RubyGems - fluent-plugin-light-core - Versions diffs - 0.3.1 → 0.3.2 - Mend

fluent-plugin-light-core 0.3.1 → 0.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml +4 -4
data/Gemfile +2 -0
data/Gemfile.lock +7 -4
data/fluent-plugin-light-core.gemspec +1 -1
data/lib/fluent/plugin/filter_light_core.rb +33 -9
data/sample/source.conf +110 -72
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7362a4a9cf4dce7cd3516cb36570bc9bb3cceaaa57298fb46516eb4ac21b3c03
-  data.tar.gz: 5971ac366d57a1e95814b2fe6dc2f142fd3f9bb21f22ec9c59311edc2022fdde
+  metadata.gz: '08ec4ec35703b1b0621b198aadfe16db38c875a0256b36ea1f49c787c309412b'
+  data.tar.gz: 4f61fd3d5470795e626e97d3edac0dc8a64de5558338e83a52d9f0d98e0c2d4c
 SHA512:
-  metadata.gz: 00db95fd28c70604437e7838b0f9f832aa8478671d39236097e11e28a58c36f8ea455aad92d60c252db91520ef5ecf9fa01c460f9a17bdd5fc8c824c98d0d202
-  data.tar.gz: '09a94bea94957e69e72174136913bc5c642f71e2036af1fcb4331a530ae64ace14ca1504c5ea9165c6b5eb33949dbbfbd81116da96325653ae102d362885cd96'
+  metadata.gz: cd25d33ca42164a1df21a91a424af363f844b31188e2eda280a8945fd6ee2c31913e3333c5e94eeefae3d20ad9b7184f044e7955a9cdf54f92aff8c7b9ee81c8
+  data.tar.gz: 651ba35b07783375102c4fdb2026231ccc67661a8bb8a215116dbef5fb7da00094f35db45ddbc3b9f8b2df3b4fad80e59da7db7a4dcf053dcaa457d237389c1d

data/Gemfile CHANGED Viewed

@@ -5,3 +5,5 @@ gemspec
 gem "sentry-ruby"
 gem "oj", "~> 3.13"
+gem "audit_log_parser"

data/Gemfile.lock CHANGED Viewed

@@ -1,13 +1,15 @@
 PATH
   remote: .
   specs:
-    fluent-plugin-light-core (0.2.3)
+    fluent-plugin-light-core (0.3.1)
       fluentd (>= 1.14.2, < 2)
+      oj (>= 3.13, < 4)
       sentry-ruby (>= 4.8.0, < 5)
 GEM
   remote: https://rubygems.org/
   specs:
+    audit_log_parser (0.1.3)
     concurrent-ruby (1.1.9)
     cool.io (1.7.1)
     faraday (1.8.0)
@@ -29,10 +31,10 @@ GEM
     faraday-net_http_persistent (1.2.0)
     faraday-patron (1.0.0)
     faraday-rack (1.0.0)
-    fluentd (1.14.2)
+    fluentd (1.14.3)
       bundler
       cool.io (>= 1.4.5, < 2.0.0)
-      http_parser.rb (>= 0.5.1, < 0.8.0)
+      http_parser.rb (>= 0.5.1, < 0.9.0)
       msgpack (>= 1.3.1, < 2.0.0)
       serverengine (>= 2.2.2, < 3.0.0)
       sigdump (~> 0.2.2)
@@ -41,7 +43,7 @@ GEM
       tzinfo-data (~> 1.0)
       webrick (>= 1.4.2, < 1.8.0)
       yajl-ruby (~> 1.0)
-    http_parser.rb (0.7.0)
+    http_parser.rb (0.8.0)
     msgpack (1.4.2)
     multipart-post (2.1.1)
     oj (3.13.9)
@@ -72,6 +74,7 @@ PLATFORMS
   ruby
 DEPENDENCIES
+  audit_log_parser
   bundler (~> 1.14)
   fluent-plugin-light-core!
   oj (~> 3.13)

data/fluent-plugin-light-core.gemspec CHANGED Viewed

@@ -3,7 +3,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 Gem::Specification.new do |spec|
   spec.name    = "fluent-plugin-light-core"
-  spec.version = "0.3.1"
+  spec.version = "0.3.2"
   spec.authors = ["LIN LI"]
   spec.email   = ["l.li@alphabets.cn"]

