fluent-plugin-watch-process 0.0.1 → 0.2.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 2d114a31b165c3feca90dac92247785d9f757e8951ded1aac49bc30806e505a1
+  data.tar.gz: 9a2aab2afb95873873e3e3581b2f5f23b12bd0e7062d456b7eebe257c7f8473a
+SHA512:
+  metadata.gz: ad4b0bffb25faaed2082c8bab5904100750ee265113097a0f643d5c13305c53731a9afcb6bd0b661fba1d012b45e74294c57defd530a774fbaf052135bcb6f43
+  data.tar.gz: 8f4761bfec54a36ecb2f702d7749ce4fd21bb69f35834aaeef274167456de74e0e8c4d7d09bdaaa90dc9bc3647d66eafbeb16d81ca24aede35fb4d273edd7e43

data/.travis.yml

@@ -1,6 +1,13 @@
 language: ruby
 
 rvm:
-  - 2.1.0
-  - 2.0.0
-  - 1.9.3
+  - 2.3.1
+  - 2.2
+  - 2.1
+
+before_install:
+  - gem update bundler
+
+gemfile:
+  - Gemfile
+  - gemfiles/fluentd_v0.14.gemfile

data/Appraisals

@@ -0,0 +1,7 @@
+appraise "fluentd v0.12" do
+  gem "fluentd", "~> 0.12.0"
+end
+
+appraise "fluentd v0.14" do
+  gem "fluentd", "~> 0.14.0"
+end

data/README.md

@@ -3,17 +3,17 @@ fluent-plugin-watch-process [![Build Status](https://travis-ci.org/y-ken/fluent-
 
 ## Overview
 
-Fluentd Input plugin to collect process information via ps command.
+Fluentd Input plugin to collect continual process information via ps command. It is useful for cron/barch process monitoring.
 
 ## Use Cases
 
-* collect cron/batch process for analysis.
+* collect cron/batch process for long term analysis.
   * high cpu load time
   * high usage of memory
   * determine too long running task
 
 * output destination example
-  * Elasticsearch + Kibana to visualize statistics. Example: [example1.conf](https://github.com/y-ken/fluent-plugin-watch-process/blob/master/example1.conf)
+  * Elasticsearch + Kibana to visualize cron/batch process statistics. Example: [example1.conf](https://github.com/y-ken/fluent-plugin-watch-process/blob/master/example1.conf)
   * save process information as audit log into AWS S3 which filename isolated by hostname. Example: [example2.conf](https://github.com/y-ken/fluent-plugin-watch-process/blob/master/example2.conf)
 
 ## Installation
@@ -25,7 +25,10 @@ install with gem or fluent-gem command as:
 $ gem install fluent-plugin-watch-process
 
 # for td-agent
-$ sudo /usr/lib64/fluent/ruby/bin/fluent-gem install fluent-plugin-watch-process
+$ sudo /usr/lib64/fluent/ruby/bin/fluent-gem install fluent-plugin-watch-process -v 0.1.1
+
+# for td-agent2 (recommend)
+$ sudo td-agent-gem install fluent-plugin-watch-process -v 0.1.1
 ```
 
 ## Configuration
@@ -36,14 +39,14 @@ It is a quick sample to output log to `/var/log/td-agent/td-agent.log` with td-a
 
 `````
 <source>
-  type watch_process
+  @type        watch_process
   tag          debug.batch.${hostname}  # Required
   lookup_user  batchuser                # Optional
   interval     10s                      # Optional (default: 5s)
 </source>
 
 <match debug.**>
-  type stdout
+  @type        stdout
 </match>
 `````
 
@@ -51,41 +54,96 @@ After restarting td-agent, it will output process information to the td-agent.lo
 
