fluent-plugin-macos-log 0.0.1.beta.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 57016186f913c0af39bac56db61c9c053bed21a1f91230bbd47e24c9636264e2
+  data.tar.gz: 41b000bade26ccbdcca84d65e7c624a74a144d5845ad3814935ef4151c14857c
+SHA512:
+  metadata.gz: 04d5a09d8d5ea8181fe8d697090af30c304c1a80181d28389eba85c0293abe41e0a84d47f2f8ab62d0f274c39adb08ecbe7b4c357dac92cfe112cc50b5f60deb
+  data.tar.gz: 8080c62ca068e40444f8aa3c3aa265b21e428fb47f9c18bf4b464955d87bf32b754caac11ed808e6f1d9db8d1232534d73cb4514fb935f156ca4d188a45f204e

data/.circleci/config.yml

@@ -0,0 +1,143 @@
+# Ruby CircleCI 2.0 configuration file
+#
+# Check https://circleci.com/docs/2.0/language-ruby/ for more details
+#
+version: 2.1
+
+executors:
+  ruby:
+    docker:
+      - image: circleci/ruby:2.6.6-node
+    environment:
+      BUNDLER_VERSION: 2.1.4
+      REPO_NAME: "fluent-plugin-macos-log"
+      BUNDLE_PATH: "vendor/bundle"
+      VERSION_FILE: "version.txt"
+
+references:
+  depends_cache_key: &depends_cache_key
+                       v1-dependencies-{{ .Branch }}-{{ checksum "Gemfile.lock" }}
+  fallback_repo_cache_key: &fallback_repo_cache_key
+                             v1-dependencies-
+  restore_deps: &restore_deps
+    restore_cache:
+      keys:
+        - *depends_cache_key
+        - *fallback_repo_cache_key
+  save_deps: &save_deps
+    save_cache:
+      paths:
+        - ./vendor/bundle
+      key: *depends_cache_key
+  install_bundler: &install_bundler
+    run:
+      name: Install bundler
+      command: gem install bundler:$BUNDLER_VERSION
+
+jobs:
+  build:
+    executor: ruby
+    working_directory: ~/repo
+    steps:
+      - checkout
+
+      # Download and cache dependencies
+      - *restore_deps
+      - *install_bundler
+      - run:
+          name: Install dependencies
+          command: bundle install --jobs=4 --retry=3
+
+      - *save_deps
+
+      # run tests!
+      - run:
+          name: run tests
+          command: |
+            mkdir /tmp/test-results
+            bundle exec rake test
+
+      # collect reports
+      - store_test_results:
+          path: /tmp/test-results
+      - store_artifacts:
+          path: /tmp/test-results
+          destination: test-results
+
+  release:
+    executor: ruby
+    working_directory: ~/repo
+    steps:
+      - add_ssh_keys:
+          fingerprints:
+            - "a5:d3:86:70:21:30:78:71:87:a7:45:34:0a:47:f6:5c"
+      - checkout
+      - *restore_deps
+      - *install_bundler
+      - run:
+          name: Ruby version
+          command: |
+            ruby --version
+            gem env version
+            bundle --version
+      - run:
+          name: Configure git for release
+          command: |
+            git config user.name "librato-ci"
+            git config user.email "tools+librato-ci-githublibrato.com"
+#      - run:
+#          name: Prepare release
+#          command: |
+#            sed -i'' 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\).*/\1.\2.\3/g' $VERSION_FILE
+#            GITTAG=$(cat $VERSION_FILE)
+#            git add $VERSION_FILE
+#            git commit -m "[ci skip] prepare release $GITTAG"
+#            git push --set-upstream origin $CIRCLE_BRANCH
+#            git tag $GITTAG
+#            git push origin $GITTAG
+      - run:
+          name: Generate gem credentials
+          command: |
+            mkdir -p ~/.gem
+            echo -e "---\r\n:rubygems_api_key: $RUBYGEMS_API_KEY" > ~/.gem/credentials
+            chmod 0600 ~/.gem/credentials
+      - run:
+          name: Perform build
+          command: |
+            rm -rf ${REPO_NAME}-*.gem
+            bundle exec gem build ${REPO_NAME}.gemspec
+      - run:
+          name: Perform publish
+          command: |
+            cat ~/.gem/credentials
+            bundle exec gem push ${REPO_NAME}-*.gem
+      - run:
+          name: Prepare next release version
+          command: |
+            VERSION=$(cat $VERSION_FILE | xargs)
+            if [[ $VERSION =~ ^(.*)(([0-9]+)\.([0-9]+)\.([0-9]+))(-.*)? ]]; then
+              SEMVERMAJOR=${BASH_REMATCH[3]}
+              SEMVERMINOR=${BASH_REMATCH[4]}
+              SEMVERPATCH=$(expr ${BASH_REMATCH[5]} + 1)
+              NEWVERSION="${SEMVERMAJOR}.${SEMVERMINOR}.${SEMVERPATCH}.beta.1"
+              echo "$NEWVERSION" > $VERSION_FILE
+              git add $VERSION_FILE Gemfile.lock
+              git commit -m "[ci skip] prepare for next development iteration"
+              git push --set-upstream origin $CIRCLE_BRANCH
+            fi
+      - run:
+          name: Clean credentials
+          command: shred -u ~/.gem/credentials
+          when: always
+
+workflows:
+  build_test_release:
+    jobs:
+      - build
+      - release:
+          filters:
+            branches:
+              only:
+                - develop
+          requires:
+            - build

