fluent-plugin-light-core 0.3.1 → 0.3.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7362a4a9cf4dce7cd3516cb36570bc9bb3cceaaa57298fb46516eb4ac21b3c03
-  data.tar.gz: 5971ac366d57a1e95814b2fe6dc2f142fd3f9bb21f22ec9c59311edc2022fdde
+  metadata.gz: '08ec4ec35703b1b0621b198aadfe16db38c875a0256b36ea1f49c787c309412b'
+  data.tar.gz: 4f61fd3d5470795e626e97d3edac0dc8a64de5558338e83a52d9f0d98e0c2d4c
 SHA512:
-  metadata.gz: 00db95fd28c70604437e7838b0f9f832aa8478671d39236097e11e28a58c36f8ea455aad92d60c252db91520ef5ecf9fa01c460f9a17bdd5fc8c824c98d0d202
-  data.tar.gz: '09a94bea94957e69e72174136913bc5c642f71e2036af1fcb4331a530ae64ace14ca1504c5ea9165c6b5eb33949dbbfbd81116da96325653ae102d362885cd96'
+  metadata.gz: cd25d33ca42164a1df21a91a424af363f844b31188e2eda280a8945fd6ee2c31913e3333c5e94eeefae3d20ad9b7184f044e7955a9cdf54f92aff8c7b9ee81c8
+  data.tar.gz: 651ba35b07783375102c4fdb2026231ccc67661a8bb8a215116dbef5fb7da00094f35db45ddbc3b9f8b2df3b4fad80e59da7db7a4dcf053dcaa457d237389c1d

data/Gemfile

@@ -5,3 +5,5 @@ gemspec
 gem "sentry-ruby"
 
 gem "oj", "~> 3.13"
+
+gem "audit_log_parser"

data/Gemfile.lock

@@ -1,13 +1,15 @@
 PATH
   remote: .
   specs:
-    fluent-plugin-light-core (0.2.3)
+    fluent-plugin-light-core (0.3.1)
       fluentd (>= 1.14.2, < 2)
+      oj (>= 3.13, < 4)
       sentry-ruby (>= 4.8.0, < 5)
 
 GEM
   remote: https://rubygems.org/
   specs:
+    audit_log_parser (0.1.3)
     concurrent-ruby (1.1.9)
     cool.io (1.7.1)
     faraday (1.8.0)
@@ -29,10 +31,10 @@ GEM
     faraday-net_http_persistent (1.2.0)
     faraday-patron (1.0.0)
     faraday-rack (1.0.0)
-    fluentd (1.14.2)
+    fluentd (1.14.3)
       bundler
       cool.io (>= 1.4.5, < 2.0.0)
-      http_parser.rb (>= 0.5.1, < 0.8.0)
+      http_parser.rb (>= 0.5.1, < 0.9.0)
       msgpack (>= 1.3.1, < 2.0.0)
       serverengine (>= 2.2.2, < 3.0.0)
       sigdump (~> 0.2.2)
@@ -41,7 +43,7 @@ GEM
       tzinfo-data (~> 1.0)
       webrick (>= 1.4.2, < 1.8.0)
       yajl-ruby (~> 1.0)
-    http_parser.rb (0.7.0)
+    http_parser.rb (0.8.0)
     msgpack (1.4.2)
     multipart-post (2.1.1)
     oj (3.13.9)
@@ -72,6 +74,7 @@ PLATFORMS
   ruby
 
 DEPENDENCIES
+  audit_log_parser
   bundler (~> 1.14)
   fluent-plugin-light-core!
   oj (~> 3.13)

data/fluent-plugin-light-core.gemspec

@@ -3,7 +3,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 
 Gem::Specification.new do |spec|
   spec.name    = "fluent-plugin-light-core"
-  spec.version = "0.3.1"
+  spec.version = "0.3.2"
   spec.authors = ["LIN LI"]
   spec.email   = ["l.li@alphabets.cn"]
 

data/lib/fluent/plugin/filter_light_core.rb

@@ -16,6 +16,7 @@
 require 'fluent/plugin/filter'
 require 'json'
 require 'sentry-ruby'
+require 'audit_log_parser'
 
 module Fluent
   module Plugin
@@ -72,33 +73,58 @@ module Fluent
       # 主处理
       def filter(tag, time, record)
         