data/lib/fluent/plugin/filter_light_core.rb CHANGED Viewed

@@ -16,6 +16,7 @@
 require 'fluent/plugin/filter'
 require 'json'
 require 'sentry-ruby'
+require 'audit_log_parser'
 module Fluent
   module Plugin
@@ -72,33 +73,58 @@ module Fluent
       # 主处理
       def filter(tag, time, record)
+        # 应用
         if ['app', 'service'].include? tag
           record = filter_app(tag, time, record)
-          return notice('app', record)
+          notice('app', record)
         end
-        if ['lb', 'hub'].include? tag
+        # 负载均衡
+        if ['lb'].include? tag
           record = filter_lb(tag, time, record)
-          return notice('lb', record)
+          notice('lb', record)
         end
-        if ['mongo', 'secondary', 'arbiter'].include? tag
+        # 数据库 - TODO: 其中mongo为旧tag删除预定
+        if ['mongo', 'master', 'secondary', 'arbiter'].include? tag
           record = filter_mongo(tag, time, record)
-          return notice('mongo', record)
+          notice('mongo', record)
         end
+        if ['syslog.messages', 'syslog.secure', 'syslog.audit'].include? tag
+          record = filter_syslog(tag, time, record)
+        end
+        record['environment'] = ENV['FLUENTD_ENV']
+        record['node'] = ENV['NODE_IP']
+        # 其他
         record
       end
+      # Parse syslog
+      def filter_syslog(tag, time, record)
+        if (tag == 'syslog.audit')
+          line = record['message']
+          return record unless line
+          record = AuditLogParser.parse_line(line, flatten: false)
+          record['time'] = Time.at(record["header"]["msg"][/[0-9]+/].to_i).to_s
+          return record
+        end
+        record['time'] = Time.at(time).to_s
+        return record
+      end
       # Parse the application log
       def filter_app(tag, time, record)
         file = record['file'].split('/').last.split('_')           # Parse log file name
         log = record['log']                                        # Get detailed log content
         # Set common items
-        # record['environment'] = Socket.gethostname.split('-')[0] # dev | prd
-        record['environment'] = ENV['FLUENTD_ENV']                 # dev | prd
         record['cid'] = file[0]                                    # container id
         record['cname'] = file[0].split('-')[1]                    # container name
         record['ctime'] = record['time']                           # container time
@@ -152,7 +178,6 @@ module Fluent
         file = record['file'].split('/').last.split('_')
         log = record['log']
-        record['environment'] = ENV['FLUENTD_ENV']
         record['cid'] = file[0]
         record['cname'] = tag
         record['ctime'] = record['time']
@@ -218,7 +243,6 @@ module Fluent
         file = record['file'].split('/').last.split('_')
         log = record['log']
-        record['environment'] = ENV['FLUENTD_ENV']
         record['cid'] = file[0]
         record['cname'] = tag
         record['ctime'] = record['time']

