-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I needed to use domain names in my Nfsen alert filter (e.g. host
cnn.com), but Nfsen returned with an error and complained about my
filter syntax. Since nfdump now supports domain resolutions it should be
any problems for Nfsen either.
As I see it, the problem was that the exit code was not used when
verifying a filter. Normally nfdump -Z <filter> returns no output when
all is well. And when there is a syntax error, error messages are
outputted to stderr. When a domain name is used in the filer, nfdump
outputs the resolving addresses to stdout.
So when the code, both backend and frontend, simply checks if the output
from nfdump -Z is non-empty to signify an error condition, then using
domain names in the filter won't work.
I made a small patch to get this working. It uses the exit code from a
nfdump -Z execution to determine the validity of the filter. I modified
the VerifyFilter function in NfSen.pm to return an associative array
including both the output (stderr/stdout) and the exit code. The patch
applies to NfSen.pm, NfAlert.pm, NfProfile.pm and nfsen.php.
- -tor
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkn0kcwACgkQ6kzbtNj+3wN0NgCgsdtPI10VKXZJKFTcy5YqPg4b
jeMAoL7WuNeoR4PoJNSRC5EcHs46eBZz
=Iy+h
-----END PGP SIGNATURE-----
diff -ruNB /usr/local/src/nfsen-1.3/html/nfsen.php /usr/local/src/nfsen-mod/html/nfsen.php
--- /usr/local/src/nfsen-1.3/html/nfsen.php 2007-11-20 13:27:39.000000000 +0100
+++ /usr/local/src/nfsen-mod/html/nfsen.php 2009-04-26 18:23:29.000000000 +0200
@@ -352,7 +352,7 @@
$opts['filter'] = $filter;
$out_list = nfsend_query('run-nfdump', $opts, 0);
- if ( array_key_exists("nfdump", $out_list) ) {
+ if ( array_key_exists("nfdump", $out_list) && $out_list["exit"] > 0 ) {
foreach ( $out_list['nfdump'] as $line ) {
SetMessage('error', "Filter error: $line");
}
diff -ruNB /usr/local/src/nfsen-1.3/libexec/NfAlert.pm /usr/local/src/nfsen-mod/libexec/NfAlert.pm
--- /usr/local/src/nfsen-1.3/libexec/NfAlert.pm 2007-07-20 14:33:21.000000000 +0200
+++ /usr/local/src/nfsen-mod/libexec/NfAlert.pm 2009-04-26 18:18:38.000000000 +0200
@@ -1518,10 +1518,10 @@
if ( scalar @$filter == 0 ) {
push @$filter, "not any\n";
}
- my @out = NfSen::VerifyFilter($filter);
- if ( scalar @out > 0 ) {
+ my %out = NfSen::VerifyFilter($filter);
+ if ( $out{'exit'} > 0 ) {
print $socket $EODATA;
- print $socket "ERR Filter syntax error: ", join(' ', @out), "\n";
+ print $socket "ERR Filter syntax error: ", join(' ', $out{'nfdump'}), "\n";
return;
}
@@ -1890,10 +1890,10 @@
close FILTER;
}
if ( scalar @$filter > 0 ) {
- my @out = NfSen::VerifyFilter($filter);
- if ( scalar @out > 0 ) {
+ my %out = NfSen::VerifyFilter($filter);
+ if ( $out{'exit'} > 0 ) {
print $socket $EODATA;
- print $socket "ERR Filter syntax error: ", join(' ', @out), "\n";
+ print $socket "ERR Filter syntax error: ", join(' ', $out{'nfdump'}), "\n";
return;
}
# setup alert filter
diff -ruNB /usr/local/src/nfsen-1.3/libexec/NfProfile.pm /usr/local/src/nfsen-mod/libexec/NfProfile.pm
--- /usr/local/src/nfsen-1.3/libexec/NfProfile.pm 2007-11-20 13:27:39.000000000 +0100
