fluent-plugin-nsca 0.0.1

data/.gitignore

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in fluent-plugin-nsca.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,13 @@
+Copyright (c) 2015- MIYAKAWA Taku
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

data/README.md

@@ -0,0 +1,240 @@
+# fluent-plugin-nsca
+
+[Fluentd](http://fluentd.org) output plugin to send service checks to an
+[NSCA](http://exchange.nagios.org/directory/Addons/Passive-Checks/NSCA--2D-Nagios-Service-Check-Acceptor/details)
+/ [Nagios](http://www.nagios.org/) monitoring server.
+
+The plugin sends a service check to the NSCA server for each record.
+
+## Configuration
+
+### Examples
+
+```apache
+<match ddos>
+  type nsca
+
+  # Connection settings
+  server monitor.example.com
+  port 5667
+  password aoxomoxoa
+
+  # Payload settings
+
+  ## The monitored host name is "web.example.com"
+  host_name web.example.com
+
+  ## The service is "ddos_detection"
+  service_description ddos_detection
+
+  ## The return code is read from the field "severity"
+  return_code_field severity
+
+  ## The plugin output is not specified;
+  ## hence the plugin sends the JSON notation of the record.
+
+</match>
+```
+
+### Plugin type
+
+The type of this plugin is `nsca`.
+Specify `type nsca` in the `match` section.
+
+### Connection
+
+* `server` (default is "localhost")
+  * The IP address or the hostname of the host running the NSCA daemon.
+* `port` (default i 5667)
+  * The port on which the NSCA daemon is running.
+* `password` (default is empty string)
+  * The password for authentication and encryption.
+
+### Payload
+
+A service check for the NSCA server
+comprises the following four fields.
+
+* Host name
+  * The name of the monitored host.
+  * The corresponding property in the Nagios configuration is
+    `host_name` property in a `host` definition.
+* Service description
+  * The name of the monitored service.
+  * The corresponding property in the Nagios configuration is
+    `service_description` property in a `service` definition.
+* Return code
+  * The severity of the service status.
+  * 0 (OK), 1 (WARNING), 2 (CRITICAL) or 3 (UNKNOWN).
+* Plugin output
+  * A description of the service status.
+
+The destination of checks
+are identified by the pair of the host name and the service description.
+
+#### Host name
+
+The host name is determined as below.
+
+1. The host name of the fluentd server (lowest priority)
+2. `host_name` option
+3. The field specified by `host_name_field` option (highest priority)
+
+For example,
+let the fluentd server have the host name "fluent",
+and the configuration file contain the section below:
+
+```apache
+<match ddos>
+  type nsca
+  ...snip...
+  host_name_field monitee
+</match>
+```
+
+When the record `{"num" => 42, "monitee" => "web.example.org"}`
+is input to the tag `ddos`,
+the plugin sends a service check with the host name "web.example.org".
+
+When the record `{"num" => 42}` is input to the tag `ddos`,
+the plugin sends a service check with the host name "fluent"
+(the host name of the fluentd server).
+
+Be aware that if the host name exceeds 64 bytes, it will be truncated.
+
+#### Service description
+
+The service description is determined as below.
+
+1. The tag name (lowest priority)
+2. `service_description` option
+3. The field specified by `service_description_field` option (highest priority)
+
+For example,
+let the configuration file contain the section below:
