From 7312f7cd14154209348f79462a282be3d67b658b Mon Sep 17 00:00:00 2001 From: Max Nuyens Date: Mon, 4 Jun 2012 16:49:04 -0700 Subject: [PATCH 1/8] added the query to saved search, not yet functional --- hoover/session.py | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/hoover/session.py b/hoover/session.py index e8f7f75..49d952d 100644 --- a/hoover/session.py +++ b/hoover/session.py @@ -103,6 +103,24 @@ def facets(self, q='*', facetby='date', **kwargs): kwargs['q'] = q return self._api_help('api/facets/%s' % facetby, kwargs) + @time_translate + def savedsearch(self,q="",**_kwargs): + """ + Runs one of your saved searches + """ + query=Http(timeput=10) + resp, cont=query.request("http://"+self.subdomain+"loggly.com/api/savedsearches","GET") + content=json.loads(cont) + saved=None + for search in content: + if search['name']=q: + saved=search + if saved==None: + raise ValueError("Your account does not have a search of that name,\ + please go to "+self.subdomain+".loggly.com to check your saved searches") + + + def create_input(self, name, service='syslogudp', description='', json=False): '''Creates a new input on your loggly account. Service can be any of: From 145b13946c5753414f145b416ee69a096e1ebd91 Mon Sep 17 00:00:00 2001 From: Max Nuyens Date: Tue, 5 Jun 2012 10:13:48 -0700 Subject: [PATCH 2/8] finished saved search, but not tested yet --- hoover/session.py | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/hoover/session.py b/hoover/session.py index 49d952d..bb266fd 100644 --- a/hoover/session.py +++ b/hoover/session.py @@ -16,7 +16,7 @@ class LogglySession(object): domain = 'loggly.com' proxy = 'logs.loggly.com' - + ssdict={'order':'order','from':'starttime','rows':'rows','until':'endtime', def __init__(self, subdomain, username, password, domain=None, proxy=None, secure=True): '''pass in subdomain, username, and password to authorize all API @@ -118,6 +118,24 @@ def savedsearch(self,q="",**_kwargs): if saved==None: raise ValueError("Your account does not have a search of that name,\ please go to "+self.subdomain+".loggly.com to check your saved searches") + params=saved['context'] + opts={} + inputs="" + devices="" + for x in params: + if x!="content" and x!="inputs" and x!="devices": + opts[ssdict[x]]=params[x] + if params['inputs']: + inputs+=" AND (inputname:"+params['inputs'][0] + for x in params['inputs'].__iter__().next(): + inputs+=" OR inputname:"+x + inputs+=")" + if params['devices']: + devices+=" AND (ip:"+params['devices'][0] + for x in params['devices'].__iter__().next(): + devices+=" OR ip:"+x + devices+=")" + return self.search(q=params['terms']+inputs+devices,**opts) From 006e644855786459fe7e68f8b04c67f0408a08d3 Mon Sep 17 00:00:00 2001 From: Max Nuyens Date: Tue, 5 Jun 2012 10:16:28 -0700 Subject: [PATCH 3/8] fixed syntax errors --- hoover/session.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hoover/session.py b/hoover/session.py index bb266fd..5ae1ac0 100644 --- a/hoover/session.py +++ b/hoover/session.py @@ -16,7 +16,7 @@ class LogglySession(object): domain = 'loggly.com' proxy = 'logs.loggly.com' - ssdict={'order':'order','from':'starttime','rows':'rows','until':'endtime', + ssdict={'order':'order','from':'starttime','rows':'rows','until':'endtime'} def __init__(self, subdomain, username, password, domain=None, proxy=None, secure=True): '''pass in subdomain, username, and password to authorize all API @@ -113,7 +113,7 @@ def savedsearch(self,q="",**_kwargs): content=json.loads(cont) saved=None for search in content: - if search['name']=q: + if search['name']==q: saved=search if saved==None: raise ValueError("Your account does not have a search of that name,\ From 575b48f744cf2aca5d6de8a20b6bc674c3a832f8 Mon Sep 17 00:00:00 2001 From: Max Nuyens Date: Tue, 5 Jun 2012 10:43:10 -0700 Subject: [PATCH 4/8] saved search now works as intended --- hoover/session.py | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/hoover/session.py b/hoover/session.py index 5ae1ac0..a46cf3f 100644 --- a/hoover/session.py +++ b/hoover/session.py @@ -108,9 +108,10 @@ def savedsearch(self,q="",**_kwargs): """ Runs one of your saved searches """ - query=Http(timeput=10) - resp, cont=query.request("http://"+self.subdomain+"loggly.com/api/savedsearches","GET") - content=json.loads(cont) + query=Http(timeout=10) + query.add_credentials(self.username,self.password) + resp, cont=query.request("http://"+self.subdomain+".loggly.com/api/savedsearches","GET") + content=loads(cont) saved=None for search in content: if search['name']==q: @@ -123,8 +124,8 @@ def savedsearch(self,q="",**_kwargs): inputs="" devices="" for x in params: - if x!="content" and x!="inputs" and x!