Skip to content

in_winevtlog: Make configurable for the size of collecting threshold per a cycle #8677

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
edsiper merged 8 commits into from
Apr 11, 2024
Merged

in_winevtlog: Make configurable for the size of collecting threshold per a cycle #8677

Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
f6a4d46
in_winevtlog: Make configurable for the size of collecting threshold …
cosmo0920 Apr 5, 2024
83a247c
in_winevtlog: Address comments
cosmo0920 Apr 9, 2024
540faf2
in_winevtlog: Handle read_limit_per_cycle parameter as size type on c…
cosmo0920 Apr 10, 2024
e52c40f
in_winevtlog: Handle the default value of read_limit_per_cycle parameter
cosmo0920 Apr 10, 2024
35ee9a2
in_winevtlog: Display the specified values for the collecting size of…
cosmo0920 Apr 10, 2024
ced8b0b
in_winevtlog: Specify the maximum cutoff value thorough the current s…
cosmo0920 Apr 11, 2024
a5caba4
in_winevtlog: Display the upper limit with the calculated value
cosmo0920 Apr 11, 2024
cf0c5bf
in_winevtlog: Downgrade for the log level for lower threshold
cosmo0920 Apr 11, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
39 changes: 37 additions & 2 deletions plugins/in_winevtlog/in_winevtlog.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,10 @@

#define DEFAULT_INTERVAL_SEC 1
#define DEFAULT_INTERVAL_NSEC 0
#define DEFAULT_THRESHOLD_SIZE 0x7ffff /* Default reading buffer size (512kb) */
#define DEFAULT_THRESHOLD_SIZE 0x7ffff /* Default reading buffer size */
/* (512kib = 524287bytes) */
#define MINIMUM_THRESHOLD_SIZE 0x0400 /* 1024 bytes */
#define MAXIMUM_THRESHOLD_SIZE (FLB_INPUT_CHUNK_FS_MAX_SIZE - (1024 * 200))

static int in_winevtlog_collect(struct flb_input_instance *ins,
struct flb_config *config, void *in_context);
Expand All @@ -38,6 +41,7 @@ static int in_winevtlog_init(struct flb_input_instance *in,
{
int ret;
const char *tmp;
char human_readable_size[32];
int read_existing_events = FLB_FALSE;
struct mk_list *head;
struct winevtlog_channel *ch;
Expand Down Expand Up @@ -69,7 +73,33 @@ static int in_winevtlog_init(struct flb_input_instance *in,
}

/* Set up total reading size threshold */
ctx->total_size_threshold = DEFAULT_THRESHOLD_SIZE;
if (ctx->total_size_threshold >= MINIMUM_THRESHOLD_SIZE &&
ctx->total_size_threshold < MAXIMUM_THRESHOLD_SIZE) {
flb_utils_bytes_to_human_readable_size((size_t) ctx->total_size_threshold,
human_readable_size,
sizeof(human_readable_size) - 1);
flb_plg_debug(ctx->ins,
"read limit per cycle is set up as %s",
human_readable_size);
}
else if (ctx->total_size_threshold >= MAXIMUM_THRESHOLD_SIZE) {
flb_utils_bytes_to_human_readable_size((size_t) MAXIMUM_THRESHOLD_SIZE,
human_readable_size,
sizeof(human_readable_size) - 1);
flb_plg_warn(ctx->ins,
"read limit per cycle cannot exceed %s. Set up to %s",
human_readable_size, human_readable_size);
ctx->total_size_threshold = (unsigned int) MAXIMUM_THRESHOLD_SIZE;
}
else if (ctx->total_size_threshold < MINIMUM_THRESHOLD_SIZE){
flb_utils_bytes_to_human_readable_size((size_t) MINIMUM_THRESHOLD_SIZE,
human_readable_size,
sizeof(human_readable_size) - 1);
flb_plg_warn(ctx->ins,
"read limit per cycle cannot under 1KiB. Set up to %s",
human_readable_size);
ctx->total_size_threshold = (unsigned int) MINIMUM_THRESHOLD_SIZE;
}

/* Open channels */
tmp = flb_input_get_property("channels", in);
Expand Down Expand Up @@ -261,6 +291,11 @@ static struct flb_config_map config_map[] = {
0, FLB_TRUE, offsetof(struct winevtlog_config, event_query),
"Specify XML query for filtering events"
},
{
FLB_CONFIG_MAP_SIZE, "read_limit_per_cycle", "524287",
0, FLB_TRUE, offsetof(struct winevtlog_config, total_size_threshold),
"Specify reading limit for collecting Windows EventLog per a cycle"
},
/* EOF */
{0}
};
Expand Down