+
+```apache
+<match ddos>
+  type nsca
+  ...snip...
+  service_description_field monitee_service
+</match>
+```
+
+When the record
+`{"num" => 42, "monitee_service" => "ddos_detection"}`
+is input to the tag `ddos`,
+the plugin sends a service check with the service description
+"ddos\_detection".
+
+When the record
+`{"num" => 42}` is input to the tag `ddos`,
+the plugin sends a service check with the service description
+"ddos" (the tag name).
+
+Be aware that if the service description exceeds 128 bytes,
+it will be truncated.
+
+#### Return code
+
+The return code is determined as below.
+
+1. 3 or UNKNOWN (lowest priority)
+2. `return_code` option
+  * The permitted values are `0`, `1`, `2`, `3`,
+    and `OK`, `WARNING`, `CRITICAL`, `UNKNOWN`.
+3. The field specified by `return_code_field` option (highest priority)
+  * The values permitted for the field are integers `0`, `1`, `2`, `3`
+    and strings `"0"`, `"1"`, `"2"`, `"3"`,
+    `"OK"`, `"WARNING"`, `"CRITICAL"`, `"UNKNOWN"`.
+  * If the field contains a value not permitted,
+    the plugin falls back to `return_code` if present, or to 3 (UNKNOWN).
+
+For example,
+let the configuration file contain the section below:
+
+```apache
+<match ddos>
+  type nsca
+  ...snip...
+  return_code_field retcode
+</match>
+```
+
+When the record
+`{"num" => 42, "retcode" => "WARNING"}` is input to the tag `ddos`,
+the plugin sends a service check with the return code `1`,
+which means WARNING.
+
+When the record
+`{"num" => 42}` is input to the tag `ddos`,
+the plugin sends a service check with the default return code `3`.
+
+#### Plugin output
+
+The plugin output is determined as below.
+
+1. JSON notation of the record (lowest priority)
+2. `plugin_output` option
+3. The field specified by `plugin_output_field` option (highest priority)
+
+For example,
+let the configuration file contain the section below:
+
+```apache
+<match ddos>
+  type nsca
+  ...snip...
+  plugin_output_field status
+</match>
+```
+
+When the record
+`{"num" => 42, "status" => "DDOS detected"}` is input to the tag `ddos`,
+the plugin sends a service check with the plugin output "DDOS detected".
+
+When the record
+`{"num" => 42}` is input to the tag `ddos`,
+the plugin sends a service check with the plugin output '{"num":42}'.
+
+Be aware that if the plugin output exceeds 512 bytes,
+it will be truncated.
+
+### Buffering
+
+The default value of `flush_interval` option is set to 1 second.
+It means that checks are sent for every 1 second.
+
+Except for `flush_interval`,
+the plugin uses default options
+for buffered output plugins (defined in Fluent::BufferedOutput class).
+
+You can override buffering options in the configuration.
+For example:
+
+```apache
+<match ddos>
+  type nsca
+  ...snip...
+  buffer_type file
+  buffer_path /var/lib/td-agent/buffer/ddos
+  flush_interval 0.1
+  try_flush_interval 0.1
+</match>
+```
+
+## Installation
+
+If you are using td-agent, execute the command below.
+
+    $ sudo /usr/lib64/fluent/ruby/bin/fluent-gem fluent-plugin-nsca
+
+Then add `match` section to your configuration file.
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1,13 @@
+# -*- encoding: utf-8 -*-
+# vim: et sw=2 sts=2
+
+require "bundler/gem_tasks"
+require 'rake/testtask'
+
+Rake::TestTask.new(:test) do |test|
+  test.libs << 'lib' << 'test'
+  test.pattern = 'test/**/test_*.rb'
+  test.verbose = true
+end
+
+task :default => :test

data/fluent-plugin-nsca.gemspec

@@ -0,0 +1,26 @@
+# coding: utf-8
+
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+
+Gem::Specification.new do |spec|
+  spec.name          = "fluent-plugin-nsca"
+  spec.version       = '0.0.1'
+  spec.authors       = ["MIYAKAWA Taku"]
+  spec.email         = ["miyakawa.taku@gmail.com"]
+  spec.description   = %q{Fluentd output plugin to send service checks to a Nagios NSCA daemon}
+  spec.summary       = %q{Fluentd output plugin to send service checks to a Nagios NSCA daemon}
+  spec.homepage      = ""
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files`.split($/)
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.3"
+  spec.add_development_dependency "rake"
+  spec.add_development_dependency "rr"
+  spec.add_runtime_dependency "send_nsca", "0.5.0"
+  spec.add_runtime_dependency "fluentd"
+end

data/lib/fluent/plugin/out_nsca.rb

@@ -0,0 +1,177 @@
+# -*- encoding: utf-8 -*-
+# vim: et sw=2 sts=2
+
+module Fluent
+  class NscaOutput < Fluent::BufferedOutput
+    Fluent::Plugin.register_output('nsca', self)
+
+    # These max bytes are specified in the pack string in send_nsca library
+    MAX_HOST_NAME_BYTES = 64
+    MAX_SERVICE_DESCRIPTION_BYTES = 128
+    MAX_PLUGIN_OUTPUT_BYTES = 512
+
+    # The IP address or the hostname of the host running the NSCA daemon.
+    config_param :server, :string, :default => 'localhost'
+
+    # The port on which the NSCA daemon is running.
+    config_param :port, :integer, :default => 5667
+
+    # The password for authentication and encryption.
+    config_param :password, :string, :default => ''
+
+    # Host name options: default = the host name of the fluentd server
+    config_param :host_name, :string, :default => nil
+    config_param :host_name_field, :string, :default => nil
+
+    # Service description options: default=tag
+    config_param :service_description, :string, :default => nil
+    config_param :service_description_field, :string, :default => nil
+
+    # Return code options: default=3 (UNKNOWN)
+    config_param :return_code_field, :string, :default => nil
+    config_param(:return_code, :default => 3) { |return_code|
+      if not @@valid_return_codes.has_key?(return_code)
+          raise Fluent::ConfigError,
+            "invalid 'return_code': #{return_code}; 'return_code' must be" +
+            " 0, 1, 2, 3, OK, WARNING, CRITICAL, or UNKNOWN"
+      end
+      @@valid_return_codes[return_code]
+    }
+    @@valid_return_codes = {
+      0 => 0, 1 => 1, 2 => 2, 3 => 3,
+      '0' => 0, '1' => 1, '2' => 2, '3' => 3,
+      'OK' => 0, 'WARNING' => 1, 'CRITICAL' => 2, 'UNKNOWN' => 3
+    }
+
+    # Plugin output options: default = JSON notation of the record
+    config_param :plugin_output, :string, :default => nil
+    config_param :plugin_output_field, :string, :default => nil
+
+    # Overrides a buffering option
+    config_param :flush_interval, :time, :default => 1
+
+    private
+    def initialize
+      super
+      require 'send_nsca'
+    end
+
+    public
+    def configure(conf)
+      super
+      @host_name ||= Socket.gethostname
+      warn_if_host_name_exceeds_max_bytes(@host_name)
+      warn_if_service_description_exceeds_max_bytes(@service_description)
+      warn_if_plugin_output_exceeds_max_bytes(@plugin_output)
+    end
+
+    private
+    def warn_if_host_name_exceeds_max_bytes(host_name)
+      if host_name.bytesize > MAX_HOST_NAME_BYTES
+        log.warn("Host name exceeds the max bytes; it will be truncated",