 `````
 $ tail -f /var/log/td-agent/td-agent.log
+...snip...
 2014-01-16 14:21:34 +0900 debug.batch.localhost: {"start_time":"2014-01-16 14:21:13 +0900","user":"td-agent","pid":17486,"parent_pid":17483,"cpu_time":"00:00:00","cpu_percent":1.5,"memory_percent":3.5,"mem_rss":36068,"mem_size":60708,"state":"S","proc_name":"ruby","command":"/usr/lib64/fluent/ruby/bin/ruby /usr/sbin/td-agent --group td-agent --log /var/log/td-agent/td-agent.log --daemon /var/run/td-agent/td-agent.pid","elapsed_time":21}
 `````
 
 ### Syntax
 
-* tag # Required
+* tag (Required)
   * record output destination
   * supported tag placeholders are `${hostname}` and `__HOSTNAME__`.
 
-* command # Optional
+* command (Optional)
   * execute ps command with some options
   * [default] Linux: `LANG=en_US.UTF-8 && ps -ewwo lstart,user:20,pid,ppid,time,%cpu,%mem,rss,sz,s,comm,cmd`
   * [default] MacOSX: `LANG=en_US.UTF-8 && ps -ewwo lstart,user,pid,ppid,time,%cpu,%mem,rss,vsz,state,comm,command`
+  * [default] Windows: described in the next section, `About Windows`.
 
-* keys # Optional
+* keys (Optional)
   * output record keys of the ps command results
-  * [default] start_time user pid parent_pid cpu_time cpu_percent memory_percent mem_rss mem_size state proc_name command
+  * [default] Linux, MacOSX: `start_time,user,pid,parent_pid,cpu_time,cpu_percent,memory_percent,mem_rss,mem_size,state,proc_name,command`
+    * need to modify `command` too if you modify this value.
+  * [default] Windows: `StartTime,UserName,SessionId,Id,CPU,WorkingSet,VirtualMemorySize,HandleCount,ProcessName`
+    * in Windows only, you can fix this without fixing `command`. These keys can be specified from the properties of `System.Diagnostics.Process` object of `.NET`.
+    * `UserName` key needs administrator privilege. You can exclude this to avoid needing administrator privilege.
 
-* types # Optional
+* types (Optional)
   * settings of converting types from string to integer/float.
-  * [default] pid:integer parent_pid:integer cpu_percent:float memory_percent:float mem_rss:integer mem_size:integer
+  * [default] Linux, MacOSX: `pid:integer,parent_pid:integer,cpu_percent:float,memory_percent:float,mem_rss:integer,mem_size:integer`
+  * [default] Windows: `SessionId:integer,Id:integer,CPU:float,WorkingSet:integer,VirtualMemorySize:integer,HandleCount:integer`
 
-* interval # Optional
+* interval (Optional)
   * execute interval time
   * [default] 5s
 
-* lookup_user # Optional
+* lookup_user (Optional)
   * filter process owner username with comma delimited
   * [default] N/A
 
-* hostname_command # Optional
+* hostname_command (Optional)
   * settings for tag placeholder, `${hostname}` and `__HOSTNAME__`. By default, it using long hostname.
   * to use short hostname, set `hostname -s` for this option on linux/mac.
   * [default] `hostname`
 
+* powershell_command (Optional)
+  * settings for powershell command name. PowerShell Core had been renamed its command to `pwsh` and PowerShell 7 continues to use `pwsh` as its command name.
+  * [default] `powershell`
+  * [avaliables] `powershell`, `pwsh`
+
+### About Windows
+
+Default `command` preset for Windows provides many of keys as below. Generally, you can pick up the columns with `keys` option.
+If you need additional keys, consider to update `command` option.
+
+`````powershell
+powershell -command "Get-Process -IncludeUserName
+ | ?{$_.StartTime -ne $NULL -and $_.CPU -ne $NULL}
+ | Select-Object -Property StartTime,UserName,SessionId,Id,CPU,WorkingSet,VirtualMemorySize,HandleCount,ProcessName
+ | %{$_.StartTime = $_.StartTime.ToString('o'); return $_;}