data/.gitignore

@@ -0,0 +1,6 @@
+*.gem
+.bundle
+vendor/
+pkg/*
+.idea/
+*.iml

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in fluent-plugin-macos-log.gemspec
+gemspec

data/Gemfile.lock

@@ -0,0 +1,52 @@
+PATH
+  remote: .
+  specs:
+    fluent-plugin-macos-log (0.0.1.beta.1)
+      fluentd (>= 1.2, < 2)
+      yajl-ruby (~> 1.3)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    concurrent-ruby (1.1.8)
+    cool.io (1.7.1)
+    fluentd (1.12.1)
+      bundler
+      cool.io (>= 1.4.5, < 2.0.0)
+      http_parser.rb (>= 0.5.1, < 0.7.0)
+      msgpack (>= 1.3.1, < 2.0.0)
+      serverengine (>= 2.2.2, < 3.0.0)
+      sigdump (~> 0.2.2)
+      strptime (>= 0.2.2, < 1.0.0)
+      tzinfo (>= 1.0, < 3.0)
+      tzinfo-data (~> 1.0)
+      yajl-ruby (~> 1.0)
+    http_parser.rb (0.6.0)
+    minitest (5.14.2)
+    msgpack (1.4.2)
+    power_assert (1.2.0)
+    rake (10.5.0)
+    serverengine (2.2.3)
+      sigdump (~> 0.2.2)
+    sigdump (0.2.4)
+    strptime (0.2.5)
+    test-unit (3.3.7)
+      power_assert
+    tzinfo (2.0.4)
+      concurrent-ruby (~> 1.0)
+    tzinfo-data (1.2021.1)
+      tzinfo (>= 1.0.0)
+    yajl-ruby (1.4.1)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler (~> 2.0)
+  fluent-plugin-macos-log!
+  minitest (~> 5.0)
+  rake (~> 10.0)
+  test-unit (~> 3.2)
+
+BUNDLED WITH
+   2.1.4

data/Makefile

@@ -0,0 +1,17 @@
+REPO_NAME=fluent-plugin-macos-log
+
+bundle:
+	bundle install
+
+test: bundle
+	bundle exec rake test
+
+package: bundle
+	rm -rf ${REPO_NAME}-*.gem
+	bundle exec gem build ${REPO_NAME}.gemspec
+
+deploy: package
+	gem install ${REPO_NAME}
+
+release: package
+	bundle exec gem push ${REPO_NAME}-*.gem

data/README.md

@@ -0,0 +1,176 @@
+# Fluent::Plugin::MacOsLogInput
+
+[![Gem Version](https://badge.fury.io/rb/fluent-plugin-macos-log.svg)](https://badge.fury.io/rb/fluent-plugin-macos-log) [![CircleCI](https://circleci.com/gh/loggly/fluent-plugin-macos-log/tree/master.svg?style=shield)](https://circleci.com/gh/loggly/fluent-plugin-macos-log/tree/master)
+
+## Description
+
+This repository contains the Fluentd MacOs unified logs input Plugin.
+
+## Installation
+
+Install this gem when setting up fluentd:
+```ruby
+gem install fluent-plugin-macos-log
+```
+
+## Usage
+
+### Setup
+
+This is a process execution input plugin for Fluentd that periodically executes external `log show` command and parses log events into Fluentd's core system.
+Each execution alters `start` and `end` time input parameters of log utility to slowly iterates over log data. The iteration
+interval can be configured by user, but cannot be lower than 1s.
+
+There are multiple configurations one can use:
+
+#### Simplified Output
+Uses human-readable output of the command. The process output is parsed using `regexp` parser
+and logic, which combines multiple lines together. The parameter `log_line_start` defines regular expresion, which matches the
+beginning of line. Anything in between will be merged into single log entry. Although the parser is `regexp`, user can select any other supported parser.
+To configure this in fluentd:
+```xml
+<source>
+  @type macoslog
+  tag macos
+  pos_file /path/to/position/file
+  run_interval 10s
+</source>
+```
+
+#### Detail Output
+Use when more detailed output is required. It uses `ndjson` style of `log` command, which is then parsed by json parser.
+To configure this in fluentd:
+```xml
+<source>
+  @type macoslog
+  style ndjson
+  tag macos
+  pos_file last-starttime.log
+  run_interval 10s
+  <parse>
+    @type json
+    time_type string
+    time_key timestamp
+    time_format %Y-%m-%d %H:%M:%S.%L%z
+  </parse>
+</source>
+```
+
+### Advanced Configuration
+This plugin inherits Fluentd's standard input parameters.
+
+The command used by default is `log show --style default --start @%s --end @%s` in order to combine multiple lines and iterate over
+each period of time. Notice the `start` and `end` parameters use `@`, which is notation for unix timestamp format, used by plugin.
+
+Optionally the plugin uses position file, where it records last processed timestamp. Whenever the `fluentd` process
+restarts the plugin picks up from the last position. When no position files is used the plugin starts from current time
+and keeps last position only in memory.
+
+Optionally one can configure any `predicate` to filter required logs.
+
+* `command` - external command to be executed for each interval. The command's first parameter noted ruby's `%s` as start
+unix timestamp and the second `%s` for end timestamp. Default: `log show --style default --start @%s --end @%s`
+* `predicate` - log filter predicate as per Apple's documentation. Default: `nil`
+* `levels` - Controls what logging levels will be shown. Supported by `log` command:
+  * [no-]backtrace              Control whether backtraces are shown
+  * [no-]debug                  Control whether "Debug" events are shown
+  * [no-]info                   Control whether "Info" events are shown
+  * [no-]loss                   Control whether message loss events are shown
+  * [no-]signpost               Control whether signposts are shown
+* `style` - Controls style of logging tool output.
+  * `ndjson` - single lined json format output. When used, the json parser must be configured. 
+* `connect_mode` - Control target IO:
+  * `read`: Read logs from stdio
+  * `read_with_stderr`: Read logs from stdio and stderr (mainly for debug).
+* `parser` section - Refer these for more details about parse section. Default `regexp`
+* `tag` - The tag of the output events.
+* `run_interval` - The interval time between periodic program runs.
+* `max_age` - The time base max age of logs to process. Default `3d`
+* `pos_file` - Fluentd will record the position it last read from external command.
+  Don't share pos_file between in_macoslog configurations. It causes unexpected behavior e.g. corrupt pos_file content.
+* `log_line_start` - Regexp of start of the log to combine multiline logs. Default: `\d+-\d+-\d+\s+\d+:\d+:\d+[^ ]+`
+* `log_header_lines` - Number of header lines to skip when parsing. When `ndjson` style used the parameter refers
+  to number of footer lines to be skipped. Default: `1`
+
+One can configure own parser:
+```xml
+<source>
+  @type macoslog
+  tag macos
+  pos_file /path/to/position/file
+  run_interval 10s
+  <parse>
+    @type tsv
+    keys avg1,avg5,avg15
+    delimiter " "
+  </parse>
+</source>
+```
+
+### Example
+Example configuration for sending logs over to Loggly. The input plugin collects unified logs with filter `process == "sharingd"`
+every `10s` while recording position in file `/path/to/position/file`.
+
+It uses output [fluent-plugin-loggly](https://github.com/patant/fluent-plugin-loggly) configured in buffer mode.
+
+```xml
+<source>
+  @type macoslog
+  predicate process == "sharingd"
+  tag macos
+  pos_file /path/to/position/file
+  run_interval 10s
+</source>
+
+<match macos>
+  type loggly_buffered
+  loggly_url https://logs-01.loggly.com/bulk/xxx-xxxx-xxxx-xxxxx-xxxxxxxxxx
+  output_include_time true
+  time_precision_digits 3
+  buffer_type    file
+  buffer_path    /path/to/buffer/file
+  flush_interval 10s
+</match>
+```
+
+## Development
+
+This plugin is targeting Ruby 2.6 and Fluentd v1.0, although it should work with older versions of both.
+
+We have a [Makefile](Makefile) to wrap common functions and make life easier.
+
+### Prepare development
+To install fluentd on MacOs use following ruby environment.
+```shell script
+brew install rbenv ruby-build
+echo 'if which rbenv > /dev/null; then eval "$(rbenv init -)"; fi' >> ~/.zshrc
+source ~/.zshrc
+rbenv install 2.6.3
+rbenv global 2.6.3
+
+gem install fluentd --no-doc
+```
+
+Install latest bundler
+```shell script
+gem install bundler
+```
+
+### Install Dependencies
+`make bundle`
+
+### Test
+`make test`
+
+### Release in [RubyGems](https://rubygems.org/gems/fluent-plugin-macos-log)
+To release a new version, update the version number in the [GemSpec](fluent-plugin-macos-log.gemspec) and then, run:
+
+`make release`
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at: https://github.com/loggly/fluent-plugin-macos-log
+
+# Questions/Comments?
+
+Please [open an issue](https://github.com/loggly/fluent-plugin-macos-log/issues/new), we'd love to hear from you.

data/Rakefile

@@ -0,0 +1,9 @@
+require "rake/testtask"
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << "test"
+  t.libs << "lib"
+  t.test_files = FileList['test/**/test_*.rb']
+end
+
+task :default => :test

data/fluent-plugin-macos-log.gemspec

@@ -0,0 +1,32 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+
+version = File.read('version.txt').strip
+
+Gem::Specification.new do |spec|
+  spec.name          = "fluent-plugin-macos-log"
+  spec.version       = version
+  spec.authors       = ["Petr Langr"]
+  spec.email         = ["petr.langr@solarwinds.com"]
+
+  spec.summary       = %q{Fluentd input plugin for MacOS unified log}
+  spec.description   = %q{Fluentd input from MacOS unified log}
+  spec.homepage      = "https://github.com/loggly/fluent-plugin-macos-log"
+  spec.license       = "MIT"
+
+  # Prevent pushing this gem to RubyGems.org. To allow pushes either set the 'allowed_push_host'
+  # to allow pushing to a single host or delete this section to allow pushing to any host.
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency "fluentd", '>= 1.2', '< 2'
+  spec.add_dependency "yajl-ruby", '~> 1.3'
+
+  spec.add_development_dependency "bundler", "~> 2.0"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "minitest", "~> 5.0"
+  spec.add_development_dependency "test-unit", "~> 3.2"
+end

data/fluent-plugin-macos-log.gemspec.lock

@@ -0,0 +1,10 @@
+GEM
+  specs:
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+
+BUNDLED WITH
+   2.1.4

data/lib/fluent/plugin/in_exec/iterative_process.rb

@@ -0,0 +1,71 @@
+
+require 'fluent/plugin_helper/child_process'
+
+module Fluent
+  module PluginHelper
+    module ChildProcess
+      include Fluent::PluginHelper::Thread
+      include Fluent::PluginHelper::Timer
+
+      def timer_process_execute(
+        title, command, start_timestamp, interval, time_callback,
+        arguments: nil, subprocess_name: nil, immediate: false, parallel: false,
+        mode: [:read, :write], stderr: :discard, env: {}, unsetenv: false, chdir: nil,
+        internal_encoding: 'utf-8', external_encoding: 'ascii-8bit', scrub: true, replace_string: nil,
+        wait_timeout: nil, on_exit_callback: nil, delay_seconds: 0,
+        &block
+      )
+        raise ArgumentError, "BUG: title must be a symbol" unless title.is_a? Symbol
+        raise ArgumentError, "BUG: arguments required if subprocess name is replaced" if subprocess_name && !arguments
+
+        mode ||= []
+        mode = [] unless block
+        raise ArgumentError, "BUG: invalid mode specification" unless mode.all?{|m| MODE_PARAMS.include?(m) }
+        raise ArgumentError, "BUG: read_with_stderr is exclusive with :read and :stderr" if mode.include?(:read_with_stderr) && (mode.include?(:read) || mode.include?(:stderr))
+        raise ArgumentError, "BUG: invalid stderr handling specification" unless STDERR_OPTIONS.include?(stderr)
+
+        raise ArgumentError, "BUG: number of block arguments are different from size of mode" if block && block.arity != mode.size
+
+        running = false
+        callback = ->(*args) {
+          running = true
+          begin
+            block && block.call(*args)
+          ensure
+            running = false
+          end
+        }
+
+        execute_child_process = ->(cmd) {
+          child_process_execute_once(
+            title, cmd, arguments,
+            subprocess_name, mode, stderr, env, unsetenv, chdir,
+            internal_encoding, external_encoding, scrub, replace_string,
+            wait_timeout, on_exit_callback,
+            &callback
+          )
+        }
+
+        now = Fluent::EventTime.now.to_int - delay_seconds
+        if immediate && start_timestamp.to_i < now
+          execute_child_process.call(command % [start_timestamp, now])
+          start_timestamp = now
+          time_callback.call(start_timestamp)
+        end
+
+        timer_execute(:child_process_execute, interval, repeat: true) do
+          if !parallel && running
+            log.warn "previous child process is still running. skipped.", title: title, command: command, arguments: arguments, interval: interval
+          else
+            end_timestamp = Fluent::EventTime.now.to_int - delay_seconds
+            execute_child_process.call(command % [start_timestamp, end_timestamp])
+            start_timestamp = end_timestamp
+            time_callback.call(start_timestamp)
+          end
+        end
+
+      end
+
+    end
+  end
+end

data/lib/fluent/plugin/in_macoslog.rb

@@ -0,0 +1,199 @@
+
+require 'fluent/plugin/input'
+require 'fluent/plugin/in_exec/iterative_process'
+require 'yajl'
+
+module Fluent::Plugin
+  class MacOsLogInput < Fluent::Plugin::Input
+    Fluent::Plugin.register_input('macoslog', self)
+
+    helpers :compat_parameters, :extract, :parser, :child_process
+
+    def initialize
+      super
+      @pf_file = nil
+      @log_start_regex = nil
+      @compiled_command = nil
+    end
+
+    desc 'The command (program) to execute.'
+    config_param :command, :string, default: 'log show --start @%s --end @%s'
+    desc 'The unified log filter predicate as per Apple\'s documentation'
+    config_param :predicate, :string, default: nil
+    desc 'Specify connect mode to executed process'
+    config_param :connect_mode, :enum, list: [:read, :read_with_stderr], default: :read
+    desc 'Logging levels supported by Unified Logging ([no-]backtrace, [no-]debug, [no-]info, [no-]loss, [no-]signpost)'
+    config_param :levels, :array, default: [], value_type: :string
+    desc 'Output formatting of events from logging tool'
+    config_param :style, :enum, list: [:default, :syslog, :ndjson, :compact], default: nil
+
+    config_section :parse do
+      config_set_default :@type, 'regexp'
+      config_set_default :expression, /^(?<logtime>[\d\-]+\s*[\d\.:\+]+)\s+(?<thread>[^ ]*)\s+(?<level>[^ ]+)\s+(?<activity>[^ ]*)\s+(?<pid>[0-9]+)\s+(?<ttl>[0-9]+)\s+(?<process>[^:]*)(?:[^\:]*\:)\s*(?<message>.*)$/m
+      config_set_default :time_key, 'logtime'
+      config_set_default :time_format, '%Y-%m-%d %H:%M:%S.%L%z'
+    end
+
+    desc 'Tag of the output events.'
+    config_param :tag, :string, default: nil
+    desc 'The interval time between periodic program runs.'
+    config_param :run_interval, :time, default: nil
+    desc 'Fluentd will record the time it last read into this file.'
+    config_param :pos_file, :string, default: nil
+    desc 'The identifier of log line beginning used to split output by.'
+    config_param :log_line_start, :string, default: '\d+-\d+-\d+\s+\d+:\d+:\d+[^ ]+'
+    desc 'Number of header lines to be skipped. Use negative value if no header'
+    config_param :log_header_lines, :integer, default: 1
+    desc 'Max age of logs to be inputted'
+    config_param :max_age, :time, default: 259200 #3d
+
+    attr_reader :parser
+
+    def configure(conf)
+      compat_parameters_convert(conf, :parser)
+
+      super
+
+      unless @tag
+        raise Fluent::ConfigError, "'tag' option is required on macoslog input"
+      end
+
+      @compiled_command = compile_command
+
+      $log.info "MacOs log command '#{@compiled_command}'"
+
+      @parser = parser_create
+
+      unless @pos_file
+        $log.warn "'pos_file PATH' parameter is not set to a 'macoslog' source."
+        $log.warn "this parameter is highly recommended to save the position to resume from."
+      end
+
+      @log_start_regex = Regexp.compile("\\A#{@log_line_start}")
+    end
+
+    def compile_command
+      result = @command
+
+      if @style
+        result += " --style #{@style}"
+      elsif not result =~ /"--style"/
+        result += " --style default"
+      end
+
+      if @predicate
+        result += " --predicate '#{@predicate}'"
+      end
+
+      if @levels.length > 0
+        compiled_level = @levels.map { |level| "--#{level}" }.join(" ")
+        result += " #{compiled_level}"
+      end
+
+      result
+    end
+
+    def multi_workers_ready?
+      true
+    end
+
+    def start
+      super
+
+      if @pos_file
+        pos_file_dir = File.dirname(@pos_file)
+        FileUtils.mkdir_p(pos_file_dir, mode: @dir_perm) unless Dir.exist?(pos_file_dir)
+        @pf_file = File.open(@pos_file, File::RDWR|File::CREAT|File::BINARY, @file_perm)
+        @pf_file.sync = true
+
+        start = @pf_file.read.to_i
+        if start == 0
+          start = Fluent::EventTime.now.to_int
+          @pf_file.write(start)
+        end
+      else
+        start = Fluent::EventTime.now.to_int
+        @pf_file.write(start) if @pf_file
+      end
+
+      oldest = Fluent::EventTime.now.to_int - @max_age.to_i
+      if start < oldest
+        log.info "Start timestamp over max_age ", start: start, oldest: oldest
+        start = oldest
+      end
+
+      time_callback = -> (timestamp) {
+        if @pf_file
+          @pf_file.rewind
+          @pf_file.write(timestamp)
+        end
+      }
+
+      timer_process_execute(:exec_input,
+                            @compiled_command,
+                            start, @run_interval,
+                            time_callback,
+                            delay_seconds: 1,
+                            immediate: true, mode: [@connect_mode], &method(:run))
+    end
+
+    def shutdown
+      @pf_file.close if @pf_file
+
+      super
+    end
+
+    def run(io)
+      unless io.eof
+        if @style == :ndjson
+          parse_line_json(io)
+        else
+          parse_timestamp_base(io)
+        end
+      end
+    end
+
+    def parse_line_json(io)
+      logs = Queue.new
+      io.each_line.with_index do |line,index|
+        logs.push(line.chomp("\n"))
+        if index >= @log_header_lines
+          @parser.parse(logs.pop, &method(:on_record))
+        end
+      end
+    end
+
+    def parse_timestamp_base(io)
+      log = ""
+      io.each_line.with_index do |line,index|
+        # Skips log header
+        if index >= @log_header_lines
+          if line =~ @log_start_regex
+            if log.empty?
+              log = line
+            else
+              @parser.parse(log.chomp("\n"), &method(:on_record))
+              log = line
+            end
+          else
+            log += line
+          end
+        end
+      end
+
+      unless log.empty?
+        @parser.parse(log.chomp("\n"), &method(:on_record))
+      end
+    end
+
+    def on_record(time, record)
+      tag = extract_tag_from_record(record)
+      tag ||= @tag
+      time ||= extract_time_from_record(record) || Fluent::EventTime.now
+      router.emit(tag, time, record)
+    rescue => e
+      log.error "macoslog failed to emit", tag: tag, record: Yajl.dump(record), error: e
+      router.emit_error_event(tag, time, record, e) if tag && time && record
+    end
+  end
+end

data/version.txt

@@ -0,0 +1 @@
+0.0.1.beta.1

metadata

@@ -0,0 +1,145 @@
+--- !ruby/object:Gem::Specification
+name: fluent-plugin-macos-log
+version: !ruby/object:Gem::Version
+  version: 0.0.1.beta.1
+platform: ruby
+authors:
+- Petr Langr
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2021-04-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: fluentd
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.2'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.2'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2'
+- !ruby/object:Gem::Dependency
+  name: yajl-ruby
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+- !ruby/object:Gem::Dependency
+  name: test-unit
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.2'
+description: Fluentd input from MacOS unified log
+email:
+- petr.langr@solarwinds.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".circleci/config.yml"
+- ".gitignore"
+- Gemfile
+- Gemfile.lock
+- Makefile
+- README.md
+- Rakefile
+- fluent-plugin-macos-log.gemspec
+- fluent-plugin-macos-log.gemspec.lock
+- lib/fluent/plugin/in_exec/iterative_process.rb
+- lib/fluent/plugin/in_macoslog.rb
+- version.txt
+homepage: https://github.com/loggly/fluent-plugin-macos-log
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">"
+    - !ruby/object:Gem::Version
+      version: 1.3.1
+requirements: []
+rubygems_version: 3.0.3
+signing_key: 
+specification_version: 4
+summary: Fluentd input plugin for MacOS unified log
+test_files: []