Hi,
playing around with Cacti and the logmatch feature of net-snmp (see
http://lendl.priv.at/blog/2008/06/24/watching-logfiles-with-cacti/ )
I found the logmatch feature of snmpd to be simple and powerful.
One thing was missing, though: It was easy to e.g. count the number
of mails received, but not the aggregate size of the emails.
In order to fix this, I patched logmatch.c to evaluate () expressions
in the regex:
* if there is exactly one ( ) construct in the regex, then do an atoi()
on the place of the match and increment the counter by this amount.
* otherwise, increment by one.
----------
Right now, I'm using
logmatch pfCONNECT /var/log/mail.info 120 postfix/smtpd\[[[:digit:]]+\]:
connect from
logmatch pfSENT /var/log/mail.info 120 postfix/smtp\[[[:digit:]]+\]: .*
status=sent
logmatch pfDEFERRED /var/log/mail.info 120 postfix/smtp\[[[:digit:]]+\]: .*
status=deferred
logmatch pfBOUNCED /var/log/mail.info 120 postfix/smtp\[[[:digit:]]+\]: .*
status=bounced
logmatch pfEXPIRED /var/log/mail.info 120 postfix/smtp\[[[:digit:]]+\]: .*
status=expired
logmatch pfUNDELIVERABLE /var/log/mail.info 120 postfix/smtp\[[[:digit:]]+\]:
.* status=undeliverable
logmatch pfSIZE /var/log/mail.info 120 postfix/qmgr\[[[:digit:]]+\]: .*
size=([0-9]+)
logmatch ipTCPsyn /var/log/kern.log 120 kernel: .*PROTO=TCP .* SYN
logmatch ipUDPblocked /var/log/kern.log 120 kernel: .*PROTO=UDP .* LEN=([0-9]+)
to drive cacti on my box.
The patch is almost trivial:
--- logmatch.c 2008-07-07 15:01:41.000000000 +0200
+++ logmatch.c.new 2008-07-07 13:03:09.000000000 +0200
@@ -209,13 +205,14 @@
/*
* ------------------------------------
* now compile the regular expression
+ * Allow for substitutions.
* ------------------------------------
*/
logmatchTable[logmatchCount].myRegexError =
regcomp(&(logmatchTable[logmatchCount].regexBuffer),
logmatchTable[logmatchCount].regEx,
- REG_EXTENDED | REG_NOSUB);
+ REG_EXTENDED);
if (logmatchTable[logmatchCount].frequency > 0) {
snmp_alarm_register(logmatchTable[logmatchCount].frequency,
@@ -245,7 +242,7 @@
updateLogmatch(int iindex)
{
- regmatch_t myMatch;
+ regmatch_t myMatch[2];
int matchResultCode;
char inbuf[1024];
char perfilename[1024];
@@ -254,6 +251,7 @@
int result;
int toobig;
int anyChanges = FALSE;
+ int increment;
struct stat sb;
/*
@@ -397,12 +395,18 @@
matchResultCode =
regexec(&(logmatchTable[iindex].regexBuffer),
- inbuf, 0, &myMatch, REG_NOTEOL);
+ inbuf, 2, myMatch, REG_NOTEOL);
if (matchResultCode == 0) {
- logmatchTable[iindex].globalMatchCounter++;
- logmatchTable[iindex].currentMatchCounter++;
- logmatchTable[iindex].matchCounter++;
+ if((logmatchTable[iindex].regexBuffer.re_nsub == 1 ) &&
+ (myMatch[1].rm_so >= 0)) { /* a ( ) construct was
matched */
+ increment = atoi(inbuf + myMatch[1].rm_so);
+ } else {
+ increment = 1;
+ }
+ logmatchTable[iindex].globalMatchCounter += increment;
+ logmatchTable[iindex].currentMatchCounter += increment;
+ logmatchTable[iindex].matchCounter += increment;
anyChanges = TRUE;
}
}
-----------
Is this a feature you want to include in the official version? If yes, I
can add some better error handling and a patch for the documentation.
/ol
-------------------------------------------------------------------------
Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW!
Studies have shown that voting for your favorite open source project,
along with a healthy diet, reduces your potential for chronic lameness
and boredom. Vote Now at http://www.sourceforge.net/community/cca08
_______________________________________________
Net-snmp-coders mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