+ | ConvertTo-Csv -NoTypeInformation"
+`````
+
+Confirmed versions are:
+
+|  Windows version               |  PowerShell version information                                           | Note                                          |
+| ------------------------------ | ------------------------------------------------------------------------- |-----------------------------------------------|
+|  Windows 10 10.0.19042 (20H2)  |  PSVersion: 5.1.19041.906 (default installed version), PSEdition: Desktop | `powershell_command` as `powershell` (default)|
+|  Windows 10 10.0.19042 (20H2)  |  PSVersion: 7.1.2, PSEdition: Core                                        | `powershell_command` as `pwsh`                |
+
+
+Here are details of this default command.
+
+* `Get-Process -IncludeUserName`
+  * `Get-Process` powershell command takes `System.Diagnostics.Process` objects.
+  * `IncludeUserName` option is needed to take `UserName`.
+    * this needs administrator privilege.
+    * this will be omitted if `keys` does not contain `UserName`.
+* ` | ?{$_.StartTime -ne $NULL -and $_.CPU -ne $NULL}`
+  * this exlcludes some special processes that don't have some properties, such as the "Idle" process in Windows.
+* ` | Select-Object -Property ...`
+  * this takes the necessary parameters from `System.Diagnostics.Process` objects.
+  * `...` part will be automatically fixed by `keys`.
+* ` | %{$_.StartTime = $_.StartTime.ToString('o'); return $_;}`
+  * this fixes the format of `StartTime` value.
+  * note: in Windows, setting the "$env:Lang" environment variable is not effective in changing the format of the output.
+* ` | ConvertTo-Csv -NoTypeInformation`
+  * this formats objects to csv strings.
+  * currently, it is needed that `command` outputs the results in csv format.
+    * this is because white space delimiter is not suitable for Windows, in which empty values are often mixed.
+
+**Note:** When using with PowerShell 7 which is previously known as PowerShell Core, you must specify `powershell_command` parameter as `pwsh`. Otherwise, this plugin does not work correctly on PowerShell 7 (pwsh). This is because PowerShell Core and PowerShell 7 use different command name which is `pwsh` not `powershell`.
+
 ## FAQ
 
 * I need hostname key in the record.  

data/example1.conf

@@ -6,10 +6,10 @@
 # * fluent-plugin-elasticsearch
 
 <source>
-  type watch_process
+  @type watch_process
 
   # specify output tag
-  tag          batch_process
+  tag          batch.process
 
   # filter specific user owned process. if no need to filter, delete this line.
   lookup_user  batchuser
@@ -18,18 +18,16 @@
   interval     10s
 </source>
 
-<match batch_process>
-  type         record_reformer
-  output_tag   reformed.${tag}
-  enable_ruby  false
+# add hostname key into record
+<filter batch.process>
+  @type record_transformer
   <record>
-    # add hostname key into record
-    hostname   ${hostname}
+    hostname ${hostname}
   </record>
-</match>
+</filter>
 
-<match reformed.*>
-  type       elasticsearch
+<match batch.*>
+  @type      elasticsearch
   host       localhost
   port       9200
   logstash_format  true

data/example2.conf

@@ -5,9 +5,10 @@
 # * fluent-plugin-s3
 
 <source>
-  type watch_process
+  @type        watch_process
 
   # use ${hostname} placeholder to use filename
+  # If you want to customize it, Use #{Socket.gethostname} or #{Socket.gethostname.split('.').first} snippet for tag.
   tag          batch_process.${hostname}
 
   # filter specific user owned process. if no need to filter, delete this line.
@@ -18,7 +19,7 @@
 </source>
 
 <match batch_process.*>
-  type s3
+  @type s3
 
   aws_key_id YOUR_AWS_KEY_ID
   aws_sec_key YOUR_AWS_SECRET/KEY

data/fluent-plugin-watch-process.gemspec

@@ -3,11 +3,11 @@ $:.push File.expand_path("../lib", __FILE__)
 
 Gem::Specification.new do |s|
   s.name        = "fluent-plugin-watch-process"
-  s.version     = "0.0.1"
+  s.version     = "0.2.0"
   s.authors     = ["Kentaro Yoshida"]
   s.email       = ["y.ken.studio@gmail.com"]
   s.homepage    = "https://github.com/y-ken/fluent-plugin-watch-process"
-  s.summary     = %q{Fluentd Input plugin to collect process information via ps command.}
+  s.summary     = %q{Fluentd Input plugin to collect continual process information via ps command or PowerShell pwsh command for Linux/osx/Windows. It is useful for cron/barch process monitoring.}
 
   s.files         = `git ls-files`.split("\n")
   s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
@@ -16,5 +16,9 @@ Gem::Specification.new do |s|
 
   # specify any dependencies:
   s.add_development_dependency "rake"
-  s.add_runtime_dependency "fluentd"
+  s.add_development_dependency "test-unit", ">= 3.1.0"
+  s.add_development_dependency "appraisal"
+  s.add_runtime_dependency "fluentd", [">= 0.14.0", "< 2"]
+  s.add_runtime_dependency "fluent-mixin-rewrite-tag-name"
+  s.add_runtime_dependency "fluent-mixin-type-converter", ">= 0.1.0"
 end

data/gemfiles/fluentd_v0.14.gemfile

@@ -0,0 +1,7 @@
+# This file was generated by Appraisal
+
+source "http://rubygems.org"
+
+gem "fluentd", "~> 0.14.0"
+
+gemspec :path => "../"

data/lib/fluent/plugin/in_watch_process.rb

@@ -1,116 +1,221 @@
-module Fluent
-  class WatchProcessInput < Fluent::Input
-    Plugin.register_input('watch_process', self)
+require 'time'
+require 'csv' if Fluent.windows?
+require "fluent/plugin/input"
+require 'fluent/mixin/rewrite_tag_name'
+require 'fluent/mixin/type_converter'
+
+module Fluent::Plugin
+  class WatchProcessInput < Fluent::Plugin::Input
+    Fluent::Plugin.register_input('watch_process', self)
+
+    helpers :timer
+
+    DEFAULT_KEYS = %w(start_time user pid parent_pid cpu_time cpu_percent memory_percent mem_rss mem_size state proc_name command)
+    DEFAULT_TYPES = %w(
+      pid:integer
+      parent_pid:integer
+      cpu_percent:float
+      memory_percent:float
+      mem_rss:integer
+      mem_size:integer
+    ).join(",")
 
     config_param :tag, :string
     config_param :command, :string, :default => nil
-    config_param :keys, :string, :default => nil
-    config_param :types, :string, :default => nil
-    config_param :interval, :string, :default => '5s'
-    config_param :lookup_user, :string, :default => nil
+    config_param :keys, :array, :default => nil
+    config_param :interval, :time, :default => '5s'
+    config_param :lookup_user, :array, :default => nil
     config_param :hostname_command, :string, :default => 'hostname'
+    config_param :powershell_command, :enum, list: [:powershell, :pwsh], :default => :powershell
 
-    Converters = {
-      'string' => lambda { |v| v.to_s },
-      'integer' => lambda { |v| v.to_i },
-      'float' => lambda { |v| v.to_f },
-      'bool' => lambda { |v|
-        case v.downcase
-        when 'true', 'yes', '1'
-          true
-        else
-          false
-        end
-      },
-      'time' => lambda { |v, time_parser|
-        time_parser.parse(v)
-      },
-      'array' => lambda { |v, delimiter|
-        v.to_s.split(delimiter)
-      }
-    }
+    include Fluent::HandleTagNameMixin
+    include Fluent::Mixin::RewriteTagName
+    include Fluent::Mixin::TypeConverter
 
     def initialize
       super
-      require 'time'
     end
 
     def configure(conf)
       super
 
-      @command = @command || get_ps_command
-      @keys = @keys || %w(start_time user pid parent_pid cpu_time cpu_percent memory_percent mem_rss mem_size state proc_name command)
-      types = @types || %w(pid:integer parent_pid:integer cpu_percent:float memory_percent:float mem_rss:integer mem_size:integer)
-      @types_map = Hash[types.map{|v| v.split(':')}]
-      @lookup_user = @lookup_user.gsub(' ', '').split(',') unless @lookup_user.nil?
-      @interval = Config.time_value(@interval)
-      @hostname = `#{@hostname_command}`.chomp
-      $log.info "watch_process: polling start. :tag=>#{@tag} :lookup_user=>#{@lookup_user} :interval=>#{@interval} :command=>#{@command}"
+      @windows_watcher = WindowsWatcher.new(@keys, @command, @lookup_user, @powershell_command) if Fluent.windows?
+      @keys ||= Fluent.windows? ? @windows_watcher.keys : DEFAULT_KEYS
+      @command ||= get_ps_command
+      apply_default_types
+      log.info "watch_process: polling start. :tag=>#{@tag} :lookup_user=>#{@lookup_user} :interval=>#{@interval} :command=>#{@command}"
     end
 
     def start
-      @thread = Thread.new(&method(:run))
+      super
+      timer_execute(:in_watch_process, @interval, &method(:on_timer))
     end
 
     def shutdown
-      Thread.kill(@thread)
+      super
+    end
+
+    def apply_default_types
+      return unless @types.nil?
+      @types = Fluent.windows? ? @windows_watcher.default_types : DEFAULT_TYPES
+      @type_converters = parse_types_parameter unless @types.nil?
     end
 
-    def run
-      loop do
-        io = IO.popen(@command, 'r')
+    def on_timer
+      io = IO.popen(@command, 'r')
+      begin
         io.gets
         while result = io.gets
-          values = result.chomp.strip.split(/\s+/, @keys.size + 4)
-          time = Time.parse(values[0...5].join(' '))
-          data = Hash[
-            @keys.zip([time.to_s, values.values_at(5..15)].flatten).map do |k,v|
-              v = Converters[@types_map[k]].call(v) if @types_map.include?(k)
-              [k,v]
-            end
-          ]
-          data['elapsed_time'] = (Time.now - Time.parse(data['start_time'])).to_i
-          next unless @lookup_user.nil? || @lookup_user.include?(data['user'])
-          tag = @tag.gsub(/(\${[a-z]+}|__[A-Z]+__)/, get_placeholder)
-          Engine.emit(tag, Engine.now, data)
+          if Fluent.windows?
+            data = @windows_watcher.parse_line(result)
+            next unless @windows_watcher.match_look_up_user?(data)
+          else
+            data = parse_line(result)
+            next unless match_look_up_user?(data)
+          end
+          emit_tag = tag.dup
+          filter_record(emit_tag, Fluent::Engine.now, data)
+          router.emit(emit_tag, Fluent::Engine.now, data)
         end
+      ensure
         io.close
-        sleep @interval
       end
+    rescue StandardError => e
+      log.error "watch_process: error has occured. #{e.message}"
+    end
+
+    def parse_line(line)
+      keys_size = @keys.size
+      if line =~ /(?<lstart>(^\w+\s+\w+\s+\d+\s+\d\d:\d\d:\d\d \d+))/
+        lstart = Time.parse($~[:lstart])
+        line = line.sub($~[:lstart], '')
+        keys_size -= 1
+      end
+      values = [lstart.to_s, line.chomp.strip.split(/\s+/, keys_size)]
+      data = Hash[@keys.zip(values.reject(&:empty?).flatten)]
+      data['elapsed_time'] = (Time.now - Time.parse(data['start_time'])).to_i if data['start_time']
+      data
+    end
+
+    def match_look_up_user?(data)
+      return true if @lookup_user.nil?
+
+      @lookup_user.include?(data['user'])
     end
 
     def get_ps_command
-      if OS.linux?
-        "LANG=en_US.UTF-8 && ps -ewwo lstart,user:20,pid,ppid,time,%cpu,%mem,rss,sz,s,comm,cmd"
-      elsif OS.mac?
+      if mac?
         "LANG=en_US.UTF-8 && ps -ewwo lstart,user,pid,ppid,time,%cpu,%mem,rss,vsz,state,comm,command"
+      elsif Fluent.windows?
+        @windows_watcher.command
+      else
+        "LANG=en_US.UTF-8 && ps -ewwo lstart,user:20,pid,ppid,time,%cpu,%mem,rss,sz,s,comm,cmd"
       end
     end
 
-    module OS
-      # ref. http://stackoverflow.com/questions/170956/how-can-i-find-which-operating-system-my-ruby-program-is-running-on
-      def OS.windows?
-        (/cygwin|mswin|mingw|bccwin|wince|emx/ =~ RUBY_PLATFORM) != nil
+    def mac?
+      (/darwin/ =~ RUBY_PLATFORM) != nil
+    end
+
+    class WindowsWatcher
+      # Keys are from the "System.Diagnostics.Process" object properties that can be taken by the "Get-Process" command.
+      # You can check the all properties by the "(Get-Process)[0] | Get-Member" command.
+      DEFAULT_KEYS = %w(StartTime UserName SessionId Id CPU WorkingSet VirtualMemorySize HandleCount ProcessName)
+
+      DEFAULT_TYPES = %w(
+        SessionId:integer
+        Id:integer
+        CPU:float
+        WorkingSet:integer
+        VirtualMemorySize:integer
+        HandleCount:integer
+      ).join(",")
+
+      attr_reader :keys
+      attr_reader :command
+
+      def initialize(keys, command, lookup_user, powershell_command)
+        @keys = keys || DEFAULT_KEYS
+        @powershell_command = powershell_command
+        @command = command || default_command
+        @lookup_user = lookup_user
       end
 
-      def OS.mac?
-       (/darwin/ =~ RUBY_PLATFORM) != nil
+      def default_types
+        DEFAULT_TYPES
       end
 
-      def OS.unix?
-        !OS.windows?
+      def parse_line(line)
+        values = line.chomp.strip.parse_csv.map { |e| e ? e : "" }
+        data = Hash[@keys.zip(values)]
+
+        unless data["StartTime"].nil?
+          start_time = Time.parse(data['StartTime'])
+          data['ElapsedTime'] = (Time.now - start_time).to_i
+          data["StartTime"] = start_time.to_s
+        end
+
+        data
+      end
+
+      def match_look_up_user?(data)
+        return true if @lookup_user.nil?
+
+        @lookup_user.include?(data["UserName"])
       end
 
-      def OS.linux?
-        OS.unix? and not OS.mac?
+      def default_command
+        command = [
+          command_ps,
+          pipe_filtering_normal_ps,
+          pipe_select_columns,
+          pipe_fixing_locale,
+          pipe_formatting_output,
+        ].join
+        "#{@powershell_command} -command \"#{command}\""
       end
-    end
 
-    def get_placeholder
-      return {
-        '__HOSTNAME__' => @hostname,
-        '${hostname}' => @hostname,
-      }
-    end    
+      def command_ps
+        if @keys.include?("UserName")
+          # The "IncludeUserName" option is needed to get the username, but this option requires Administrator privilege.
+          "Get-Process -IncludeUserName"
+        else
+          "Get-Process"
+        end
+      end
+
+      private
+
+      def pipe_filtering_normal_ps
+        # There are some special processes that don't have some properties, such as the "Idle" process.
+        # Normally, these are specific to the system and are not important, so exclude them.
+        # Note: The same situation can occur in some processes if there are no Administrator privilege.
+        " | ?{$_.StartTime -ne $NULL -and $_.CPU -ne $NULL}"
+      end
+
+      def pipe_select_columns
