small patch to add regex filtering of eventparms
Description
Environment
Acceptance / Success Criteria
Attachments
Lucidchart Diagrams
Activity
Seth Leger August 22, 2011 at 4:52 PM
I ported this patch to the EventProcessor interface and added the patch to the eventconf objects. Marking as fixed.
Seth Leger August 18, 2011 at 2:13 PM
This patch needs to be converted over to a class that implements the EventProcessor interface that was added after 1.3. I'll try and take a look at this.
Benjamin Reed May 14, 2009 at 9:57 AM
Ping – Tim, did you see my note about the OCA? Looking to get this in a 1.6.x release...
Benjamin Reed December 10, 2008 at 11:12 AM
I'd like to integrate this into 1.6 – mind filling out a contributor agreement if you haven't already so I can include it?
http://www.opennms.org/index.php/Contributor_Agreement
Thanks!
Tim Falzone September 5, 2007 at 10:40 AM
This patch add to the configuration of events so that you can perform regular expression substitutions on the event parameters (trap varbinds) before the event is added to the database. For example, given an event type that maps SiteScope traps like this:
<event>
<mask>
<maskelement>
<mename>id</mename>
<mevalue>.1.3.6.1.4.1.4875.3.1</mevalue>
</maskelement>
<maskelement>
<mename>generic</mename>
<mevalue>6</mevalue>
</maskelement>
<maskelement>
<mename>specific</mename>
<mevalue>9</mevalue>
</maskelement>
</mask>
<uei>uei.opennms.org/vendor/DoubleClick/traps/siteScopeClear</uei>
<event-label>DCLK-SITESCOPE-MIB defined trap event: siteScopeClear</event-label>
<descr>
%parm[all]%
</descr>
<logmsg dest='logndisplay'><p>DoubleClick SiteScope Clear: %parm#6%.</p></logmsg>
<severity>Cleared</severity>
</event>
We see in the eventd log an event that looks like this:
Event {
uuid = <not-set>
uei = uei.opennms.org/vendor/DoubleClick/traps/siteScopeClear
src = trapd
iface = 192.168.2.43
time = Wednesday, September 5, 2007 2:25:02 PM GMT
parms {
(.1.1, *** property not found (_goldProductCode))
(.1.2, HOST)
(.1.3, 1)
(.1.4, EUDATA04)
(.1.6, 137474)
(.1.7, Sitescope::SNMPMonitor *** property not found (_goldMessage) attached=4356)
(.1.8, *** property not found (_goldExpiration))
}
}
We want to remove anything that looks like “*** property not found (_goldExpiration)” from the event parms before it gets written to the database. By adding to the event configuration for this event type, we can replace these strings.
<event>
<mask>
<maskelement>
<mename>id</mename>
<mevalue>.1.3.6.1.4.1.4875.3.1</mevalue>
</maskelement>
<maskelement>
<mename>generic</mename>
<mevalue>6</mevalue>
</maskelement>
<maskelement>
<mename>specific</mename>
<mevalue>9</mevalue>
</maskelement>
</mask>
<uei>uei.opennms.org/vendor/DoubleClick/traps/siteScopeClear</uei>
<event-label>DCLK-SITESCOPE-MIB defined trap event: siteScopeClear</event-label>
<descr>
%parm[all]%
</descr>
<logmsg dest='logndisplay'><p>DoubleClick SiteScope Clear: %parm#6%.</p></logmsg>
<severity>Cleared</severity>
<!-- ADDED -->
<filters>
<filter eventparm=".1.7" pattern="*** property not found (\S+)" replacement="" />
</filters>
<!-- /ADDED -->
</event>
We now see two additional lines in the DEBUG logs for eventd indicating that we are now filtering out these unwanted strings:
adding [.1.7|uei.opennms.org/vendor/DoubleClick/traps/siteScopeClear] to filter map
filtering .1.7 with *** property not found (\S+)
I diff’d HEAD rev 7198 and 1.3.6-1 (in which I made my mods). The patch adds to the config for events, allowing this (notice the filters tag):
<event>
<mask>
<maskelement>
<mename>id</mename>
<mevalue>.1.3.6.1.4.1.4875.3.1</mevalue>
</maskelement>
<maskelement>
<mename>generic</mename>
<mevalue>6</mevalue>
</maskelement>
<maskelement>
<mename>specific</mename>
<mevalue>15</mevalue>
</maskelement>
</mask>
<uei>uei.opennms.org/vendor/DoubleClick/traps/siteScopeDown</uei>
<event-label>DCLK-SITESCOPE-MIB defined trap event: siteScopeDown</event-label>
<descr>
%parm[all]%
</descr>
<logmsg dest='logndisplay'><p>DoubleClick SiteScope Down Notification: %parm#6%.</p></logmsg>
<severity>Minor</severity>
<!--<alarm-data reduction-key="%parm#4%:%parm#5%" alarm-type="1" auto-clean="true"/>-->
<filters>
<filter eventparm=".1.7" pattern="*** property not found (\S+)" replacement="" />
</filters>
</event>
diff -ru opennms-1.3.6/opennms-1.3.6-1/source/opennms-config/src/main/castor/eventconf.xsd HEAD/opennms/opennms-config/src/main/castor/eventconf.xsd
— opennms-1.3.6/opennms-1.3.6-1/source/opennms-config/src/main/castor/eventconf.xsd 2007-08-13 10:52:10.000000000 -0400
+++ HEAD/opennms/opennms-config/src/main/castor/eventconf.xsd 2007-08-15 13:29:49.000000000 -0400
@@ -180,12 +180,6 @@
</annotation>
</element>
<element maxOccurs="1" minOccurs="0" ref="this:filters">
<annotation>
<documentation>The event filters to be applied to the event data</documentation>
</annotation>
</element>
-
</sequence>
</complexType>
@@ -248,29 +242,6 @@
</complexType>
</element>
<element name="filters">
<annotation>
<documentation>The filters for the event, contains one or more filter tags.</documentation>
</annotation>
<complexType>
<sequence>
<element maxOccurs="unbounded" minOccurs="1" ref="this:filter"/>
</sequence>
</complexType>
</element>
<element name="filter">
<annotation>
<documentation>The mask element</documentation>
</annotation>
-
<complexType>
<attribute name="eventparm" type="string" use="required" />
<attribute name="pattern" type="string" use="required" />
<attribute name="replacement" type="string" use="required" />
</complexType>
</element>
-
<element name="snmp">
<annotation>
<documentation>The snmp information from the trap</documentation>
diff -ru opennms-1.3.6/opennms-1.3.6-1/source/opennms-services/src/main/java/org/opennms/netmgt/eventd/EventdConstants.java HEAD/opennms/opennms-services/src/main/java/org/opennms
/netmgt/eventd/EventdConstants.java
— opennms-1.3.6/opennms-1.3.6-1/source/opennms-services/src/main/java/org/opennms/netmgt/eventd/EventdConstants.java 2007-08-13 11:35:00.000000000 -0400
+++ HEAD/opennms/opennms-services/src/main/java/org/opennms/netmgt/eventd/EventdConstants.java 2007-08-15 13:30:12.000000000 -0400
@@ -59,7 +59,7 @@
public final static String SQL_DB_ALARM_REDUCTION_QUERY =
"SELECT alarmid " +
" FROM alarms " +
" WHERE lower(reductionKey) = lower";
+ " WHERE reductionKey = ?";
public static final String SQL_DB_UPDATE_EVENT_WITH_ALARM_ID =
"UPDATE events "+
@@ -73,7 +73,7 @@
public final static String SQL_DB_ALARM_UPDATE_EVENT =
"UPDATE alarms " +
" SET counter = counter+1, lastEventID = ?, lastEventTime = ? " +
" WHERE lower(reductionKey) = lower";
+ " WHERE reductionKey = ?";
/**
The SQL insertion string used by eventd to store the event information as an alarm
diff -ru opennms-1.3.6/opennms-1.3.6-1/source/opennms-services/src/main/java/org/opennms/netmgt/eventd/EventExpander.java HEAD/opennms/opennms-services/src/main/java/org/opennms/n
etmgt/eventd/EventExpander.java
— opennms-1.3.6/opennms-1.3.6-1/source/opennms-services/src/main/java/org/opennms/netmgt/eventd/EventExpander.java 2007-08-13 11:31:14.000000000 -0400
+++ HEAD/opennms/opennms-services/src/main/java/org/opennms/netmgt/eventd/EventExpander.java 2007-08-15 13:30:12.000000000 -0400
@@ -383,7 +383,7 @@
Thrown if the event parameter that was passed is null.
*/
public static org.opennms.netmgt.xml.eventconf.Event lookup(Event event) {
+ private static org.opennms.netmgt.xml.eventconf.Event lookup(Event event) {
if (event == null)
throw new NullPointerException("Invalid argument, the event parameter must not be null");
diff -ru opennms-1.3.6/opennms-1.3.6-1/source/opennms-services/src/main/java/org/opennms/netmgt/eventd/EventHandler.java HEAD/opennms/opennms-services/src/main/java/org/opennms/ne
tmgt/eventd/EventHandler.java
— opennms-1.3.6/opennms-1.3.6-1/source/opennms-services/src/main/java/org/opennms/netmgt/eventd/EventHandler.java 2007-08-13 11:33:18.000000000 -0400
+++ HEAD/opennms/opennms-services/src/main/java/org/opennms/netmgt/eventd/EventHandler.java 2007-08-15 13:30:12.000000000 -0400
@@ -36,7 +36,6 @@
import java.sql.SQLException;
import java.util.Enumeration;
-import java.util.regex.*;
import org.apache.log4j.Category;
import org.opennms.core.utils.ThreadCategory;
@@ -68,8 +67,6 @@
private String m_getNextEventIdStr;
private String m_getNextAlarmIdStr;
private java.util.HashMap<String, org.opennms.netmgt.xml.eventconf.Filter> m_filterMap;
/**
Constructor for the eventhandler
@@ -84,35 +81,6 @@
m_eventLog = eventLog;
m_getNextEventIdStr = getNextEventId;
m_getNextAlarmIdStr = getNextAlarmIdStr;
m_filterMap = new java.util.LinkedHashMap();
}
-
private void filterParms(org.opennms.netmgt.xml.eventconf.Event econf, Event event) {
Category log = ThreadCategory.getInstance(getClass());
for (org.opennms.netmgt.xml.eventconf.Filter fConf : (java.util.List<org.opennms.netmgt.xml.eventconf.Filter>) econf.getFilters().getFilterCollection()) {
if (!m_filterMap.containsKey(fConf.getEventparm() + "|" + event.getUei())) {
m_filterMap.put(fConf.getEventparm() + "|" + event.getUei(), fConf);
if (log.isDebugEnabled()) log.debug("adding [" + fConf.getEventparm() + "|" + event.getUei() + "] to filter map");
}
}
-
Parm[] parms = (event.getParms() == null ? null : event.getParms().getParm());
if (parms != null) {
for (int x = 0; x < parms.length; x++) {
if ((parms[x].getParmName() != null)
&& (parms[x].getValue().getContent() != null)
&& (m_filterMap.containsKey(parms[x].getParmName() + "|" + event.getUei()))
) {
org.opennms.netmgt.xml.eventconf.Filter f = m_filterMap.get(parms[x].getParmName() + "|" + event.getUei());
if (log.isDebugEnabled()) log.debug("filtering " + parms[x].getParmName() + " with " + f.getPattern());
final Pattern pattern = Pattern.compile( f.getPattern() );
Matcher matcher = pattern.matcher( parms[x].getValue().getContent().trim() );
parms[x].getValue().setContent( matcher.replaceAll(f.getReplacement()) );
}
}
}
}
/**
@@ -154,9 +122,6 @@
Enumeration en = events.enumerateEvent();
while (en.hasMoreElements()) {
Event event = (Event) en.nextElement();
org.opennms.netmgt.xml.eventconf.Event econf = EventExpander.lookup(event);
if (econf.getFilters() != null)
filterParms(econf, event);
if (log.isDebugEnabled()) {
// print out the eui, source, and other