1 /*
2  * Copyright (c) 2002-2013 Balabit
3  * Copyright (c) 1998-2013 Balázs Scheidler
4  *
5  * This library is free software; you can redistribute it and/or
6  * modify it under the terms of the GNU Lesser General Public
7  * License as published by the Free Software Foundation; either
8  * version 2.1 of the License, or (at your option) any later version.
9  *
10  * This library is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
13  * Lesser General Public License for more details.
14  *
15  * You should have received a copy of the GNU Lesser General Public
16  * License along with this library; if not, write to the Free Software
17  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
18  *
19  * As an additional exemption you are allowed to compile & link against the
20  * OpenSSL libraries as published by the OpenSSL project. See the file
21  * COPYING for details.
22  *
23  */
24 
25 #include "filter/filter-pipe.h"
26 #include "stats/stats-registry.h"
27 
28 /*******************************************************************
29  * LogFilterPipe
30  *******************************************************************/
31 
32 static gboolean
log_filter_pipe_init(LogPipe * s)33 log_filter_pipe_init(LogPipe *s)
34 {
35   LogFilterPipe *self = (LogFilterPipe *) s;
36   GlobalConfig *cfg = log_pipe_get_config(s);
37 
38   if (!filter_expr_init(self->expr, cfg))
39     return FALSE;
40 
41   if (!self->name)
42     self->name = cfg_tree_get_rule_name(&cfg->tree, ENC_FILTER, s->expr_node);
43 
44   stats_lock();
45   StatsClusterKey sc_key;
46   stats_cluster_logpipe_key_set(&sc_key, SCS_FILTER, self->name, NULL );
47   stats_register_counter(1, &sc_key, SC_TYPE_MATCHED, &self->matched);
48   stats_register_counter(1, &sc_key, SC_TYPE_NOT_MATCHED, &self->not_matched);
49   stats_unlock();
50 
51   return TRUE;
52 }
53 
54 static void
log_filter_pipe_queue(LogPipe * s,LogMessage * msg,const LogPathOptions * path_options)55 log_filter_pipe_queue(LogPipe *s, LogMessage *msg, const LogPathOptions *path_options)
56 {
57   LogFilterPipe *self = (LogFilterPipe *) s;
58   gboolean res;
59   gchar *filter_result;
60 
61   msg_trace(">>>>>> filter rule evaluation begin",
62             evt_tag_str("rule", self->name),
63             log_pipe_location_tag(s),
64             evt_tag_printf("msg", "%p", msg));
65 
66   res = filter_expr_eval_root(self->expr, &msg, path_options);
67 
68   if (res)
69     {
70       filter_result = "MATCH - Forwarding message to the next LogPipe";
71       log_pipe_forward_msg(s, msg, path_options);
72       stats_counter_inc(self->matched);
73     }
74   else
75     {
76       filter_result = "UNMATCHED - Dropping message from LogPipe";
77       if (path_options->matched)
78         (*path_options->matched) = FALSE;
79       log_msg_drop(msg, path_options, AT_PROCESSED);
80       stats_counter_inc(self->not_matched);
81     }
82   msg_trace("<<<<<< filter rule evaluation result",
83             evt_tag_str("result", filter_result),
84             evt_tag_str("rule", self->name),
85             log_pipe_location_tag(s),
86             evt_tag_printf("msg", "%p", msg));
87 }
88 
89 static LogPipe *
log_filter_pipe_clone(LogPipe * s)90 log_filter_pipe_clone(LogPipe *s)
91 {
92   LogFilterPipe *self = (LogFilterPipe *) s;
93   FilterExprNode *expr = filter_expr_clone(self->expr);
94 
95   LogPipe *cloned = log_filter_pipe_new(expr, s->cfg);
96   ((LogFilterPipe *)cloned)->name = g_strdup(self->name);
97   return cloned;
98 }
99 
100 static void
log_filter_pipe_free(LogPipe * s)101 log_filter_pipe_free(LogPipe *s)
102 {
103   LogFilterPipe *self = (LogFilterPipe *) s;
104 
105   stats_lock();
106   StatsClusterKey sc_key;
107   stats_cluster_logpipe_key_set(&sc_key, SCS_FILTER, self->name, NULL );
108   stats_unregister_counter(&sc_key, SC_TYPE_MATCHED, &self->matched);
109   stats_unregister_counter(&sc_key, SC_TYPE_NOT_MATCHED, &self->not_matched);
110   stats_unlock();
111 
112   g_free(self->name);
113   filter_expr_unref(self->expr);
114   log_pipe_free_method(s);
115 }
116 
117 LogPipe *
log_filter_pipe_new(FilterExprNode * expr,GlobalConfig * cfg)118 log_filter_pipe_new(FilterExprNode *expr, GlobalConfig *cfg)
119 {
120   LogFilterPipe *self = g_new0(LogFilterPipe, 1);
121 
122   log_pipe_init_instance(&self->super, cfg);
123   self->super.init = log_filter_pipe_init;
124   self->super.queue = log_filter_pipe_queue;
125   self->super.free_fn = log_filter_pipe_free;
126   self->super.clone = log_filter_pipe_clone;
127   self->expr = expr;
128   return &self->super;
129 }
130