Anonymous_User Absent Member.
Absent Member.
466 views

[sentinel] how to add codes into custom. js


Dear All,

I have a collector custom demand, I want to add some codes(else if
( ) {}) into Record.prototype.parse, I know the implement way to add
some codes into customParse() and Collector.prototype.customInit in
custom.js, But I don`t know the detail steps for adding codes and which
codes need to be added into the file, for example: I want to add some
codes into Record.prototype.parse section in release.js, But i don`t can
add these codes into release.js, but add some codes into custom.js,
which codes need to be added into custom.js? detail codes are
following:

before modified:
=================================================================================
Record.prototype.parse = function(e){
if (this.s_RXBufferString == "" || this.s_RXBufferString.length == 0
) {
return false;
}

this.msg = this.msg.replace(/ /g,'');
this.msg = this.msg.replace(/\r\n/g,'');
this.msg = this.msg.replace(/\n/g,'');
this.msg = this.msg.replace(/\t/g,'');
if
(/^Index.*New-TransportRule.*From=\{(\S+)@(\S+)\}.*CopyTo=\{(\S+)@(\S+)\}}.*Category.*$/.test(this.msg))
{
this.evt = "New-TransportRule";
this.sun = RegExp.$1;
this.dun = RegExp.$3;
this.iemail = RegExp.$1 + "@" + RegExp.$2;
this.temail = RegExp.$3 + "@" + RegExp.$4;
return true;
} else if
(/^RunspaceId.*LogonType.*Delegate.*ClientIPAddress.*:\s(\d+\.\d+\.\d+\.\d+)ClientMachineName.*MailboxOwnerUPN.*:\s(\S+).*MailboxOwnerSid.*LogonUserDisplayName.*:\s(\S+).*LogonUserSid.*MailboxResolvedOwnerName.*:\s(\S+).*LastAccessed.*$/.test(this.msg))
{
this.evt = "Delegate";
this.sip = RegExp.$1;
this.temail = RegExp.$2;
this.sun = RegExp.$3;
this.dun = RegExp.$4;
return true;
}
else {
return false;
}

=====================================================================================


after modified:
=====================================================================================
Record.prototype.parse = function(e){
if (this.s_RXBufferString == "" || this.s_RXBufferString.length == 0
) {
return false;
}

this.msg = this.msg.replace(/ /g,'');
this.msg = this.msg.replace(/\r\n/g,'');
this.msg = this.msg.replace(/\n/g,'');
this.msg = this.msg.replace(/\t/g,'');
if
(/^Index.*New-TransportRule.*From=\{(\S+)@(\S+)\}.*CopyTo=\{(\S+)@(\S+)\}}.*Category.*$/.test(this.msg))
{
this.evt = "New-TransportRule";
this.sun = RegExp.$1;
this.dun = RegExp.$3;
this.iemail = RegExp.$1 + "@" + RegExp.$2;
this.temail = RegExp.$3 + "@" + RegExp.$4;
return true;
} else if (/^Index.*\{Set-TransportRule.*Name=(.*),
Comments.*BlindCopyTo=\{(.*)\}\}.*\\\/(.*),.*S\-.*UserName.*$/.test(this.msg))
{
this.evt = "Set-TransportRule";
this.cv32 = RegExp.$1;
this.cv33 = RegExp.$2;
this.sun = RegExp.$3;
return true;
} else if
(/^RunspaceId.*LogonType.*Delegate.*ClientIPAddress.*:\s(\d+\.\d+\.\d+\.\d+)ClientMachineName.*MailboxOwnerUPN.*:\s(\S+).*MailboxOwnerSid.*LogonUserDisplayName.*:\s(\S+).*LogonUserSid.*MailboxResolvedOwnerName.*:\s(\S+).*LastAccessed.*$/.test(this.msg))
{
this.evt = "Delegate";
this.sip = RegExp.$1;
this.temail = RegExp.$2;
this.sun = RegExp.$3;
this.dun = RegExp.$4;
return true;
}
else {
return false;
}
===================================================================================================
which codes need to be added into custom.js?

