fluent-plugin-process-snmptrap 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: c63e0495e12f75e27b6ef4f8fcc487bd829d81f20d482ddc05c0886d4478c07d
+  data.tar.gz: bef2af01ad3967da1b4040d6dc6551a142f5c24ee29596656d8310c581e38b88
+SHA512:
+  metadata.gz: dd277475c190a92f1ed1c62076a80f52d0081c6ef3a1b5fc0da2efa0ae2fe5567b0107381906a4a9136569861398cbc62e2ebce0142467b5fa20d0b5d692752e
+  data.tar.gz: fdf13a578c7db0592cdd8aebb10a276fbce895d0ef918c6076c6a83cc0dd467a7e5494928ae3bfd112c3f661495dfe10bbda5186e930e124db1d2e7a319bed37

data/.gitignore

@@ -0,0 +1,50 @@
+*.gem
+*.rbc
+/.config
+/coverage/
+/InstalledFiles
+/pkg/
+/spec/reports/
+/spec/examples.txt
+/test/tmp/
+/test/version_tmp/
+/tmp/
+
+# Used by dotenv library to load environment variables.
+# .env
+
+## Specific to RubyMotion:
+.dat*
+.repl_history
+build/
+*.bridgesupport
+build-iPhoneOS/
+build-iPhoneSimulator/
+
+## Specific to RubyMotion (use of CocoaPods):
+#
+# We recommend against adding the Pods directory to your .gitignore. However
+# you should judge for yourself, the pros and cons are mentioned at:
+# https://guides.cocoapods.org/using/using-cocoapods.html#should-i-check-the-pods-directory-into-source-control
+#
+# vendor/Pods/
+
+## Documentation cache and generated files:
+/.yardoc/
+/_yardoc/
+/doc/
+/rdoc/
+
+## Environment normalization:
+/.bundle/
+/vendor/bundle
+/lib/bundler/man/
+
+# for a library or gem, you might want to ignore these files since the code is
+# intended to run in multiple environments; otherwise, check them in:
+# Gemfile.lock
+# .ruby-version
+# .ruby-gemset
+
+# unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
+.rvmrc

data/Gemfile

@@ -0,0 +1,3 @@
+source "https://rubygems.org"
+
+gemspec

data/LICENSE

@@ -0,0 +1,22 @@
+    MIT License
+
+    Copyright (c) Microsoft Corporation. All rights reserved.
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE
+

data/README.md

@@ -0,0 +1,54 @@
+# Contributing
+
+This project welcomes contributions and suggestions.  Most contributions require you to agree to a
+Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us
+the rights to use your contribution. For details, visit https://cla.microsoft.com.
+
+When you submit a pull request, a CLA-bot will automatically determine whether you need to provide
+a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions
+provided by the bot. You will only need to do this once across all repos using our CLA.
+
+This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
+For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or
+contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.
+
+# fluent-plugin-process-snmptrap
+
+[Fluentd](https://fluentd.org/) filter plugin to do something.
+
+This is a filter plugin for SNMP V2 traps. The plugin check the SNMP messages and maps the OID and associated values in SNMP Traps. 
+It adds machineID, event, SNMP Trap type, host, status of machine, severity, device and message to events received. It detects the 
+SNMP Traps based on the format <OID>:<Value>
+The OID is of the format /SNMPv2-(\w+)(::)(\w+)((\.)(\d+)){1,13}/
+
+Machin ID format 
+HPE:<Coloregion>:<ChassisSerialNo>
+
+Events detected:
+Power ON
+Power OFF
+
+## Configuration
+
+You can generate configuration template:
+
+```
+$ fluent-plugin-config-format filter process_snmptrap
+```
+
+<filter SNMPTrap.Alert>
+   @type process_snmptrap
+   HPEHostName ServerHostName
+   coloregion <colo region>
+   domain <domain>
+</filter>
+
+
+
+## Copyright
+
+* Copyright(c) 2018- aj-rame3/Microsoft
+
+## Trademarks 
+
+This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft's Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies.

