incubator-alois-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From fla...@apache.org
Subject svn commit: r1031127 [3/22] - in /incubator/alois/trunk: ./ bin/ debian/ doc/ etc/ etc/alois/ etc/alois/apache2/ etc/alois/environments/ etc/alois/prisma/ etc/cron.d/ etc/default/ etc/logrotate.d/ prisma/ prisma/bin/ prisma/conf/ prisma/conf/prisma/ pr...
Date Thu, 04 Nov 2010 18:27:42 GMT
Added: incubator/alois/trunk/prisma/bin/prisma-mysqlpipe
URL: http://svn.apache.org/viewvc/incubator/alois/trunk/prisma/bin/prisma-mysqlpipe?rev=1031127&view=auto
==============================================================================
--- incubator/alois/trunk/prisma/bin/prisma-mysqlpipe (added)
+++ incubator/alois/trunk/prisma/bin/prisma-mysqlpipe Thu Nov  4 18:27:22 2010
@@ -0,0 +1,143 @@
+#! /usr/bin/ruby1.8
+require "libisi"
+init_libisi(:ui => "console")
+
+$pipe_file = "/var/run/mysql.pipe"
+daemon = false
+dryrun = false
+
+sleeping_time = 5
+opts = optparse(:arguments => [["[PIPENAME]","Create this file as input pipe (default #{$pipe_file})"]]) do |o|
+  o.on( "-d", "--daemon", "Run as daemon." ) do |c|
+    daemon = true
+  end
+  
+  o.on( "-s", "--sleep SECONDS", "How many seconds the program waits until a new connect to the database (default is #{sleeping_time}s)." ) do |s|
+    sleeping_time = s
+  end
+
+  o.on("--dryrun","Do not start pipe real") {|dryrun|}
+end
+
+cf = Pathname.new(__FILE__).dirname + "../conf/prisma/environment.rb"
+if cf.exist?
+  require cf 
+else
+  require "/etc/prisma/environment.rb"
+end
+
+$pipe_file = opts[0] if opts.length > 0
+
+config = Prisma::Database.db_config("pumpy")
+
+raise "Adapter is #{config["adapter"]}. Mysqlpipe only works with mysql adapter!" unless config["adapter"] == "mysql"
+
+cmd = ""
+
+if $log.debug?
+  if daemon
+    cmd += "tee /var/log/prisma-mysqlpipe.debug < #{$pipe_file} | "
+  else
+    tmp_debug = "/tmp/prisma-mysqlpipe.debug"
+    $log.warn("Writing debug output to #{tmp_debug}")
+    cmd += "tee #{tmp_debug} < #{$pipe_file} | "
+  end
+else
+  cmd += "cat < #{$pipe_file} | "
+end
+
+cmd += "mysql "
+cmd += "-u #{config["username"]} "         unless config["username"].blank?
+cmd += "--host #{config["host"]} "         unless config["host"].blank?
+cmd += "--password='#{config["password"]}' " unless config["password"].blank?
+cmd += "--port #{config["port"]} "         unless config["port"].blank?
+cmd += "#{config["database"]} "
+#cmd += " < #{$pipe_file}"
+
+if daemon
+  cmd += ">> /var/log/prisma-mysqlpipe.mysql "
+end
+
+# create the fifo file if it does not yet exists
+pipe_cmd = "/usr/bin/mkfifo #{$pipe_file}"
+if not File.exists?($pipe_file)
+  if dryrun
+    $log.info("Would create pipe with: #{pipe_cmd.inspect}")
+  else 
+    system(pipe_cmd) 
+  end
+end
+
+# make a deamon if necessary
+daemonize(:pid_file => "/var/run/prisma-mysqlpipe") if daemon
+
+system("logger","Started prisma-mysqlpipe") unless dryrun
+
+$log.info{"#{$pipe_file} not found!"} unless File.exists?($pipe_file)
+$log.info{"Starting pipe."}
+
+$terminate = false
+pid = fork do
+  $log.info{"Forked to restart daemon."}
+
+  def stop_pipe
+    $terminate = true
+    $log.info("Caught signal TERM.")
+    $log.info("Write exit.")
+    begin 
+      open($pipe_file,"w") {|f| f.write("quit\n")}
+    rescue
+      $log.error($!)      
+    end
+  end
+
+  Signal.trap("TERM") do stop_pipe end
+  Signal.trap("INT") do stop_pipe end
+
+  while not $terminate and (dryrun or File.exists?($pipe_file)) 
+    $log.info("Executing command #{cmd.inspect}.")
+    if dryrun
+      $log.info("Would start cmd: #{cmd}")
+      while !$terminate
+        sleep(sleeping_time)
+      end
+    else
+      if not system(cmd)
+        $log.info("No success in:#{cmd}\n")
+        if not $terminate
+          sleep(sleeping_time)
+          $log.info("Retrying...")
+        end
+      else
+        $log.info("#{cmd} terminated\n")
+      end
+    end
+  end
+
+  if dryrun or File.exists?($pipe_file)
+    # do not remove that or ensure to restart
+    # syslog after creating new pipe. Syslog does not 
+    # know when pipe is recreated and writes to
+    # old file.
+    # File.delete($pipe_file) 
+  else
+    $log.info("pipe does not exist anymore!")
+  end
+  $log.info("Ended mysqlpipe\n")
+end
+
+$log.info("Forked pid #{pid}")
+Signal.trap("TERM") do process_signal(pid,"TERM") end
+Signal.trap("INT") do process_signal(pid,"INT") end
+
+def process_signal(pid,signal)
+  $log.info("Stopping on signal #{signal}.")
+
+  $terminate = true
+  $log.info("Killing child #{pid} with signal #{signal}")
+  Process.kill(signal,pid)
+  Process.kill(signal,pid)
+end
+ret = Process.wait
+
+$log.info("Program ended.")

Added: incubator/alois/trunk/prisma/bin/prisma-old
URL: http://svn.apache.org/viewvc/incubator/alois/trunk/prisma/bin/prisma-old?rev=1031127&view=auto
==============================================================================
--- incubator/alois/trunk/prisma/bin/prisma-old (added)
+++ incubator/alois/trunk/prisma/bin/prisma-old Thu Nov  4 18:27:22 2010
@@ -0,0 +1,131 @@
+#! /usr/bin/ruby1.8
+require 'libisi'
+init_libisi(:log_levels => [:DEBUG, :INFO, :PERF, :WARN, :ERROR, :FATAL],
+	    # Enable PERF level by default
+	    :level => :perf)
+
+count = nil
+daemon = false
+force = false
+messages = false
+type = :fifo
+waiting_time = nil
+kill = false
+klass = nil
+
+args = optparse do |o|
+  o.on( "-c", "--count COUNT", "Amount of recrods to process per step.") do |c|
+    count = c
+  end
+
+  o.on( "-w", "--waiting WAITINGTIME", "The time in seconds to wait if the queue table is empty.") do |w|
+    waiting_time = w.to_i
+  end
+
+  o.on( "-m", "--messages", "Transform untransformed messages." ) do |a|
+    messages = true
+  end
+
+  o.on( "-k", "--klass name", "Transform only queue with this class (no subtrheads.") do |klass| end
+
+  o.on( "--all", "Transform all messages in the queue." ) do |a|
+    type = :all
+  end
+  
+  o.on( "-d", "--daemon", "Run as daemon." ) do |a|
+    daemon = true
+  end
+
+  o.on( "-f", "--force", "Force prisma to run even if do_not_run_prisma is defined." ) do |a|
+    force = true
+  end
+
+  o.on( "--kill", "Kill still running prisma processes if some available." ) do |a|
+    kill = true
+  end
+end
+arg = args[0]
+
+initialize_rails
+unless ENV["LOG_OUTPUT"]
+  new_logger("prisma", (rails_root + "log/prisma.log").to_s)
+end
+
+def prisma_processes
+  open("|ps ax | grep '/usr/bin/prisma' | grep -v sentinel | grep -v grep") {|f| f.readlines}.map {|l|
+    l =~ /^\s*(\d+) /; $1.to_i
+  }.reject {|p| p == Process.pid}
+end
+# check that no other prisma processes are running
+# -d means only children.
+running_pids = prisma_processes
+if (num = running_pids.length) > 0
+  unless kill
+    throw "There are still #{num} prisma #{running_pids.inspect} around. Not starting Prisma!"
+  else
+    STDERR.print("Killing running prismas #{running_pids.inspect}.\n")
+    $log.warn("Killing running prismas #{running_pids.inspect}.")
+    running_pids.each {|running_pid|
+      Process.kill("KILL", running_pid)
+    }
+    sleep 1
+    
+    if prisma_processes.length > 0
+      throw "Could not kill all prismas."      
+    end
+  end
+end
+
+
+# make a deamon if necessary
+if (daemon) then
+  fork and exit
+  File.open("/var/run/prisma","w") do |f| 
+    f << Process.pid
+  end
+  
+  # child becomes session leader and disassociates controlling tty.
+  # namely do Process.setpgrp + \alpha.
+  Process.setsid
+  
+  # at here already the child process have become daemon. the rest
+  # is just for behaving well.
+  
+  # ensure no extra I/O.
+  File.open("/dev/null", "r+") do
+    |devnull|
+    $stdin.reopen(devnull)
+    $stdout.reopen("/var/log/alois/prisma.log")
+    $stderr.reopen("/var/log/alois/prisma.err")
+  end
+  # ensure daemon process not to prevent shutdown process.
+  Dir.chdir("/")
+end
+
+if $default_niceness
+  Process.setpriority(Process::PRIO_USER, 0, $default_niceness)      
+  Process.setpriority(Process::PRIO_PROCESS, 0,$default_niceness)   
+end
+
+if force; $do_not_run_prisma = false; end
+
+# if daemon this must be done
+Prisma.reconnect if daemon
+
+# check if the databases have the right scheme
+DefaultSchemaMigration.check_schema_versions!
+
+if klass
+  source = SourceDbMeta.new.prisma_initialize(type, eval(klass), count,nil, false, waiting_time)
+  $enable_dublette_recognition = source.may_contain_dublettes
+  source.transform
+  exit 0
+end
+
+if messages then
+  Prisma.transform_messages
+else
+  Prisma.transform_queues(type,count,waiting_time)
+end
+
+exit 0

