fluent-plugin-spectrum 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 9bc88f1954fef9f516c4ef7c8f7fd134a6ed957d
+  data.tar.gz: de6e8bfdd3f67695df5de0f2f62fee25f9c15a91
+SHA512:
+  metadata.gz: ec23275e1753d9d7bce921d6a8e3a6df5a48225dcde19a9fb5aaf6f7d1f3a1352a8b415676d7c131e1c54a4d657f12aaac1643ca9697adbed7de92df773cfb36
+  data.tar.gz: 54f6270b853b64f33290044b9d9a910dc7adb8d25aa3dacc2165ea91711a6ad643f79f7fb61d991aa3d575c2dbadf24a2c1727c0d43ae7b905fb76698fd745cd

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in fluent-plugin-spectrum.gemspec
+gemspec

data/README.md

@@ -0,0 +1,43 @@
+# Fluent::Plugin::Spectrum
+
+fluent-plugin-spectrum is an input plug-in for [Fluentd](http://fluentd.org)
+
+## Installation
+
+These instructions assume you already have fluentd installed. 
+If you don't, please run through [quick start for fluentd] (https://github.com/fluent/fluentd#quick-start)
+
+Now after you have fluentd installed you can follow either of the steps below:
+
+Add this line to your application's Gemfile:
+
+    gem 'fluent-plugin-spectrum'
+
+Or install it yourself as:
+
+    $ gem install fluent-plugin-spectrum
+
+## Usage
+Add the following into your fluentd config.
+
+    <source>
+      type spectrum        # required, choosing the input plugin.
+      endpoint hostname    # required, FQDN of Spectrum EndPoint
+      username ws_user     # optional, interface to listen on, default 0 for all.
+      password ws_password # optional, interface to listen on, default 0 for all.
+      tag alert.spectrum   # optional, tag to assign to events, default is alert.spectrum 
+    </source>
+
+    <match alert.spectrum>
+      type stdout
+    </match>
+
+Now startup fluentd
+
+    $ sudo fluentd -c fluent.conf &
+
+Send a test 
+    TBD
+
+## To Do
+Things left to do, not in any particular order.

data/Rakefile

@@ -0,0 +1,13 @@
+#!/usr/bin/env rake
+require 'bundler'
+Bundler::GemHelper.install_tasks
+
+require 'rake/testtask'
+
+Rake::TestTask.new(:test) do |test|
+  test.libs << 'lib' << 'test'
+  test.pattern = 'test/**/test_*.rb'
+  test.verbose = true
+end
+
+task :default => [:build]

data/fluent-plugin-spectrum.gemspec

@@ -0,0 +1,25 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+
+Gem::Specification.new do |gem|
+  gem.name          = "fluent-plugin-spectrum"
+  gem.version       = "0.0.1"
+  gem.date          = '2015-02-24'
+  gem.authors       = ["Alex Pena"]
+  gem.email         = ["alex_pena@intuit.com"]
+  gem.summary       = %q{Fluentd input plugin for Spectrum Alerts}
+  gem.description   = %q{Fluentd plugin for Spectrum Alerts... WIP}
+  gem.homepage      = 'https://github.com/Bigel0w/fluent-plugin-spectrum'
+  gem.license       = 'MIT'
+
+  gem.files         = `git ls-files`.split($\)
+  gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
+  gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  gem.require_paths = ["lib"]
+
+  gem.add_development_dependency "rake", '~> 0.9', '>= 0.9.6'
+
+  gem.add_runtime_dependency "fluentd", '~> 0.10', '>= 0.10.52'
+  gem.add_runtime_dependency "json", '~> 1.1', '>= 1.8.2'
+  gem.add_runtime_dependency "rest_client", '~> 1.1', '>= 1.8.3'
+end

data/lib/fluent/plugin/in_spectrum.rb

@@ -0,0 +1,182 @@
+module Fluent
+# TODO:
+# Add a fields all or list option
+# error checking in every section  
+  class SpectrumInput < Input
+    Fluent::Plugin.register_input('spectrum', self)
+
+    config_param :tag, :string, :default => "alert.spectrum"
+    config_param :endpoint, :string, :default => "pleasechangeme.com" #fqdn of endpoint
+    config_param :interval, :integer, :default => '300' #Default 5 minutes
+    config_param :user, :string, :default => "username"
+    config_param :pass, :string, :default => "password"
+    config_param :include_raw, :string, :default => "false" #Include original object as raw
+    config_param :attributes, :string, :default => "ALL" # fields to include, ALL for... well, ALL.
+
+    def initialize
+      require 'rest_client'
+      require 'json'
+      super
+    end # def initialize
+
+    def configure(conf)
+      super 
+      @conf = conf
+      # map of Spectrum attribute codes to names
+      @spectrum_access_code={
+        "0x11f9c" => "ALARM_ID",
+        "0x11f4e" => "CREATION_DATE",
+        "0x11f56" => "SEVERITY",
+        "0x12b4c" => "ALARM_TITLE",
+        "0x1006e" => "HOSTNAME",
+        "0x12d7f" => "IP_ADDRESS",
+        "0x1296e" => "ORIGINATING_EVENT_ATTR",
+        "0x10000" => "MODEL_STRING",  
+        "0x11f4d" => "ACKNOWLEDGED",
+        "0x11f4f" => "ALARM_STATUS",
+        "0x11fc5" => "OCCURRENCES",
+        "0x11f57" => "TROUBLE_SHOOTER",
+        "0x11f9b" => "USER_CLEARABLE",
+        "0x12022" => "TROUBLE_TICKET_ID",
+        "0x12942" => "PERSISTENT",
+        "0x12adb" => "GC_NAME",
+        "0x57f0105" => "Custom_Project",
+        "0x11f4d" => "ACKNOWLEDGED",
+        #{}"0x11f51" => "CLEARED_BY_USER_NAME",
+        #{}"0x11f52" => "EVENT_ID_LIST",
+        #{}"0x11f53" => "MODEL_HANDLE",
+        #{}"0x11f54" => "PRIMARY_ALARM",
+        #{}"0x11fc4" => "ALARM_SOURCE",
+        #{}"0x11fc6" => "TROUBLE_SHOOTER_MH",
+        #{}"0x12a6c" => "TROUBLE_SHOOTER_EMAIL",
+        #{}"0x1290d" => "IMPACT_SEVERITY",
+        #{}"0x1290e" => "IMPACT_SCOPE",
+        #{}"0x1298a" => "IMPACT_TYPE_LIST",
+        #{}"0x12948" => "DIAGNOSIS_LOG",
+        #{}"0x129aa" => "MODEL_ID",
+        #{}"0x129ab" => "MODEL_TYPE_ID",
+        #{}"0x129af" => "CLEAR_DATE",
+        #{}"0x12a04" => "SYMPTOM_LIST_ATTR",
+        #{}"0x12a6f" => "EVENT_SYMPTOM_LIST_ATTR",
+        #{}"0x12a05" => "CAUSE_LIST_ATTR",
+        #{}"0x12a06" => "SYMPTOM_COUNT_ATTR",
+        #{}"0x12a70" => "EVENT_SYMPTOM_COUNT_ATTR",
+        #{}"0x12a07" => "CAUSE_COUNT_ATTR",
+        #{}"0x12a63" => "WEB_CONTEXT_URL",
+        #{}"0x12a6b" => "COMBINED_IMPACT_TYPE_LIST",
+        #{}"0x11f50" => "CAUSE_CODE",
+        #{}"0x10009" => "SECURITY_STRING"
+      }
+      # Create XML chunk for attributes we care about
+      @attr_of_interest=""
+      @spectrum_access_code.each do |key, array|
+        @attr_of_interest += " <rs:requested-attribute id=\"#{key}\"/>"
+      end
+      # Setup URL Resource
+      @url = 'http://' + @endpoint.to_s + '/spectrum/restful/alarms'
+      def spectrumEnd
+        RestClient::Resource.new(@url,@user,@pass)
+      end
+    end # def configure
+
+    def start 
+      super 
+      @loop = Coolio::Loop.new
+      timer_trigger = TimerWatcher.new(@interval, true, &method(:input))
+      timer_trigger.attach(@loop)
+      @thread = Thread.new(&method(:run))
+      $log.info "Spectrum :: starting poller, endpoint #{@endpoint} interval #{@interval}"
+    end # def start
+
+    def shutdown
+      super
+      @loop.stop
+      @thread.join
+    end # def shutdown
+
+    def run
+      @loop.run
+    end # def run
+
+    def input
+      alertStartTime = Engine.now.to_i - @interval.to_i 
+      $log.info "Spectrum :: Polling for alerts for time period: #{alertStartTime.to_i} - #{Engine.now.to_i}"
+
+      # function to UTF8 encode
+      def to_utf8(str)
+        str = str.force_encoding('UTF-8')
+        return str if str.valid_encoding?
+        str.encode("UTF-8", 'binary', invalid: :replace, undef: :replace, replace: '')
+      end
+
+      # XML for spectrum post
+      @xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>
+      <rs:alarm-request throttlesize=\"10000\"
+      xmlns:rs=\"http://www.ca.com/spectrum/restful/schema/request\"
+      xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"
+      xsi:schemaLocation=\"http://www.ca.com/spectrum/restful/schema/request ../../../xsd/Request.xsd \">
+      <rs:attribute-filter>
+        <search-criteria xmlns=\"http://www.ca.com/spectrum/restful/schema/filter\">
+        <filtered-models>
+          <greater-than>
+            <attribute id=\"0x11f4e\">
+              <value> #{alertStartTime} </value>
+            </attribute>
+          </greater-than>
+        </filtered-models>
+        </search-criteria>
+      </rs:attribute-filter>
+      #{@attr_of_interest}
+      </rs:alarm-request>"
+
+      # Post to Spectrum and parse results  
+      responsePost=spectrumEnd.post @xml,:content_type => 'application/xml',:accept => 'application/json'
+      body = JSON.parse(responsePost.body)
+      # Only continue if we have alarms in results
+      if body['ns1.alarm-response-list']['@total-alarms'].to_i > 1
+        $log.info "Spectrum :: returned #{body['ns1.alarm-response-list']['@total-alarms'].to_i} alarms"
+        # iterate through alarms in results
+        body['ns1.alarm-response-list']['ns1.alarm-responses']['ns1.alarm'].each do |alarm|
+          record_hash = Hash.new # temp hash to hold attributes of alarm
+          record_hash['event_type'] = @tag.to_s
+          record_hash['intermediary_source'] = @endpoint.to_s
+          # iterate though alarm attributes and add to temp hash  
+          alarm['ns1.attribute'].each do |attribute|
+            record_hash[@spectrum_access_code[attribute['@id'].to_s].to_s] = to_utf8(attribute['$'].to_s)
+          end
+          # include raw?
+          if @include_raw.to_s == "true"  
+            record_hash['raw'] = alarm  
+          end
+          Engine.emit(@tag, record_hash['CREATION_DATE'].to_i,record_hash)
+        end
+      elsif body['ns1.alarm-response-list']['@total-alarms'].to_i == 1
+        $log.info "Spectrum :: returned #{body['ns1.alarm-response-list']['@total-alarms'].to_i} alarms"
+        record_hash = Hash.new # temp hash to hold attributes of alarm
+        record_hash['event_type'] = @tag.to_s
+        record_hash['intermediary_source'] = @endpoint.to_s
+        # iterate though alarm attributes and add to temp hash  
+        body['ns1.alarm-response-list']['ns1.alarm-responses']['ns1.alarm']['ns1.attribute'].each do |attribute|
+          record_hash[@spectrum_access_code[attribute['@id'].to_s].to_s] = to_utf8(attribute['$'].to_s)
+        end
+        # include raw?
+        if @include_raw.to_s == "true"  
+          record_hash['raw'] = alarm  
+        end
+        Engine.emit(@tag, record_hash['CREATION_DATE'].to_i,record_hash)
+      end  
+    end
+  end # class SpectrumInput
+
+  # class for handling interval in loop
+  class TimerWatcher < Coolio::TimerWatcher
+    def initialize(interval, repeat, &callback)
+      @callback = callback
+      super(interval, repeat)
+    end # def initialize
+    def on_timer
+      @callback.call
+    end # def on_timer
+  end
+
+end # module Fluent

