fluent-plugin-lm-logs 1.2.3 → 1.2.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b0760c2ab48870f18a21e0fe7de74686f71ab108936850c68d61eb6d87d614d8
-  data.tar.gz: a26aaf13e4a5caf38add3d592927f94127a962fba8be340e6f42aef904992a6a
+  metadata.gz: 6acf353e0cbb1783eb22109eb555acad23540bade16fbca72a24bf96a030b906
+  data.tar.gz: f87a8c226c61db34ee0dd2b5b5fe2e77ab7e1f2f51bf9b9ac2e5e378dbacb714
 SHA512:
-  metadata.gz: a48d16e49022f749a51fb908903a68c360001524867d73887b9296e78d67061cff935207542e594b963bafbe60bb47b528e0a807dbaba2433b477132f8c512a9
-  data.tar.gz: 01ee33b6e727f85af1b755915402f71888344c3f75a8692a23f4a7593af04789bfa441fab057585eb30052025b6a43f80d9d5c76b1e493f9d99f8470fa03e9b4
+  metadata.gz: 916a3d78c9c0ddaed1b9ed4fb943c61f9132cfffe97782339c0d7afa9d38cde0949251946264b167d5deb9f69752711f4d8a21ac57fb26b60eeafe3d1481d2bf
+  data.tar.gz: cd7f8a0388cf9f81c79638313bddeb4d01e69f3f072b803cd11d39f7b3dc5df7a9f8165fd225fc0cd8a938689ab6d1f92304746a97ea6a136dd55354876696e4

data/fluent-plugin-lm-logs.gemspec

@@ -21,7 +21,7 @@ Gem::Specification.new do |spec|
   spec.metadata["source_code_uri"]    = "https://github.com/logicmonitor/lm-logs-fluentd"
   spec.metadata["documentation_uri"]  = "https://www.rubydoc.info/gems/lm-logs-fluentd"
 
-  spec.files         = [".gitignore", "Gemfile", "LICENSE", "README.md", "Rakefile", "fluent-plugin-lm-logs.gemspec", "lib/fluent/plugin/version.rb", "lib/fluent/plugin/out_lm.rb"]
+  spec.files         = [".gitignore", "Gemfile", "LICENSE", "README.md", "Rakefile", "fluent-plugin-lm-logs.gemspec", "lib/fluent/plugin/version.rb", "lib/fluent/plugin/out_lm.rb", "lib/fluent/plugin/environment_detector.rb"]
   spec.require_paths = ["lib"]
   spec.required_ruby_version = '>= 2.0.0'
 

data/lib/fluent/plugin/environment_detector.rb

@@ -0,0 +1,201 @@
+require 'net/http'
+require 'timeout'
+require 'json'
+
+class EnvironmentDetector
+  METADATA_TIMEOUT = 1
+
+  def detect
+    if running_in_kubernetes?
+      { runtime: 'kubernetes' }.merge(detect_node_info)
+    elsif running_in_docker?
+      { runtime: 'docker' }.merge(detect_node_info)
+    else
+      detect_host_environment
+    end
+  end
+
+  def format_environment(env_info)
+    runtime = env_info[:runtime]
+    provider = env_info[:provider] if env_info.key?(:provider)
+
+    case runtime
+    when 'kubernetes'
+      'Kubernetes/Node'
+    when 'docker'
+      'Docker/Host'
+    when 'vm'
+      case provider&.downcase
+      when 'azure'
+        'Azure/VirtualMachine'
+      when 'aws'
+        'AWS/EC2'
+      when 'gcp'
+        'GCP/ComputeEngine'
+      else
+        'Unknown/VirtualMachine'
+      end
+    when 'physical'
+      os = env_info[:os] || 'UnknownOS'
+      product = env_info[:product] || 'UnknownHardware'
+      "#{os} / #{product}"
+    else
+      'UnknownEnvironment'
+    end
+  end
+
+  def infer_resource_type(record, tag = nil)
+    return record['resource_type'] if record['resource_type']
+
+    host = (record['host'] || record['hostname'] || '').to_s
+    msg = (record['message'] || '').to_s
+    program = (record['syslog_program'] || '').to_s
+    tags = record['tags'] || []
+    tag_down = tag&.downcase || ''
+
+    host_down = host.downcase
+    msg_down = msg.downcase
+    program_down = program.downcase
+    # From tag pattern (case-insensitive)
+    return 'WindowsServer' if tag_down.include?('windows')
+    return 'LinuxServer' if tag_down.include?('linux')
+    return 'Kubernetes/Node' if tag_down.include?('k8s') || tag_down.include?('kubernetes')
+    return 'Docker/Host' if tag_down.include?('docker')
+
+    # Structured metadata
+    return 'Kubernetes/Node' if record.key?('kubernetes')
+    return 'Docker/Host' if record.key?('container_id') || record.dig('docker', 'container_id')
+    return 'AWS/VirtualMachine' if host_down.start_with?('ip-') || msg_down.include?('amazon')
+    return 'GCP/VirtualMachine' if host_down.include?('.c.') || host_down.include?('gcp')
+    return 'Azure/VirtualMachine' if host_down.include?('cloudapp.net') || msg_down.include?('azure')
+    return 'VMware/VirtualMachine' if msg_down.include?('vmware') || host_down.include?('vmware')
+
+    return 'WindowsServer' if record.key?('EventID') || record.key?('ProviderName') || record.key?('Computer')
+    return 'LinuxServer' if record.key?('syslog_facility') || program_down != ''
+
+    return 'Firewall' if program_down.downcase.include?('firewalld') || msg_down.downcase.include?('iptables') || msg_down.include?('blocked by policy')
+    return 'ACMEServer' if host_down.include?('acme') || msg_down.include?('ACME-Request') || tags.include?('acme')
+    return 'WebServer' if msg_down.include?('nginx') || msg_down.include?('apache')
+    return 'DatabaseServer' if msg_down.include?('mysql') || msg_down.include?('postgres') || msg_down.include?('oracle')
+
+    'Unknown'
+  end
+
+
+  private
+
+  def running_in_kubernetes?
+    ENV.key?('KUBERNETES_SERVICE_HOST') || ENV.key?('KUBERNETES_PORT')
+  end
+
+  def running_in_docker?
+    return true if ENV['container'] == 'docker'
+    cgroup = File.read('/proc/1/cgroup') rescue ''
+    return true if cgroup.include?('docker') || cgroup.include?('containerd')
+    File.exist?('/.dockerenv')
+  end
+
+  def detect_host_environment
+    provider_info = detect_cloud_provider
+    return { runtime: 'vm', provider: provider_info[:provider], details: provider_info[:details] } if provider_info
+
+    os = detect_os
+    product = detect_product_info
+
+    if product.downcase.include?('xen hvm domu') && os.downcase.include?('amazon')
+      return { runtime: 'vm', provider: 'aws', details: { os: os, product: product } }
+    end
+
+    { runtime: 'physical', os: os, product: product }
+  end
+
+  def detect_node_info
+    { node_os: detect_os, node_product: detect_product_info }
+  end
+
+  def detect_cloud_provider
+    azure_metadata || aws_metadata || gcp_metadata
+  end
+
+  def azure_metadata
+    url = 'http://169.254.169.254/metadata/instance?api-version=2021-02-01'
+    headers = { 'Metadata' => 'true' }
+    response = fetch_metadata(url, headers)
+    return unless response
+    json = JSON.parse(response) rescue {}
+    {
+      provider: 'azure',
+      details: {
+        vm_id: json.dig('compute', 'vmId'),
+        location: json.dig('compute', 'location'),
+        name: json.dig('compute', 'name'),
+        vm_size: json.dig('compute', 'vmSize')
+      }
+    }
+  end
+
+  def aws_metadata
+    url = 'http://169.254.169.254/latest/meta-data/instance-id'
+    response = fetch_metadata(url)
+    return unless response
+    { provider: 'aws', details: { instance_id: response.strip } }
+  end
+
+  def gcp_metadata
+    url = 'http://169.254.169.254/computeMetadata/v1/instance/id'
+    headers = { 'Metadata-Flavor' => 'Google' }
+    response = fetch_metadata(url, headers)
+    return unless response
+    { provider: 'gcp', details: { instance_id: response.strip } }
+  end
+
+  def fetch_metadata(url, headers = {}, timeout_sec = METADATA_TIMEOUT)
+    uri = URI(url)
+    Timeout.timeout(timeout_sec) do
+      req = Net::HTTP::Get.new(uri)
+      headers.each { |k, v| req[k] = v }
+      res = Net::HTTP.start(uri.host, uri.port, open_timeout: timeout_sec, read_timeout: timeout_sec) { |http| http.request(req) }
+      return res.body if res.is_a?(Net::HTTPSuccess)
+    end
+  rescue Timeout::Error, SocketError, Errno::ECONNREFUSED, Errno::EHOSTUNREACH, EOFError
+    nil
+  end
+
+  def detect_os
+    if File.exist?('/etc/os-release')
+      os_info = {}
+      File.foreach('/etc/os-release') do |line|
+        key, value = line.strip.split('=', 2)
+        os_info[key] = value&.gsub('"', '')
+      end
+      "#{os_info['NAME']} #{os_info['VERSION']}"
+    elsif RUBY_PLATFORM.include?('darwin')
+      product_name = `sw_vers -productName`.strip
+      product_version = `sw_vers -productVersion`.strip
+      "#{product_name} #{product_version}"
+    else
+      `uname -a`.strip
+    end
+  rescue
+    'unknown'
+  end
+
+  def detect_product_info
+    if File.exist?('/sys/class/dmi/id/sys_vendor') && File.exist?('/sys/class/dmi/id/product_name')
+      vendor = read_file('/sys/class/dmi/id/sys_vendor')
+      product = read_file('/sys/class/dmi/id/product_name')
+      "#{vendor} #{product}".strip
+    elsif RUBY_PLATFORM.include?('darwin')
+      model = `system_profiler SPHardwareDataType | awk '/Model Identifier/ { print $3 }'`.strip
+      model.empty? ? 'Mac' : model
+    else
+      'unknown'
+    end
+  rescue
+    'unknown'
+  end
+
+  def read_file(path)
+    File.read(path).strip if File.exist?(path)
+  end
+end

