Beispiel #1
0
 public LogLine(int idx, RuleResult rule)
 {
     Index = idx;
     if(rule != null) {
         RuleType = rule.RuleType;
         if(rule.Values != null && rule.Values.Count > 0)
             Values = rule.Values;
     }
 }
Beispiel #2
0
        private bool ProcessAsChunkBody(int index, RuleResult result, RawEvent raw, out int processedBodyLines)
        {
            processedBodyLines = 0;
            if (result.LineType != LineType.Body)
            {
                return(false);
            }

            if (result.Key != raw.Key)
            {
                return(false);
            }

            string key = result.Key;

            raw.Body.Add(new LogLine(index, result));

            //TODO require the RequiredRule
            if (result.RequiredBlockRule != null)
            {
                var blockResult = ProcessRequiredBodyBlock(index, result);
                if (blockResult != null)
                {
                    foreach (var pair in blockResult.LineRuleResults)
                    {
                        int idx = pair.Key + index + 1;
                        raw.Body.Add(new LogLine(idx, pair.Value)
                        {
                            Content = GetLine(idx)
                        });
                    }
                    processedBodyLines = blockResult.ProcessedCount;
                }
            }
            return(true);
        }
Beispiel #3
0
 private BlockRuleResult ProcessRequiredBodyBlock(int index, RuleResult result)
 {
     string[] blockLines;
     int take = Math.Min(result.RequiredBlockRule.MaxBlockSize, Log.Lines.Length - index - 1);
     blockLines = Log.Lines.Skip(index + 1).Take(take).ToArray();
     return result.RequiredBlockRule.Apply(blockLines);
 }
Beispiel #4
0
        private bool ProcessAsChunkHeader(int index, RuleResult result)
        {
            if(result.LineType != LineType.Header)
                return false;

            string key = result.Key;
            if(IncompleteChunks.ContainsKey(key)) {
                //IncompleteChunks.Remove(key);
                //I've modified regexps. Let's give edocs another try...
                RawEvent inc = IncompleteChunks[key];

                LogMessage("{5}: Found a new event header with the same key {0} before the footer of the previous event\n" +
                    "\tPrevious header at line {1}: {2}\n" +
                    "\tNew header at line {3}: {4}",
                    key, inc.Header.Index, GetLine(inc.Header.Index), index, GetLine(index), System.IO.Path.GetFileName(Log.FileName));
            }

            IncompleteChunks[key] = new RawEvent(key) { Header = new LogLine(index, result), Type = result.EventType };
            return true;
        }
Beispiel #5
0
        private bool ProcessAsChunkFooter(int index, RuleResult result)
        {
            if(result.LineType != LineType.Footer)
                return false;

            string key = result.Key;
            if(!IncompleteChunks.ContainsKey(key)) {
                LogMessage("{2}: Footer without header at {0}: {1}", index, GetLine(index), System.IO.Path.GetFileName(Log.FileName));
                return false;  // footer without header - strange, but we don't need it
            }

            RawEvent inc = IncompleteChunks[key];
            IncompleteChunks.Remove(key);
            if(inc.Header.Index >= index) {
                LogMessage("{4}: Footer above header at {0}: {1}\n\tHeader at {2}: {3}", index, GetLine(index), inc.Header.Index, GetLine(inc.Header.Index), System.IO.Path.GetFileName(Log.FileName));
                return false;
            }

            inc.Footer = new LogLine(index, result);
            Chunks.Add(inc);
            return true;
        }
Beispiel #6
0
        private bool ProcessAsChunkBody(int index, RuleResult result, RawEvent raw, out int processedBodyLines)
        {
            processedBodyLines = 0;
            if(result.LineType != LineType.Body)
                return false;

            if(result.Key != raw.Key)
                return false;

            string key = result.Key;
            raw.Body.Add(new LogLine(index, result));

            //TODO require the RequiredRule
            if(result.RequiredBlockRule != null) {
                var blockResult = ProcessRequiredBodyBlock(index, result);
                if(blockResult != null) {
                    foreach(var pair in blockResult.LineRuleResults) {
                        int idx = pair.Key + index + 1;
                        raw.Body.Add(new LogLine(idx, pair.Value) { Content = GetLine(idx) });
                    }
                    processedBodyLines = blockResult.ProcessedCount;
                }
            }
            return true;
        }