+        # 应用
         if ['app', 'service'].include? tag
           record = filter_app(tag, time, record)
-          return notice('app', record)
+          notice('app', record)
         end
 
-        if ['lb', 'hub'].include? tag
+        # 负载均衡
+        if ['lb'].include? tag
           record = filter_lb(tag, time, record)
-          return notice('lb', record)
+          notice('lb', record)
         end
 
-        if ['mongo', 'secondary', 'arbiter'].include? tag
+        # 数据库 - TODO: 其中mongo为旧tag删除预定
+        if ['mongo', 'master', 'secondary', 'arbiter'].include? tag
           record = filter_mongo(tag, time, record)
-          return notice('mongo', record)
+          notice('mongo', record)
         end
 
+        if ['syslog.messages', 'syslog.secure', 'syslog.audit'].include? tag
+          record = filter_syslog(tag, time, record)
+        end
+
+        record['environment'] = ENV['FLUENTD_ENV']
+        record['node'] = ENV['NODE_IP']
+
+        # 其他
         record
 
       end
 
+      # Parse syslog
+      def filter_syslog(tag, time, record)
+
+        if (tag == 'syslog.audit')
+          line = record['message']
+          return record unless line
+
+          record = AuditLogParser.parse_line(line, flatten: false)
+          record['time'] = Time.at(record["header"]["msg"][/[0-9]+/].to_i).to_s
+          return record
+        end
+
+        record['time'] = Time.at(time).to_s
+        return record
+      end
+
       # Parse the application log
       def filter_app(tag, time, record)
         file = record['file'].split('/').last.split('_')           # Parse log file name
         log = record['log']                                        # Get detailed log content
 
         # Set common items
-        # record['environment'] = Socket.gethostname.split('-')[0] # dev | prd
-        record['environment'] = ENV['FLUENTD_ENV']                 # dev | prd
         record['cid'] = file[0]                                    # container id
         record['cname'] = file[0].split('-')[1]                    # container name
         record['ctime'] = record['time']                           # container time
@@ -152,7 +178,6 @@ module Fluent
         file = record['file'].split('/').last.split('_')
         log = record['log']
 
-        record['environment'] = ENV['FLUENTD_ENV']
         record['cid'] = file[0]
         record['cname'] = tag
         record['ctime'] = record['time']
@@ -218,7 +243,6 @@ module Fluent
         file = record['file'].split('/').last.split('_')
         log = record['log']
 
-        record['environment'] = ENV['FLUENTD_ENV']
         record['cid'] = file[0]
         record['cname'] = tag
         record['ctime'] = record['time']

data/sample/source.conf

@@ -1,81 +1,119 @@
 
-<source>
-  @type            tail
-  path             sample/app*.log
-  pos_file         sample/source.app.pos
-  tag              app
-  format           json
-  read_from_head   true
-  path_key         file
-  time_key         time
-  keep_time_key    true
-  time_format      %Y-%m-%dT%H:%M:%S.%NZ
-</source>
+# <source>
+#   @type            tail
+#   path             sample/app*.log
+#   pos_file         sample/source.app.pos
+#   tag              app
+#   format           json
+#   read_from_head   true
+#   path_key         file
+#   time_key         time
+#   keep_time_key    true
+#   time_format      %Y-%m-%dT%H:%M:%S.%NZ
+# </source>
 
-<source>
-  @type            tail
-  path             sample/ingress-nginx*.log
-  pos_file         sample/source.ingress-nginx.pos
-  tag              lb
-  format           json
-  read_from_head   true
-  path_key         file
-  time_key         time
-  keep_time_key    true
-  time_format      %Y-%m-%dT%H:%M:%S.%NZ
-</source>
+# <source>
+#   @type            tail
+#   path             sample/ingress-nginx*.log
+#   pos_file         sample/source.ingress-nginx.pos
+#   tag              lb
+#   format           json
+#   read_from_head   true
+#   path_key         file
+#   time_key         time
+#   keep_time_key    true
+#   time_format      %Y-%m-%dT%H:%M:%S.%NZ
+# </source>
 
