From 4e716f837368d9d5ac0740e8c3778051482112ca Mon Sep 17 00:00:00 2001 From: Andre Lorbach Date: Mon, 9 Nov 2009 17:54:44 +0100 Subject: [PATCH] more changes in report code --- src/classes/logstream.class.php | 10 +- src/classes/logstreamdb.class.php | 111 +++++++++++++++++- .../reports/report.eventlog.monilog.class.php | 62 +++++++++- 3 files changed, 170 insertions(+), 13 deletions(-) diff --git a/src/classes/logstream.class.php b/src/classes/logstream.class.php index 2169060..56af2f3 100644 --- a/src/classes/logstream.class.php +++ b/src/classes/logstream.class.php @@ -209,7 +209,15 @@ abstract class LogStream { */ public abstract function ConsolidateDataByField($szConsFieldId, $nRecordLimit, $szSortFieldId, $nSortingOrder, $bIncludeLogStreamFields = false); - + + /** + * This functions is used by reports to consolidate data + * + * @return integer Error stat + */ + public abstract function ConsolidateItemListByField($szConsFieldId, $nRecordLimit, $szSortFieldId, $nSortingOrder); + + /** * Gets a property and checks if the class is able to sort the records * by this property. diff --git a/src/classes/logstreamdb.class.php b/src/classes/logstreamdb.class.php index 8d2040a..95c1217 100644 --- a/src/classes/logstreamdb.class.php +++ b/src/classes/logstreamdb.class.php @@ -689,6 +689,102 @@ class LogStreamDB extends LogStream { } + /** + * Implementation of ConsolidateItemListByField + * + * In the native MYSQL Logstream, the database will do most of the work + * + * @return integer Error stat + */ + public function ConsolidateItemListByField($szConsFieldId, $nRecordLimit, $szSortFieldId, $nSortingOrder) + { + global $content, $dbmapping, $fields; + + // Copy helper variables, this is just for better readability + $szTableType = $this->_logStreamConfigObj->DBTableType; + + // Check if fields are available + if ( !isset($dbmapping[$szTableType]['DBMAPPINGS'][$szConsFieldId]) || !isset($dbmapping[$szTableType]['DBMAPPINGS'][$szSortFieldId]) ) + return ERROR_DB_DBFIELDNOTFOUND; + + // --- Set Options + $nConsFieldType = $fields[$szConsFieldId]['FieldType']; + + if ( $nSortingOrder == SORTING_ORDER_DESC ) + $szSortingOrder = "DESC"; + else + $szSortingOrder = "ASC"; + // --- + + // --- Set DB Field names + $myDBConsFieldName = $dbmapping[$szTableType]['DBMAPPINGS'][$szConsFieldId]; + $myDBGroupByFieldName = $myDBConsFieldName; + $myDBQueryFields = $myDBConsFieldName . ", "; + + // Set Sorted Field + if ( $szConsFieldId == $szSortFieldId ) + $myDBSortedFieldName = "ItemCount"; + else + $myDBSortedFieldName = $szSortFieldId; + // --- + + // Special handling for date fields + if ( $nConsFieldType == FILTER_TYPE_DATE ) + { + // Helper variable for the select statement + $mySelectFieldName = $myDBGroupByFieldName . "Grouped"; + $myDBQueryFieldName = "DATE( " . $myDBConsFieldName . ") AS " . $myDBGroupByFieldName ; + } + + // Set Limit String + if ( $nRecordLimit > 0 ) + $szLimitSql = " LIMIT " . $nRecordLimit; + else + $szLimitSql = ""; + + // Create SQL String now! + $szSql = "SELECT " . + $myDBQueryFields . + "count(" . $myDBConsFieldName . ") as ItemCount " . + " FROM " . $this->_logStreamConfigObj->DBTableName . + " GROUP BY " . $myDBGroupByFieldName . + " ORDER BY " . $myDBSortedFieldName . " " . $szSortingOrder . + $szLimitSql ; + + // Perform Database Query + $myquery = mysql_query($szSql, $this->_dbhandle); + if ( !$myquery ) + return ERROR_DB_QUERYFAILED; + + // Initialize Array variable + $aResult = array(); + + // read data records + while ($myRow = mysql_fetch_array($myquery, MYSQL_ASSOC)) + { + // Create new row + $aNewRow = array(); + + foreach ( $myRow as $myFieldName => $myFieldValue ) + { + if ( $myFieldName == $dbmapping[$szTableType]['DBMAPPINGS'][$szConsFieldId] ) + $aNewRow[$szConsFieldId] = $myFieldValue; + else + $aNewRow[$myFieldName] = $myFieldValue; + } + + // Add new row to result + $aResult[] = $aNewRow; + } + + // return finished array + if ( count($aResult) > 0 ) + return $aResult; + else + return ERROR_NOMORERECORDS; + } + + /** * Implementation of ConsolidateDataByField * @@ -749,7 +845,7 @@ class LogStreamDB extends LogStream { if ( $szConsFieldId == $szSortFieldId ) - $myDBSortedFieldName = "ConsolidatedField"; + $myDBSortedFieldName = "ItemCount"; else $myDBSortedFieldName = $szSortFieldId; // --- @@ -762,14 +858,20 @@ class LogStreamDB extends LogStream { $myDBQueryFieldName = "DATE( " . $myDBConsFieldName . ") AS " . $myDBGroupByFieldName ; } + // Set Limit String + if ( $nRecordLimit > 0 ) + $szLimitSql = " LIMIT " . $nRecordLimit; + else + $szLimitSql = ""; + // Create SQL String now! $szSql = "SELECT " . $myDBQueryFields . - "count(" . $myDBConsFieldName . ") as ConsolidatedField " . + "count(" . $myDBConsFieldName . ") as ItemCount " . " FROM " . $this->_logStreamConfigObj->DBTableName . " GROUP BY " . $myDBGroupByFieldName . " ORDER BY " . $myDBSortedFieldName . " " . $szSortingOrder . - " LIMIT " . $nRecordLimit; + $szLimitSql ; // Perform Database Query $myquery = mysql_query($szSql, $this->_dbhandle); @@ -812,12 +914,9 @@ class LogStreamDB extends LogStream { return $aResult; else return ERROR_NOMORERECORDS; - - } - /** * Implementation of GetCountSortedByField * diff --git a/src/classes/reports/report.eventlog.monilog.class.php b/src/classes/reports/report.eventlog.monilog.class.php index f9274e0..dd3f538 100644 --- a/src/classes/reports/report.eventlog.monilog.class.php +++ b/src/classes/reports/report.eventlog.monilog.class.php @@ -95,11 +95,12 @@ class Report_monilog extends Report { */ public function startDataProcessing() { - global $content; + global $content, $severity_colors; // Verify Datasource first! if ( $this->verifyDataSource() == SUCCESS ) { + // Test opening the stream $res = $this->_streamObj->Open( $this->_arrProperties, true ); if ( $res == SUCCESS ) { @@ -107,19 +108,37 @@ class Report_monilog extends Report { // Step 1: Gather Summaries // Obtain data from the logstream! - $reportData = $this->_streamObj->ConsolidateDataByField( SYSLOG_SEVERITY, 10, SYSLOG_SEVERITY, SORTING_ORDER_DESC, null, false ); + $content["report_summary"] = $this->_streamObj->ConsolidateDataByField( SYSLOG_SEVERITY, 10, SYSLOG_SEVERITY, SORTING_ORDER_DESC, null, false ); // If data is valid, we have an array! - if ( is_array($reportData) && count($reportData) > 0 ) + if ( is_array($content["report_summary"]) && count($content["report_summary"]) > 0 ) { - foreach ($reportData as &$tmpReportData ) + foreach ($content["report_summary"] as &$tmpReportData ) { $tmpReportData['DisplayName'] = GetSeverityDisplayName( $tmpReportData[SYSLOG_SEVERITY] ); + $tmpReportData['bgcolor'] = $severity_colors[ $tmpReportData[SYSLOG_SEVERITY] ]; } } + // Get List of hosts + $content["report_computers"] = $this->_streamObj->ConsolidateItemListByField( SYSLOG_HOST, 20, SYSLOG_HOST, SORTING_ORDER_DESC ); -print_r ( $reportData ); + // This function will consolidate the Events based per Host! + $this->ConsolidateEventsPerHost(); + +/* // If data is valid, we have an array! + if ( is_array($content["report_computers"]) && count($content["report_computers"]) > 0 ) + { + foreach ($content["report_computers"] as &$tmpReportComputer ) + { + $tmpReportComputer['report_events'] = $this->_streamObj->ConsolidateDataByField( SYSLOG_MESSAGE, 100, SYSLOG_MESSAGE, SORTING_ORDER_DESC, null, false ); + + print_r ( $tmpReportComputer['report_events'] ); + } + } +*/ + +print_r ( $content["report_computers"] ); exit; // --- @@ -204,7 +223,38 @@ exit; } - // Private functions... + // --- Private functions... + + + /** + * Helper function to consolidate events + */ + private function ConsolidateEventsPerHost() + { + // Create array with columns we need for analysis + $reportFields[] = SYSLOG_UID; + $reportFields[] = SYSLOG_DATE; + $reportFields[] = SYSLOG_HOST; + $reportFields[] = SYSLOG_SEVERITY; + $reportFields[] = SYSLOG_EVENT_ID; + $reportFields[] = SYSLOG_EVENT_SOURCE; + $reportFields[] = SYSLOG_MESSAGE; + + // Set Filter string + $this->_streamObj->SetFilter( $this->_filterString ); + + // Now open the stream for data processing + $res = $this->_streamObj->Open( $reportFields, true ); + if ( $res == SUCCESS ) + { + + + + } + + // Work done! + return SUCCESS; + } /* private function ResetBuffer() { $this->_bEOS = false;