
{
28+
"description": "Cisco ACS",
29+
"expr": "^(?P<ipAddress>\\S+)\\s+(?P<summary>(?P<eventClassKey>(CisACS_\\d\\d|CSCOacs)_\\S+)\\s+(?P<eventKey>\\S+)\\s.*)",
30+
"keep": true
31+
},
32+
{
33+
"description": "netscreen device msg",
34+
"expr": "device_id=\\S+\\s+\\[\\S+\\](?P<eventClassKey>\\S+\\d+):\\s+(?P<summary>.*)\\s+\\((?P<originalTime>\\d\\d\\d\\d-\\d\\d-\\d\\d \\d\\d:\\d\\d:\\d\\d)\\)",
35+
"keep": true
36+
},
37+
{
38+
"description": "NetApp: [deviceName: 10/100/1000/e1a:warning]: Client 10.0.0.101 (xid 4251521131) is trying to access an unexported mount (fileid 64, snapid 0, generation 6111516 and flags 0x0 on volume 0xc97d89a [No volume name available])",
39+
"expr": "^\\[[^:]+: (?P<component>[^:]+)[^\\]]+\\]: (?P<summary>.*)",
40+
"keep": true
41+
},
42+
{
43+
"description": "unix syslog with pid",
44+
"expr": "(?P<component>\\S+)\\[(?P<pid>\\d+)\\]:\\s*(?P<summary>.*)",
45+
"keep": true
46+
},
47+
{
48+
"description": "unix syslog without pid",
49+
"expr": "(?P<component>\\S+): (?P<summary>.*)",
50+
"keep": true
51+
},
52+
{
53+
"description": "adtran devices",
54+
"expr": "^(?P<deviceModel>[^\\[]+)\\[(?P<deviceManufacturer>ADTRAN)\\]:(?P<component>[^\\|]+\\|\\d+\\|\\d+)\\|(?P<summary>.*)",
55+
"keep": true
56+
},
57+
{
58+
"description": "fortigate devices",
59+
"expr": "^date=.+ (?P<summary>devname=.+ log_id=(?P<eventClassKey>\\d+) type=(?P<component>\\S+).+)",
60+
"keep": true
61+
},
62+
{
63+
"description": "proprietary message passing system",
64+
"expr": "^(?P<component>\\S+)(\\.|\\s)[A-Z]{3} \\d \\S+ \\d\\d:\\d\\d:\\d\\d-\\d\\d:\\d\\d:\\d\\d \\d{5} \\d{2} \\d{5} \\S+ \\d{4} \\d{3,5} (- )*(?P<summary>.*) \\d{4} \\d{4}",
65+
"keep": true
66+
},
67+
{
68+
"description": "Cisco port state logging info",
69+
"expr": "^Process (?P<process_id>\\d+), Nbr (?P<device>\\d+\\.\\d+\\.\\d+\\.\\d+) on (?P<interface>\\w+/\\d+) from (?P<start_state>\\w+) to (?P<end_state>\\w+), (?P<summary>.+)",
70+
"keep": true
71+
},
72+
{
73+
"description": "Cisco VPN Concentrator: 54884 05/25/2009 13:41:14.060 SEV=3 HTTP/42 RPT=4623 Error on socket accept.",
74+
"expr": "^\\d+ \\d+\\/\\d+\\/\\d+ \\d+:\\d+:\\d+\\.\\d+ SEV=\\d+ (?P<eventClassKey>\\S+) RPT=\\d+ (?P<summary>.*)",
75+
"keep": true
76+
},
77+
{
78+
"description": "Dell Storage Array: 2626:48:VolExec:27-Aug-2009 13:15:58.072049:VE_VolSetWorker.hh:75:WARNING:43.3.2:Volume volumeName has reached 96 percent of its reported size and is currently using 492690MB.",
79+
"expr": "^\\d+:\\d+:(?P<component>[^:]+):\\d+-\\w{3}-\\d{4} \\d{2}:\\d{2}:\\d{2}\\.\\d+:[^:]+:\\d+:\\w+:(?P<eventClassKey>[^:]+):(?P<summary>.*)",
80+
"keep": true
81+
},
82+
{
83+
"description": "1-Oct-2009 23:00:00.383809:snapshotDelete.cc:290:INFO:8.2.5:Successfully deleted snapshot \"UNVSQLCLUSTERTEMPDB-2009-09-30-23:00:14.11563\"",
84+
"expr": "^\\d+-\\w{3}-\\d{4} \\d{2}:\\d{2}:\\d{2}\\.\\d+:[^:]+:\\d+:\\w+:(?P<eventClassKey>[^:]+):(?P<summary>.*)",
85+
"keep": true
86+
}
87+
]
Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,14 @@
1+
# Format: [COLLECTOR REGEX] include|exclude v1|v2 <version-specific options>
2+
# Include all generic SNMP V1 Traps 0-5
3+
include v1 0
4+
include v1 1
5+
include v1 2
6+
include v1 3
7+
include v1 4
8+
include v1 5
9+
10+
# Include all enterprise-specific SNMP V1 traps
11+
include v1 *
12+
13+
# Include all SNMP V2 traps
14+
include v2 *