+                 :max_host_name_bytes => MAX_HOST_NAME_BYTES,
+                 :host_name => host_name)
+      end
+    end
+
+    private
+    def warn_if_service_description_exceeds_max_bytes(service_description)
+      if service_description and
+        service_description.bytesize > MAX_SERVICE_DESCRIPTION_BYTES
+        log.warn(
+          "Service description exceeds the max bytes; it will be truncated.",
+          :max_service_description_bytes => MAX_SERVICE_DESCRIPTION_BYTES,
+          :service_description => service_description)
+      end
+    end
+
+    private
+    def warn_if_plugin_output_exceeds_max_bytes(plugin_output)
+      if plugin_output and plugin_output.bytesize > MAX_PLUGIN_OUTPUT_BYTES
+        log.warn("Plugin output exceeds the max bytes; it will be truncated.",
+                :max_plugin_output_bytes => MAX_PLUGIN_OUTPUT_BYTES,
+                :plugin_output => plugin_output)
+      end
+    end
+
+    public
+    def format(tag, time, record)
+      [tag, time, record].to_msgpack
+    end
+
+    public
+    def write(chunk)
+      results = []
+      chunk.msgpack_each { |(tag, time, record)|
+        nsca_check = SendNsca::NscaConnection.new({
+          :nscahost => @server,
+          :port => @port,
+          :password => @password,
+          :hostname => determine_host_name(record),
+          :service => determine_service_description(tag, record),
+          :return_code => determine_return_code(record),
+          :status => determine_plugin_output(record)
+        })
+        results.push(nsca_check.send_nsca)
+      }
+
+      # Returns the results of send_nsca for tests
+      return results
+    end
+
+    private
+    def determine_host_name(record)
+      if @host_name_field and record[@host_name_field]
+        host_name = record[@host_name_field].to_s
+        warn_if_host_name_exceeds_max_bytes(host_name)
+        return host_name
+      else
+        return @host_name
+      end
+    end
+
+    private
+    def determine_service_description(tag, record)
+      if @service_description_field and record[@service_description_field]
+        service_description = record[@service_description_field]
+        warn_if_service_description_exceeds_max_bytes(service_description)
+        return service_description
+      elsif @service_description
+        return @service_description
+      else
+        warn_if_service_description_exceeds_max_bytes(tag)
+        return tag
+      end
+    end
+
+    private
+    def determine_return_code(record)
+      if @return_code_field and record[@return_code_field]
+        return_code =  @@valid_return_codes[record[@return_code_field]]
+        if return_code
+          return return_code
+        end
+        log.warn('Invalid return code.',
+                 :return_code_field => @return_code_field,
+                 :value => record[@return_code_field],
+                 :fall_back_to => @return_code)
+      end
+      return @return_code
+    end
+
+    private
+    def determine_plugin_output(record)
+      if @plugin_output_field and record[@plugin_output_field]
+        plugin_output = record[@plugin_output_field]
+        warn_if_plugin_output_exceeds_max_bytes(plugin_output)
+        return plugin_output
+      elsif @plugin_output
+        return @plugin_output
+      else
+        plugin_output = record.to_json
+        warn_if_plugin_output_exceeds_max_bytes(plugin_output)
+        return plugin_output
+      end
+    end
+  end
+end