+        if @keys.nil? || @keys.empty?
+          raise "The 'keys' parameter is not specified correctly. [keys: #{@keys}]"
+        end
+
+        " | Select-Object -Property #{@keys.join(',')}"
+      end
+
+      def pipe_fixing_locale()
+        # In Windows, setting the "$env:Lang" environment variable is not effective in changing the format of the output.
+        # You can use "Datetime.ToString" method to change format of datetime values in for-each pipe.
+        # Note: About "DateTime.ToString" method: https://docs.microsoft.com/en-us/dotnet/api/system.datetime.tostring
+        return "" unless @keys.include?("StartTime")
+
+        " | %{$_.StartTime = $_.StartTime.ToString('o'); return $_;}"
+      end
+
+      def pipe_formatting_output
+        # In the "ConvertTo-Csv" command, there are 2 lines of type info and header info at the beginning in the outputs.
+        # By the "NoTypeInformation" option, the line of type info is excluded.
+        # This enables you to skip the just first line for parsing, like linux or mac.
+        " | ConvertTo-Csv -NoTypeInformation"
+      end
+    end
   end
 end

data/test/helper.rb

@@ -12,15 +12,7 @@ require 'test/unit'
 $LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
 $LOAD_PATH.unshift(File.dirname(__FILE__))
 require 'fluent/test'
-unless ENV.has_key?('VERBOSE')
-  nulllogger = Object.new
-  nulllogger.instance_eval {|obj|
-    def method_missing(method, *args)
-      # pass
-    end
-  }
-  $log = nulllogger
-end
+require 'fluent/test/driver/input'
 
 require 'fluent/plugin/in_watch_process'
 

data/test/plugin/test_in_watch_process.rb

@@ -7,11 +7,10 @@ class WatchProcessInputTest < Test::Unit::TestCase
 
   CONFIG = %[
     tag          input.watch_process
-    lookup_user  apache, mycron
   ]
 
-  def create_driver(conf=CONFIG,tag='test')
-    Fluent::Test::OutputTestDriver.new(Fluent::WatchProcessInput, tag).configure(conf)
+  def create_driver(conf = CONFIG)
+    Fluent::Test::Driver::Input.new(Fluent::Plugin::WatchProcessInput).configure(conf)
   end
 
   def test_configure
@@ -22,9 +21,105 @@ class WatchProcessInputTest < Test::Unit::TestCase
       tag          input.watch_process
       lookup_user  apache, mycron
     ]
-    d.instance.inspect
     assert_equal 'input.watch_process', d.instance.tag
     assert_equal ['apache', 'mycron'], d.instance.lookup_user
+    assert_equal :powershell, d.instance.powershell_command
   end
-end
 
+  def test_windows_configure
+    omit "Only for UNIX like." unless Fluent.windows?
+    d = create_driver %[
+      tag          input.watch_process
+      lookup_user  apache, mycron
+      powershell_command pwsh
+    ]
+    assert_equal 'input.watch_process', d.instance.tag
+    assert_equal ['apache', 'mycron'], d.instance.lookup_user
+    assert_equal :pwsh, d.instance.powershell_command
+  end
+
+  def test_unixlike
+    omit "Only for UNIX like." if Fluent.windows?
+    whoami = `whoami`
+    d = create_driver %[
+      tag          input.watch_process
+      lookup_user  #{whoami}
+      interval 1s
+    ]
+    d.run(expect_emits: 1, timeout: 3)
+    assert(d.events.size > 1)
+  end
+
+  sub_test_case "Windows" do
+    def test_windows_default
+      omit "Only for Windows." unless Fluent.windows?
+      d = create_driver %[
+        tag input.watch_process
+        interval 1s
+      ]
+      default_keys = Fluent::Plugin::WatchProcessInput::WindowsWatcher::DEFAULT_KEYS + ["ElapsedTime"]
+
+      d.run(expect_records: 1, timeout: 10);
+
+      assert d.events.size > 0
+
+      tag, time, record = d.events[0]
+
+      assert_equal "input.watch_process", tag
