private void ParseLinuxLine(LogLine logLine) { var worker = logLine.LogFileInfo.Worker; if (_skipRemainingInput.Contains(worker)) { return; } if (!(logLine.LineContents is string logString)) { _processingNotificationsCollector.ReportError("Received null/non-string netstat data", logLine, nameof(NetstatPlugin)); return; } // starts in Active Internet connections mode, then moves to Active UNIX domain sockets, which we dont care about if (logString.StartsWith("Active UNIX domain sockets")) { _skipRemainingInput.Add(worker); return; } var match = NetstatLinuxInternetConnection.Match(logString); if (match == Match.Empty) { return; } var groups = match.Groups; var processName = groups["program_name"].Value; var parsedResult = new NetstatActiveConnection { FileLastModified = logLine.LogFileInfo.LastModifiedUtc, Line = logLine.LineNumber, Worker = worker, // Process names can be truncated in netstat output IsKnownTableauServerProcess = KnownTableauServerProcesses.Any(p => p.StartsWith(processName)), Protocol = groups["protocol"].Value, RecvQ = int.TryParse(groups["recv_q"].Value, out var rq) ? rq : (int?)null, SendQ = int.TryParse(groups["send_q"].Value, out var sq) ? sq : (int?)null, LocalAddress = groups["local_address"].Value, LocalPort = groups["local_port"].Value, ForeignAddress = groups["foreign_address"].Value, ForeignPort = groups["foreign_port"].Value, TcpState = groups["state"].Value, ProcessId = int.TryParse(groups["pid"].Value, out var pid) ? pid : (int?)null, ProcessName = processName, }; _writer.AddLine(parsedResult); }
private void ParseWindowsLine(LogLine logLine) { var worker = logLine.LogFileInfo.Worker; var connectionSection = logLine.LineContents as Stack <(string line, int lineNumber)>; if (connectionSection == null || connectionSection.Count == 0) { _processingNotificationsCollector.ReportError("Received null/unparsed netstat output", logLine, nameof(NetstatPlugin)); return; } var processName = connectionSection.Pop().line.Trim(' ', '[', ']'); var componentName = (string)null; var hasComponentName = !connectionSection.Peek().line.Contains(':'); if (hasComponentName) { componentName = connectionSection.Peek().line.Trim(); } foreach (var(line, lineNumber) in connectionSection) { var match = NetstatWindowsConnection.Match(line); if (match != Match.Empty) { var groups = match.Groups; var parsedResult = new NetstatActiveConnection { FileLastModified = logLine.LogFileInfo.LastModifiedUtc, Line = lineNumber, Worker = worker, IsKnownTableauServerProcess = KnownTableauServerProcesses.Any(p => processName.StartsWith(p)), ProcessName = processName, ComponentName = componentName, Protocol = groups["protocol"].Value, LocalAddress = groups["local_address"].Value, LocalPort = groups["local_port"].Value, ForeignAddress = groups["foreign_address"].Value, ForeignPort = groups["foreign_port"].Value, TcpState = groups["state"].Success ? groups["state"].Value : null, }; _writer.AddLine(parsedResult); } } }