data/Rakefile

@@ -0,0 +1,13 @@
+require "bundler"
+Bundler::GemHelper.install_tasks
+
+require "rake/testtask"
+
+Rake::TestTask.new(:test) do |t|
+  t.libs.push("lib", "test")
+  t.test_files = FileList["test/**/test_*.rb"]
+  t.verbose = true
+  t.warning = true
+end
+
+task default: [:test]

data/SECURITY.md

@@ -0,0 +1,41 @@
+<!-- BEGIN MICROSOFT SECURITY.MD V0.0.3 BLOCK -->
+
+## Security
+
+Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/Microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and [our GitHub organizations](https://opensource.microsoft.com/).
+
+If you believe you have found a security vulnerability in any Microsoft-owned repository that meets Microsoft's [Microsoft's definition of a security vulnerability](https://docs.microsoft.com/en-us/previous-versions/tn-archive/cc751383(v=technet.10)), please report it to us as described below.
+
+## Reporting Security Issues
+
+**Please do not report security vulnerabilities through public GitHub issues.**
+
+Instead, please report them to the Microsoft Security Response Center (MSRC) at [https://msrc.microsoft.com/create-report](https://msrc.microsoft.com/create-report).
+
+If you prefer to submit without logging in, send email to [secure@microsoft.com](mailto:secure@microsoft.com).  If possible, encrypt your message with our PGP key; please download it from the the [Microsoft Security Response Center PGP Key page](https://www.microsoft.com/en-us/msrc/pgp-key-msrc).
+
+You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://www.microsoft.com/msrc).
+
+Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:
+
+  * Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
+  * Full paths of source file(s) related to the manifestation of the issue
+  * The location of the affected source code (tag/branch/commit or direct URL)
+  * Any special configuration required to reproduce the issue
+  * Step-by-step instructions to reproduce the issue
+  * Proof-of-concept or exploit code (if possible)
+  * Impact of the issue, including how an attacker might exploit the issue
+
+This information will help us triage your report more quickly.
+
+If you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award. Please visit our [Microsoft Bug Bounty Program](https://microsoft.com/msrc/bounty) page for more details about our active programs.
+
+## Preferred Languages
+
+We prefer all communications to be in English.
+
+## Policy
+
+Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://www.microsoft.com/en-us/msrc/cvd).
+
+<!-- END MICROSOFT SECURITY.MD BLOCK -->

data/fluent-plugin-process-snmptrap.gemspec

@@ -0,0 +1,28 @@
+lib = File.expand_path("../lib", __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+
+Gem::Specification.new do |spec|
+  spec.name    = "fluent-plugin-process-snmptrap"
+  spec.version = "0.1.0"
+  spec.authors = ["Gabe de la Mora", "Pratik Karia"]
+  spec.email   = ["gadelamo@microsoft.com", "pratikkaria@microsoft.com"]
+
+  spec.description   = "A filter plugin which appends various fields to SNMP Traps received from HPE Servers"
+  spec.summary       = spec.description
+  spec.name   	     = "fluent-plugin-process-snmptrap"  
+  spec.homepage      = "https://github.com/Azure/fluent-plugin-process-snmptrap"
+  spec.license       = "MIT"
+
+  test_files, files  = `git ls-files -z`.split("\x0").partition do |f|
+    f.match(%r{^(test|spec|features)/})
+  end
+  spec.files         = `git ls-files`.split("\n")
+  spec.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  spec.test_files    = test_files
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", ">= 2.2.10"
+  spec.add_development_dependency "rake", "~> 12.0"
+  spec.add_development_dependency "test-unit", "~> 3.0"
+  spec.add_runtime_dependency "fluentd", [">= 0.14.10", "< 2"]
+end

data/lib/fluent/plugin/filter_process_snmptrap.rb

@@ -0,0 +1,40 @@
+require 'fluent/plugin/filter'
+require 'json'
+
+module Fluent
+  class ProcessSnmptrap < Filter
+    Fluent::Plugin.register_filter('process_snmptrap', self)
+
+    # config_param
+    config_param :coloregion, :string
+    # A set of character subsitution for cases in which they are invalid on the collector side.
+    config_param :invalidChars, :hash, default: {'.'=>'_'}
+
+    def configure(conf)
+      super
+    end
+
+    def start
+      super
+    end
+
+    def filter(tag, time, record)
+
+      # Replace invalid characters
+      fixedRecord = Hash.new
+      record.each { |recKey, recValue|
+          newKey = recKey
+          invalidChars.each { |invalidKey, subChar|
+              newKey = newKey.gsub(invalidKey, subChar)
+          }
+          record.delete(recKey)
+          fixedRecord[newKey] = recValue
+      }
+      record.replace(fixedRecord)
+
+      return record
+    end
+
+
+  end
+end