data/test/helper.rb

@@ -0,0 +1,36 @@
+# -*- encoding: utf-8 -*-
+# vim: et sw=2 sts=2
+
+require 'rubygems'
+require 'bundler'
+
+begin
+  Bundler.setup(:default, :development)
+rescue Bundler::BundlerError => e
+  $stderr.puts e.message
+  $stderr.puts "Run `bundle install` to install missing gems"
+  exit e.status_code
+end
+
+require 'test/unit'
+require 'rr'
+
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+$LOAD_PATH.unshift(File.dirname(__FILE__))
+
+require 'fluent/test'
+
+unless ENV.has_key?('VERBOSE')
+  nulllogger = Object.new
+  nulllogger.instance_eval {|obj|
+    def method_missing(method, *args)
+      # pass
+    end
+  }
+  $log = nulllogger
+end
+
+require 'fluent/plugin/out_nsca'
+
+class Test::Unit::TestCase
+end

data/test/plugin/test_out_nsca.rb

@@ -0,0 +1,330 @@
+# -*- encoding: utf-8 -*-
+# vim: et sw=2 sts=2
+
+require 'helper'
+require 'socket'
+require 'send_nsca'
+
+class NscaOutputTest < Test::Unit::TestCase
+  def setup
+    Fluent::Test.setup
+    stub.proxy(SendNsca::NscaConnection).new { |obj|
+      stub(obj).send_nsca {
+        obj.instance_eval {
+          [@nscahost, @port, @password, @hostname, @service, @return_code, @status]
+        }
+      }
+    }
+  end
+
+  CONFIG = %[
+    server monitor.example.com
+    port 4242
+    password aoxomoxoa
+  ]
+
+  def create_driver(conf = CONFIG, tag='test')
+    Fluent::Test::BufferedOutputTestDriver.new(Fluent::NscaOutput, tag).configure(conf)
+  end
+
+  # Connection settings are read
+  def test_connection_settings
+    driver = create_driver(CONFIG)
+    assert_equal 'monitor.example.com', driver.instance.instance_eval{ @server }
+    assert_equal 4242, driver.instance.instance_eval{ @port }
+    assert_equal 'aoxomoxoa', driver.instance.instance_eval{ @password }
+  end
+
+  # Default values are set to connection values
+  def test_default_connection_settings
+    driver = create_driver('')
+    assert_equal 'localhost', driver.instance.instance_eval{ @server }
+    assert_equal 5667, driver.instance.instance_eval{ @port }
+    assert_equal '', driver.instance.instance_eval{ @password }
+  end
+
+  # Rejects invalid return codes
+  def test_reject_invalid_return_codes
+    config = %[
+      #{CONFIG}
+      return_code invalid_return_code
+    ]
+    message = "invalid 'return_code': invalid_return_code;" +
+      " 'return_code' must be 0, 1, 2, 3," +
+      " OK, WARNING, CRITICAL, or UNKNOWN"
+    assert_raise(Fluent::ConfigError, message) {
+      create_driver(config)
+    }
+  end
+
+  # flush_interval is set to 1
+  def test_flush_interval
+    driver = create_driver('')
+    assert_equal 1, driver.instance.instance_eval { @flush_interval }
+  end
+
+  # Format to MessagePack(tag, time, record)
+  def test_format
+    driver = create_driver('', 'ddos')
+    time = Time.parse('2015-01-03 12:34:56 UTC').to_i
+    driver.emit({"name" => "Stephen"}, time)
+    driver.emit({"name" => "Aggi"}, time)
+    driver.expect_format(['ddos', time, {"name" => "Stephen"}].to_msgpack)
+    driver.expect_format(['ddos', time, {"name" => "Aggi"}].to_msgpack)
+    driver.run
+  end
+
+  # Sends a service check with constant values
+  def test_write_constant_values
+    config = %[
+      #{CONFIG}
+      host_name web.example.org
+      service_description ddos_monitor
+      return_code 2
+      plugin_output possible attacks
+    ]
+    driver = create_driver(config, 'ddos')
+    time = Time.parse('2015-01-03 12:34:56 UTC').to_i
+    driver.emit({"name" => "Stephen"}, time)
+    output = driver.run
+    assert_equal [['monitor.example.com', 4242, 'aoxomoxoa', 'web.example.org', 'ddos_monitor', 2, 'possible attacks']], output
+  end
+
+  # Sends a service check with host_name and host_name_field
+  def test_write_check_with_host_name_and_host_name_field
+    config = %[
+      #{CONFIG}
+      host_name_field host
+      host_name fallback.example.org
+
+      service_description ddos_monitor
+      return_code 2
+      plugin_output possible attacks
+    ]
+    driver = create_driver(config, 'ddos')
+    time = Time.parse('2015-01-03 12:34:56 UTC').to_i
+    driver.emit({"name" => "Stephen", "host" => "app.example.org"}, time)
+    driver.emit({"name" => "Aggi"}, time)
+    output = driver.run
+    expected_first = [
+      'monitor.example.com', 4242, 'aoxomoxoa', 'app.example.org', 'ddos_monitor', 2, 'possible attacks'
+    ]
+    expected_second = [