Added: incubator/alois/trunk/prisma/bin/prisma-sendlog
URL: http://svn.apache.org/viewvc/incubator/alois/trunk/prisma/bin/prisma-sendlog?rev=1031127&view=auto
==============================================================================
--- incubator/alois/trunk/prisma/bin/prisma-sendlog (added)
+++ incubator/alois/trunk/prisma/bin/prisma-sendlog Thu Nov  4 18:27:22 2010
@@ -0,0 +1,79 @@
+#! /usr/bin/ruby1.8
+require "libisi"
+init_libisi(:ui => "console")
+
+require 'socket'
+
+syslog_dest = 13
+$syslog_port = 514
+$syslog_server = nil
+file = nil
+message = nil
+$interval = 1
+repetition = 1
+
+opts = optparse do |o|
+
+  o.on( "-f", "--file FILE", "File containing log lines." ) do |file| end
+  o.on( "-s", "--server SERVER", "Server to send logs to. (instead of reading alois-configfile)" ) do |$syslog_server| end
+  o.on( "-p", "--port PORTNUM", "Port to use instead of port #{$syslog_port}." ) do |arg|
+    $syslog_port = arg.to_i
+  end
+
+  o.on( "-i", "--interval SECONDS", "Waiting time between sending the messages. (default: #{$interval}s)" ) do |i|
+    $interval = i.to_i
+  end
+
+  o.on( "-n", "--repetition TIMES", "Number of repetitions- (default: #{repetition}, -1 is infinite)" ) do |n|
+    repetition = n.to_i
+  end
+
+end
+
+message = ARGV[0]
+
+throw "Please specify either a file or a message." if 
+  (message.blank? and file.blank?)
+
+if $syslog_server.blank?
+  cf = Pathname.new(__FILE__).dirname + "../conf/prisma/environment.rb"
+  if cf.exist?
+    require cf 
+  else
+    require "/etc/prisma/environment.rb"
+  end
+  config = Prisma::Database.db_config("pumpy")
+  $syslog_server = config["host"]
+
+  $syslog_server ||= "localhost"
+end
+
+$log.info("Using server #{$syslog_server}:#{$syslog_port}...")
+
+$num = 1
+$socket = UDPSocket.new
+
+def send(msg)
+  print "Send(#{$num} to #{$syslog_server}:#{$syslog_port}): "
+  p msg
+  $num = $num + 1
+  $socket.send(msg, 0, $syslog_server, $syslog_port)
+  sleep($interval) if ($interval and $interval > 0)
+end
+
+while (repetition == -1 or repetition > 0)
+  if file 
+    for line in open(file)
+      send(line)
+    end
+  else
+    send(message)
+  end  
+  repetition = repetition -1
+end
+
+#EventLog.open('Application').tail{ |log|
+#   message = "WinEventLog 
+##{log.time_generated.asctime}||#{log.event_type}||#{log.source}||#{log.computer}||#{log.user}||#{log.description}"
+#   s.send("<#{syslog_dest}>#{message}",0,syslog_server,syslog_port)
+#}

Added: incubator/alois/trunk/prisma/bin/prisma-test
URL: http://svn.apache.org/viewvc/incubator/alois/trunk/prisma/bin/prisma-test?rev=1031127&view=auto
==============================================================================
--- incubator/alois/trunk/prisma/bin/prisma-test (added)
+++ incubator/alois/trunk/prisma/bin/prisma-test Thu Nov  4 18:27:22 2010
@@ -0,0 +1,49 @@
+#! /usr/bin/ruby1.8
+require "libisi"
+init_libisi(:ui => "console")
+
+opts = optparse
+
+cf = Pathname.new(__FILE__).dirname + "../conf/prisma/environment.rb"
+if cf.exist?
+  require cf 
+else
+  require "/etc/prisma/environment.rb"
+end
+
+bin_dir = Pathname.new(__FILE__).dirname
+
+error_ocurred = false
+
+def check_script(bin, args = "")
+  cmd = "ruby #{bin} #{args}"
+  $log.info("Checking #{cmd}")
+  unless system(cmd)
+    $log.error("#{cmd} did not exit normally")
+    return false
+  end
+  true
+end
+
+error_ocurred = (check_script(bin_dir + "prisma-munin-prismadb") or error_ocurred)
+error_ocurred = (check_script(bin_dir + "prisma-cleanup-raws","syslogd_raws --dryrun") or error_ocurred)
+
+Prisma::Database.load_classes("pumpy")
+
+count = SyslogdRaw.count
+
+error_ocurred = (check_script(bin_dir + "prisma-sendlog","'Testmessage'") or error_ocurred)
+
+sleep 1
+
+new_count = SyslogdRaw.count
+
+unless new_count > count
+  error_ocurred = true
+  $log.error("After sending a log no new log in syslogd_raws. !(#{new_count} > #{count})")
+end
+
+
+
+
+

Added: incubator/alois/trunk/prisma/conf/prisma/environment.rb
URL: http://svn.apache.org/viewvc/incubator/alois/trunk/prisma/conf/prisma/environment.rb?rev=1031127&view=auto
==============================================================================
--- incubator/alois/trunk/prisma/conf/prisma/environment.rb (added)
+++ incubator/alois/trunk/prisma/conf/prisma/environment.rb Thu Nov  4 18:27:22 2010
@@ -0,0 +1,77 @@
+# Copyright 2010 The Apache Software Foundation.
+# 
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+# http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require "pathname"
+ENV["GEM_HOME"] = nil if ENV["GEM_HOME"] and !Pathname.new(ENV["GEM_HOME"]).exist?
+ENV["GEM_PATH"] = nil if ENV["GEM_PATH"] and !Pathname.new(ENV["GEM_PATH"]).exist?
+
+unless defined?(ActiveRecord::Base)
+  require "rubygems"
+  gem('activerecord', "2.3.2")
+  gem('activesupport', "2.3.2")
+  require "activerecord"
+end
+$log.debug("Your running on activerecrod version: #{ActiveRecord::VERSION::STRING}")
+
+ActiveRecord::Base.logger = $log #Logger.new(File.open('database.log', 'a'))
+require 'yaml'
+
+unless defined?(PRISMA_ENV)
+  if __FILE__.to_s == "/etc/prisma/environment.rb"
+    PRISMA_ENV = (ENV["PRISMA_ENV"] or "production")
+  else
+    PRISMA_ENV = (ENV["PRISMA_ENV"] or "development")
+  end
+end
+ENV["PRISMA_ENV"] = PRISMA_ENV
+
+$log.info("PRISMA_ENV = #{PRISMA_ENV}")
+
+env_file =  Pathname.new(__FILE__).dirname + "environment_#{PRISMA_ENV}.rb"
+require env_file if env_file.exist?
+
+PRISMA_ROOT = Pathname.new(__FILE__).dirname + "../.." unless defined?(PRISMA_ROOT)
+PRISMA_LOG_DIR = PRISMA_ROOT + "log" unless defined?(PRISMA_LOG_DIR)
+PRISMA_ARCHIVE = PRISMA_ROOT + "archive" unless defined?(PRISMA_ARCHIVE)
+PRISMA_LIB_PATH = PRISMA_ROOT + "lib" unless defined?(PRISMA_LIB_PATH)
+PRISMA_LOG = PRISMA_ROOT + "log" unless defined?(PRISMA_LOG)
+PRISMA_CONFIG_PATH = Pathname.new(__FILE__).dirname
+
+local_data = Pathname.new(__FILE__).dirname + "../../data/prisma"
+global_data = Pathname.new("/usr/share/prisma/")
+if local_data.exist?
+  PRISMA_DATA_PATH = local_data
+else
+  PRISMA_DATA_PATH = global_data
+end  
+
+$archive_pattern =  PRISMA_ROOT + "archive/%t/%i/%d.arch" unless $archive_pattern
+
+unless defined?(RAILS_ENV)
+  alois_lib = (Pathname.new(__FILE__).dirname + "../../../rails/lib/")
+  $:.push(alois_lib.to_s) if alois_lib.exist?
+  require "alois/utils.rb"
+  require "alois/date_time_enhance.rb"
+end
+$:.push(PRISMA_LIB_PATH.to_s) if PRISMA_LIB_PATH.exist?
+require "prisma.rb"
+
+MAX_QUEUE_SIZES = {"syslogd_raws" => 1000000}
+
+# do not run prisma by default
+$do_not_run_prisma = true
+
+# delete logs in the database before:
+$delete_logs_before = 3.months.ago
+

Added: incubator/alois/trunk/prisma/conf/prisma/environment_production.rb
URL: http://svn.apache.org/viewvc/incubator/alois/trunk/prisma/conf/prisma/environment_production.rb?rev=1031127&view=auto
==============================================================================
--- incubator/alois/trunk/prisma/conf/prisma/environment_production.rb (added)
+++ incubator/alois/trunk/prisma/conf/prisma/environment_production.rb Thu Nov  4 18:27:22 2010
@@ -0,0 +1,19 @@
+# Copyright 2010 The Apache Software Foundation.
+# 
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+# http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+PRISMA_ROOT = Pathname.new("/var/lib/prisma/")
+PRISMA_LOG_DIR = Pathname.new("/var/log/prisma")
+PRISMA_ARCHIVE = (PRISMA_ROOT + "archive")
+PRISMA_LIB_PATH = Pathname.new("/usr/lib/ruby/1.8/")
+PRISMA_LOG = Pathname.new("/var/log/prisma/log")

Added: incubator/alois/trunk/prisma/conf/prisma/environment_test.rb
URL: http://svn.apache.org/viewvc/incubator/alois/trunk/prisma/conf/prisma/environment_test.rb?rev=1031127&view=auto
==============================================================================
--- incubator/alois/trunk/prisma/conf/prisma/environment_test.rb (added)
+++ incubator/alois/trunk/prisma/conf/prisma/environment_test.rb Thu Nov  4 18:27:22 2010
@@ -0,0 +1,16 @@
+# Copyright 2010 The Apache Software Foundation.
+# 
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+# http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+PRISMA_ROOT = Pathname.new("/tmp/prisma")
+PRISMA_LIB_PATH = Pathname.new(__FILE__).dirname + "../../lib" unless defined?(PRISMA_LIB_PATH)

Added: incubator/alois/trunk/prisma/conf/prisma/prisma_database.yml
URL: http://svn.apache.org/viewvc/incubator/alois/trunk/prisma/conf/prisma/prisma_database.yml?rev=1031127&view=auto
==============================================================================
--- incubator/alois/trunk/prisma/conf/prisma/prisma_database.yml (added)
+++ incubator/alois/trunk/prisma/conf/prisma/prisma_database.yml Thu Nov  4 18:27:22 2010
@@ -0,0 +1,15 @@
+development:
+  adapter: sqlite3
+  database: prisma_dev_database.sqlite3
+
+test:
+  adapter: sqlite3
+  database: prisma_test_database.sqlite3
+
+production:
+  adapter: mysql
+  database: prisma
+  username: root
+  password: test
+  host: localhost
+  reconnect: true

Added: incubator/alois/trunk/prisma/conf/prisma/pumpy_database.yml
URL: http://svn.apache.org/viewvc/incubator/alois/trunk/prisma/conf/prisma/pumpy_database.yml?rev=1031127&view=auto
==============================================================================
--- incubator/alois/trunk/prisma/conf/prisma/pumpy_database.yml (added)
+++ incubator/alois/trunk/prisma/conf/prisma/pumpy_database.yml Thu Nov  4 18:27:22 2010
@@ -0,0 +1,23 @@
+development:
+  adapter: sqlite3
+  database: pumpy_dev_database.sqlite3
+
+test:
+  adapter: mysql
+  database: pumpy_test
+  username: root
+  password: test
+  host: localhost
+  reconnect: true
+
+#test:
+#  adapter: sqlite3
+#  database: pumpy_test_database.sqlite3
+
+production:
+  adapter: mysql
+  database: pumpy
+  username: root
+  password: test
+  host: localhost
+  reconnect: true

