custom pattern to drop bots when importing logs into influxdb

custom pattern to drop bots when importing logs into influxdb - influxdb

I import apache logs into influxdb with telegraf and logparser plugin
I want to filter out all the logs from bots, so I setup a custom pattern with a regex that only match user-agent that don't contain the words "bot" and "crawl" :
NOBOT ((?!bot|crawl).)*
CUSTOM_LOG_FORMAT %{CLIENT:client_ip} %{NOTSPACE:ident} %{NOTSPACE:auth} \[%{HTTPDATE:ts:ts-httpd}\] "(?:%{WORD:verb:tag} %{NOTSPACE:request}(?: HTTP/%{NUMBER:http_version:float})?|%{DATA})" %{NUMBER:resp_code:tag} (?:%{NUMBER:resp_bytes:int}|-) %{QS:referrer} "%{NOBOT:agent}"
but it doesnt work, zero metrics are being imported into influxdb
the regex seems ok and it works fine when I test it here : http://grokconstructor.appspot.com/do/match
Just to be sure I tried a simpler regex :
BOT .*?bot.*?
CUSTOM_LOG_FORMAT %{CLIENT:client_ip} %{NOTSPACE:ident} %{NOTSPACE:auth} \[%{HTTPDATE:ts:ts-httpd}\] "(?:%{WORD:verb:tag} %{NOTSPACE:request}(?: HTTP/%{NUMBER:http_version:float})?|%{DATA})" %{NUMBER:resp_code:tag} (?:%{NUMBER:resp_bytes:int}|-) %{QS:referrer} "%{BOT:agent}"
and it works, telegraf only import logs from bots but I want the opposite, I don't see what's wrong with ((?!bot|crawl).)*

I'm not sure why you are not getting an error message, but unfortunately Go doesn't support negative look-aheads:
https://play.golang.org/p/Kq5N2FgG6_
Hello, playground
panic: regexp: Compile(`((?!bot|crawl).)*`): error parsing regexp: invalid or unsupported Perl syntax: `(?!`
goroutine 1 [running]:
panic(0x133400, 0x1050a140)
/usr/local/go/src/runtime/panic.go:500 +0x720
regexp.MustCompile(0x149f1b, 0x11, 0x1, 0xb)
/usr/local/go/src/regexp/regexp.go:237 +0x1a0
main.main()
/tmp/sandbox426143344/main.go:10 +0xe0
I'd recommend opening an issue on the github repo to return an error message in these cases.
As for making the match you're trying to do, this might be helpful: Negative Look Ahead Go regular expressions

Related

Sending IFS File to Outq Prints Line of "#" Symbols

I am attempting to send a file from IFS to an outq on our AS/400 system. Whenever I do, I get exactly what I send, as well as a line of "#" symbols of varying lengths appended to the end.
Here's the command I'm using:
qsh cmd('cat -c /path/test.txt | Rfile -wbQ -c "ovrprtf file(qprint)
outq(*LIBL/ABCD) devtype(*USERASCII) rplunprt(*no) splfname(test) hold(*no)"
qprint')
The contents of test.txt is just Hello World!
The output I get when I send the command is
Hello World!####################################################################
I have not found any posts online about a similar problem, and have tried changing values and looking for additional switches to get it to work. Nothing I'm doing seems to fix the issue.
Is there a command or switch that I am missing, or is something I have in there already causing this?
EDIT:
I found this documentation which is the first time I've seen this issue mentioned, but it's not very helpful:
“Messages for a Take Action command might consist of a long string of "at" symbols (#) in a pop-up message. (The Reflex automation Take Action command, which is configured in situations, does not have this problem.) A resolution for this problem is under construction. This problem might be resolved by the time of the product release. If you see this problem, contact IBM Software Support.”
The only differences are: 1) this is not a pop-up message, it's printed. 2) I don't believe we use Tivoli Monitoring, although I could be wrong.
Assuming we do use Tivoli Monitoring, what would the solution be? There's no additional documentation past that, and I am not a system administrator, so I can't really make the call to IBM Software Support myself. And assuming we DON'T use it, what else could cause this issue?

