Pathogen
/
neptune
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Show which fields matched

This commit is contained in:
Mark Veidemanis 2023-01-13 07:20:31 +00:00
parent dd4b2ddd3a
commit 158fffed99
Signed by: m
GPG Key ID: 5ACFCEED46C0904F
1 changed files with 11 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
core/lib/rules.py
View File

@ -17,14 +17,14 @@ from core.util import logs
log = logs.get_logger("rules") log = logs.get_logger("rules")
def rule_matched(rule, message, matched_fields): def rule_matched(rule, message, matched):
title = f"Rule {rule.name} matched" title = f"Rule {rule.name} matched"
# Dump the message in YAML for readability # Dump the message in YAML for readability
message = dump(message, Dumper=Dumper, default_flow_style=False) message = dump(message, Dumper=Dumper, default_flow_style=False)
matched_fields = ", ".join(matched_fields) matched = ", ".join([f"{k}: {v}" for k, v in matched.items()])
notify_message = f"{rule.name} matched on {matched_fields}\n{message}" notify_message = f"{rule.name} match: {matched}\n{message}"
notify_message = notify_message.encode("utf-8", "replace") notify_message = notify_message.encode("utf-8", "replace")
cast = { cast = {
@ -43,6 +43,7 @@ def process_rules(data):
for message in index_messages: for message in index_messages:
for rule in all_rules: for rule in all_rules:
parsed_rule = rule.parse() parsed_rule = rule.parse()
matched = {}
if "index" not in parsed_rule: if "index" not in parsed_rule:
continue continue
if "source" not in parsed_rule: if "source" not in parsed_rule:
@ -58,9 +59,11 @@ def process_rules(data):
if message["src"] not in rule_source: if message["src"] not in rule_source:
continue continue
matched["index"] = index
matched["source"] = message["src"]
rule_field_length = len(parsed_rule.keys()) rule_field_length = len(parsed_rule.keys())
matched_field_number = 0 matched_field_number = 0
matched_fields = []
for field, value in parsed_rule.items(): for field, value in parsed_rule.items():
if not type(value) == list: if not type(value) == list:
value = [value] value = [value]
@ -71,7 +74,7 @@ def process_rules(data):
if "tokens" in message: if "tokens" in message:
if token in message["tokens"]: if token in message["tokens"]:
matched_field_number += 1 matched_field_number += 1
matched_fields.append(field) matched[field] = token
# Break out of the token matching loop # Break out of the token matching loop
break break
# Continue to next field # Continue to next field
@ -83,16 +86,16 @@ def process_rules(data):
if "msg" in message: if "msg" in message:
if msg.lower() in message["msg"].lower(): if msg.lower() in message["msg"].lower():
matched_field_number += 1 matched_field_number += 1
matched_fields.append(field) matched[field] = msg
# Break out of the msg matching loop # Break out of the msg matching loop
break break
# Continue to next field # Continue to next field
continue continue
if field in message and message[field] in value: if field in message and message[field] in value:
matched_field_number += 1 matched_field_number += 1
matched_fields.append(field) matched[field] = message[field]
if matched_field_number == rule_field_length - 2: if matched_field_number == rule_field_length - 2:
rule_matched(rule, message, matched_fields) rule_matched(rule, message, matched)
class NotificationRuleData(object): class NotificationRuleData(object):