syslog-ng source
correlation-key.h
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2002-2013, 2015 Balabit
3  * Copyright (c) 1998-2013, 2015 Balázs Scheidler
4  *
5  * This program is free software; you can redistribute it and/or modify it
6  * under the terms of the GNU General Public License version 2 as published
7  * by the Free Software Foundation, or (at your option) any later version.
8  *
9  * This program is distributed in the hope that it will be useful,
10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12  * GNU General Public License for more details.
13  *
14  * You should have received a copy of the GNU General Public License
15  * along with this program; if not, write to the Free Software
16  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
17  *
18  * As an additional exemption you are allowed to compile & link against the
19  * OpenSSL libraries as published by the OpenSSL project. See the file
20  * COPYING for details.
21  *
22  */
23 #ifndef CORRELATION_CORRELATION_KEY_H_INCLUDED
24 #define CORRELATION_CORRELATION_KEY_H_INCLUDED
25 
26 #include "syslog-ng.h"
27 
28 /* rule context scope */
29 typedef enum
30 {
31  /* correlation happens globally, e.g. log messages even on different hosts are considered */
32  RCS_GLOBAL,
33  /* correlation happens inside the same host only, e.g. messages from other hosts are not considered */
34  RCS_HOST,
35  /* correlation happens for the same program only, e.g. messages from other programs are not considered */
36  RCS_PROGRAM,
37  /* correlation happens for the same process only, e.g. messages from a different program/pid are not considered */
38  RCS_PROCESS,
39 } CorrelationScope;
40 
41 gint correlation_key_lookup_scope(const gchar *scope);
42 
43 /* Our state hash contains a mixed set of values, they are either
44  * correlation contexts or the state entry required by rate limiting.
45  */
46 typedef struct _CorrelationKey
47 {
48  const gchar *host;
49  const gchar *program;
50  const gchar *pid;
51  gchar *session_id;
52 
53  /* we use guint8 to limit the size of this structure, we can have 10s of
54  * thousands of this structure present in memory */
55  guint8 /* CorrelationScope */ scope;
56 } CorrelationKey;
57 
58 
59 guint correlation_key_hash(gconstpointer k);
60 gboolean correlation_key_equal(gconstpointer k1, gconstpointer k2);
61 void correlation_key_init(CorrelationKey *self, CorrelationScope scope, LogMessage *msg, gchar *session_id);
62 
63 #endif
correlation_key_init
void correlation_key_init(CorrelationKey *self, CorrelationScope scope, LogMessage *msg, gchar *session_id)
Definition: correlation-key.c:89
correlation_key_lookup_scope
gint correlation_key_lookup_scope(const gchar *scope)
Definition: correlation-key.c:113
correlation_key_equal
gboolean correlation_key_equal(gconstpointer k1, gconstpointer k2)
Definition: correlation-key.c:57
correlation_key_hash
guint correlation_key_hash(gconstpointer k)
Definition: correlation-key.c:33
CorrelationScope
CorrelationScope
Definition: correlation-key.h:30
RCS_HOST
@ RCS_HOST
Definition: correlation-key.h:34
RCS_PROCESS
@ RCS_PROCESS
Definition: correlation-key.h:38
RCS_GLOBAL
@ RCS_GLOBAL
Definition: correlation-key.h:32
RCS_PROGRAM
@ RCS_PROGRAM
Definition: correlation-key.h:36
CorrelationKey
Definition: correlation-key.h:47
CorrelationKey::pid
const gchar * pid
Definition: correlation-key.h:50
CorrelationKey::session_id
gchar * session_id
Definition: correlation-key.h:51
CorrelationKey::host
const gchar * host
Definition: correlation-key.h:48
CorrelationKey::scope
guint8 scope
Definition: correlation-key.h:55
CorrelationKey::program
const gchar * program
Definition: correlation-key.h:49
msg
LogMessage * msg
Definition: test_rename.c:35