Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 157130

Summary: Severity not parsed correctly for some Apache access log records
Product: z_Archived Reporter: Dave Smith <smith>
Component: TPTP.monitoringAssignee: Dave Smith <smith>
Status: CLOSED FIXED QA Contact:
Severity: normal    
Priority: P1 CC: rohit.shetty
Version: unspecifiedKeywords: plan
Target Milestone: ---   
Hardware: PC   
OS: Windows 2000   
Whiteboard: closed460
Attachments:
Description Flags
log with records that rules parser doesn't parse severity correctly
none
log with records that static parser doesn't parse severity correctly
none
Patch for the problems described in this defect
none
updated example log and benchmark files
none
Static adapter output
none
out file attached here, ignore previous attachment
none
All benchmar and log files none

Description Dave Smith CLA 2006-09-12 23:42:32 EDT
The Apache access log parsers do not parse severity correcly for some records.

The rules parser does not parse severity correctly if the message component of the record before the return code contains spaces.  For example, parsing the following record with the rules parser generates a CommonBaseEvent with severity="10".  It should have a value of "40".

9.26.64.68 - - [08/Jul/2004:11:52:10 -0500] "GET /level/16/exec/show                   0onf HTTP/1.0" 404 212 "-" "Network-Services-Auditor/1.3.1"

The static parser does not parse severity correctly if the message component of the record before the return code contains double quotes. For example, parsing the following record with the rules parser generates a CommonBaseEvent with severity="10".  It should have a value of "40".

9.26.64.68 - - [27/Jul/2004:01:49:59 -0500] "GET /scripts/nc.exe?/c"-h" HTTP/1.0" 404 208 "-" "Network-Services-Auditor/1.3.1"
Comment 1 Dave Smith CLA 2006-09-12 23:44:41 EDT
Created attachment 50006 [details]
log with records that rules parser doesn't parse severity correctly
Comment 2 Dave Smith CLA 2006-09-12 23:45:28 EDT
Created attachment 50007 [details]
log with records that static parser doesn't parse severity correctly
Comment 3 Dave Smith CLA 2006-10-19 14:59:49 EDT
Deferring this to 4.4 as it cannot be contained in 4.3.
Comment 4 Dave Smith CLA 2007-01-17 23:29:52 EST
Added sizing.
Comment 5 Dave Smith CLA 2007-02-06 01:53:54 EST
Targetting to have this fixed in i2.
Comment 6 Rohit Shetty CLA 2007-02-28 06:39:54 EST
With the static parser the parsing of the file EDE also seems to have a problem since it includes all the content in the record till the end for most of the records in the attached log.
Comment 7 Rohit Shetty CLA 2007-02-28 07:39:31 EST
Created attachment 59967 [details]
Patch for the problems described in this defect

Attached the patch to fix the problems described here. 
Module: org.eclipse.hyades.logging.parsers

Please review the patch and let me know if you have any comments.
Comment 8 Rohit Shetty CLA 2007-03-01 07:49:30 EST
Created attachment 60061 [details]
updated example log and benchmark files
Comment 9 Rohit Shetty CLA 2007-03-01 07:50:43 EST
Ive run the junit tests for this and attached the updated example log and benchmark files
Comment 10 Dave Smith CLA 2007-03-11 03:45:06 EDT
I committed the fix included in the attached patch to TPTP Head CVS.  However, I have not committed the new example.log or benchmark files because the following benchmark files need to be updated as well:

access_filter_static.out
static.out

Rohit, please attach these updated benchmark files.
Comment 11 Rohit Shetty CLA 2007-03-13 10:38:42 EDT
Dave,
There is no change required for access_filter_static.out as the filtered content is still the same as before.

And as far as the static.out is concerned, i dont see any test case that runs the static parsers (For Apache access and Apache Error) and compares the benchmark files. Seems like a problem ....
Comment 12 Rohit Shetty CLA 2007-03-13 11:17:44 EDT
Created attachment 60673 [details]
Static adapter output 

Out file for static adapter attached here.
Comment 13 Rohit Shetty CLA 2007-03-13 11:18:39 EDT
(In reply to comment #11)
> Dave,
> There is no change required for access_filter_static.out as the filtered
> content is still the same as before.
> 
> And as far as the static.out is concerned, i dont see any test case that runs
> the static parsers (For Apache access and Apache Error) and compares the
> benchmark files. Seems like a problem ....
> 

Dave,
We might need to fix this in our test cases. Please advice.
Comment 14 Rohit Shetty CLA 2007-03-13 11:21:42 EDT
Created attachment 60674 [details]
out file attached here, ignore previous attachment
Comment 15 Rohit Shetty CLA 2007-03-21 15:27:27 EDT
Created attachment 61597 [details]
All benchmar and log files

This zip contains all the files put together. I have also updated the log and the benchmark files. Please use this to check in.
Comment 16 Dave Smith CLA 2007-03-23 03:05:34 EDT
I committed the new example.out file.  I'll commit the new benchmark files when I commit the files for 172064.
Comment 17 Paul Slauenwhite CLA 2009-06-30 09:51:05 EDT
As of TPTP 4.6.0, TPTP is in maintenance mode and focusing on improving quality by resolving relevant enhancements/defects and increasing test coverage through test creation, automation, Build Verification Tests (BVTs), and expanded run-time execution. As part of the TPTP Bugzilla housecleaning process (see http://wiki.eclipse.org/Bugzilla_Housecleaning_Processes), this enhancement/defect is verified/closed by the Project Lead since this originator of this enhancement/defect has an inactive Bugzilla account and considered to be fixed. If this enhancement/defect is still unresolved and reproducible in the latest TPTP release (http://www.eclipse.org/tptp/home/downloads/), please re-open.