Added: incubator/alois/trunk/prisma/data/prisma/prisma_database/model/ace_passcode_meta.rb
URL: http://svn.apache.org/viewvc/incubator/alois/trunk/prisma/data/prisma/prisma_database/model/ace_passcode_meta.rb?rev=1031127&view=auto
==============================================================================
--- incubator/alois/trunk/prisma/data/prisma/prisma_database/model/ace_passcode_meta.rb (added)
+++ incubator/alois/trunk/prisma/data/prisma/prisma_database/model/ace_passcode_meta.rb Thu Nov  4 18:27:22 2010
@@ -0,0 +1,28 @@
+# Copyright 2010 The Apache Software Foundation.
+# 
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+# http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+  class AcePasscodeMeta < ActiveRecord::Base
+    
+    description "Meta information about passcodes on ace server."
+    sources ["WindowsEventMeta","LogMeta"]
+    def self.may_have_messages?; false; end
+    
+    preseed_expression /^(.{1,40}) \(Login:\'([^\']*)\'; User Name:\'([^\']*)\'; Token:\'([^\']*)\'; Group:\'([^\']*)\'; Site:\'([^\']*)\'; Agent Host:\'([^\']*)\'; Server:\'([^\']*)\'\). *$/
+    
+    def self.expressions
+      [{ :regex => /^(.*) \(Login:\'([^\']*)\'; User Name:\'([^\']*)\'; Token:\'([^\']*)\'; Group:\'([^\']*)\'; Site:\'([^\']*)\'; Agent Host:\'([^\']*)\'; Server:\'([^\']*)\'\). *$/,
+	  :fields => [:action, :login, :user_name, :token, :group_name, :site, :agent_host, :server]}]
+    end
+    
+  end

Added: incubator/alois/trunk/prisma/data/prisma/prisma_database/model/alois_schema_migration.rb
URL: http://svn.apache.org/viewvc/incubator/alois/trunk/prisma/data/prisma/prisma_database/model/alois_schema_migration.rb?rev=1031127&view=auto
==============================================================================
--- incubator/alois/trunk/prisma/data/prisma/prisma_database/model/alois_schema_migration.rb (added)
+++ incubator/alois/trunk/prisma/data/prisma/prisma_database/model/alois_schema_migration.rb Thu Nov  4 18:27:22 2010
@@ -0,0 +1,23 @@
+# Copyright 2010 The Apache Software Foundation.
+# 
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+# http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+  # Class for accessing alois database schema version
+  class AloisSchemaMigration < ActiveRecord::Base
+    set_table_name "schema_migrations"
+
+    def self.version
+      self.find(:all).sort_by {|m| m.version.to_i}[-1].version.to_i
+    end
+  end
+

Added: incubator/alois/trunk/prisma/data/prisma/prisma_database/model/amavis_meta.rb
URL: http://svn.apache.org/viewvc/incubator/alois/trunk/prisma/data/prisma/prisma_database/model/amavis_meta.rb?rev=1031127&view=auto
==============================================================================
--- incubator/alois/trunk/prisma/data/prisma/prisma_database/model/amavis_meta.rb (added)
+++ incubator/alois/trunk/prisma/data/prisma/prisma_database/model/amavis_meta.rb Thu Nov  4 18:27:22 2010
@@ -0,0 +1,40 @@
+# Copyright 2010 The Apache Software Foundation.
+# 
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+# http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+  class AmavisMeta < ActiveRecord::Base
+
+    description "Amavis Logs"
+    sources ["PureMeta", "LogMeta"]
+    
+    preseed_expression /^amavis\[/
+
+    def self.may_have_messages?; false; end
+    
+    def self.expressions
+      ret = []
+      
+      ret.push({ :regex => /^amavis\[([^\]]*)\]: \(([^)]*)\) ([^ ]*) ([^,]*), \[([^\]]*)\] ([^ ]*) -> (.*), Message-ID: ([^,]*), Hits: ([^,]*), ([^ ]*) ms( *)$/,
+		 :fields => [:process_id, :amavis_id, :action, :status, :ip, :from_field, :to_field,
+		   :message_id, :hits, :process_time,nil]})
+      
+      ret.push({ :regex => /^amavis\[([^\]]*)\]: \(([^)]*)\) ([^ ]*) ([^ ]*) \(([^)]*)\), ([^ ]*) -> (.*), quarantine: ([^,]*), Hits: ([^,]*), ([^ ]*) ms( *)$/,
+		 :fields => [:process_id, :amavis_id, :action, :status, :signature,
+		   :from_field, :to_field, :quarantine, :hits, :process_time,nil]})
+      
+      return ret
+    end
+    
+  end
+
+

Added: incubator/alois/trunk/prisma/data/prisma/prisma_database/model/apache_file_meta.rb
URL: http://svn.apache.org/viewvc/incubator/alois/trunk/prisma/data/prisma/prisma_database/model/apache_file_meta.rb?rev=1031127&view=auto
==============================================================================
--- incubator/alois/trunk/prisma/data/prisma/prisma_database/model/apache_file_meta.rb (added)
+++ incubator/alois/trunk/prisma/data/prisma/prisma_database/model/apache_file_meta.rb Thu Nov  4 18:27:22 2010
@@ -0,0 +1,43 @@
+# Copyright 2010 The Apache Software Foundation.
+# 
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+# http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+  class ApacheFileMeta < ActiveRecord::Base
+
+    description "Apache Logfile Infos"
+    sources ["FileMeta"]
+    
+    def initialize( source_meta, virtual_host, message )
+      super(source_meta)
+      self.virtual_host = virtual_host
+      self.save
+      for line in message.msg
+	pure = PureMeta.new.prisma_initialize(self, {:message=>line})
+	pure.transform
+      end
+    end
+    
+    def self.create_meta( meta_message, message )
+      if meta_message.class == FileMeta then
+	if meta_message.filetype == "apache" then
+	  virtual_host = meta_message.read_option("virtual_host")
+	  if virtual_host == nil then
+	    $log.error("Option virtual_host not defined for apache-file.") if $log.error?
+	    return nil
+	  else
+	    return self.new.prisma_initialize(meta_message, virtual_host, message)
+	  end
+	end
+      end
+    end
+  end

Added: incubator/alois/trunk/prisma/data/prisma/prisma_database/model/apache_log_meta.rb
URL: http://svn.apache.org/viewvc/incubator/alois/trunk/prisma/data/prisma/prisma_database/model/apache_log_meta.rb?rev=1031127&view=auto
==============================================================================
--- incubator/alois/trunk/prisma/data/prisma/prisma_database/model/apache_log_meta.rb (added)
+++ incubator/alois/trunk/prisma/data/prisma/prisma_database/model/apache_log_meta.rb Thu Nov  4 18:27:22 2010
@@ -0,0 +1,30 @@
+# Copyright 2010 The Apache Software Foundation.
+# 
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+# http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+  class ApacheLogMeta < ActiveRecord::Base
+
+    description "Additional apache metas for a apache message over pure."
+
+    def self.may_have_messages?; false; end
+        
+    def self.create_table()
+      connection.create_table table_name do |t|
+	t.column :forensic_id, :string, :limit => 30
+	t.column :serve_time, :integer
+        t.column :host, :string, :limit => 50
+    end
+      $log.info "Created table #{table_name}." if $log.info?
+    end
+  end
+

Added: incubator/alois/trunk/prisma/data/prisma/prisma_database/model/apache_meta.rb
URL: http://svn.apache.org/viewvc/incubator/alois/trunk/prisma/data/prisma/prisma_database/model/apache_meta.rb?rev=1031127&view=auto
==============================================================================
--- incubator/alois/trunk/prisma/data/prisma/prisma_database/model/apache_meta.rb (added)
+++ incubator/alois/trunk/prisma/data/prisma/prisma_database/model/apache_meta.rb Thu Nov  4 18:27:22 2010
@@ -0,0 +1,65 @@
+# Copyright 2010 The Apache Software Foundation.
+# 
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+# http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+  class ApacheMeta < ActiveRecord::Base
+
+    description "Parsed apache messages"
+    sources ["PureMeta", "LogMeta"]
+
+    def self.may_have_messages?; false; end
+
+    def self.expressions
+      ret = []
+      ret.push({ :condition => lambda {|message, meta_class, meta_instance| meta_class == PureMeta },
+		 :regex => /^(?:.*(?:apache|apache2):\s+)?(\S+)\s+(.*?)\s+(.*?)\s+\[(\d+\/\S+\/\d+:\d+:\d+:\d+\s+.*?)\]\s+\"(.*?)\"\s+(\S+)\s+(\S+)\s+\"(.*?)\"\s+\"(.*?)\"\s+\"(.*?)\"\s+(\S+)\s+(\S*)\s*(.*)$/,
+		 :result_filter => lambda {|results, meta_instance| 
+		   datetime = DateTime.strptime(results[3], "%d/%b/%Y:%H:%M:%S %Z")
+		   results[12] = results[12].strip if results[12]
+                   results[12] = nil if results[12] == ''
+
+		   meta = ApacheLogMeta.new.prisma_initialize(meta_instance,{ 
+					    :forensic_id => results.delete_at(9),
+					    :serve_time => results.delete_at(9),
+					      :host => results.delete_at(9)})
+		   results[3] = Time.local(datetime.year(), datetime.month(), datetime.day(), datetime.hour(), datetime.min(), datetime.sec())
+		   results.push(datetime)
+		   results
+		 },
+		 :fields => [:remote_host, :remote_logname, :remote_user, :time, :first_line, :status, :bytes, :referer, :useragent, :message, :date]})
+      
+      # apache: test.example.com - - [11/Jul/2006:02:12:24 +0200] "GET / HTTP/1.0" 302 332 "-" "check_http/1.81 (nagios-plugins 1.4)" "-" 0 www2.example.com
+      # apache: test.example.com - - [07/Jul/2006:13:27:28 +0200] "GET / HTTP/1.1" 302 345 "-" "Mozilla/5.0 (X11; U; Linux i686; de; rv:1.8.0.4) Gecko/20060608 Ubuntu/dapper-security Firefox/1.5.0.4" "-" 0 www2.example.com
+      # LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" \"%{forensic-id}n\" %T %v" full
+
+      ret.push({ :condition => lambda {|message, meta_class, meta_instance| meta_class == LogMeta },
+		 :regex => /^.*(?:apache|apache2):\s+(\S+)\s+(.*?)\s+(.*?)\s+\[(\d+\/\S+\/\d+:\d+:\d+:\d+\s+.*?)\]\s+\"(.*?)\"\s+(\S+)\s+(\S+)\s+\"(.*?)\"\s+\"(.*?)\"\s+\"(.*?)\"\s+(\S+)\s+(\S*)\s*(.*)$/,
+		 :result_filter => lambda {|results, meta_instance| 
+		   datetime = DateTime.strptime(results[3],"%d/%b/%Y:%H:%M:%S %Z")		   
+		   results[12] = results[12].strip if results[12]
+                   results[12] = nil if results[12] == ''
+
+		   meta = ApacheLogMeta.new.prisma_initialize(meta_instance,{ 
+					    :forensic_id => results.delete_at(9),
+					    :serve_time => results.delete_at(9),
+					      :host => results.delete_at(9)})
+		   results[3] = Time.local(datetime.year(), datetime.month(), datetime.day(), datetime.hour(), datetime.min(), datetime.sec())
+		   results.push(datetime)
+		   results
+		 },
+		 :fields => [:remote_host, :remote_logname, :remote_user, :time, :first_line, :status, :bytes, :referer, :useragent, :message, :date]})
+      return ret
+    end
+    
+  end
+

