private void ParseLinuxLine(LogLine logLine)
{
var worker = logLine.LogFileInfo.Worker;
if (_skipRemainingInput.Contains(worker))
{
return;
}
if (!(logLine.LineContents is string logString))
{
_processingNotificationsCollector.ReportError("Received null/non-string netstat data", logLine, nameof(NetstatPlugin));
return;
}
// starts in Active Internet connections mode, then moves to Active UNIX domain sockets, which we dont care about
if (logString.StartsWith("Active UNIX domain sockets"))
{
_skipRemainingInput.Add(worker);
return;
}
var match = NetstatLinuxInternetConnection.Match(logString);
if (match == Match.Empty)
{
return;
}
var groups = match.Groups;
var processName = groups["program_name"].Value;
var parsedResult = new NetstatActiveConnection
{
FileLastModified = logLine.LogFileInfo.LastModifiedUtc,
Line = logLine.LineNumber,
Worker = worker,
// Process names can be truncated in netstat output
IsKnownTableauServerProcess = KnownTableauServerProcesses.Any(p => p.StartsWith(processName)),
Protocol = groups["protocol"].Value,
RecvQ = int.TryParse(groups["recv_q"].Value, out var rq) ? rq : (int?)null,
SendQ = int.TryParse(groups["send_q"].Value, out var sq) ? sq : (int?)null,
LocalAddress = groups["local_address"].Value,
LocalPort = groups["local_port"].Value,
ForeignAddress = groups["foreign_address"].Value,
ForeignPort = groups["foreign_port"].Value,
TcpState = groups["state"].Value,
ProcessId = int.TryParse(groups["pid"].Value, out var pid) ? pid : (int?)null,
ProcessName = processName,
};
_writer.AddLine(parsedResult);
}
private void ParseWindowsLine(LogLine logLine)
{
var worker = logLine.LogFileInfo.Worker;
var connectionSection = logLine.LineContents as Stack <(string line, int lineNumber)>;
if (connectionSection == null || connectionSection.Count == 0)
{
_processingNotificationsCollector.ReportError("Received null/unparsed netstat output", logLine, nameof(NetstatPlugin));
return;
}
var processName = connectionSection.Pop().line.Trim(' ', '[', ']');
var componentName = (string)null;
var hasComponentName = !connectionSection.Peek().line.Contains(':');
if (hasComponentName)
{
componentName = connectionSection.Peek().line.Trim();
}
foreach (var(line, lineNumber) in connectionSection)
{
var match = NetstatWindowsConnection.Match(line);
if (match != Match.Empty)
{
var groups = match.Groups;
var parsedResult = new NetstatActiveConnection
{
FileLastModified = logLine.LogFileInfo.LastModifiedUtc,
Line = lineNumber,
Worker = worker,
IsKnownTableauServerProcess = KnownTableauServerProcesses.Any(p => processName.StartsWith(p)),
ProcessName = processName,
ComponentName = componentName,
Protocol = groups["protocol"].Value,
LocalAddress = groups["local_address"].Value,
LocalPort = groups["local_port"].Value,
ForeignAddress = groups["foreign_address"].Value,
ForeignPort = groups["foreign_port"].Value,
TcpState = groups["state"].Success ? groups["state"].Value : null,
};
_writer.AddLine(parsedResult);
}
}
}