+      'monitor.example.com', 4242, 'aoxomoxoa', 'fallback.example.org', 'ddos_monitor', 2, 'possible attacks'
+    ]
+    assert_equal [expected_first, expected_second], output
+  end
+
+  # Sends a service check with host_name_field
+  def test_write_check_with_host_name_field
+    config = %[
+      #{CONFIG}
+      host_name_field host
+
+      service_description ddos_monitor
+      return_code 2
+      plugin_output possible attacks
+    ]
+    driver = create_driver(config, 'ddos')
+    time = Time.parse('2015-01-03 12:34:56 UTC').to_i
+    driver.emit({"name" => "Stephen", "host" => "app.example.org"}, time)
+    driver.emit({"name" => "Aggi"}, time)
+    output = driver.run
+    expected_first = [
+      'monitor.example.com', 4242, 'aoxomoxoa', 'app.example.org', 'ddos_monitor', 2, 'possible attacks'
+    ]
+    expected_second = [
+      'monitor.example.com', 4242, 'aoxomoxoa', Socket.gethostname, 'ddos_monitor', 2, 'possible attacks'
+    ]
+    assert_equal [expected_first, expected_second], output
+  end
+
+  # Sends a service check with service_description and service_description_field
+  def test_write_check_with_service_description_and_service_description_field
+    config = %[
+      #{CONFIG}
+      service_description ddos_detection
+      service_description_field service
+
+      host_name web.example.org
+      return_code 2
+      plugin_output possible attacks
+    ]
+    driver = create_driver(config, 'ddos')
+    time = Time.parse('2015-01-03 12:34:56 UTC').to_i
+    driver.emit({"name" => "Stephen", "service" => "possible_ddos"})
+    driver.emit({"name" => "Aggi"})
+    output = driver.run
+    expected_first = [
+      'monitor.example.com', 4242, 'aoxomoxoa',
+      'web.example.org', 'possible_ddos', 2, 'possible attacks'
+    ]
+    expected_second = [
+      'monitor.example.com', 4242, 'aoxomoxoa',
+      'web.example.org', 'ddos_detection', 2, 'possible attacks'
+    ]
+    assert_equal [expected_first, expected_second], output
+  end
+
+  # Sends a service check with service_description_field
+  def test_write_check_with_service_description_field
+    config = %[
+      #{CONFIG}
+      service_description_field service
+
+      host_name web.example.org
+      return_code 2
+      plugin_output possible attacks
+    ]
+    driver = create_driver(config, 'ddos')
+    time = Time.parse('2015-01-03 12:34:56 UTC').to_i
+    driver.emit({"name" => "Stephen", "service" => "possible_ddos"})
+    driver.emit({"name" => "Aggi"})
+    output = driver.run
+    expected_first = [
+      'monitor.example.com', 4242, 'aoxomoxoa',
+      'web.example.org', 'possible_ddos', 2, 'possible attacks'
+    ]
+    expected_second = [
+      'monitor.example.com', 4242, 'aoxomoxoa',
+      'web.example.org', 'ddos', 2, 'possible attacks'
+    ]
+    assert_equal [expected_first, expected_second], output
+  end
+
+  # Sends a service check with return_code and return_code_field
+  def test_write_check_with_return_code_and_return_code_field
+    config = %[
+      #{CONFIG}
+      return_code OK
+      return_code_field retcode
+
+      host_name web.example.org
+      service_description ddos_monitor
+      plugin_output possible attacks
+    ]
+    driver = create_driver(config, 'ddos')
+    time = Time.parse('2015-01-03 12:34:56 UTC').to_i
+    driver.emit({"name" => "Stephen", "retcode" => "UNKNOWN"})
+    driver.emit({"name" => "Aggi", "retcode" => "2"})
+    driver.emit({"name" => "Katrina", "retcode" => 1})
+    driver.emit({"name" => "Brian", "retcode" => "invalid-value"})
+    driver.emit({"name" => "Martin"})
+    output = driver.run
+    expected1 = [
+      'monitor.example.com', 4242, 'aoxomoxoa',
+      'web.example.org', 'ddos_monitor', 3, 'possible attacks'
+    ]
+    expected2 = [
+      'monitor.example.com', 4242, 'aoxomoxoa',
+      'web.example.org', 'ddos_monitor', 2, 'possible attacks'
+    ]
+    expected3 = [
+      'monitor.example.com', 4242, 'aoxomoxoa',
+      'web.example.org', 'ddos_monitor', 1, 'possible attacks'
+    ]
+    expected4 = [
+      'monitor.example.com', 4242, 'aoxomoxoa',
+      'web.example.org', 'ddos_monitor', 0, 'possible attacks'
+    ]
+    expected5 = [
+      'monitor.example.com', 4242, 'aoxomoxoa',
+      'web.example.org', 'ddos_monitor', 0, 'possible attacks'
+    ]
+    assert_equal [expected1, expected2, expected3, expected4, expected5], output
+  end
+
+  # Sends a service check with return_code_field
+  def test_write_check_with_return_code_field
