diff options
| author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2017-08-08 18:55:15 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-08-08 18:55:15 +0100 |
| commit | bf731647a669ffbcb01efe01b9dc775fc4e5677b (patch) | |
| tree | 2c4d93f0dc2753752578a92403263118a4c9e003 | |
| parent | d9c0c2ceca62968dd1a60179e7741c0e37310643 (diff) | |
| parent | aa4fe8256ae2f7f70724be99b210c2e7c42c525c (diff) | |
| download | rspamd-bf731647a669ffbcb01efe01b9dc775fc4e5677b.tar.gz rspamd-bf731647a669ffbcb01efe01b9dc775fc4e5677b.zip | |
Merge pull request #1794 from moisseev/rspamd_stats
Rspamd stats: add support for syslog timestamps
| -rwxr-xr-x[-rw-r--r--] | utils/rspamd_stats.pl | 64 |
1 files changed, 61 insertions, 3 deletions
diff --git a/utils/rspamd_stats.pl b/utils/rspamd_stats.pl index 0a2ad46b8..fcd2ea503 100644..100755 --- a/utils/rspamd_stats.pl +++ b/utils/rspamd_stats.pl @@ -74,6 +74,8 @@ my %scanTime = ( ); my %bidir_match; +foreach ( $startTime, $endTime ) { $_ = &normalized_time($_) } + # Convert bidirectional symbols foreach my $s (@symbols_bidirectional) { $bidir_match{$s} = { @@ -206,6 +208,9 @@ say '=' x 80; exit; sub ProcessLog { + my $ts_format = &log_time_format($rspamd_log); + my $is_syslog = defined $ts_format && $ts_format eq 'syslog'; + while(<$rspamd_log>) { if (!$enabled && ($search_pattern eq "" || /$search_pattern/)) { $enabled = 1; @@ -214,7 +219,10 @@ sub ProcessLog { next if !$enabled; if (/^.*rspamd_task_write_log.*$/) { - my $ts = join ' ', ( split /\s+/ )[ 0 .. 2 ]; + my $ts = + ($is_syslog) + ? syslog2iso( join ' ', ( split /\s+/ )[ 0 .. 2 ] ) + : join ' ', ( split /\s+/ )[ 0 .. 1 ]; next if ( $ts lt $startTime ); next if ( defined $endTime && $ts gt $endTime ); @@ -399,6 +407,38 @@ sub GetLogfilesList { return @logs; } +sub log_time_format { + my $fh = shift; + my $format; + while (<$fh>) { + + # 2017-08-08 00:00:01 #66984( + # 2017-08-08 00:00:01.001 #66984( + if (/^\d{4}-\d\d-\d\d \d\d:\d\d:\d\d(\.\d{3})? #\d+\(/) { + $format = 'rspamd'; + last; + } + + # Aug 8 00:02:50 #66986( + elsif (/^\w{3} (?:\s\d|\d\d) \d\d:\d\d:\d\d #\d+\(/) { + $format = 'syslog'; + last; + } + } + seek( $fh, 0, 0 ); + return $format; +} + +sub normalized_time { + return undef + if !defined( $_ = shift ); + + /^\d\d(?::\d\d){0,2}$/ + ? sprintf '%04d-%02d-%02d %s', 1900 + (localtime)[5], 1 + (localtime)[4], + (localtime)[3], $_ + : $_; +} + sub numeric { $a =~ /\.(\d+)\./; my $a_num = $1; @@ -408,6 +448,22 @@ sub numeric { $a_num <=> $b_num; } +# Convert syslog timestamp to "ISO 8601 like" format +# using current year as syslog does not record the year (nor the timezone) +# or the last year if the guessed time is in the future. +sub syslog2iso { + my %month_map; + @month_map{qw(Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec)} = 0 .. 11; + + my ( $month, @t ) = + $_[0] =~ m/^(\w{3}) \s\s? (\d\d?) \s (\d\d):(\d\d):(\d\d)/x; + my $epoch = + timelocal( ( reverse @t ), $month_map{$month}, 1900 + (localtime)[5] ); + sprintf '%04d-%02d-%02d %02d:%02d:%02d', + 1900 + (localtime)[5] - ( $epoch > time ), + $month_map{$month} + 1, @t; +} + __END__ =head1 NAME @@ -487,13 +543,15 @@ Exclude log lines if certain symbols are fired (e.g. GTUBE). You may specify thi Select log entries after this time. Format: C<YYYY-MM-DD HH:MM:SS> (can be truncated to any desired accuracy). If used with B<--end> select entries between -B<--start> and B<--end>. +B<--start> and B<--end>. The omitted date defaults to the current date if you +supply the time. =item B<--end> Select log entries before this time. Format: C<YYYY-MM-DD HH:MM:SS> (can be truncated to any desired accuracy). If used with B<--start> select entries between -B<--start> and B<--end>. +B<--start> and B<--end>. The omitted date defaults to the current date if you +supply the time. =item B<--help> |