data/sample/spectrum.conf.sample

@@ -0,0 +1,8 @@
+<source>
+  type spectrum
+  tag alert.spectrum
+</source>
+
+<match alert.spectrum*>
+  type stdout
+</match>

data/test/helper.rb

@@ -0,0 +1,28 @@
+require 'rubygems'
+require 'bundler'
+begin
+  Bundler.setup(:default, :development)
+rescue Bundler::BundlerError => e
+  $stderr.puts e.message
+  $stderr.puts "Run `bundle install` to install missing gems"
+  exit e.status_code
+end
+require 'test/unit'
+
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+$LOAD_PATH.unshift(File.dirname(__FILE__))
+require 'fluent/test'
+unless ENV.has_key?('VERBOSE')
+  nulllogger = Object.new
+  nulllogger.instance_eval {|obj|
+    def method_missing(method, *args)
+      # pass
+    end
+  }
+  $log = nulllogger
+end
+
+require 'fluent/plugin/in_spectrum'
+
+class Test::Unit::TestCase
+end

data/test/plugin/test_in_spectrum.rb

@@ -0,0 +1,24 @@
+require 'helper'
+
+class SpectrumInputTest < Test::Unit::TestCase
+  def setup
+    Fluent::Test.setup
+  end
+
+  CONFIG = %[
+    host 0
+    port 1062
+    tag alert.spectrum
+  ]
+
+  def create_driver(conf=CONFIG)
+    Fluent::Test::InputTestDriver.new(Fluent::SpectrumInput).configure(conf)
+  end
+
+  def test_configure
+    d = create_driver('')
+    assert_equal "0".to_i, d.instance.host
+    assert_equal "1062".to_i, d.instance.port
+    assert_equal 'alert.spectrum', d.instance.tag
+  end
+end

metadata

@@ -0,0 +1,134 @@
+--- !ruby/object:Gem::Specification
+name: fluent-plugin-spectrum
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Alex Pena
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2015-02-24 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0.9'
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: 0.9.6
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0.9'
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: 0.9.6
+- !ruby/object:Gem::Dependency
+  name: fluentd
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0.10'
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: 0.10.52
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0.10'
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: 0.10.52
+- !ruby/object:Gem::Dependency
+  name: json
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.1'
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: 1.8.2
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.1'
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: 1.8.2
+- !ruby/object:Gem::Dependency
+  name: rest_client
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.1'
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: 1.8.3
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.1'
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: 1.8.3
+description: Fluentd plugin for Spectrum Alerts... WIP
+email:
+- alex_pena@intuit.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- Gemfile
+- README.md
+- Rakefile
+- fluent-plugin-spectrum.gemspec
+- lib/fluent/plugin/in_spectrum.rb
+- sample/spectrum.conf.sample
+- test/helper.rb
+- test/plugin/test_in_spectrum.rb
+homepage: https://github.com/Bigel0w/fluent-plugin-spectrum
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.3.0
+signing_key: 
+specification_version: 4
+summary: Fluentd input plugin for Spectrum Alerts
+test_files:
+- test/helper.rb
+- test/plugin/test_in_spectrum.rb