+++ /usr/local/src/nfsen-mod/libexec/NfProfile.pm 2009-04-26 18:19:47.000000000 +0200
@@ -1720,10 +1720,10 @@
if ( scalar @$filter == 0 ) {
push @$filter, "not any\n";
}
- my @out = NfSen::VerifyFilter($filter);
- if ( scalar @out > 0 ) {
+ my %out = NfSen::VerifyFilter($filter);
+ if ( $out{'exit'} > 0 ) {
print $socket $EODATA;
- print $socket "ERR Filter syntax error: ", join(' ', @out), "\n";
+ print $socket "ERR Filter syntax error: ", join(' ', $out{'nfdump'}), "\n";
return;
}
my $sourcelist;
@@ -2561,10 +2561,10 @@
if ( ref $filter ne "ARRAY" ) {
$filter = [ "$filter" ];
}
- my @out = NfSen::VerifyFilter($filter);
- if ( scalar @out > 0 ) {
+ my %out = NfSen::VerifyFilter($filter);
+ if ( $out{'exit'} > 0 ) {
print $socket $EODATA;
- print $socket "ERR Filter syntax error: ", join(' ', @out), "\n";
+ print $socket "ERR Filter syntax error: ", join(' ', $out{'nfdump'}), "\n";
return;
}
my $filterfile = "$NfConf::PROFILESTATDIR/$profilepath/$channel-filter.txt";
diff -ruNB /usr/local/src/nfsen-1.3/libexec/NfSen.pm /usr/local/src/nfsen-mod/libexec/NfSen.pm
--- /usr/local/src/nfsen-1.3/libexec/NfSen.pm 2007-07-20 14:33:21.000000000 +0200
+++ /usr/local/src/nfsen-mod/libexec/NfSen.pm 2009-04-26 18:16:06.000000000 +0200
@@ -316,36 +316,46 @@
#
# Verify a given nfdump filter
-# If filter syntx ok returns an empty array @out, otherwise
-# @out contains the error message.
+# If filter syntax ok, returns an assoc array with key 'exit'
+# equals zero, otherwise 'exit' value is positive, and
+# error messages are found as an array in 'nfdump' value.
sub VerifyFilter {
my $filterref = shift;
my @out;
+ my %res;
my $filterstr = join "\n", @$filterref;
if ( $filterstr =~ /[^\s!-~\n]+/ ) {
push @out, "Illegal characters in filter: '$&'";
- return @out;
+ $res{'nfdump'} = @out;
+ $res{'exit'} = 127;
+ return %res;
}
$filterstr =~ s/^[\s\t\n]+//;
$filterstr =~ s/[\s\t\n]+$//;
if ( $filterstr eq '' ) {
push @out, "Empty filter";
- return @out;
+ $res{'nfdump'} = @out;
+ $res{'exit'} = 127;
+ return %res;
}
if ( !open(FILTER, "$NfConf::PREFIX/nfdump -Z '$filterstr' 2>&1 |") ) {
push @out, "Can't run nfdump for filter check: $!";
+ $res{'nfdump'} = @out;
+ $res{'exit'} = $?;
} else {
while ( <FILTER> ) {
push @out, $_;
}
+ $res{'nfdump'} = @out;
+ $res{'exit'} = $?;
close FILTER;
}
- return @out;
+ return %res;
} # End of VerifyFilter
@@ -515,10 +525,10 @@
my $filter = $$opts{'filter'};
- my @out = VerifyFilter($filter);
- if ( scalar @out > 0 ) {
+ my %out = VerifyFilter($filter);
+ if ( $out{'exit'} > 0 ) {
print $socket $EODATA;
- print $socket "ERR Filter syntax error: ", join(' ', @out), "\n";
+ print $socket "ERR Filter syntax error: ", join(' ', $out{'nfdump'}), "\n";
return;
}
------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensign option that enables unlimited
royalty-free distribution of the report engine for externally facing
server and web deployment.
http://p.sf.net/sfu/businessobjects
_______________________________________________
Nfsen-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
