pyr0ball
12cd0a23d5
Renames the app/ingest/ package to app/glean/ and updates all references across Python modules, shell scripts, Vue components, tests, and documentation. Intentionally preserved: - SQLite column name ingest_time (avoids schema migration) - RetrievedEntry.ingest_time field (maps to the column above) - Any public-facing JSON keys that reference ingest_time Changes by category: - app/ingest/ → app/glean/ (full package move, all parsers) - app/tasks/ingest_scheduler.py → app/tasks/glean_scheduler.py - scripts/ingest_corpus.py → scripts/glean_corpus.py - tests/test_ingest_*.py → tests/test_glean_*.py - Docstrings, log messages, comments: ingest → glean - Env var: TURNSTONE_INGEST_INTERVAL → TURNSTONE_GLEAN_INTERVAL - Shell scripts: glean.log, glean_corpus.py references - README.md: multi-source ingest → multi-source glean - .env.example: updated env var name - patterns/: new diagnostic patterns from 2026-05-20 SSH incident (service_crash_loop, pkg_daemon_restart, ssh_forward_conflict) - SourcesView.vue: pipeline label updated - All test import paths updated to app.glean.* 285 tests passing.
75 lines
2.1 KiB
Python
75 lines
2.1 KiB
Python
"""Journald JSON (-o json) log parser."""
|
|
from __future__ import annotations
|
|
|
|
import json
|
|
from typing import Iterator
|
|
|
|
from app.glean.base import (
|
|
SourceState, apply_patterns, epoch_micros_to_iso,
|
|
make_entry_id, now_iso, SYSLOG_PRIORITY,
|
|
)
|
|
from app.services.models import LogPattern, RetrievedEntry
|
|
|
|
|
|
def _extract_message(raw: dict) -> str:
|
|
msg = raw.get("MESSAGE", "")
|
|
# journald encodes binary messages as arrays of ints
|
|
if isinstance(msg, list):
|
|
try:
|
|
return bytes(msg).decode("utf-8", errors="replace")
|
|
except Exception:
|
|
return repr(msg)
|
|
return str(msg)
|
|
|
|
|
|
def parse(
|
|
lines: Iterator[str],
|
|
source_id: str,
|
|
compiled_patterns: list[tuple[LogPattern, object]],
|
|
ingest_time: str | None = None,
|
|
) -> Iterator[RetrievedEntry]:
|
|
ingest_time = ingest_time or now_iso()
|
|
state = SourceState()
|
|
|
|
for raw_line in lines:
|
|
raw_line = raw_line.strip()
|
|
if not raw_line:
|
|
continue
|
|
try:
|
|
entry = json.loads(raw_line)
|
|
except json.JSONDecodeError:
|
|
continue
|
|
|
|
if "__REALTIME_TIMESTAMP" not in entry:
|
|
continue
|
|
|
|
text = _extract_message(entry)
|
|
if not text:
|
|
continue
|
|
|
|
ts_raw = entry["__REALTIME_TIMESTAMP"]
|
|
ts_iso = epoch_micros_to_iso(ts_raw)
|
|
|
|
priority = entry.get("PRIORITY", "")
|
|
severity = SYSLOG_PRIORITY.get(str(priority))
|
|
|
|
hostname = entry.get("_HOSTNAME", "")
|
|
unit = entry.get("_SYSTEMD_UNIT") or entry.get("SYSLOG_IDENTIFIER", "")
|
|
src = f"{source_id}:{hostname}:{unit}" if hostname else source_id
|
|
|
|
repeat, out_of_order = state.observe(text, ts_iso)
|
|
matched = apply_patterns(text, compiled_patterns)
|
|
|
|
yield RetrievedEntry(
|
|
entry_id=make_entry_id(src, state.sequence, text),
|
|
source_id=src,
|
|
sequence=state.sequence,
|
|
timestamp_raw=ts_raw,
|
|
timestamp_iso=ts_iso,
|
|
ingest_time=ingest_time,
|
|
severity=severity,
|
|
repeat_count=repeat,
|
|
out_of_order=out_of_order,
|
|
matched_patterns=matched,
|
|
text=text,
|
|
)
|