I get different results, yet similar. I created a test.txt with Windows Explorer, put in Hello, world!, saved it and tried the script. I got gibberish for the 'Hello, world!' and then the line of # symbols.
My system is 7.3 TR5, CCSID 37 (US English) and my IFS file is CCSID 1252 (Windows English). Results did not change if I used a stream file of CCSID 819 (US ASCII).
I didn't have any luck modifying Rfile switches.
I found that removing devtype(*userascii) produced printed output in plain English without the # symbols. Do you really need *USERASCII? I would think that would be more for a pre-formatted 'print-ready' file like Postscript or the like.
EDIT: some more things to try
I don't understand why *USERASCII is adding those # symbols; it looks like a translation issue.
I tried this and still got the extra ###... You might have to play with the TOCCSID() parameter. Although a failure, it did give me an idea: what if those # symbols are EBCDIC spaces being sent as-is to the *USERASCII print stream? All we'd need is a way to send only the number of bytes in the stream file, without any padding.
CRTPF FILE(QTEMP/PRTSTMF) RCDLEN(132)
CPY OBJ('/path/test.txt') TOOBJ('/qsys.lib/qtemp.lib/prtstmf.file/prtstmf.mbr') replace(*yes)
ovrprtf file(qprint) outq(*LIBL/prt3812) devtype(*USERASCII) rplunprt(*no) splfname(test) hold(*no)
cpyf prtstmf qprint
The data in QTEMP/PRTSTMF is in ASCII; DSPPFM shows that much. It also shows a bunch of spaces: after all, it is a fixed length file. My next step was to write an RPG program to read the stream file and print it, but Scott Klement already did that: http://www.scottklement.com/PrtStmf.zip
This works on my system:
ovrprtf file(qsysprt) outq(*LIBL/abcd) devtype(*USERASCII) rplunprt(*no) splfname(test) hold(*no)
prtstmf stmf('/path/test.txt') outq(abcd)

Hyperledger Burrow: "could not create Burrow kernel: info.Moniker must be valid non-empty ASCII text without tabs, but got"

Hello fellow bugseekers,
I am trying to run a hyperledger burrow blockchain on a v-server.
Installation and setup went just fine, but every time I try to start the chain (burrow start --validator-address=50B1A9AB9B35B9E9565F4B881018380566702562) I get this Error:
could not create Burrow kernel: info.Moniker must be valid non-empty ASCII text without tabs, but got
It seems as tho the log is not complete, but there is nothing after "got", so I assume the info.Moiker is empty. Googeling didn't help. I would appreciate any input.
Thank you for your time in advance.

I had the same problem. info.Moniker is just a string value that represents a human readable name. This is related to the Tendermint consensus, which is used by the Hyperledger Burrow.
You can edit burrow.toml file and replace
Moniker = ""
with the following -
Moniker = "SomeName"
You can find a sample tendermint toml file HERE
BTW, this worked for me.

xml to xml field attribute transformation using ESQL on message broker compute node

I am new to message broker development. I tried to convert source SOAP over xml file to target SOAP over xml file.On my message flow source message discarded to catch terminal.I am not able to find out the problem
my flow : MQINPUT NODE ---> COMPUTE NODE --> MQOUTPUT NODE
If any provide solution on this that may me helpful for me.
DECLARE soapenv CHARACTER 'SOAP-ENV';
SET OutputRoot.XMNLSC.soapenv:Envelope.soapenv:Body.params.ORIGIN_TYPE_CD = InputRoot.XMNLSC.soapenv:Envelope.soapenv:Body.params.originType;
**

Your first line is definitely wrong, but you should be able to see that from the exceptions you are getting.
The first line should be:
DECLARE soapenv NAMESPACE 'http://schemas.xmlsoap.org/soap/envelope/';
An in the further lines the domain should be XMLNSC not XMNLSC.

Neo4j-admin import bad tolerance

I have an neo4j-admin import script set up with --bad-tolerance=100000 (note, also tried --bad-tolerance 100000) as a flag. My script fails during import during the collect dense nodes step with the following message: unexpected error: Too many bad entries 1001, where last one was: InputRelationship:...
I thought bad tolerance was supposed to address that flag so that it would fail at the (in this case) 100,001st bad entry?

bin/neo4j-admin import is feature wise not yet on par with the good old bin/neo4j-import tool - which is marked deprecated in 3.1.1.
To use --bad-tolerance you need to go back to use bin/neo4j-import.

ejabberd_router:route error in ejabberd module

I am trying to create a simple echo bot in ejabberd. I cam get the mod_echo working ok and i'm fairly certain I had my own version working at one point (debugging has played tricks with my head). I am getting the error below but i can't figure out what to do next to debug it. There seems to be an issue routing but not quite sure why. Any tips?
2016-03-31 16:49:38.350 [debug] <0.448.0>#ejabberd_router:do_route:324 route
from {jid,<<"user1">>,<<"alchemy.local">>,<<"alchemy">>,<<"user1">>,<<"alchemy.local">>,<<"alchemy">>}
to {jid,<<>>,<<"echo.alchemy.local">>,<<>>,<<>>,<<"echo.alchemy.local">>,<<>>}
packet {xmlel,<<"message">>,[{<<"xml:lang">>,<<"en">>},{<<"to">>,<<"echo.alchemy.local">>},{<<"id">>,<<"aacca">>}],[{xmlcdata,<<"\n">>},{xmlel,<<"subject">>,[],[]},{xmlcdata,<<"\n">>},{xmlel,<<"body">>,[],[{xmlcdata,<<"testme">>}]},{xmlcdata,<<"\n">>},{xmlel,<<"nick">>,[{<<"xmlns">>,<<"http://jabber.org/protocol/nick">>}],[{xmlcdata,<<"user1">>}]},{xmlcdata,<<"\n">>}]}
2016-03-31 16:49:38.351 [error] <0.448.0>#ejabberd_router:route:77 {function_clause,[{mod_echobot,route,[{jid,<<"user1">>,<<"alchemy.local">>,<<"alchemy">>,<<"user1">>,<<"alchemy.local">>,<<"alchemy">>},{jid,<<>>,<<"echo.alchemy.local">>,<<>>,<<>>,<<"echo.alchemy.local">>,<<>>},{xmlel,<<"message">>,[{<<"xml:lang">>,<<"en">>},{<<"to">>,<<"echo.alchemy.local">>},{<<"id">>,<<"aacca">>}],[{xmlcdata,<<"\n">>},{xmlel,<<"subject">>,[],[]},{xmlcdata,<<"\n">>},{xmlel,<<"body">>,[],[{xmlcdata,<<"testme">>}]},{xmlcdata,<<"\n">>},{xmlel,<<"nick">>,[{<<"xmlns">>,<<"http://jabber.org/protocol/nick">>}],[{xmlcdata,<<"user1">>}]},{xmlcdata,<<"\n">>}]}],[{file,"mod_echobot.erl"},{line,86}]},{ejabberd_router,route,3,[{file,"src/ejabberd_router.erl"},{line,75}]},{ejabberd_c2s,check_privacy_route,5,[{file,"src/ejabberd_c2s.erl"},{line,2121}]},{ejabberd_c2s,session_established2,2,[{file,"src/ejabberd_c2s.erl"},{line,1288}]},{p1_fsm,handle_msg,10,[{file,"src/p1_fsm.erl"},{line,582}]},{proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,237}]}]}
when processing: {{jid,<<"user1">>,<<"alchemy.local">>,<<"alchemy">>,<<"user1">>,<<"alchemy.local">>,<<"alchemy">>},{jid,<<>>,<<"echo.alchemy.local">>,<<>>,<<>>,<<"echo.alchemy.local">>,<<>>},{xmlel,<<"message">>,[{<<"xml:lang">>,<<"en">>},{<<"to">>,<<"echo.alchemy.local">>},{<<"id">>,<<"aacca">>}],[{xmlcdata,<<"\n">>},{xmlel,<<"subject">>,[],[]},{xmlcdata,<<"\n">>},{xmlel,<<"body">>,[],[{xmlcdata,<<"testme">>}]},{xmlcdata,<<"\n">>},{xmlel,<<"nick">>,[{<<"xmlns">>,<<"http://jabber.org/protocol/nick">>}],[{xmlcdata,<<"user1">>}]},{xmlcdata,<<"\n">>}]}}
2016-03-31 16:50:16.356 [debug] <0.447.0>#ejabberd_receiver:process_data:282 Received XML on stream = <<"\n">>

It seems that in the code sample (which was from an older sample i found online) https://gist.github.com/stevenlivz/d666200595a23c42b2a662fef87bf281 i need to use <<"message">> in the clauses to actually match, whereas the sample code i used did not do that, using just "message" and so on. Also, also worth noting that xmlelement is now xmlel and so clauses also need to be updated. E.g.
route(From, To, {xmlel, <<"message">>, _, _} = Packet) ->

Develop Reference

ios ruby-on-rails asp.net-mvc docker delphi jenkins grails google-sheets machine-learning dart