Added: incubator/alois/trunk/prisma/data/prisma/prisma_database/model/archive_meta.rb
URL: http://svn.apache.org/viewvc/incubator/alois/trunk/prisma/data/prisma/prisma_database/model/archive_meta.rb?rev=1031127&view=auto
==============================================================================
--- incubator/alois/trunk/prisma/data/prisma/prisma_database/model/archive_meta.rb (added)
+++ incubator/alois/trunk/prisma/data/prisma/prisma_database/model/archive_meta.rb Thu Nov  4 18:27:22 2010
@@ -0,0 +1,55 @@
+# Copyright 2010 The Apache Software Foundation.
+# 
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+# http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+  class ArchiveMeta < ActiveRecord::Base
+
+    description "Metadatas for database sources (pumpy raw table imports)."
+    
+    def self.each_message_of_file(filename)
+      for line in open(filename)
+	msg = nil
+	begin	 
+	  # leave this for security (evaluating string)
+	  throw "Leading and/or tailing \" not found in line #{self.current}!" unless line =~ /^".*\"$/
+	  throw "Suspicious line found at line #{self.current} (unquoted \" found)!" if line =~ /\".*[^\\]\".*\"/
+	  msg = YAML.parse(eval(line)).transform
+	rescue 
+	 $log.error "Error getting archive record \##{self.current}. (#{$!.message})" if $log.error?
+	end
+	yield msg if msg
+	exit(0) if $terminate
+      end
+    end
+    
+    def initialize( filename ) 
+      super(nil)
+      self.filename = filename
+      self.current = 0
+      self.total = open(filename).readlines.length
+      self.todo = self.total
+      self.save
+    end
+    
+    def messages
+      raise LocalJumpError unless block_given?
+      Archivator.messages(filename) {|m|
+	yield m
+	self.current = self.current + 1
+	self.todo = self.total - self.current
+	self.save
+	exit(0) if $terminate	
+      }
+    end
+
+  end

Added: incubator/alois/trunk/prisma/data/prisma/prisma_database/model/cisco_base_meta.rb
URL: http://svn.apache.org/viewvc/incubator/alois/trunk/prisma/data/prisma/prisma_database/model/cisco_base_meta.rb?rev=1031127&view=auto
==============================================================================
--- incubator/alois/trunk/prisma/data/prisma/prisma_database/model/cisco_base_meta.rb (added)
+++ incubator/alois/trunk/prisma/data/prisma/prisma_database/model/cisco_base_meta.rb Thu Nov  4 18:27:22 2010
@@ -0,0 +1,31 @@
+# Copyright 2010 The Apache Software Foundation.
+# 
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+# http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+  class CiscoBaseMeta < ActiveRecord::Base
+
+    description "Cisco Logs"
+    sources ["LogMeta","SyslogdSmallBaseMeta"]
+
+
+    def self.expressions
+      ret = []
+      ret.push({ :regex => /^([^ |]*?) \%([^-]*?)\-([^-]*?)\-([^:]*?)\: ([^\|]*)/,
+		 :fields => [:ip, :message_type, :severity, :message_number, :message]})
+      ret.push({ :regex => /^\%([^-]*?)\-([^-]*?)\-([^:]*?)\: ([^\|]*)/,
+		 :fields => [:message_type, :severity, :message_number, :message]})
+      return ret
+    end
+
+  end
+

Added: incubator/alois/trunk/prisma/data/prisma/prisma_database/model/cisco_firewall_connection_meta.rb
URL: http://svn.apache.org/viewvc/incubator/alois/trunk/prisma/data/prisma/prisma_database/model/cisco_firewall_connection_meta.rb?rev=1031127&view=auto
==============================================================================
--- incubator/alois/trunk/prisma/data/prisma/prisma_database/model/cisco_firewall_connection_meta.rb (added)
+++ incubator/alois/trunk/prisma/data/prisma/prisma_database/model/cisco_firewall_connection_meta.rb Thu Nov  4 18:27:22 2010
@@ -0,0 +1,55 @@
+# Copyright 2010 The Apache Software Foundation.
+# 
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+# http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+  class CiscoFirewallConnectionMeta < ActiveRecord::Base
+
+    description "Cisco firewall connection messages."
+    sources ["CiscoBaseMeta", "LogMeta"]
+
+    def self.may_have_messages?; false; end
+
+    def self.expressions
+      ret = []
+      # Built ICMP connection for faddr 160.63.224.200/512 gaddr 10.73.248.181/0 laddr 10.73.248.181/0
+      ret.push({ :regex => /^(Teardown|Built|Built inbound|Built outbound) (ICMP) connection for faddr ([^\/]*)\/(\d*) gaddr ([^\/]*)\/(\d*) laddr ([^\/]*)\/(\d*) *$/,
+		 :fields => [:msg, :connection_type, :foreign_ip, :foreign_port, :global_to_ip, :global_to_port, :local_ip, :local_port]})
+
+      # Teardown UDP connection 139434 for kopo_outside:160.63.221.143/137 to inside:160.63.221.255/137 duration 0:02:01 bytes 150
+      ret.push({ :regex => /^(Teardown) (TCP|UDP) connection (\d*) for ([^:]*):([^\/]*)\/(\d*) to ([^:]*):([^\/]*)\/(\d*) duration (\d*:\d*:\d*) bytes (\d*) *$/,
+		 :fields => [:msg, :connection_type, :connection_id, :foreign_name, :foreign_ip, :foreign_port, :local_name, :local_ip, :local_port, :duration, :bytes]})
+
+
+      # Teardown TCP connection 139480 for inside:160.63.226.11/636 to NP Identity Ifc:10.73.248.181/1027 duration 0:00:00 bytes 583 TCP Reset-O 
+      ret.push({ :regex => /^(Teardown) (TCP|UDP) connection (\d*) for ([^:]*):([^\/]*)\/(\d*) to ([^:]*):([^\/]*)\/(\d*) duration (\d*:\d*:\d*) bytes (\d*)( .*)? *$/,
+		 :fields => [:msg, :connection_type, :connection_id, :foreign_name, :foreign_ip, :foreign_port, :local_name, :local_ip, :local_port, :duration, :bytes, :reason]})
+
+
+      # Built inbound UDP connection 139462 for management:10.73.134.134/1097 (10.73.134.134/1097) to NP Identity Ifc:10.73.248.81/161 (10.73.248.81/161)
+      # Built inbound UDP connection 320459 for kopo_outside:160.63.221.163/138 (160.63.221.163/138) to inside:160.63.221.255/138 (160.63.221.255/138) (3mre)
+      ret.push({ :regex => /^(Built inbound|Built outbound) (TCP|UDP) connection (\d*) for ([^:]*):([^\/]*)\/(\d*) \(([^\/]*)\/(\d*)\) to ([^:]*):([^\/]*)\/(\d*) \(([^\/]*)\/(\d*)\)( \(([^\)]*)\))? *$/,
+		 :fields => [:msg, :connection_type, :connection_id, :foreign_name, :foreign_ip, :foreign_port, :global_from_ip, :global_from_port, :local_name, :local_ip, :local_port, :global_to_ip, :global_to_port, nil, :user]})
+
+      # UDP access permitted from 10.73.134.134/59153 to inside:10.73.249.17/snmp   
+      # UDP access permitted from 10.73.134.142/40207 to inside:10.73.248.181/snmp
+      ret.push({ :regex => /^(UDP) (access permitted|request discarded) from ([^\/]*)\/([^ ]*) to ([^:]*):([^\/]*)\/([^ ]*) *$/,
+		 :fields => [:connection_type, :msg, :foreign_ip, :foreign_port, :local_name, :local_ip, :local_port]})
+
+      # LU allocate connection failed 
+      ret.push({ :regex => /^(LU allocate connection failed) *$/,
+		 :fields => [:msg]})
+      
+      return ret
+    end
+  end
+

Added: incubator/alois/trunk/prisma/data/prisma/prisma_database/model/cisco_firewall_meta.rb
URL: http://svn.apache.org/viewvc/incubator/alois/trunk/prisma/data/prisma/prisma_database/model/cisco_firewall_meta.rb?rev=1031127&view=auto
==============================================================================
--- incubator/alois/trunk/prisma/data/prisma/prisma_database/model/cisco_firewall_meta.rb (added)
+++ incubator/alois/trunk/prisma/data/prisma/prisma_database/model/cisco_firewall_meta.rb Thu Nov  4 18:27:22 2010
@@ -0,0 +1,44 @@
+# Copyright 2010 The Apache Software Foundation.
+# 
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+# http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+  class CiscoFirewallMeta < ActiveRecord::Base
+
+    description "Cisco firewall messages."
+    sources ["CiscoBaseMeta"]
+
+    def self.may_have_messages?; false; end
+
+    def self.expressions
+      ret = []
+      # Inbound TCP connection denied from 193.246.92.241/443 to 80.254.180.156/3770 flags RST ACK on interface outside
+      # Deny TCP (no connection) from 10.73.11.110/1811 to 10.73.248.81/23 flags RST  on interface management|
+      ret.push({ :regex => /^(.* )from ([^\/]*)\/([^ ]*) to ([^\/]*)\/([^ ]*) (.*) +on interface ([^ ]*) *$/,
+        :fields => [:msg, :source, :source_port, :destination, :destination_port,:msg, :interface]})
+
+      # Deny IP from 160.63.221.136 to 224.0.0.22, IP options: "Router Alert"| 
+      ret.push({ :regex => /^(.* )from ([^ ]*) to ([^,]*), (IP options: \"([^\"]*)\") *$/,
+        :fields => [:msg, :source, :destination, :msg, nil]})
+
+      # No route to 239.255.255.250 from 160.63.221.134|
+      ret.push({ :regex => /^(No route) to ([^ ]*) from ([^ ]*) *$/,
+        :fields => [:msg, :destination, :source]})
+
+      # TCP request discarded from 10.73.11.110/1817 to management:10.73.248.81/23		
+      # TCP access permitted from 10.73.11.110/1999 to management:10.73.248.81/telnet
+      ret.push({ :regex => /^(TCP .*) from ([^\/]*)\/([^ ]*) to ([^:]*):([^\/]*)\/(.*) *$/,
+        :fields => [:msg, :source, :source_port, :interface, :destination, :destination_port]})
+
+      return ret
+    end
+  end