+    config = %[
+      #{CONFIG}
+      return_code_field retcode
+
+      host_name web.example.org
+      service_description ddos_monitor
+      plugin_output possible attacks
+    ]
+    driver = create_driver(config, 'ddos')
+    time = Time.parse('2015-01-03 12:34:56 UTC').to_i
+    driver.emit({"name" => "Stephen", "retcode" => "OK"})
+    driver.emit({"name" => "Aggi", "retcode" => "1"})
+    driver.emit({"name" => "Katrina", "retcode" => 2})
+    driver.emit({"name" => "Brian", "retcode" => "invalid-value"})
+    driver.emit({"name" => "Martin"})
+    output = driver.run
+    expected1 = [
+      'monitor.example.com', 4242, 'aoxomoxoa',
+      'web.example.org', 'ddos_monitor', 0, 'possible attacks'
+    ]
+    expected2 = [
+      'monitor.example.com', 4242, 'aoxomoxoa',
+      'web.example.org', 'ddos_monitor', 1, 'possible attacks'
+    ]
+    expected3 = [
+      'monitor.example.com', 4242, 'aoxomoxoa',
+      'web.example.org', 'ddos_monitor', 2, 'possible attacks'
+    ]
+    expected4 = [
+      'monitor.example.com', 4242, 'aoxomoxoa',
+      'web.example.org', 'ddos_monitor', 3, 'possible attacks'
+    ]
+    expected5 = [
+      'monitor.example.com', 4242, 'aoxomoxoa',
+      'web.example.org', 'ddos_monitor', 3, 'possible attacks'
+    ]
+    assert_equal [expected1, expected2, expected3, expected4, expected5], output
+  end
+
+  # Sends a service check with plugin_output and plugin_output_field
+  def test_write_check_with_plugin_output_and_plugin_output_field
+    config = %[
+      #{CONFIG}
+      plugin_output DDOS detected
+      plugin_output_field status
+
+      host_name web.example.org
+      service_description ddos_monitor
+      return_code 2
+    ]
+    driver = create_driver(config, 'ddos')
+    time = Time.parse('2015-01-03 12:34:56 UTC').to_i
+    driver.emit({"name" => "Stephen", "status" => "Possible DDOS detected"})
+    driver.emit({"name" => "Aggi"})
+    output = driver.run
+    expected1 = [
+      'monitor.example.com', 4242, 'aoxomoxoa',
+      'web.example.org', 'ddos_monitor', 2, 'Possible DDOS detected'
+    ]
+    expected2 = [
+      'monitor.example.com', 4242, 'aoxomoxoa',
+      'web.example.org', 'ddos_monitor', 2, 'DDOS detected'
+    ]
+    assert_equal [expected1, expected2], output
+  end
+
+  # Sends a service check with plugin_output_field
+  def test_write_check_with_plugin_output_field
+    config = %[
+      #{CONFIG}
+      plugin_output_field status
+
+      host_name web.example.org
+      service_description ddos_monitor
+      return_code 2
+    ]
+    driver = create_driver(config, 'ddos')
+    time = Time.parse('2015-01-03 12:34:56 UTC').to_i
+    driver.emit({"name" => "Stephen", "status" => "Possible DDOS detected"})
+    driver.emit({"name" => "Aggi"})
+    output = driver.run
+    expected1 = [
+      'monitor.example.com', 4242, 'aoxomoxoa',
+      'web.example.org', 'ddos_monitor', 2, 'Possible DDOS detected'
+    ]
+    expected2 = [
+      'monitor.example.com', 4242, 'aoxomoxoa',
+      'web.example.org', 'ddos_monitor', 2, '{"name":"Aggi"}'
+    ]
+    assert_equal [expected1, expected2], output
+  end
+end

metadata

@@ -0,0 +1,143 @@
+--- !ruby/object:Gem::Specification
+name: fluent-plugin-nsca
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+  prerelease: 
+platform: ruby
+authors:
+- MIYAKAWA Taku
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2015-02-15 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rr
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: send_nsca
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.5.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.5.0
+- !ruby/object:Gem::Dependency
+  name: fluentd
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Fluentd output plugin to send service checks to a Nagios NSCA daemon
+email:
+- miyakawa.taku@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- fluent-plugin-nsca.gemspec
+- lib/fluent/plugin/out_nsca.rb
+- test/helper.rb
+- test/plugin/test_out_nsca.rb
+homepage: ''
+licenses:
+- MIT
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+      hash: -559361203854015159
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+      hash: -559361203854015159
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.23
+signing_key: 
+specification_version: 3
+summary: Fluentd output plugin to send service checks to a Nagios NSCA daemon
+test_files:
+- test/helper.rb
+- test/plugin/test_out_nsca.rb