data/sample/source.conf CHANGED Viewed

@@ -1,81 +1,119 @@
-<source>
-  @type            tail
-  path             sample/app*.log
-  pos_file         sample/source.app.pos
-  tag              app
-  format           json
-  read_from_head   true
-  path_key         file
-  time_key         time
-  keep_time_key    true
-  time_format      %Y-%m-%dT%H:%M:%S.%NZ
-</source>
+# <source>
+#   @type            tail
+#   path             sample/app*.log
+#   pos_file         sample/source.app.pos
+#   tag              app
+#   format           json
+#   read_from_head   true
+#   path_key         file
+#   time_key         time
+#   keep_time_key    true
+#   time_format      %Y-%m-%dT%H:%M:%S.%NZ
+# </source>
-<source>
-  @type            tail
-  path             sample/ingress-nginx*.log
-  pos_file         sample/source.ingress-nginx.pos
-  tag              lb
-  format           json
-  read_from_head   true
-  path_key         file
-  time_key         time
-  keep_time_key    true
-  time_format      %Y-%m-%dT%H:%M:%S.%NZ
-</source>
+# <source>
+#   @type            tail
+#   path             sample/ingress-nginx*.log
+#   pos_file         sample/source.ingress-nginx.pos
+#   tag              lb
+#   format           json
+#   read_from_head   true
+#   path_key         file
+#   time_key         time
+#   keep_time_key    true
+#   time_format      %Y-%m-%dT%H:%M:%S.%NZ
+# </source>
-<source>
-  @type            tail
-  path             sample/hub*.log
-  pos_file         sample/source.hub.pos
-  tag              hub
-  format           json
-  read_from_head   true
-  path_key         file
-  time_key         time
-  keep_time_key    true
-  time_format      %Y-%m-%dT%H:%M:%S.%NZ
-</source>
+# <source>
+#   @type            tail
+#   path             sample/hub*.log
+#   pos_file         sample/source.hub.pos
+#   tag              hub
+#   format           json
+#   read_from_head   true
+#   path_key         file
+#   time_key         time
+#   keep_time_key    true
+#   time_format      %Y-%m-%dT%H:%M:%S.%NZ
+# </source>
-<source>
-  @type            tail
-  path             sample/db*.log
-  pos_file         sample/source.mongo.pos
-  tag              mongo
-  format           json
-  read_from_head   true
-  path_key         file
-  time_key         time
-  keep_time_key    true
-  time_format      %Y-%m-%dT%H:%M:%S.%NZ
-</source>
+# <source>
+#   @type            tail
+#   path             sample/db*.log
+#   pos_file         sample/source.mongo.pos
+#   tag              mongo
+#   format           json
+#   read_from_head   true
+#   path_key         file
+#   time_key         time
+#   keep_time_key    true
+#   time_format      %Y-%m-%dT%H:%M:%S.%NZ
+# </source>
-<source>
-  @type            tail
-  path             sample/secondary*.log
-  pos_file         sample/source.secondary.pos
-  tag              secondary
-  format           json
-  read_from_head   true
-  path_key         file
-  time_key         time
-  keep_time_key    true
-  time_format      %Y-%m-%dT%H:%M:%S.%NZ
-</source>
+# <source>
+#   @type            tail
+#   path             sample/secondary*.log
+#   pos_file         sample/source.secondary.pos
+#   tag              secondary
+#   format           json
+#   read_from_head   true
+#   path_key         file
+#   time_key         time
+#   keep_time_key    true
+#   time_format      %Y-%m-%dT%H:%M:%S.%NZ
+# </source>
-<source>
-  @type            tail
-  path             sample/arbiter*.log
-  pos_file         sample/source.arbiter.pos
-  tag              arbiter
-  format           json
-  read_from_head   true
-  path_key         file
-  time_key         time
-  keep_time_key    true
-  time_format      %Y-%m-%dT%H:%M:%S.%NZ
-</source>
+# <source>
+#   @type            tail
+#   path             sample/arbiter*.log
+#   pos_file         sample/source.arbiter.pos
+#   tag              arbiter
+#   format           json
+#   read_from_head   true
+#   path_key         file
+#   time_key         time
+#   keep_time_key    true
+#   time_format      %Y-%m-%dT%H:%M:%S.%NZ
+# </source>
+#######################################
+# syslog messages
+#######################################
+# <source>
+#   @type          tail
+#   format         syslog
+#   path           sample/sys/messages.log
+#   pos_file       sample/sys/messages.pos
+#   read_from_head true
+#   tag            syslog.messages
+# </source>
+#######################################
+# syslog secure
+#######################################
+# <source>
+#   @type          tail
+#   format         syslog
+#   path           sample/sys/secure.log
+#   pos_file       sample/sys/secure.pos
+#   read_from_head true
+#   tag            syslog.secure
+# </source>
+#######################################
+# syslog audit
+#######################################
+# <source>
+#   @type          tail
+#   path           sample/sys/audit.log
+#   pos_file       sample/sys/audit.log.pos
+#   read_from_head true
+#   tag            syslog.audit
+#   <parse>
+#     @type        none
+#   </parse>
+# </source>
 <filter **>
   @type            light_core

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: fluent-plugin-light-core
 version: !ruby/object:Gem::Version
-  version: 0.3.1
+  version: 0.3.2
 platform: ruby
 authors:
 - LIN LI
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-12-02 00:00:00.000000000 Z
+date: 2021-12-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler