update logwatcher;add more tracing logs

maksimryndin · Jun 3, 2024 · 8ffc8aa · 8ffc8aa
1 parent 7b8a0d4
commit 8ffc8aa
Show file tree

Hide file tree

Showing 4 changed files with 34 additions and 20 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "goral"
-version = "0.1.7"
+version = "0.1.8"
 edition = "2021"
 author = "Maksim Ryndin"
 license = "Apache-2.0"
@@ -50,7 +50,7 @@ tracing-subscriber = { version = "0.3", features = ["fmt", "json", "env-filter"]
 url = { version = "2", features = ["serde"] }
 
 [target.'cfg(target_os = "linux")'.dependencies]
-logwatcher2 = { git = "https://github.com/maksimryndin/logwatcher2.git" }
+logwatcher2 = { git = "https://github.com/maksimryndin/logwatcher2.git", rev="9124084dedf7cca548a7be01f0195b876683749a" }
 psutil = { version = "3.2.2", default-features = false, features = ["disk"]}
 
 [dev-dependencies]

diff --git a/src/services/system/configuration.rs b/src/services/system/configuration.rs
@@ -23,10 +23,17 @@ pub(super) fn scrape_push_rule(
  ));
  }
 
+ #[cfg(target_os = "linux")]
+ const AVERAGE_DATAROWS_PER_SCRAPE: u16 = 15; // see collector.rs, ssh.rs
+ #[cfg(target_os = "linux")]
+ const LIMIT: u16 = 45;
+ #[cfg(not(target_os = "linux"))]
  const AVERAGE_DATAROWS_PER_SCRAPE: u16 = 10; // see collector.rs
+ #[cfg(not(target_os = "linux"))]
+ const LIMIT: u16 = 20;
+
  let number_of_rows_in_batch =
  ceiled_division(*push_interval_secs, *scrape_interval_secs) * AVERAGE_DATAROWS_PER_SCRAPE;
- const LIMIT: u16 = 20;
  if number_of_rows_in_batch > LIMIT {
  return Err(serde_valid::validation::Error::Custom(
  format!("push interval ({push_interval_secs}) is too big or scrape interval ({scrape_interval_secs}) is too small - too much data ({number_of_rows_in_batch} rows vs limit of {LIMIT}) would be accumulated before saving to a spreadsheet")

diff --git a/src/services/system/ssh.rs b/src/services/system/ssh.rs
@@ -46,24 +46,29 @@ pub(super) fn process_sshd_log(
  log_watcher.watch(&mut move |result| {
  let result = match result {
  Ok(event) => match event {
- LogWatcherEvent::Line(line) => match parse(&line) {
- Some(mut datarow) => {
- lookup_connection(&mut datarow, &mut connections);
- let Datavalue::Text(ref status) = datarow.data[4].1 else {
- panic!("assert: ssh status is parsed")
- };
- if status == SSH_LOG_STATUS_CONNECTED && connections.len() > 100 {
- let message =
- format!("there are {} active ssh connections", connections.len());
- tracing::warn!("{}", message);
- messenger.send_nonblock(Notification::new(message, Level::WARN));
+ LogWatcherEvent::Line(line) => {
+ tracing::debug!("new auth log line: {line}");
+ match parse(&line) {
+ Some(mut datarow) => {
+ lookup_connection(&mut datarow, &mut connections);
+ let Datavalue::Text(ref status) = datarow.data[4].1 else {
+ panic!("assert: ssh status is parsed")
+ };
+ if status == SSH_LOG_STATUS_CONNECTED && connections.len() > 100 {
+ let message = format!(
+ "there are {} active ssh connections",
+ connections.len()
+ );
+ tracing::warn!("{}", message);
+ messenger.send_nonblock(Notification::new(message, Level::WARN));
+ }
+ Ok(Data::Single(datarow))
+ }
+ None => {
+ return LogWatcherAction::None;
  }
- Ok(Data::Single(datarow))
- }
- None => {
- return LogWatcherAction::None;
  }
- },
+ }
  LogWatcherEvent::LogRotation => {
  tracing::info!("auth log file rotation");
  return LogWatcherAction::None;
@@ -74,6 +79,7 @@ pub(super) fn process_sshd_log(
  Err(Data::Message(message))
  }
  };
+ tracing::debug!("sending ssh result: {result:?}");
  if sender.blocking_send(TaskResult { id: 0, result }).is_err() {
  if is_shutdown.load(Ordering::Relaxed) {
  return LogWatcherAction::Finish;
@@ -82,6 +88,7 @@ pub(super) fn process_sshd_log(
  "assert: ssh monitoring messages queue shouldn't be closed before shutdown signal"
  );
  }
+ tracing::debug!("sent ssh result");
 
  LogWatcherAction::None
  });