Added: incubator/alois/trunk/prisma/data/prisma/prisma_database/model/cisco_meta.rb
URL: http://svn.apache.org/viewvc/incubator/alois/trunk/prisma/data/prisma/prisma_database/model/cisco_meta.rb?rev=1031127&view=auto
==============================================================================
--- incubator/alois/trunk/prisma/data/prisma/prisma_database/model/cisco_meta.rb (added)
+++ incubator/alois/trunk/prisma/data/prisma/prisma_database/model/cisco_meta.rb Thu Nov  4 18:27:22 2010
@@ -0,0 +1,94 @@
+# Copyright 2010 The Apache Software Foundation.
+# 
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+# http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+  class CiscoMeta < ActiveRecord::Base
+
+    description "Cisco parsed messages."
+    sources ["CiscoBaseMeta"]
+
+    def self.may_have_messages?; false; end
+
+    def self.expressions
+      ret = []
+      # Starting SSL handshake with client inside:127.0.0.1/9999 for TLSv1 session.
+      # Starting SSL handshake with client outside:127.0.0.1/9999 for TLSv1 session.
+      # Device completed SSL handshake with client outside:127.0.0.1/9999
+      # Device completed SSL handshake with server inside:127.0.0.1/9999
+      # Device completed SSL handshake with client outside:127.0.0.1/9999
+      # Device completed SSL handshake with client outside:127.0.0.1/9999
+      # SSL session with server inside:127.0.0.1/9999 terminated.
+      # SSL session with client outside:127.0.0.1/9999 terminated.
+      # SSL session with client outside:127.0.0.1/9999 terminated.
+      #SSL session with client outside:127.0.0.1/9999 terminated.|         
+
+      ret.push({ :regex => /^(.* (server|client) )([^:]*):([^\/]*)\/([^ ]*) ?(.*)$/,
+        :fields => [:msg, nil, :name, :ip, :port, :msg]})
+
+      # Group <test-vpn> User <test> IP <127.0.0.1> WebVPN session started.
+      # Group <test-vpn> User <test> IP <127.0.0.1> Authentication: successful, Session Type: WebVPN.
+      # Group <test-vpn> User <test> IP <127.0.0.1> SVC connection established with compression
+      # Group <test-vpn> User <test> IP <127.0.0.1> WebVPN session terminated: User Requested.
+      # Group <test-vpn> User <test> IP <127.0.0.1> SVC connection terminated with compression     
+      ret.push({ :regex => /^Group <([^>]*?)> User <([^>]*?)> IP <([^>]*?)> (.*)$/, 
+        :fields => [:group_name, :user, :ip, :msg]})
+
+      # User priv level changed: Uname: test From: 1 To: 15
+      ret.push({ :regex => /^User ([^:]*): Uname: ([^ ]*)( From: [^ ]* To: [^ ]*)$/, 
+        :fields => [:msg, :user,:msg]})
+
+      #  User authentication succeeded: Uname: test 
+      ret.push({ :regex => /^User ([^:]*): Uname: ([^ ]*)$/, 
+        :fields => [:msg, :user]})
+
+      # AAA retrieved default group policy (test-vpn) for user = test
+      ret.push({ :regex => /^(AAA .*) \(([^\)]*?)\) for user = ([^ ]*)$/, 
+        :fields => [:msg, :group_name, :user]})
+
+      # AAA user authorization Rejected : reason = Attribute not found : server = 127.0.0.1 : user = test
+      ret.push({ :regex => /^(AAA .*) : reason = (.*) : server = ([^ ]*) : user = ([^ ]*)$/, 
+        :fields => [:msg, :reason, :server, :user]})
+      ret.push({ :regex => /^(AAA .*) : server =  ([^ ]*) : user = ([^ ]*)$/, 
+        :fields => [:msg, :server, :user]})
+      ret.push({ :regex => /^(AAA .*) : user = ([^ ]*)$/, 
+        :fields => [:msg, :user]})
+
+      #Group = test-vpn, Username = test, IP = 127.0.0.1, Session disconnected. Session Type: SVC, Duration: 0h:13m:28s, Bytes xmt: 111111, Bytes rcv: 111111, Reason: User Requested|
+	ret.push({ :regex => /^Group = (.*), Username = (.*), IP = ([^,]*), (.*), Reason: (.*) *$/, 
+		   :fields => [:group_name, :user, :ip, :msg, :reason]})
+	ret.push({ :regex => /^Group = (.*), IP = ([^,]*), ([^=]*) *$/, 
+		   :fields => [:group_name, :ip, :msg]})
+	ret.push({ :regex => /^IP = ([^,]*), (.*with payloads.*) *$/, 
+		   :fields => [:ip, :msg]})
+
+      # User 'test' executed the 'terminal pager 0' command.
+      ret.push({ :regex => /^User \'([^\']*)\' (executed) the \'([^\']*)\'( command)\.$/,
+        :fields => [:user, :msg, :name, :msg]})
+
+      # Login permitted from 127.0.0.1/9999 to mgmt:127.0.0.1/telnet for user "test"|
+      ret.push({ :regex => /^(.*) from ([^\/]*)\/([^ ]*) to ([^:]*):([^\/]*)\/([^ ]*) for user \"([^\"]*)\"$/,
+        :fields => [:msg, :ip, :port, :name, :server, :server_port,:user]})
+
+      # ASDM session number 0 from 127.0.0.1 started
+      # ASDM logging session number 0 from 127.0.0.1 started
+      ret.push({ :regex => /^(ASDM.* session number (.*)) from ([^ ]*)( started)$/,
+        :fields => [:msg, nil, :ip, :msg]})
+
+      # User 'test' executed cmd: show vpn-sessiondb svc
+      # User 'test' executed cmd: show vpn-sessiondb summary
+      ret.push({ :regex => /^User \'([^\']*)\' (executed cmd): (.*)$/,
+        :fields => [:user, :msg, :name]})
+
+      return ret
+    end
+  end

Added: incubator/alois/trunk/prisma/data/prisma/prisma_database/model/cisco_session_meta.rb
URL: http://svn.apache.org/viewvc/incubator/alois/trunk/prisma/data/prisma/prisma_database/model/cisco_session_meta.rb?rev=1031127&view=auto
==============================================================================
--- incubator/alois/trunk/prisma/data/prisma/prisma_database/model/cisco_session_meta.rb (added)
+++ incubator/alois/trunk/prisma/data/prisma/prisma_database/model/cisco_session_meta.rb Thu Nov  4 18:27:22 2010
@@ -0,0 +1,31 @@
+# Copyright 2010 The Apache Software Foundation.
+# 
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+# http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+  class CiscoSessionMeta < ActiveRecord::Base
+
+    description "Cisco parsed messages."
+#    if PrismaDbVersion.database_version > 2
+#      sources ["CiscoMeta"] 
+#    end
+
+    def self.expressions
+      ret = []
+
+      # Session disconnected. Session Type: SVC, Duration: 0h:13m:28s, Bytes xmt: 393829, Bytes rcv: 446476, Reason: User Requested
+
+      ret.push({ :regex => /^Session (disconnected). Session Type: ([^,]*), Duration: ([^,]*), Bytes xmt: ([^,]*), Bytes rcv: ([^,]*), Reason: ([^,]*)$/,
+ 		 :fields => [:msg, :session_type, :duration, :out_bytes, :in_bytes, :reason]})
+      return ret
+    end
+  end

Added: incubator/alois/trunk/prisma/data/prisma/prisma_database/model/compression_meta.rb
URL: http://svn.apache.org/viewvc/incubator/alois/trunk/prisma/data/prisma/prisma_database/model/compression_meta.rb?rev=1031127&view=auto
==============================================================================
--- incubator/alois/trunk/prisma/data/prisma/prisma_database/model/compression_meta.rb (added)
+++ incubator/alois/trunk/prisma/data/prisma/prisma_database/model/compression_meta.rb Thu Nov  4 18:27:22 2010
@@ -0,0 +1,65 @@
+# Copyright 2010 The Apache Software Foundation.
+# 
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+# http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Class for uncompressing files
+class CompressionMeta < ActiveRecord::Base
+  
+  description "Metadatas for files."
+  sources ["FileMeta"]
+
+  DECOMPRESSION_COMMANDS = {
+    ".bz2" => "bunzip2",
+    ".gz" => "gunzip"
+  } unless defined?(DECOMPRESSION_COMMANDS)
+
+  def self.applyable?(parent, message)
+    return false unless parent.class == FileMeta 
+    $log.debug{"Extname for file is: #{parent.read_option("extname")}"}
+    res = self.compressed_extname?(parent.read_option("extname"))
+    $log.debug{"This file is compressed."} if res
+    res
+  end
+
+  def self.compressed_extname?(extname)
+    if DECOMPRESSION_COMMANDS[extname] then true else false end
+  end
+  
+  def read_option(name)
+    parent.read_option(name)
+  end
+
+  def filetype
+    parent.filetype
+  end
+  
+  def self.create_meta(meta_message, message)
+    if self.applyable?(meta_message,message)
+      extname = meta_message.read_option("extname")
+      cmd = DECOMPRESSION_COMMANDS[extname]
+
+      tmpf = "#{Dir.tmpdir}/CompressMeta-{Process.pid}"
+      File.open(tmpf + extname ,"w") {|f| f.write(message.msg)}
+      throw "'#{cmd} #{tmpf}#{extname}' not successful!" unless system("#{cmd} #{tmpf}#{extname}")
+      msg = File.open(tmpf ,"r") {|f| f.read}
+      FileUtils.rm(tmpf)
+      
+      return self.new.prisma_initialize(meta_message,{:extname => extname,
+			:inflate_command => cmd,
+			:inflated_size => msg.length,
+			:deflated_size => message.msg.length,
+			:message => msg })
+    end
+  end
+  
+end

Added: incubator/alois/trunk/prisma/data/prisma/prisma_database/model/cron_meta.rb
URL: http://svn.apache.org/viewvc/incubator/alois/trunk/prisma/data/prisma/prisma_database/model/cron_meta.rb?rev=1031127&view=auto
==============================================================================
--- incubator/alois/trunk/prisma/data/prisma/prisma_database/model/cron_meta.rb (added)
+++ incubator/alois/trunk/prisma/data/prisma/prisma_database/model/cron_meta.rb Thu Nov  4 18:27:22 2010
@@ -0,0 +1,40 @@
+# Copyright 2010 The Apache Software Foundation.
+# 
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+# http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+  class CronMeta < ActiveRecord::Base
+
+    description "Cron Logs"
+    sources ["PureMeta", "LogMeta"]
+    
+    preseed_expression /^CRON\[|^\/USR\/SBIN\/CRON\[/
+
+    def self.may_have_messages?; false; end
+
+    def self.expressions
+      ret = []
+
+      # CRON[30589]: (pam_unix) session closed for user root
+      ret.push({ :regex => /^CRON\[([^\]]*)\]: \(([^)]*)\) (.*) for user ([^ ]*)( *)$/,
+        :fields => [:process_id,:program,:action,:user,nil]})
+      # CRON[4614]: (pam_unix) session opened for user mail by (uid=0)     
+      ret.push({ :regex => /^CRON\[([^\]]*)\]: \(([^)]*)\) (.*) for user ([^ ]*) by \(uid=([^)]*)\)( *)$/,
+        :fields => [:process_id,:program,:action,:user,:uid,nil]})
+
+      # /USR/SBIN/CRON[4615]: (mail) CMD (  if [ -x /usr/lib/exim/exim3 -a -f /etc/exim/exim.conf ]; then /usr/lib/exim/exim3 -q ; fi) 
+      ret.push({ :regex => /^\/USR\/SBIN\/CRON\[([^\]]*)\]: \(([^)]*)\) (CMD) \(([^)]*)\)( *)$/,
+        :fields => [:process_id,:user,:action,:command,nil]})
+
+      return ret
+    end
+  end

Added: incubator/alois/trunk/prisma/data/prisma/prisma_database/model/fetchmail_meta.rb
URL: http://svn.apache.org/viewvc/incubator/alois/trunk/prisma/data/prisma/prisma_database/model/fetchmail_meta.rb?rev=1031127&view=auto
==============================================================================
--- incubator/alois/trunk/prisma/data/prisma/prisma_database/model/fetchmail_meta.rb (added)
+++ incubator/alois/trunk/prisma/data/prisma/prisma_database/model/fetchmail_meta.rb Thu Nov  4 18:27:22 2010
@@ -0,0 +1,32 @@
+# Copyright 2010 The Apache Software Foundation.
+# 
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+# http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+  class FetchmailMeta < ActiveRecord::Base
+
+    description "Fetchmail Logs"
+    sources ["PureMeta", "LogMeta"]
+
+    preseed_expression /^fetchmail.*$/
+
+    def self.may_have_messages?; false; end
+
+    def self.expressions
+      ret = []
+
+      ret.push({ :regex => /^fetchmail\[([^\]]*)\]: (POP3>|POP3<) (.*)$/,
+        :fields => [:process_id,:program,:action]})
+
+      return ret
+    end
+  end