-<source>
-  @type            tail
-  path             sample/hub*.log
-  pos_file         sample/source.hub.pos
-  tag              hub
-  format           json
-  read_from_head   true
-  path_key         file
-  time_key         time
-  keep_time_key    true
-  time_format      %Y-%m-%dT%H:%M:%S.%NZ
-</source>
+# <source>
+#   @type            tail
+#   path             sample/hub*.log
+#   pos_file         sample/source.hub.pos
+#   tag              hub
+#   format           json
+#   read_from_head   true
+#   path_key         file
+#   time_key         time
+#   keep_time_key    true
+#   time_format      %Y-%m-%dT%H:%M:%S.%NZ
+# </source>
 
-<source>
-  @type            tail
-  path             sample/db*.log
-  pos_file         sample/source.mongo.pos
-  tag              mongo
-  format           json
-  read_from_head   true
-  path_key         file
-  time_key         time
-  keep_time_key    true
-  time_format      %Y-%m-%dT%H:%M:%S.%NZ
-</source>
+# <source>
+#   @type            tail
+#   path             sample/db*.log
+#   pos_file         sample/source.mongo.pos
+#   tag              mongo
+#   format           json
+#   read_from_head   true
+#   path_key         file
+#   time_key         time
+#   keep_time_key    true
+#   time_format      %Y-%m-%dT%H:%M:%S.%NZ
+# </source>
 
-<source>
-  @type            tail
-  path             sample/secondary*.log
-  pos_file         sample/source.secondary.pos
-  tag              secondary
-  format           json
-  read_from_head   true
-  path_key         file
-  time_key         time
-  keep_time_key    true
-  time_format      %Y-%m-%dT%H:%M:%S.%NZ
-</source>
+# <source>
+#   @type            tail
+#   path             sample/secondary*.log
+#   pos_file         sample/source.secondary.pos
+#   tag              secondary
+#   format           json
+#   read_from_head   true
+#   path_key         file
+#   time_key         time
+#   keep_time_key    true
+#   time_format      %Y-%m-%dT%H:%M:%S.%NZ
+# </source>
 
-<source>
-  @type            tail
-  path             sample/arbiter*.log
-  pos_file         sample/source.arbiter.pos
-  tag              arbiter
-  format           json
-  read_from_head   true
-  path_key         file
-  time_key         time
-  keep_time_key    true
-  time_format      %Y-%m-%dT%H:%M:%S.%NZ
-</source>
+# <source>
+#   @type            tail
+#   path             sample/arbiter*.log
+#   pos_file         sample/source.arbiter.pos
+#   tag              arbiter
+#   format           json
+#   read_from_head   true
+#   path_key         file
+#   time_key         time
+#   keep_time_key    true
+#   time_format      %Y-%m-%dT%H:%M:%S.%NZ
+# </source>
+
+#######################################
+# syslog messages
+#######################################
+# <source>
+#   @type          tail
+#   format         syslog
+#   path           sample/sys/messages.log
+#   pos_file       sample/sys/messages.pos
+#   read_from_head true
+#   tag            syslog.messages
+# </source>
+
+#######################################
+# syslog secure
+#######################################
+# <source>
+#   @type          tail
+#   format         syslog
+#   path           sample/sys/secure.log
+#   pos_file       sample/sys/secure.pos
+#   read_from_head true
+#   tag            syslog.secure
+# </source>
+
+#######################################
+# syslog audit
+#######################################
+# <source>
+#   @type          tail
+#   path           sample/sys/audit.log
+#   pos_file       sample/sys/audit.log.pos
+#   read_from_head true
+#   tag            syslog.audit
+#   <parse>
+#     @type        none
+#   </parse>
+# </source>
 
 <filter **>
   @type            light_core

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: fluent-plugin-light-core
 version: !ruby/object:Gem::Version
-  version: 0.3.1
+  version: 0.3.2
 platform: ruby
 authors:
 - LIN LI
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-12-02 00:00:00.000000000 Z
+date: 2021-12-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler