Commit fe1d47b4 authored by ale's avatar ale

autoregister syslog formats; implement separate scan/search commands

parent a587a1ea
......@@ -20,13 +20,9 @@ def run_http_server(lens, opts, args):
def create_syslog_parser(opts):
if opts.log_format == 'standard':
return syslog_parser.SyslogParser()
elif opts.log_format == 'iso':
return syslog_parser.SyslogIsoParser()
elif opts.log_format == 'dumb':
return syslog_parser.SyslogDumbParser()
else:
try:
return syslog_parser.get_parser(opts.log_format)
except KeyError:
raise Exception('Unsupported log format "%s"' % opts.log_format)
......@@ -54,6 +50,24 @@ def run_inject(lens, opts, args):
def do_search(lens, opts, args):
query = ' '.join(args)
time_range = None
if opts.time_range:
time_range = utils.parse_time_range(opts.time_range)
scroll_id = None
while True:
results, scroll_id = lens.search(query, time_range,
scroll_id=scroll_id)
if not results:
break
log.debug('search: %d results, scroll_id=%s', len(results),
scroll_id)
for doc in results:
sys.stdout.write(utils.format_log(doc).encode('utf-8', 'replace'))
sys.stdout.flush()
def do_scan(lens, opts, args):
query = ' '.join(args)
time_range = None
if opts.time_range:
......@@ -123,6 +137,10 @@ Known commands:
if len(args) < 1:
parser.error('Too few arguments')
do_search(lens, opts, args)
elif cmd == 'scan':
if len(args) < 1:
parser.error('Too few arguments')
do_scan(lens, opts, args)
elif cmd == 'expire':
if len(args) != 1:
parser.error('Syntax: expire <TIMESPEC>')
......
......@@ -5,6 +5,7 @@ from lens2 import utils
_tag_pattern = re.compile(r'^(.+)\[(\d+)\]:?$')
def _parse_tag(tag):
match = _tag_pattern.search(tag)
if match:
......@@ -12,6 +13,14 @@ def _parse_tag(tag):
else:
return (tag.rstrip(':'), None)
_parser_registry = {}
def register_parser(class_):
_parser_registry[class_.name] = class_
def get_parser(name, **args):
return _parser_registry[name](**args)
class SyslogParserBase(object):
"""Base parser class for syslog data."""
......@@ -47,15 +56,21 @@ class SyslogIsoParser(SyslogParserBase):
"""
name = 'iso'
def parse_date(self, line):
_stamp, _msg = line.split(' ', 1)
stamp = utils.parse_iso8601_date(_stamp)
return stamp, _msg
register_parser(SyslogIsoParser)
class SyslogParser(SyslogParserBase):
"""Standard syslog format parser."""
name = 'standard'
def __init__(self, tz=None):
self.tz = tz # ignored for now
self.year = time.gmtime().tm_year
......@@ -69,17 +84,21 @@ class SyslogParser(SyslogParserBase):
stamp_tuple.tm_yday, -1)
return time.mktime(fixed_tuple), msg
register_parser(SyslogParser)
class SyslogDumbParser(SyslogParser):
name = 'dumb'
def __call__(self, line):
stamp, rest = self.parse_date(line)
host, tag, msg = rest.split(' ', 2)
prog, pid = _parse_tag(tag)
info = {'timestamp': stamp, 'host': host,
'facility': 'all', 'severity': 'info',
'program': prog, 'msg': msg}
if pid:
info['pid'] = pid
return info
register_parser(SyslogDumbParser)
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment