Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

multiple multiline logic question #9162

Closed
fulldeck opened this issue Aug 4, 2024 · 2 comments
Closed

multiple multiline logic question #9162

fulldeck opened this issue Aug 4, 2024 · 2 comments
Assignees
@lecaros
Labels
Stale status: waiting-for-triage

Comments

@fulldeck
Copy link

fulldeck commented Aug 4, 2024

What is the multiline logic for the start of a new line?

If the parser is already past the logic for the 'start_state" and is in the logic for "cont", does the logic check ever the other "state_state" line by line or does the "cont" loop continue until "cont" is not satisfied?

In my example I used a (.*) greedy to test if the "cont" loop would stay or break when another valid line does start with a valid "start_state"; the loop stayed in the "cont" and did not break.

I would like each line to be evaluate to see if a "start_state" can be satisfied.
If I have to define every possible "cont" I think would be possible; consider this event starting with

01:12:00.869: Sending  [0,UDP] 556 bytes to 10.10.3.129:5080 >>>>>
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 10.10.3.129:5080;branch=z9hG4bKac1902982255;received=10.10.3.129
From: "softphone" <sip:4006@STC>;tag=1c1234304587
To: <sip:4006@STC>;tag=00FF43BC-9A69-4F6E-ACEC-665E741C7377-357596
Call-ID: 1065851586111202111159@10.10.3.129
CSeq: 1 REGISTER
WWW-Authenticate: Digest realm="SIPSwitch_STC",qop="auth",algorithm=MD5,nonce="3A3A7894-2420-47B3-A3F2-2DCF3B05DEB6",opaque="5349505377697463685f535443"
Expires: 1800
Contact: <sip:4006@10.10.3.129:5080;ac-feu=985-10-182-7>;expires=1800
Content-Length: 0

parsers_multiline.conf

[MULTILINE_PARSER]
    name          sip1-multiline-regex-test
    type          regex
    flush_timeout 1000
    # rules |   state name  | regex pattern                  | next state
    # ------|---------------|--------------------------------------------
    rule      "start_state"   "/^(\d+\:\d+\:\d+\.\d+\:\s)/"  "cont"
    rule      "cont"          "/^.*/"                     "cont"

[MULTILINE_PARSER]
    name          sip2-multiline-regex-test
    type          regex
    flush_timeout 1000
    #
    # ------|---------------|--------------------------------------------
    rule      "start_state"   "/^(@\d+\:\d+\:\d+\.\d+\:\s)/"  "cont"
    rule      "cont"          "/^.*/"                     "cont"

[MULTILINE_PARSER]
    name          sip3-multiline-regex-test
    type          regex
    flush_timeout 1000
    # rules |   state name  | regex pattern                  | next state
    # ------|---------------|--------------------------------------------
    rule      "start_state"   "/^SIP/"  "cont"
    rule      "cont"          "/^.*/"                     "cont"

sip.log
#Sample Log:

#Lets use a simple use cases log sample, there are 3 multiline start paterns that I parse for:

#1:12:00.865: #regex: ^(?P\d+:\d+:\d+.\d+:\s)(?P.)
#@01:12:00.865: #regex: ^(?P@\d+:\d+:\d+.\d+:\s)(?P.)
#SIP/2.0 #regex: ^(?P<SIP.app>SIP/2.0\s)(?P.*)

#Sample Log:

01:12:00.865: Unable to resolve number for DN:4006
fake
@01:12:00.865: trunk ip addr 10.10.3.129
fake
01:12:00.865: gateway 'Gateway' associated with address '10.10.3.129'
fAKE
01:12:00.865: Assocaited transport for the device [1058] changed from [:0:0] to [10.10.3.129:5080:1]
FAKA
@01:12:00.869: TRNMNGR: internal domain stc.green.com
FAKE
01:12:00.869: SIPTS: handle registration event 0
fake
01:12:00.869: Sending  [0,UDP] 556 bytes to 10.10.3.129:5080 >>>>>
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 10.10.3.129:5080;branch=z9hG4bKac1902982255;received=10.10.3.129
From: "softphone" <sip:4006@STC>;tag=1c1234304587
To: <sip:4006@STC>;tag=00FF43BC-9A69-4F6E-ACEC-665E741C7377-357596
Call-ID: 1065851586111202111159@10.10.3.129
CSeq: 1 REGISTER
WWW-Authenticate: Digest realm="SIPSwitch_STC",qop="auth",algorithm=MD5,nonce="3A3A7894-2420-47B3-A3F2-2DCF3B05DEB6",opaque="5349505377697463685f535443"
Expires: 1800
Contact: <sip:4006@10.10.3.129:5080;ac-feu=985-10-182-7>;expires=1800
Content-Length: 0