Added: incubator/alois/trunk/prisma/data/prisma/prisma_database/model/file_meta.rb
URL: http://svn.apache.org/viewvc/incubator/alois/trunk/prisma/data/prisma/prisma_database/model/file_meta.rb?rev=1031127&view=auto
==============================================================================
--- incubator/alois/trunk/prisma/data/prisma/prisma_database/model/file_meta.rb (added)
+++ incubator/alois/trunk/prisma/data/prisma/prisma_database/model/file_meta.rb Thu Nov  4 18:27:22 2010
@@ -0,0 +1,59 @@
+# Copyright 2010 The Apache Software Foundation.
+# 
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+# http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+  class FileMeta < ActiveRecord::Base
+
+    description "Metadatas for files."
+    sources ["SourceDbMeta","ArchiveMeta"]
+
+    def filename
+      return File.join(self.dirname,self.basename)
+    end    
+    
+    def read_option(name)
+      $log.debug{"Splitting #{name}"}
+      return nil if options == nil
+      for option in options.split(",")
+	(option_name,option_value) = option.split("=")
+	return option_value if option_name == name 
+      end     
+      return nil
+    end
+
+    def filetype
+      return (self.read_option("type") or self.read_option("filetype"))
+    end
+
+    def self.create_meta(meta_record, message)
+      if message.class == FileRaw then
+	return self.new.prisma_initialize(meta_record,{:dirname => message.dirname,
+			  :basename => message.basename,
+			  :ftype => message.ftype, 
+			  :size =>  message.size, 
+			  :mtime => message.mtime,
+			  :atime => message.atime,
+			  :ctime => message.ctime,
+			  :umask => message.umask,
+			  :uid => message.uid,
+			  :gid => message.gid,
+			  :options => message.options,
+			  :message => message.msg})
+      end
+      return nil
+    end
+
+    def reproducable?
+      true
+    end
+  end

Added: incubator/alois/trunk/prisma/data/prisma/prisma_database/model/import_meta.rb-disabled
URL: http://svn.apache.org/viewvc/incubator/alois/trunk/prisma/data/prisma/prisma_database/model/import_meta.rb-disabled?rev=1031127&view=auto
==============================================================================
--- incubator/alois/trunk/prisma/data/prisma/prisma_database/model/import_meta.rb-disabled (added)
+++ incubator/alois/trunk/prisma/data/prisma/prisma_database/model/import_meta.rb-disabled Thu Nov  4 18:27:22 2010
@@ -0,0 +1,16 @@
+  class ImportMeta < ActiveRecord::Base
+
+    description "Meta information for pumpy imports."
+
+    def compute_hash(msg)
+      return -1
+    end
+
+    def initialize( raw_message )
+      super()
+      self.raw_id = raw_message.id
+      self.content_hash = compute_hash(raw_message.msg)
+      self.size = msg.length
+      self.save      
+    end
+  end

Added: incubator/alois/trunk/prisma/data/prisma/prisma_database/model/inet_header_meta.rb
URL: http://svn.apache.org/viewvc/incubator/alois/trunk/prisma/data/prisma/prisma_database/model/inet_header_meta.rb?rev=1031127&view=auto
==============================================================================
--- incubator/alois/trunk/prisma/data/prisma/prisma_database/model/inet_header_meta.rb (added)
+++ incubator/alois/trunk/prisma/data/prisma/prisma_database/model/inet_header_meta.rb Thu Nov  4 18:27:22 2010
@@ -0,0 +1,110 @@
+# Copyright 2010 The Apache Software Foundation.
+# 
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+# http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+class InetHeaderMeta < ActiveRecord::Base
+
+  description "Header of inet messages."
+  sources ["PureMeta", "LogMeta"]
+  
+  preseed_expression /^\d\d\d\d-\d\d-\d\d \d\d\:\d\d\:\d\d\,\d\d\d\;/
+  
+  def self.expressions
+    ret = []
+    
+    ret.push({ :regex => /^(\d\d\d\d-\d\d-\d\d) (\d\d\:\d\d\:\d\d)\,(\d\d\d)\;([^\;]*)\;([^\;]*)\;([^\;]*)\;([^\;]*)\;([^\;]*)\;(.*)$/,
+	       :fields => [:date, :time, :milliseconds, :severity, :system_id, :msg_id, :user_id, :eventtype, :message]})
+    
+    return ret
+  end
+ 
+  def remove_semicolons(arr)
+    arr.each_with_index {|str,i|
+      str = str.strip
+      if str and str[0..0] == "\"" and str[-1..-1] == "\""
+	str = str[1..-2]
+      end
+      arr[i] = str
+    }   
+    return arr
+  end
+    
+  def self.before_filter(msg)
+    WindowsEventMeta.convert_to_unicode(msg)
+  end
+
+  def self.invers_before_filter(msg)
+    msg.class == String ? WindowsEventMeta.convert_to_wincode(msg) : msg      
+  end
+  
+  def after_filling_values(values)
+    msg = values[:message]
+    $log.info{"msg_id is #{self.msg_id}"}
+    case self.msg_id
+    when "applAuth"      
+      # client_ip
+      # server_ip
+      # session_id
+      throw "Could not parse msg #{msg.inspect} in '#{self.msg_id}'" unless 
+	msg =~ /^(.*)\;(\"[^\"]*\"|[^\;]*)\;(\"[^\"]*\"|[^\;]*)\;(\"[^\"]*\"|[^\;]*)$/
+      self.client_ip, self.server_ip, self.session_id = remove_semicolons([$2,$3,$4])
+      $log.debug{"client_ip = '#{self.client_ip}' server_ip = #{self.server_ip} session_id = #{self.session_id}"}    
+    when "applDataAccess"
+      # object_old_values (1024)
+      # object_new_values (1024)
+      throw "Could not parse msg #{msg.inspect} in '#{self.msg_id}'" unless
+	msg =~ /^(.*)\;(\"[^\"]*\"|[^\;]*)\;(\"[^\"]*\"|[^\;]*)$/
+      self.text1, self.text2 = remove_semicolons([$2,$3])
+      $log.debug{"text1 = '#{self.text1}' text2 = '#{self.text3}'"}
+    when "applLookup"
+      # query (1024)
+      # hit_number :integer
+      # num_object_hits :integer
+      throw "Could not parse msg #{msg.inspect} in '#{self.msg_id}'" unless 
+	msg =~ /^(.*)\;(\"[^\"]*\"|[^\;]*)\;(\"[^\"]*\"|[^\;]*)\;(\"[^\"]*\"|[^\;]*)$/
+      self.text1, self.hit_number, self.num_object_hits = remove_semicolons([$2,$3,$4])
+      $log.debug{"text1 = '#{self.text1}' hit_number = '#{self.hit_number}' num_object_hits = '#{self.num_object_hts}'"}
+    when "applPerm"
+      # perm_old (1024)
+      # perm_new (1024)
+      throw "Could not parse msg #{msg.inspect} in '#{self.msg_id}'" unless
+	msg =~ /^(.*)\;(\"[^\"]*\"|[^\;]*)\;(\"[^\"]*\"|[^\;]*)\"$/
+      self.text1, self.text2 = remove_semicolons([$2,$3])
+      $log.debug{"text1 = '#{self.text1}' text2 = '#{self.text2}'"}
+    when "applEvent"
+      # position (1024)
+      # msg (1024)
+      throw "Could not parse msg #{msg.inspect} in '#{self.msg_id}'" unless
+	msg =~ /^(.*)\;(\"[^\"]*\"|[^\;]*)\;(\"[^\"]*\"|[^\;]*)$/
+      self.text1, self.text2 = remove_semicolons([$2,$3])
+      $log.debug{"text1 = '#{self.text1}' text2 = '#{self.text2}'"}
+    when "applInterface"
+      # msg (1024)
+      throw "Could not parse msg #{msg.inspect} in '#{self.msg_id}'" unless
+	msg =~ /^(.*)\;(\"[^\"]*\"|[^\;]*)$/
+      self.text1 = remove_semicolons([$2])[0]
+      $log.debug{"text1 = '#{self.text1}'"}
+    when "applMonitor"
+      # msg (1024)
+      throw "Could not parse msg #{msg.inspect} in '#{self.msg_id}'" unless
+	msg =~ /^(.*)\;(\"[^\"]*\"|[^\;]*)$/
+      self.text1 = remove_semicolons([$2])[0]
+      $log.debug{"text1 = '#{self.text1}'"}      
+    else
+      throw "Unknown message id '#{msg_id}'."
+    end
+    $log.debug{"Rest of the message is: #{$1}"}
+    values[:message] = $1
+  end
+
+end

Added: incubator/alois/trunk/prisma/data/prisma/prisma_database/model/inet_object_meta.rb
URL: http://svn.apache.org/viewvc/incubator/alois/trunk/prisma/data/prisma/prisma_database/model/inet_object_meta.rb?rev=1031127&view=auto
==============================================================================
--- incubator/alois/trunk/prisma/data/prisma/prisma_database/model/inet_object_meta.rb (added)
+++ incubator/alois/trunk/prisma/data/prisma/prisma_database/model/inet_object_meta.rb Thu Nov  4 18:27:22 2010
@@ -0,0 +1,41 @@
+# Copyright 2010 The Apache Software Foundation.
+# 
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+# http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+class InetObjectMeta < ActiveRecord::Base
+
+    description "Object information of inet messages."
+    sources ["InetHeaderMeta"]
+
+    def self.expressions
+      ret = []
+
+      # old version without object_location
+      ret.push({ :regex => /^([^\;]*)\;([^\;]*)\;([^\;]*)\;([^\;]*)\;(\"[^\"]*\"|[^\;]*)\;([^\;]*)\;([^\;]*)\;(.*\;.*\;.*\;.*\;.*\;.*\;.*)$/,
+		 :fields => [:objecttype,:object_id,:version,:filename,:description,:object_hashes,:object_url, :message]})
+      
+      ret.push({ :regex => /^([^\;]*)\;([^\;]*)\;([^\;]*)\;([^\;]*)\;(\"[^\"]*\"|[^\;]*)\;([^\;]*)\;([^\;]*)$/,
+		 :fields => [:objecttype,:object_id,:version,:filename,:description,:object_hashes,:object_url]})
+      
+      # new version with object_location
+      ret.push({ :regex => /^([^\;]*)\;([^\;]*)\;([^\;]*)\;([^\;]*)\;([^\;]*)\;(\"[^\"]*\"|[^\;]*)\;([^\;]*)\;([^\;]*)\;(.*\;.*\;.*\;.*\;.*\;.*\;.*\;.*)$/,
+		 :fields => [:objecttype,:object_id,:object_location,:version,:filename,:description,:object_hashes,:object_url, :message]})
+      
+
+      ret.push({ :regex => /^([^\;]*)\;([^\;]*)\;([^\;]*)\;([^\;]*)\;([^\;]*)\;(\"[^\"]*\"|[^\;]*)\;([^\;]*)\;([^\;]*)$/,
+		 :fields => [:objecttype,:object_id,:object_location,:version,:filename,:description,:object_hashes,:object_url]})
+      
+      return ret
+    end
+
+end

Added: incubator/alois/trunk/prisma/data/prisma/prisma_database/model/iptables_firewall_meta.rb
URL: http://svn.apache.org/viewvc/incubator/alois/trunk/prisma/data/prisma/prisma_database/model/iptables_firewall_meta.rb?rev=1031127&view=auto
==============================================================================
--- incubator/alois/trunk/prisma/data/prisma/prisma_database/model/iptables_firewall_meta.rb (added)
+++ incubator/alois/trunk/prisma/data/prisma/prisma_database/model/iptables_firewall_meta.rb Thu Nov  4 18:27:22 2010
@@ -0,0 +1,60 @@
+# Copyright 2010 The Apache Software Foundation.
+# 
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+# http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+  class IptablesFirewallMeta < ActiveRecord::Base
+
+    description "Iptables Logs"
+    sources ["PureMeta", "LogMeta"]
+     
+    preseed_expression /^kernel:/
+    def self.may_have_messages?; false; end
+
+
+    def self.expressions
+      ret = []
+
+      # kernel: Swl:AllowLPR:2:ACCEPT:IN= OUT=eth0 SRC=127.0.0.1 DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=9716 DF PROTO=TCP SPT=60749 DPT=9100 WINDOW=5840 RES=0x00 SYN URGP=0 '
+      ret.push({ :regex => /^kernel:(.*):(ACCEPT|DROP|REJECT|DNAT):IN=([^ ]*) OUT=([^ ]*) SRC=([^ ]*) DST=([^ ]*) LEN=([^ ]*) TOS=([^ ]*) PREC=([^ ]*) TTL=([^ ]*) ID=([^ ]*) DF PROTO=([^ ]*) SPT=([^ ]*) DPT=([^ ]*) (.*)$/,
+        :fields => [:custom, :rule, :in, :out, :src, :dst,
+        :len, :tos, :prec, :ttl, :identifier, :proto, :spt, :dpt, :additional]})
+
+      # kernel: Swl:AllowNetDiag:3:ACCEPT:IN= OUT=eth0 SRC=127.0.0.1 DST=127.0.0.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=34074 SEQ=5
+      ret.push({ :regex => /^kernel:(.*):(ACCEPT|DROP|REJECT|DNAT):IN=([^ ]*) OUT=([^ ]*) SRC=([^ ]*) DST=([^ ]*) LEN=([^ ]*) TOS=([^ ]*) PREC=([^ ]*) TTL=([^ ]*) ID=([^ ]*) DF PROTO=([^ ]*) (TYPE=([^ ]*) CODE=([^ ]*) )ID=([^ ]*) (.*)$/,
+        :fields => [:custom, :rule, :in, :out, :src, :dst,
+        :len, :tos, :prec, :ttl, :identifier, :proto, :additional, nil, nil, :additional, :additional]})
+
+      # kernel: Swl:all2all:REJECT:IN=br0 OUT=br2 PHYSIN=eth0 PHYSOUT=eth2 SRC=127.0.0.1 DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=15783 DF PROTO=TCP SPT=52069 DPT=6667 WINDOW=5840 RES=0x00 SYN URGP=0 
+      ret.push({ :regex => /^kernel:(.*):(ACCEPT|DROP|REJECT|DNAT):IN=([^ ]*) OUT=([^ ]*) PHYSIN=([^ ]*) PHYSOUT=([^ ]*) SRC=([^ ]*) DST=([^ ]*) LEN=([^ ]*) TOS=([^ ]*) PREC=([^ ]*) TTL=([^ ]*) ID=([^ ]*) DF PROTO=([^ ]*) SPT=([^ ]*) DPT=([^ ]*) (.*)$/,
+        :fields => [:custom, :rule, :in, :out, :physin, :physout, :src, :dst,
+        :len, :tos, :prec, :ttl, :identifier, :proto, :spt, :dpt, :additional]})
+      #kernel: Swl:all2all:1:REJECT:IN=eth0 OUT= MAC=00:01:03:17:49:8f:00:0a:5e:1e:82:b2:08:00 SRC=127.0.0.1 DST=127.0.0.1 LEN=84 TOS=0x00 PREC=0x00 TTL=62 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=33312 SEQ=1
+      ret.push({ :regex => /^kernel:(.*):(ACCEPT|DROP|REJECT|DNAT):IN=([^ ]*) OUT=([^ ]*) MAC=([^ ]*) SRC=([^ ]*) DST=([^ ]*) LEN=([^ ]*) TOS=([^ ]*) PREC=([^ ]*) TTL=([^ ]*) ID=([^ ]*) DF PROTO=([^ ]*) (.*)$/,
+        :fields => [:custom, :rule, :in, :out, :additional, :src, :dst,
+        :len, :tos, :prec, :ttl, :identifier, :proto, :additional]})
+
+      #kernel: Swl:AllowNetDiag:3:ACCEPT:IN=br5 OUT=eth1 PHYSIN=eth4 SRC=127.0.0.1 DST=127.0.0.1 LEN=84 TOS=0x00 PREC=0x00 TTL=62 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=34074 SEQ=1
+      ret.push({ :regex => /^kernel:(.*):(ACCEPT|DROP|REJECT|DNAT):IN=([^ ]*) OUT=([^ ]*) PHYSIN=([^ ]*) SRC=([^ ]*) DST=([^ ]*) LEN=([^ ]*) TOS=([^ ]*) PREC=([^ ]*) TTL=([^ ]*) ID=([^ ]*) DF PROTO=([^ ]*) (.*)$/,
+        :fields => [:custom, :rule, :in, :out, :physin, :src, :dst,
+        :len, :tos, :prec, :ttl, :identifier, :proto, :additional]})
+
+      #kernel: Swl:AllowDNS:ACCEPT:IN=br0 OUT= PHYSIN=eth1 MAC=00:a0:24:be:8b:0a:00:0a:5e:07:3b:b6:08:00 SRC=127.0.0.1 DST=127.0.0.1 LEN=69 TOS=0x00 PREC=0x00 TTL=63 ID=53465 DF PROTO=UDP SPT=51022 DPT=53 LEN=49
+      ret.push({ :regex => /^kernel:(.*):(ACCEPT|DROP|REJECT|DNAT):IN=([^ ]*) OUT=([^ ]*) PHYSIN=([^ ]*) MAC=([^ ]*) SRC=([^ ]*) DST=([^ ]*) LEN=([^ ]*) TOS=([^ ]*) PREC=([^ ]*) TTL=([^ ]*) ID=([^ ]*) DF PROTO=([^ ]*) SPT=([^ ]*) DPT=([^ ]*) (.*)$/,
+        :fields => [:custom, :rule, :in, :out, :physin, :additional, :src, :dst,
+        :len, :tos, :prec, :ttl, :identifier, :proto, :spt, :dpt, :additional]})
+
+      return ret
+    end
+
+  end
+

Added: incubator/alois/trunk/prisma/data/prisma/prisma_database/model/log_meta.rb
URL: http://svn.apache.org/viewvc/incubator/alois/trunk/prisma/data/prisma/prisma_database/model/log_meta.rb?rev=1031127&view=auto
==============================================================================
--- incubator/alois/trunk/prisma/data/prisma/prisma_database/model/log_meta.rb (added)
+++ incubator/alois/trunk/prisma/data/prisma/prisma_database/model/log_meta.rb Thu Nov  4 18:27:22 2010
@@ -0,0 +1,41 @@
+# Copyright 2010 The Apache Software Foundation.
+# 
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+# http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+  class LogMeta < ActiveRecord::Base
+    description "Simple log metas with date, time and host."
+    sources ["SyslogdMeta", "PureMeta", "FileMeta"]
+
+    def self.reproducable 
+      false
+    end
+        
+
+    def self.expressions
+      ret = []
+      ret.push({ :condition => lambda {|mesage, meta_class, meta_instance| meta_class == PureMeta },
+		 :regex => /^([^ ]*) *(\d+) (..:\d\d:\d\d) ([^ ]*) (.*)$/,
+		 :result_filter => lambda {|results, meta_instance| 		   
+		   results[0] = DateTime.strptime("#{results[0]} #{results[1]} #{Time.now.year}", "%b %d %Y")
+		   results.delete_at(1)
+		   results
+		 },
+		 :fields => [:date, :time, :host, :message]})      
+      return ret
+    end
+        
+    def get_hash
+      return nil unless message
+      return "#{date} #{time} #{host} #{message.msg}".hash
+    end
+  end

Added: incubator/alois/trunk/prisma/data/prisma/prisma_database/model/logcheck_meta.rb-disabled
URL: http://svn.apache.org/viewvc/incubator/alois/trunk/prisma/data/prisma/prisma_database/model/logcheck_meta.rb-disabled?rev=1031127&view=auto
==============================================================================
--- incubator/alois/trunk/prisma/data/prisma/prisma_database/model/logcheck_meta.rb-disabled (added)
+++ incubator/alois/trunk/prisma/data/prisma/prisma_database/model/logcheck_meta.rb-disabled Thu Nov  4 18:27:22 2010
@@ -0,0 +1,202 @@
+  class LogcheckMeta < ActiveRecord::Base
+
+    description "Logcheck Results"
+    #sources ["PureMeta", "LogMeta"]
+    
+    def reproducable?
+      false
+    end
+
+    def initialize(meta,cracking,violations,paranoid,server,workstation)
+      super(meta)
+      self.cracking = cracking
+      self.violations = violations
+      self.paranoid= paranoid
+      self.server=server
+      self.workstation=workstation
+      self.save
+    end
+    
+    def self.create_meta(meta_message, message)
+      ensure_config()
+      matched_one = false
+      cracking,violations,paranoid,server,workstation = nil
+      $log.debug "match #{matched_one.to_s}" if $log.debug?
+      $levels.each{ |levelname|
+	res = match($level_definitions, levelname, message.msg)
+	res_ign = match($level_ignores, levelname, message.msg)
+	if  res_ign != ""
+	  $log.debug "logcheck ignore found #{levelname} '#{res_ign}'" if $log.debug?
+	  eval "#{levelname} = res + \" - \" + res_ign" if res_ign != ""
+	else
+	  eval "#{levelname} = res" if res_ign == ""
+	end
+	tmp = eval "#{levelname}"
+	#$log.debug "#{levelname} is now #{tmp}" if $log.debug?
+	matched_one = ((res!="") or matched_one)
+      }
+      
+      
+      $profiles.each { |profilename|
+	res = match($profile_ignores, profilename, message.msg)
+	eval "#{profilename} = res"
+	tmp = eval "#{profilename}"
+	$log.debug "#{profilename} is now #{tmp}" if $log.debug?
+	matched_one = ((res!="") or matched_one)
+      }		
+      if matched_one
+	$log.debug "Logcheck matched!"  if $log.debug?
+      end
+      #matched_one 
+
+      return self.new.prisma_initialize(meta_message,cracking,violations,paranoid,server,workstation) if matched_one
+      return nil
+    end
+            
+    def send_ossim_event?
+      true
+    end
+    
+    #--------------- logcheck part ----------
+    #    attr_accessor(:cracking,:violations,:paranoid,:server,:workstation)
+    
+    $basedir = "/etc/logcheck/"
+    
+    $profiles = ["paranoid", "server", "workstation"]
+    $levels = ["cracking", "violations"]
+    
+    $plugin_ids = {"cracking" => 5001, "violations" => 5002}
+    $profile_priority = {"paranoid" => 1, "server" => 3, "workstation" => 5}
+    
+    $sid_count = 0
+    $sids = {}
+    $rules = {}
+    
+    $level_definitions = {}
+    $level_ignores = {}
+    $profile_ignores = {}
+
+    $initialized = false
+    
+    
+    def self.ensure_config()
+      return unless $initialized
+      $initialized = true
+      $log.debug "Importing logcheck rules from #{$basedir}" if $log.debug?
+      i = 0
+      $levels.each { |levelname|
+	i += addRules($level_definitions,levelname,"#{$basedir}#{levelname}.d",true)
+	i += addRules($level_ignores,levelname,"#{$basedir}#{levelname}.ignore.d")
+      }
+      $profiles.each { |profilename| 
+	i += addRules($profile_ignores,profilename,"#{$basedir}ignore.d.#{profilename}")
+      }
+      $log.debug "logcheck imported #{i} rules" if $log.debug?
+    end
+    
+    def self.addRules(dict, name, searchpath, add_sids = false)
+      $log.debug("Add rules #{dict} #{name} in '#{searchpath}'.") if $log.debug?
+      i = 0
+      $sids[name] = {} if $sids[name] == nil and add_sids
+      dict[name] = {} if dict[name] == nil
+      dir = Pathname.new(searchpath)
+      if dir.exist? then
+	typefiles = Dir.glob(dir.join("*"))
+	typefiles.each { | typefile | 
+	  $log.debug("Opening logcheck file '#{typefile}'") if $log.debug?
+	  typename = File.split(typefile)[1]
+	  a = []
+	  for line in IO.readlines(typefile)	
+	    if line != "\n" then
+	      $log.debug("Importing rule '#{line}'.") if $log.debug?
+	      a.push(line)
+	    end
+	  end
+	  dict[name][typename] = a 
+	  if add_sids then
+	    $sid_count += 1
+	    $sids[name][typename] = $sid_count
+	  end
+	  i+= dict[name][typename].length
+	}
+      else
+	$log.warn("Directory '#{searchpath}' does not exist.") if $log.warn?
+      end
+      return i
+    end
+    
+    def self.match(dict, name, message)
+      #      $log.debug "logcheck matching #{name}" if $log.debug?
+      res = ""
+      event_rule = dict[name]
+      if event_rule.nil? then return "" end
+      for (event_name, rules) in event_rule
+	for rule in rules
+	  begin
+	    if !Regexp.new(rule.strip).match(message).nil? then
+	      $log.info "logcheck #{message} matched #{rule} in #{name}.#{event_name}" if $log.info?
+	      res += "," if res != ""
+	      res += event_name
+	    end
+	  rescue
+	    $log.warn "logcheck could not check '#{rule}' because '#{$!}'" if $log.warn?
+	    for line in $!.backtrace
+	      $log.debug "#{line}" if $log.debug?
+	    end	
+	    #rules[rules.index[rule]] = "DISABLED RULE DUE TO ERROR"
+	  end
+	end
+      end
+      #$log.debug "logcheck #{name} result is '#{res}'" if $log.debug?
+      return res
+    end
+    
+    def send_ossim_event(meta,message)
+      self.class.ensure_config()
+      $profiles.each { |profilename|
+      profile_ignore_result = eval "self.#{profilename}"
+	if profile_ignore_result != "" then
+	  # the profile says, ignore that event	      
+	  $log.debug "logcheck ignore #{profilename} because matched rules #{profile_ignore_result}" if $log.debug?
+	else
+	  # if there is a levelmatching send that level
+	  $levels.each { |level|
+	  result = eval "self.#{level}"
+	    $log.debug "logcheck ignore #{level} because #{result}" if $log.debug? and result =~ /\-/
+	    if !(result == "") && !(result =~/\-/) then
+	      for eventname in result.split(",")
+		plugin_id = $plugin_ids[level]
+		priority = $profile_priority[profilename]
+		sid = $sids[level][eventname]
+		self.class.send_ossim_event_base(meta,message, self, plugin_id,sid, nil, 1, priority,
+				      nil, nil, nil, nil,"#{level}.#{eventname}") 
+	      end
+	    end
+	  }
+	end
+    }
+    end
+    
+         
+    def self.update_plugin_ids() 
+      self.ensure_config()
+      
+      pluginidcount = 5000
+      for (name,id) in $plugin_ids
+	pluginidcount += 1
+	plugin = nil
+	plugin = OssimPlugin.new if !OssimPlugin.exists?(pluginidcount)
+	plugin = OssimPlugin.find(pluginidcount) if plugin == nil
+	plugin.id = pluginidcount
+	plugin.type = 1
+	plugin.name = "logcheck_#{name}"
+	plugin.description = "LogCheck events from syslog-ng client"
+	plugin.save
+	for (rulename, rule) in $level_definitions[name]
+	  pluginsid = OssimPluginSid.find_or_create_by_plugin_id_and_sid(plugin.id,$sids[name][rulename])
+	  p OssimPluginSid.update_all(["category_id = ?, class_id = ?, priority = ?, reliability = ?, name = ?", 101,103,1,2,rulename], ["plugin_id=? and sid = ?",plugin.id, $sids[name][rulename]])
+	end
+      end
+      
+    end
+  end

Added: incubator/alois/trunk/prisma/data/prisma/prisma_database/model/message.rb
URL: http://svn.apache.org/viewvc/incubator/alois/trunk/prisma/data/prisma/prisma_database/model/message.rb?rev=1031127&view=auto
==============================================================================
--- incubator/alois/trunk/prisma/data/prisma/prisma_database/model/message.rb (added)
+++ incubator/alois/trunk/prisma/data/prisma/prisma_database/model/message.rb Thu Nov  4 18:27:22 2010
@@ -0,0 +1,78 @@
+# Copyright 2010 The Apache Software Foundation.
+# 
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+# http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+  # Message class for storing unparsed messages
+  class Message < ActiveRecord::Base
+
+    description "Messages that are in process or not yet parsable."
+    
+    #should this be a symbol?
+    def self.primary_key
+      :id
+    end
+
+    # The parent class of this message
+    def parent_class
+      throw "Unexpected meta_type_name #{meta_type_name}." unless meta_type_name =~ /^Prisma::([A-Za-z]+)$/
+      eval($1)
+    end
+    # Returns parent meta of this message
+    def parent; parent_class.find(meta_id); end
+    # A message never has submessages, so always nil
+    def messages; nil; end
+    
+    # Creates a new message and sets field according to the parameters. If meta class has
+    # not been saved yet (new_record? == true), the meta will be saved to create an id.
+    def prisma_initialize(meta, msg, options = {} )
+      $log.debug("Creating message with length '#{msg.length}'")
+      meta.save_without_validation if meta.new_record?
+      self.meta_id = meta.id
+      self.meta_type_name = "Prisma::" + meta.class.name
+      self.msg = msg
+      if options[:fast_association]
+	meta.message_fast = self
+      else
+	# base_mixin.message= expects that
+	meta.messages << self
+      end
+      self
+    end
+
+    def to_s
+      if msg and msg.length > 1024
+	"Message.#{id} <#{msg[0..1023]}...>"
+      else
+	"Message.#{id} <#{msg}>"
+      end
+    end
+
+    # Return a hash value for the message
+    def get_hash
+      msg.hash
+    end
+
+    # Returns a sql query for view creation out of UI.
+    def join_query(query=nil)
+      query = "#{self.class.table_name}" unless query
+      p = parent
+      if p then
+        query = "#{query} LEFT JOIN #{p.class.table_name} ON #{self.class.table_name}.meta_id = #{p.class.table_name}.id AND #{self.class.table_name}.meta_type_name = 'Prisma::#{p.class.name}'"
+        query = p.join_query(query)
+      end
+      return query
+    end
+    # nothing to join to messages table, always nil
+    def self.get_join; return nil; end
+
+  end

Added: incubator/alois/trunk/prisma/data/prisma/prisma_database/model/nagios_meta.rb
URL: http://svn.apache.org/viewvc/incubator/alois/trunk/prisma/data/prisma/prisma_database/model/nagios_meta.rb?rev=1031127&view=auto
==============================================================================
--- incubator/alois/trunk/prisma/data/prisma/prisma_database/model/nagios_meta.rb (added)
+++ incubator/alois/trunk/prisma/data/prisma/prisma_database/model/nagios_meta.rb Thu Nov  4 18:27:22 2010
@@ -0,0 +1,40 @@
+# Copyright 2010 The Apache Software Foundation.
+# 
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+# http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+  class NagiosMeta < ActiveRecord::Base
+
+    description "Nagios Logs"
+    sources ["PureMeta", "LogMeta"]
+    
+    preseed_expression /^nagios:/
+
+    def self.may_have_messages?; false; end
+
+    def self.expressions
+      ret = []
+      ##nagios: SERVICE ALERT: host1.example.com;http-www.example.com;CRITICAL;SOFT;1;CRITICAL - Socket timeout after 15 seconds [probed by nagios.exapmle.com]
+      ret.push({ :regex => /^nagios: ([A-Z ]*): ([^;]*);([^;]*);([^;]*);([^;]*);([^;]*);([^\[]*)(\[probed by ([^\]]*)\])?( *)$/,
+        :fields => [:msg_type, :affected_host, :service, :status, :unknown_1, :unknown_2,
+        :output, nil, :probed_by_host, nil ]})
+
+      # nagios: SERVICE ALERT: host1.example.com;http-www.example.com;OK;SOFT;2;HTTP OK HTTP/1.0 200 OK - 0.239 second response time  
+      # nagios: EXTERNAL COMMAND: PROCESS_SERVICE_CHECK_RESULT;nagios.example.com;nagios;0;Nagios OK - Nagios seems to be running on nagios.example.com  
+      ret.push({ :regex => /^nagios: (EXTERNAL COMMAND: PROCESS_SERVICE_CHECK_RESULT);([^;]*);([^;]*);([^;]*);([^\[]*)(\[probed by ([^\]]*)\])?( *)$/,
+        :fields => [:msg_type, :affected_host, :service, :unknown_2,
+        :output, nil, :probed_by_host, nil]})
+
+      return ret
+    end
+
+  end

Added: incubator/alois/trunk/prisma/data/prisma/prisma_database/model/ovpn_base_meta.rb
URL: http://svn.apache.org/viewvc/incubator/alois/trunk/prisma/data/prisma/prisma_database/model/ovpn_base_meta.rb?rev=1031127&view=auto
==============================================================================
--- incubator/alois/trunk/prisma/data/prisma/prisma_database/model/ovpn_base_meta.rb (added)
+++ incubator/alois/trunk/prisma/data/prisma/prisma_database/model/ovpn_base_meta.rb Thu Nov  4 18:27:22 2010
@@ -0,0 +1,36 @@
+# Copyright 2010 The Apache Software Foundation.
+# 
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+# http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+  class OvpnBaseMeta < ActiveRecord::Base
+
+    description "OpenVPN Logs"
+    sources ["PureMeta", "LogMeta"]
+    preseed_expression /^ovpn-/
+
+    def self.may_have_messages?; false; end
+
+    def self.expressions
+      ret = []
+
+      ret.push({ :regex => /^ovpn-([^\[]*)\[([^\]]*)\]: ((\d{1,3}\.){3}\d{1,3}):(\d*) (([A-Z ]*):)?(.*)$/,
+        :fields => [:vpn,:process_id,:client_ip,nil,:client_port,nil,:msg_type,:msg]})
+      ret.push({ :regex => /^ovpn-([^\[]*)\[([^\]]*)\]: (([^ ]*)_([^\/_]*))\/((\d{1,3}\.){3}\d{1,3}):(\d*) (([A-Z ]*):)?(.*)$/,
+        :fields => [:vpn,:process_id,:cert,nil,:client,:client_ip,nil,:client_port,nil,:msg_type,:msg]})
+      ret.push({ :regex => /^ovpn-([^\[]*)\[([^\]]*)\]: (([A-Z ]*):)?(.*)$/,
+        :fields => [:vpn,:process_id,nil,:msg_type,:msg]})
+
+      return ret
+    end
+
+  end



Mime
View raw message