//EvaluateJSON will be called if a new Event occurred an the rulefile will be executed
func (rule RuleFileParser) EvaluateJSON(event Event.Event) {
currentEvent := event
eventMetadata := map[string]interface{}{"executedLines": 0}
for _, line := range rule.lines {
fmt.Print(line.name + " ")
valid, err := line.EvaluateLine(currentEvent, eventMetadata)
if err != nil {
if err == ConditionParser.ErrElementNotFound {
valid = false
} else {
rule.LogClient.Warn("EvaluteLine:" + err.Error())
}
}
fmt.Println(valid)
if valid {
eventMetadata["executedLines"] = eventMetadata["executedLines"].(int) + 1
moduleResult, err := rule.externalModule.Call(line.command, line.args, currentEvent.String())
if err != nil {
rule.LogClient.Error(err)
} else {
if moduleResult != nil {
event, _ := Event.NewEventFromInterface(moduleResult.Event)
rule.LogClient.DebugEvent(event, "Event after:", line.name)
//If the module provides a new Event replace the old one
if moduleResult.Event != nil {
var newEvent *Event.Event
newEvent, err = Event.NewEventFromInterface(moduleResult.Event)
if err != nil {
rule.LogClient.Warn("NewEventFromInterface: " + err.Error())
}
currentEvent = *newEvent
}
messages := moduleResult.DecodeLogMessages()
if len(*messages) > 0 {
rule.LogClient.LogMultiple(moduleResult.DecodeLogMessages())
}
}
if line.LastLine() {
break
}
}
}
}
}
func (collector Collector) convertQueryResultToJSON(queryLine []string) []byte {
event := collector.converter.createObject(queryLine)
newEvent, err := Event.NewEventFromInterface(event)
if err != nil {
collector.logger.Error(err)
}
return newEvent.GetDataAsBytes()
}