+      assert time.is_a?(Fluent::EventTime)
+      assert_equal default_keys, record.keys
+    end
+
+    def test_windows_customized
+      omit "Only for Windows." unless Fluent.windows?
+      custom_keys = ["PM", "Id", "UserProcessorTime", "Path"]
+      d = create_driver %[
+        tag input.watch_process
+        interval 1s
+        keys #{custom_keys.join(",")}
+        types Id:integer
+      ]
+
+      d.run(expect_records: 1, timeout: 10);
+
+      assert d.events.size > 0
+
+      tag, time, record = d.events[0]
+
+      assert_equal "input.watch_process", tag
+      assert time.is_a?(Fluent::EventTime)
+      assert_equal custom_keys, record.keys
+      assert record["PM"].is_a?(String)
+      assert record["Id"].is_a?(Integer)
+    end
+
+    def test_windows_lookup
+      omit "Only for Windows." unless Fluent.windows?
+      d = create_driver %[
+        tag input.watch_process
+        interval 1s
+      ]
+      d.run(expect_records: 1, timeout: 10);
+
+      assert d.events.size > 0
+
+      tag, time, record = d.events[0]
+      lookup_user = record["UserName"]
+
+      d = create_driver %[
+        tag input.watch_process
+        interval 1s
+        lookup_user #{lookup_user}
+      ]
+      d.run(expect_records: 1, timeout: 10);
+
+      assert d.events.size > 0
+
+      other_user_records = d.events.reject do |tag, time, record|
+        lookup_user.include?(record["UserName"])
+      end
+
+      assert other_user_records.size == 0
+    end
+  end
+end

metadata

@@ -1,48 +1,105 @@
 --- !ruby/object:Gem::Specification
 name: fluent-plugin-watch-process
 version: !ruby/object:Gem::Version
-  version: 0.0.1
-  prerelease: 
+  version: 0.2.0
 platform: ruby
 authors:
 - Kentaro Yoshida
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-01-16 00:00:00.000000000 Z
+date: 2021-05-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: test-unit
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.1.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.1.0
+- !ruby/object:Gem::Dependency
+  name: appraisal
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: fluentd
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.14.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.14.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2'
+- !ruby/object:Gem::Dependency
+  name: fluent-mixin-rewrite-tag-name
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: fluent-mixin-type-converter
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.1.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.1.0
 description: 
 email:
 - y.ken.studio@gmail.com
@@ -50,8 +107,9 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- .gitignore
-- .travis.yml
+- ".gitignore"
+- ".travis.yml"
+- Appraisals
 - Gemfile
 - LICENSE.txt
 - README.md
@@ -59,33 +117,34 @@ files:
 - example1.conf
 - example2.conf
 - fluent-plugin-watch-process.gemspec
+- gemfiles/fluentd_v0.14.gemfile
 - lib/fluent/plugin/in_watch_process.rb
 - test/helper.rb
 - test/plugin/test_in_watch_process.rb
 homepage: https://github.com/y-ken/fluent-plugin-watch-process
 licenses: []
+metadata: {}
 post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 1.8.23
+rubygems_version: 3.1.6
 signing_key: 
-specification_version: 3
-summary: Fluentd Input plugin to collect process information via ps command.
+specification_version: 4
+summary: Fluentd Input plugin to collect continual process information via ps command
+  or PowerShell pwsh command for Linux/osx/Windows. It is useful for cron/barch process
+  monitoring.
 test_files:
 - test/helper.rb
 - test/plugin/test_in_watch_process.rb