="devices": - opts[ssdict[x]]=params[x] + if x!="terms" and x!="inputs" and x!="devices": + opts[self.ssdict[x]]=params[x] if params['inputs']: inputs+=" AND (inputname:"+params['inputs'][0] for x in params['inputs'].__iter__().next(): From 70d2068d8a6824d099b22c60b7770319130236f5 Mon Sep 17 00:00:00 2001 From: Max Nuyens Date: Tue, 5 Jun 2012 15:02:32 -0700 Subject: [PATCH 5/8] fixed it so the search would work with ones that specified inputs --- hoover/session.py | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/hoover/session.py b/hoover/session.py index a46cf3f..a45642f 100644 --- a/hoover/session.py +++ b/hoover/session.py @@ -127,15 +127,9 @@ def savedsearch(self,q="",**_kwargs): if x!="terms" and x!="inputs" and x!="devices": opts[self.ssdict[x]]=params[x] if params['inputs']: - inputs+=" AND (inputname:"+params['inputs'][0] - for x in params['inputs'].__iter__().next(): - inputs+=" OR inputname:"+x - inputs+=")" + inputs+=" AND (inputname:"+" OR inputname:".join(params['inputs'])+")" if params['devices']: - devices+=" AND (ip:"+params['devices'][0] - for x in params['devices'].__iter__().next(): - devices+=" OR ip:"+x - devices+=")" + devices+=" AND (ip:"+" OR ip:".join(params['devices'])+")" return self.search(q=params['terms']+inputs+devices,**opts) From 25792476e11236af1c55cbd5d4c62dfd9fffe8b3 Mon Sep 17 00:00:00 2001 From: Max Nuyens Date: Wed, 6 Jun 2012 11:22:22 -0700 Subject: [PATCH 6/8] added findsavedsearchname() returns the names of all your saved searches --- hoover/session.py | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/hoover/session.py b/hoover/session.py index a46cf3f..7a12036 100644 --- a/hoover/session.py +++ b/hoover/session.py @@ -104,7 +104,7 @@ def facets(self, q='*', facetby='date', **kwargs): return self._api_help('api/facets/%s' % facetby, kwargs) @time_translate - def savedsearch(self,q="",**_kwargs): + def savedsearch(self,q=""): """ Runs one of your saved searches """ @@ -137,7 +137,13 @@ def savedsearch(self,q="",**_kwargs): devices+=" OR ip:"+x devices+=")" return self.search(q=params['terms']+inputs+devices,**opts) - + def findsavedsearchnames(self): + query=Http(timeout=10) + query.add_credentials(self.username,self.password) + resp, cont=query.request("http://"+self.subdomain+".loggly.com/api/savedsearches","GET") + content=loads(cont) + names=[for _ in content['name']] + return names def create_input(self, name, service='syslogudp', description='', From 82c9961b808677b24789f3170574bfb1c8217ab6 Mon Sep 17 00:00:00 2001 From: Max Nuyens Date: Wed, 6 Jun 2012 11:27:57 -0700 Subject: [PATCH 7/8] fixed findsavedsearchnames --- hoover/session.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hoover/session.py b/hoover/session.py index 7a12036..fad5e74 100644 --- a/hoover/session.py +++ b/hoover/session.py @@ -142,7 +142,7 @@ def findsavedsearchnames(self): query.add_credentials(self.username,self.password) resp, cont=query.request("http://"+self.subdomain+".loggly.com/api/savedsearches","GET") content=loads(cont) - names=[for _ in content['name']] + names=[x['name'] for x in content] return names From b51f6517f299decc1dce3f637dc004fbe67da69e Mon Sep 17 00:00:00 2001 From: Max Nuyens Date: Thu, 7 Jun 2012 13:28:00 -0700 Subject: [PATCH 8/8] modified LogglySyslogHandler so it works --- hoover/handlers.py | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/hoover/handlers.py b/hoover/handlers.py index 20b8b47..0df4f1a 100644 --- a/hoover/handlers.py +++ b/hoover/handlers.py @@ -42,7 +42,7 @@ def emit(self, record): async_post_to_endpoint(self.endpoint, msg) -class LogglySyslogHandler(SysLogHandler): +class LogglySyslogHandler(logging.handlers.SysLogHandler): def __init__(self, session=None, port=None, inputname='', input=None, announce=False, authorize=True, **kwargs): #TODO: avoid duplication with __init__ above @@ -66,7 +66,19 @@ def __init__(self, session=None, port=None, inputname='', input=None, if ('tcp' in input.service['name'] and sys.version_info >= (2, 7) and not 'socktype' in kwargs): kwargs['socktype'] = socket.SOCK_STREAM + self.socktype=socket.SOCK_STREAM + else: + self.socktype=socket.SOCK_DGRAM self.port = port - session = session or LogglySession - SysLogHandler.__init__(self, address=(session.proxy, port), + self.session = session or LogglySession + SysLogHandler.__init__(self, address=(self.session.proxy, self.port), **kwargs) + + def emit(self, record): + if isinstance(record.msg, (list, dict)): + record.msg = dumps(record.msg, cls=self.json_class, default=str) + msg = self.format(record) + sock=socket.socket(socket.AF_INET,self.socktype) + sock.connect((self.session.proxy,self.port)) + sock.sendall(msg+'\n') + sock.close()