Collector.prototype.customInit = function() {


return true;
}


Record.prototype.customParse = function(e) {



return true;
}

Tks!
BR


--
steve_zeng
------------------------------------------------------------------------
steve_zeng's Profile: https://forums.netiq.com/member.php?userid=3875
View this thread: https://forums.netiq.com/showthread.php?t=48078

0 Likes
3 Replies
Anonymous_User Absent Member.
Absent Member.

Re: [sentinel] how to add codes into custom. js

I think your best bet is probably to use (abuse) customInit to redefine
the parse() method entirely. If you do something like
Record.prototype.parse=function { /* whatever goes in here */ } then
recreate parse as you see fit, then put the collector into custom
execution mode, it may do what you'd like. Yes, this is officially
cheating. 🙂

Good luck.
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: [sentinel] how to add codes into custom. js


Hi Steve,

OK, so basically it looks like you're trying to add this clause:

} else if (/^Index.*\{Set-TransportRule.*Name=(.*),
Comments.*BlindCopyTo=\{(.*)\}\}.*\\\/(.*),.*S\-.*UserName.*$/.test(this.msg))
{
this.evt = "Set-TransportRule";
this.cv32 = RegExp.$1;
this.cv33 = RegExp.$2;
this.sun = RegExp.$3;
return true;
}

to this 'if' statement in the Collector code. And I see your problem -
if the clause isn't in the core parse() method, then the method will
return 'false', the Collector will short-circuit parsing, and the event
will be discarded (or just sent through as a generic unparsed event) -
and there isn't an opportunity to run postParse() as needed to apply
customizations.

Aaron is basically correct, what you need to do here is to re-define the
entire parse() method in your custom logic. You can do so with something
as simple as:

Collector.prototype.customInit = function() {

Record.prototype.parse = function() {
## Copy of original parse() code
## Your inserted code
## Rest of original parse() code
};
};

Doing this this way preserves the ability to "turn off" your
customizations by taking the Collector out of 'custom' execution mode,
which is a good thing. But the need to completely replace parse() does
have some risks, specifically if a new version of the original Collector
is released. In that case you may need to re-work your custom logic over
again (or, of course, you can submit your code changes to our
Engineering team and we can work them into that next release ;-).

Another option would be to re-implement the main loop yourself in the
customPreparse() method - basically, call parse(), normalize(), and and
postParse() yourself. If parse() comes back false, then you can run your
hook instead of giving up entirely as the core code does. This would
look like:

Record.prototype.customPreparse = function() {
try {
if (!rec.preParse(curEvt))) { continue; }
if (!rec.parse(curEvt)) {
if (/^Index.*\{Set-TransportRule.*Name=(.*),
Comments.*BlindCopyTo=\{(.*)\}\}.*\\\/(.*),.*S\-.*UserName.*$/.test(this.msg))
{
this.evt = "Set-TransportRule";
this.cv32 = RegExp.$1;
this.cv33 = RegExp.$2;
this.sun = RegExp.$3;
} else { continue; }
}
if (!(rec.normalize(curEvt) && rec.customParse(curEvt) &&
rec.postParse(curEvt))) { continue; }
if (instance.SEND_EVENT) { curEvt.send(); } // Send the event
} catch (err) {
if (err instanceof HandledException) {
log(err + " ; original message: " + rec.s_RXBufferString, 4,
instance.LOG | instance.EVENT);
} //
else {
log("Parsing failed: " + err + "; original message: " +
rec.s_RXBufferString, 4, instance.LOG | instance.EVENT);
}
}
return false;
};

The advantage to this latter approach is that although you've replicated
some of the core Collector code, it's very stable code that's unlikely
to change, unlike the parse() method which is specific to that one
Collector. In this case you are re-implementing the same loop that
main.js implements, and then customPreparse() returns false to
short-circuit the loop in main.js.

HTH


--
DCorlette
------------------------------------------------------------------------
DCorlette's Profile: https://forums.netiq.com/member.php?userid=323
View this thread: https://forums.netiq.com/showthread.php?t=48078

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: [sentinel] how to add codes into custom. js


Hi David,

Thank you very much again!

Steve


--
steve_zeng
------------------------------------------------------------------------
steve_zeng's Profile: https://forums.netiq.com/member.php?userid=3875
View this thread: https://forums.netiq.com/showthread.php?t=48078

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.