data/lib/fluent/plugin/out_lm.rb

@@ -10,6 +10,7 @@ require 'net/http'
 require 'net/http/persistent'
 require 'net/https'
 require('zlib')
+require_relative 'environment_detector'
 
 require_relative "version"
 
@@ -51,6 +52,8 @@ module Fluent
 
     config_param :company_domain ,  :string, :default => "logicmonitor.com"
 
+    config_param :resource_type,  :string, :default => ""
+
     # Use bearer token for auth.
     config_param :bearer_token, :string, :default => nil, secret: true
 
@@ -81,6 +84,11 @@ module Fluent
       @http_client.override_headers["User-Agent"] = log_source + "/" + LmLogsFluentPlugin::VERSION
       @url = "https://#{@company_name}.#{@company_domain}/rest/log/ingest"
       @uri = URI.parse(@url)
+      @detector = EnvironmentDetector.new
+      @environment_info = @detector.detect
+      @local_env_str = format_environment(@environment_info)
+
+      log.info("Environment detected: #{@environment_info}")
     end
 
     def configure_auth
@@ -166,9 +174,15 @@ module Fluent
       else
         lm_event["timestamp"] = Time.at(time).utc.to_datetime.rfc3339
       end
-
       lm_event["message"] = encode_if_necessary(record["message"])
 
+      resource_type = @resource_type || @detector.infer_resource_type(record, tag)
+      if resource_type.nil? || resource_type.strip.empty? || resource_type == 'Unknown'
+        resource_type = @local_env_str
+      end
+
+      lm_event['_resource.type'] = resource_type
+
       return lm_event
     end
 
@@ -255,5 +269,34 @@ module Fluent
       end
     end
 
+    def format_environment(env_info)
+      runtime = env_info[:runtime]
+      provider = env_info[:provider] if env_info.key?(:provider)
+
+      case runtime
+      when 'kubernetes'
+        'Kubernetes/Node'
+      when 'docker'
+        'Docker/Host'
+      when 'vm'
+        case provider&.downcase
+        when 'azure'
+          'Azure/VirtualMachine'
+        when 'aws'
+          'AWS/EC2'
+        when 'gcp'
+          'GCP/ComputeEngine'
+        else
+          'Unknown/VirtualMachine'
+        end
+      when 'physical'
+        os = env_info[:os] || 'UnknownOS'
+        product = env_info[:product] || 'UnknownHardware'
+        "#{os} / #{product}"
+      else
+        'UnknownEnvironment'
+      end
+    end
+
   end
 end

data/lib/fluent/plugin/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module LmLogsFluentPlugin
-    VERSION = '1.2.3'
+    VERSION = '1.2.5'
 end

metadata

@@ -1,14 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: fluent-plugin-lm-logs
 version: !ruby/object:Gem::Version
-  version: 1.2.3
+  version: 1.2.5
 platform: ruby
 authors:
 - LogicMonitor
-autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-09-19 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: fluentd
@@ -57,6 +56,7 @@ files:
 - README.md
 - Rakefile
 - fluent-plugin-lm-logs.gemspec
+- lib/fluent/plugin/environment_detector.rb
 - lib/fluent/plugin/out_lm.rb
 - lib/fluent/plugin/version.rb
 homepage: https://www.logicmonitor.com
@@ -65,7 +65,6 @@ licenses:
 metadata:
   source_code_uri: https://github.com/logicmonitor/lm-logs-fluentd
   documentation_uri: https://www.rubydoc.info/gems/lm-logs-fluentd
-post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -80,8 +79,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.16
-signing_key:
+rubygems_version: 3.6.7
 specification_version: 4
 summary: LogicMonitor logs fluentd output plugin
 test_files: []