data/test/helper.rb

@@ -0,0 +1,8 @@
+$LOAD_PATH.unshift(File.expand_path("../../", __FILE__))
+require "test-unit"
+require "fluent/test"
+require "fluent/test/driver/filter"
+require "fluent/test/helpers"
+
+Test::Unit::TestCase.include(Fluent::Test::Helpers)
+Test::Unit::TestCase.extend(Fluent::Test::Helpers)

data/test/plugin/test_filter_process_snmptrap.rb

@@ -0,0 +1,64 @@
+require "fluent/test"
+require "fluent/test/driver/filter"
+require "fluent/test/helpers"
+require "fluent/plugin/filter_process_snmptrap.rb"
+
+class ProcessSnmptrapFilterTest < Test::Unit::TestCase
+  include Fluent::Test::Helpers
+
+  setup do
+    Fluent::Test.setup
+  end
+
+  CONFIG = %[
+    @type process_snmptrap
+    coloregion testcolo
+    invalidChars {".":"_", "-":"_", "::":"_"}
+  ]
+
+
+  def create_driver(conf)
+    Fluent::Test::Driver::Filter.new(Fluent::ProcessSnmptrap).configure(conf)
+  end
+
+  def test_configure
+      d = create_driver(CONFIG)
+      assert_equal 'testcolo', d.instance.coloregion
+  end
+
+  def filter(records, conf = CONFIG)
+      d = create_driver(conf)
+      d.run(default_tag: "TestTrap") do
+         records.each do |record|
+             d.feed(record)
+         end
+      end
+      d.filtered_records
+  end
+
+
+  def test_snmptrap_filter
+    records = [
+        {
+            "SNMPv2-MIB::sysUpTime.0"=>"179 days,13:26:54.66",
+            "SNMPv2-MIB::snmpTrapOID.0"=>"SGI-UV300::chassisSensor",
+            "SGI-UV300::ssnName"=>"UV300-00000547",
+            "SGI-UV300::chassisName"=>"r001i24b",
+            "SGI-UV300::chassisSensorName"=>"PSU2_COMP_TEMP1",
+            "SGI-UV300::chassisSensorValue"=>"10.3289",
+            "SGI-UV300::chassisSensorStatus"=>"1",
+            "host"=>"172.17.0.2"
+        }
+    ]
+    filtered_records = filter(records)
+    assert_equal(records[0].length, filtered_records[0].length, "Incorrect record size")
+    assert_equal(records[0]["host"], filtered_records[0]["host"], "Non MIB value was modified")
+    # Values should remain unmodified.
+    records.each { |recKey, recValue|
+        fixedKey = recKey.to_s.gsub("-","_").gsub(".","_").gsub("::","_")
+        assert_equal(records[0][recKey], filtered_records[0][fixedKey], "Value has been modified")
+    }
+  end
+
+end
+

metadata

@@ -0,0 +1,121 @@
+--- !ruby/object:Gem::Specification
+name: fluent-plugin-process-snmptrap
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Gabe de la Mora
+- Pratik Karia
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2023-10-05 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.2.10
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.2.10
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12.0'
+- !ruby/object:Gem::Dependency
+  name: test-unit
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: fluentd
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.14.10
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.14.10
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2'
+description: A filter plugin which appends various fields to SNMP Traps received from
+  HPE Servers
+email:
+- gadelamo@microsoft.com
+- pratikkaria@microsoft.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- Gemfile
+- LICENSE
+- README.md
+- Rakefile
+- SECURITY.md
+- fluent-plugin-process-snmptrap.gemspec
+- lib/fluent/plugin/filter_process_snmptrap.rb
+- test/helper.rb
+- test/plugin/test_filter_process_snmptrap.rb
+homepage: https://github.com/Azure/fluent-plugin-process-snmptrap
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.3.5
+signing_key: 
+specification_version: 4
+summary: A filter plugin which appends various fields to SNMP Traps received from
+  HPE Servers
+test_files:
+- test/helper.rb
+- test/plugin/test_filter_process_snmptrap.rb