Output:

[2024/08/04 06:40:04] [ info] [input:tail:tail.0] inotify_fs_add(): inode=1179667 watch_fd=1 name=sip.log
[0] tail.0: [[1722753604.468859924, {}], {"log"=>"#Lets use a simple use cases log sample, there are 3 multiline start paterns that I parse for:
"}]
[1] tail.0: [[1722753604.468875634, {}], {"log"=>"#01:12:00.865:      #regex:   ^(?P<time>\d+\:\d+\:\d+\.\d+\:\s)(?P<message>.*)
"}]
[2] tail.0: [[1722753604.468878214, {}], {"log"=>"#@01:12:00.865:     #regex:   ^(?P<time>\@\d+\:\d+\:\d+\.\d+\:\s)(?P<message>.*)
"}]
[3] tail.0: [[1722753604.468880444, {}], {"log"=>"#SIP/2.0            #regex:   ^(?P<SIP.app>SIP\/2\.0\s)(?P<message>.*)
"}]
[4] tail.0: [[1722753604.468881924, {}], {"log"=>"#Sample Log:
"}]
[0] tail.0: [[1722753604.468882974, {}], {"log"=>"01:12:00.865: Unable to resolve number for DN:4006
fake
@01:12:00.865: trunk ip addr 10.10.3.129
fake
01:12:00.865: gateway 'Gateway' associated with address '10.10.3.129'
fAKE
01:12:00.865: Assocaited transport for the device [1058] changed from [:0:0] to [10.10.3.129:5080:1]
FAKA
@01:12:00.869: TRNMNGR: internal domain stc.green.com
FAKE
01:12:00.869: SIPTS: handle registration event 0
fake
01:12:00.869: Sending  [0,UDP] 556 bytes to 10.10.3.129:5080 >>>>>
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 10.10.3.129:5080;branch=z9hG4bKac1902982255;received=10.10.3.129
From: "softphone" <sip:4006@STC>;tag=1c1234304587
To: <sip:4006@STC>;tag=00FF43BC-9A69-4F6E-ACEC-665E741C7377-357596
Call-ID: 1065851586111202111159@10.10.3.129
CSeq: 1 REGISTER
WWW-Authenticate: Digest realm="SIPSwitch_STC",qop="auth",algorithm=MD5,nonce="3A3A7894-2420-47B3-A3F2-2DCF3B05DEB6",opaque="5349505377697463685f535443"
Expires: 1800
Contact: <sip:4006@10.10.3.129:5080;ac-feu=985-10-182-7>;expires=1800
Content-Length: 0
"}]
[1] tail.0: [[1722753604.468889784, {}], {"log"=>"01:12:00.865: gateway 'Gateway' associated with address '10.10.3.129'
fAKE
01:12:00.865: Assocaited transport for the device [1058] changed from [:0:0] to [10.10.3.129:5080:1]
FAKA
@01:12:00.869: TRNMNGR: internal domain stc.green.com
FAKE
01:12:00.869: SIPTS: handle registration event 0
fake
01:12:00.869: Sending  [0,UDP] 556 bytes to 10.10.3.129:5080 >>>>>
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 10.10.3.129:5080;branch=z9hG4bKac1902982255;received=10.10.3.129
From: "softphone" <sip:4006@STC>;tag=1c1234304587
To: <sip:4006@STC>;tag=00FF43BC-9A69-4F6E-ACEC-665E741C7377-357596
Call-ID: 1065851586111202111159@10.10.3.129
CSeq: 1 REGISTER
WWW-Authenticate: Digest realm="SIPSwitch_STC",qop="auth",algorithm=MD5,nonce="3A3A7894-2420-47B3-A3F2-2DCF3B05DEB6",opaque="5349505377697463685f535443"
Expires: 1800
Contact: <sip:4006@10.10.3.129:5080;ac-feu=985-10-182-7>;expires=1800
Content-Length: 0
@github-actions GitHub Actions
Copy link
Contributor

This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 5 days. Maintainers can add the exempt-stale label.

@github-actions github-actions bot added the Stale label Nov 11, 2024
@github-actions GitHub Actions
Copy link
Contributor

This issue was closed because it has been stalled for 5 days with no activity.

@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Nov 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lecaros lecaros

Labels
Stale status: waiting-for-triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lecaros @fulldeck