src/Products/ZenEvents/zensyslog/tests/test_processor.py

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@
2020
Parsers,
2121
parse_MSG,
2222
)
23-
from Products.ZenEvents.EventManagerBase import EventManagerBase
23+
from Products.ZenEvents.filters import load_syslog_parsers
2424

2525

2626
class TestGetEventClassKeyValue(TestCase):
@@ -59,10 +59,12 @@ def test_default(t):
5959

6060

6161
class TestParseMSG(TestCase):
62+
_syslog_parsers = load_syslog_parsers()
63+
6264
def setUp(t):
6365
logging.getLogger().setLevel(logging.CRITICAL + 10)
6466
t.parsers = Parsers(t.sendEvent)
65-
t.parsers.update(EventManagerBase.syslogParsers)
67+
t.parsers.update(t._syslog_parsers)
6668

6769
def tearDown(t):
6870
del t.parsers
@@ -90,7 +92,7 @@ def testCheckFortigate(t):
9092
key = "987654321"
9193
comp = "myComponent"
9294
msg = (
93-
"date=xxxx devname=blue log_id={} type={} " "blah blah blah"
95+
"date=xxxx devname=blue log_id={} type={} blah blah blah"
9496
).format(key, comp)
9597
fields, index, drop = parse_MSG(msg, t.parsers)
9698
t.assertFalse(drop)

src/Products/ZenEvents/zensyslog/tests/test_transformer.py

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,6 @@
1515

1616
from Products.ZenHub.interfaces import TRANSFORM_CONTINUE, TRANSFORM_DROP
1717

18-
from Products.ZenEvents.EventManagerBase import EventManagerBase
1918
from Products.ZenEvents.zensyslog.transformer import (
2019
FilterRules,
2120
SyslogMsgFilter,
@@ -32,7 +31,7 @@ def tearDown(t):
3231
def testDefaultFilterRules(self):
3332
app = Mock()
3433
rules = FilterRules(app)
35-
rules.update(EventManagerBase.syslogMsgEvtFieldFilterRules)
34+
rules.update({})
3635
self.assertEquals(app.sendEvent.called, False)
3736

3837
def testBadFilter(self):

src/Products/ZenEvents/zentrap/tests/test_decode.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
from struct import pack
55
from unittest import TestCase
66

7-
from ..decode import decode_snmp_value
7+
from Products.ZenEvents.zentrap.decode import decode_snmp_value
88

99

1010
class DecodersUnitTest(TestCase):

src/Products/ZenEvents/zentrap/tests/test_filterspec.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@
1515

1616
from unittest import TestCase
1717

18-
from ..filterspec import (
18+
from Products.ZenEvents.zentrap.filterspec import (
1919
BaseFilterDefinition,
2020
FilterSpecification,
2121
GenericTrapFilterDefinition,

src/Products/ZenEvents/zentrap/tests/test_handlers.py

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -6,10 +6,10 @@
66

77
from mock import Mock
88

9-
from ..handlers import ReplayTrapHandler
10-
from ..net import FakePacket, SNMPv1, SNMPv2
11-
from ..oidmap import OidMap
12-
from ..processors import (
9+
from Products.ZenEvents.zentrap.handlers import ReplayTrapHandler
10+
from Products.ZenEvents.zentrap.net import FakePacket, SNMPv1, SNMPv2
11+
from Products.ZenEvents.zentrap.oidmap import OidMap
12+
from Products.ZenEvents.zentrap.processors import (
1313
LegacyVarbindProcessor,
1414
DirectVarbindProcessor,
1515
MixedVarbindProcessor,

src/Products/ZenEvents/zentrap/tests/test_oidmap.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44

55
from mock import Mock
66

7-
from ..oidmap import OidMap
7+
from Products.ZenEvents.zentrap.oidmap import OidMap
88

99

1010
class TestOidMap(TestCase):

0 commit comments

Comments
 (0)