#rule() Debug Function
[posted 2002/02/27]
We have added the new #rule() debug function (aka #rulenumber()). #rule() returns 0 when invoked from within a Pikt script begin section, 1 within the first rule, 2 within the second rule, and so on. If there are six rules within a Pikt script and #rule() is invoked from within an end section, 7 is returned.
One use of the #rule() debug function is to identify more easily which rule triggers certain actions. For example, you might have a script with many rules applying many different pattern matches to a logfile message. It's sometimes hard to determine which rule yields a match, hence which rule is responsible for sending alert e-mail, triggering a page, or logging to a log file.
Here is a suggested macro using #rule() (for inclusion in macros.cfg):
///////////////////////////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////////////////////////
// debug macros
tracerule(S)
#ifdef debug
"rule $text(#rule()): " . (S)
#elsedef
(S)
#endifdef
///////////////////////////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////////////////////////
You might use it in a script thusly:
...
rule
if $inlin =~ "<regexp 1>"
output mail =tracerule($il)
...
endif
rule
if $inlin =~ "<regexp 2>"
output mail =tracerule($il)
...
endif
rule
if $inlin =~ "<regexp 3>"
output mail =tracerule($il)
...
endif
...
If you have debug set to TRUE in defines.cfg (or using '+D debug' at the piktc command line), you would then see output like
rule 5: Jan 30 10:33:03 milan sshd[11548]: [ID 800047 auth.info]
Did not receive identification string from 100.200.111.222
instead of simply (without the rule identifier)
Jan 30 10:33:03 milan sshd[11548]: [ID 800047 auth.info]
Did not receive identification string from 100.200.111.222
(The latter is the normal output you would see if not in debug mode.)
For more examples, see Developer's Notes.
