[checkmk-commits] Check_MK Git: check_mk: When forwarding logwatch log entries to the event console between timezones , the

19 Mar 2015

Module: check_mk
Branch: master
Commit: 56e1213d9223c5efe64be7583d909848d24b6ec0
URL:   
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=56e1213d9223c5…

Author: Lars Michelsen &lt;lm(a)mathias-kettner.de&gt;
Date:   Thu Mar 19 10:51:23 2015 +0100

When forwarding logwatch log entries to the event console between timezones, the
time of the local time of sending system was used to forward the log entries
without caring about the time zone.

We changed the forwarding code to use unix timestamps for solving the problems
with timezones during forwarding.

You will need to update your event console in order to be able to receive the
new formated messages from remote systems. We recommend to first update your
event console system and then update the sending system.

Conflicts:
	ChangeLog
	checks/logwatch

---

 .werks/2151           |   19 +++++++++++++++++++
 ChangeLog             |    1 +
 checks/logwatch       |   12 +++---------
 mkeventd/bin/mkeventd |   13 +++++++++++--
 4 files changed, 34 insertions(+), 11 deletions(-)

diff --git a/.werks/2151 b/.werks/2151
new file mode 100644
index 0000000..68f2a43
--- /dev/null
+++ b/.werks/2151
@@ -0,0 +1,19 @@
+Title: Fixed wrong time in events when forwarding logwatch to EC between timezones
+Level: 1
+Component: ec
+Class: fix
+Compatible: compat
+State: unknown
+Version: 1.2.7i1
+Date: 1426758431
+
+When forwarding logwatch log entries to the event console between timezones, the
+time of the local time of sending system was used to forward the log entries
+without caring about the time zone.
+
+We changed the forwarding code to use unix timestamps for solving the problems
+with timezones during forwarding.
+
+You will need to update your event console in order to be able to receive the
+new formated messages from remote systems. We recommend to first update your
+event console system and then update the sending system.
diff --git a/ChangeLog b/ChangeLog
index 2491f3f..99a9904 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -403,6 +403,7 @@
     * 1865 FIX: mkeventd: fixed exception when executing a shell script as action
     * 2133 FIX: Fix visualization of global EC setting for Rule Optimizer...
     * 2139 FIX: Fix exception in Event Console when archiving events with match groups
and non ASCII characters
+    * 2151 FIX: Fixed wrong time in events when forwarding logwatch to EC between
timezones...
 
     HW/SW-Inventory:
     * 1846 Keep track of changes of software and hardware...
diff --git a/checks/logwatch b/checks/logwatch
index fa7750d..2387785 100644
--- a/checks/logwatch
+++ b/checks/logwatch
@@ -517,12 +517,6 @@ def logwatch_to_prio(level):
     else:
         return 4
 
-def syslog_time():
-    localtime = time.localtime()
-    day = int(time.strftime("%d", localtime)) # strip leading 0
-    value = time.strftime("%b %%d %H:%M:%S", localtime)
-    return value % day
-
 def inventory_logwatch_ec(info):
     forwarded_logs, not_forwarded_logs = logwatch_select_forwarded(info)
     if forwarded_logs:
@@ -585,7 +579,8 @@ def check_logwatch_ec(item, params, info):
     # <facility+priority> timestamp hostname logfile: message
     facility = params.get('facility', 17) << 3 # default to
"local1"
     messages = []
-    cur_time = syslog_time()
+    cur_time = int(time.time())
+
     forwarded_logfiles = set([])
 
     # Get the logwatch patterns if they are not already precompiled
@@ -620,9 +615,8 @@ def check_logwatch_ec(item, params, info):
                         rclfd_to_ignore += 1
                         continue
 
-
             msg = '<%d>' % (facility + logwatch_to_prio(rclfd_level or
line[0]),)
-            msg += '%s %s %s: %s' % (cur_time, g_hostname, logfile, line[2:])
+            msg += '@%s %s %s: %s' % (cur_time, g_hostname, logfile, line[2:])
             messages.append(msg)
             forwarded_logfiles.add(logfile)
 
diff --git a/mkeventd/bin/mkeventd b/mkeventd/bin/mkeventd
index aa00f3e..d505460 100755
--- a/mkeventd/bin/mkeventd
+++ b/mkeventd/bin/mkeventd
@@ -2143,12 +2143,15 @@ class EventServer:
             # Variant 6: syslog message without date / host:
             # <5>SYSTEM_INFO: [WLAN-1] Triggering Background Scan
 
+            #Varian 7: logwatch.ec event forwarding
+            # <78>@1341847712 Klapprechner /var/log/syslog: message....
+
             # FIXME: Would be better to parse the syslog messages in another way:
             # Split the message by the first ":", then split the syslog header
part
             # and detect which information are present. Take a look at the syslog RFCs
             # for details.
 
-            # Variant 2,3,4,5,6
+            # Variant 2,3,4,5,6,7
             if line.startswith('<'):
                 i = line.find('>')
                 prio = int(line[1:i])
@@ -2161,8 +2164,14 @@ class EventServer:
                 event["facility"] = 1 # user
                 event["priority"] = 5 # notice
 
+            # Variant 7
+            if line[0] == '@' and line[11] == ' ':
+                timestamp, event['host'], line = line.split(' ', 2)
+                event['time'] = float(timestamp[1:])
+                event.update(self.parse_syslog_info(line))
+
             # Variant 3
-            if line.startswith("@"):
+            elif line.startswith("@"):
                 event.update(self.parse_monitoring_info(line))
 
             # Variant 5


    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

[checkmk-commits] Check_MK Git: check_mk: When forwarding logwatch log entries to the event console between timezones , the