fluent-plugin-watch-process 0.0.1

data/.gitignore

@@ -0,0 +1,5 @@
+*.gem
+.bundle
+Gemfile.lock
+pkg/*
+vendor/*

data/.travis.yml

@@ -0,0 +1,6 @@
+language: ruby
+
+rvm:
+  - 2.1.0
+  - 2.0.0
+  - 1.9.3

data/Gemfile

@@ -0,0 +1,4 @@
+source "http://rubygems.org"
+
+# Specify your gem's dependencies in fluent-plugin-watch-process.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,14 @@
+Copyright (c) 2012- Kentaro Yoshida
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+

data/README.md

@@ -0,0 +1,104 @@
+fluent-plugin-watch-process [![Build Status](https://travis-ci.org/y-ken/fluent-plugin-watch-process.png?branch=master)](https://travis-ci.org/y-ken/fluent-plugin-watch-process)
+=====================
+
+## Overview
+
+Fluentd Input plugin to collect process information via ps command.
+
+## Use Cases
+
+* collect cron/batch process for analysis.
+  * high cpu load time
+  * high usage of memory
+  * determine too long running task
+
+* output destination example
+  * Elasticsearch + Kibana to visualize statistics. Example: [example1.conf](https://github.com/y-ken/fluent-plugin-watch-process/blob/master/example1.conf)
+  * save process information as audit log into AWS S3 which filename isolated by hostname. Example: [example2.conf](https://github.com/y-ken/fluent-plugin-watch-process/blob/master/example2.conf)
+
+## Installation
+
+install with gem or fluent-gem command as:
+
+```
+# for fluentd
+$ gem install fluent-plugin-watch-process
+
+# for td-agent
+$ sudo /usr/lib64/fluent/ruby/bin/fluent-gem install fluent-plugin-watch-process
+```
+
+## Configuration
+
+### Sample
+
+It is a quick sample to output log to `/var/log/td-agent/td-agent.log` with td-agent.
+
+`````
+<source>
+  type watch_process
+  tag          debug.batch.${hostname}  # Required
+  lookup_user  batchuser                # Optional
+  interval     10s                      # Optional (default: 5s)
+</source>
+
+<match debug.**>
+  type stdout
+</match>
+`````
+
+After restarting td-agent, it will output process information to the td-agent.log like below.
+
+`````
+$ tail -f /var/log/td-agent/td-agent.log
+2014-01-16 14:21:34 +0900 debug.batch.localhost: {"start_time":"2014-01-16 14:21:13 +0900","user":"td-agent","pid":17486,"parent_pid":17483,"cpu_time":"00:00:00","cpu_percent":1.5,"memory_percent":3.5,"mem_rss":36068,"mem_size":60708,"state":"S","proc_name":"ruby","command":"/usr/lib64/fluent/ruby/bin/ruby /usr/sbin/td-agent --group td-agent --log /var/log/td-agent/td-agent.log --daemon /var/run/td-agent/td-agent.pid","elapsed_time":21}
+`````
+
+### Syntax
+
+* tag # Required
+  * record output destination
+  * supported tag placeholders are `${hostname}` and `__HOSTNAME__`.
+
+* command # Optional
+  * execute ps command with some options
+  * [default] Linux: `LANG=en_US.UTF-8 && ps -ewwo lstart,user:20,pid,ppid,time,%cpu,%mem,rss,sz,s,comm,cmd`
+  * [default] MacOSX: `LANG=en_US.UTF-8 && ps -ewwo lstart,user,pid,ppid,time,%cpu,%mem,rss,vsz,state,comm,command`
+
+* keys # Optional
+  * output record keys of the ps command results
+  * [default] start_time user pid parent_pid cpu_time cpu_percent memory_percent mem_rss mem_size state proc_name command
+
+* types # Optional
+  * settings of converting types from string to integer/float.
+  * [default] pid:integer parent_pid:integer cpu_percent:float memory_percent:float mem_rss:integer mem_size:integer
+
+* interval # Optional
+  * execute interval time
+  * [default] 5s
+
+* lookup_user # Optional
+  * filter process owner username with comma delimited
+  * [default] N/A
+
+* hostname_command # Optional
+  * settings for tag placeholder, `${hostname}` and `__HOSTNAME__`. By default, it using long hostname.
+  * to use short hostname, set `hostname -s` for this option on linux/mac.
+  * [default] `hostname`
+
+## FAQ
+
+* I need hostname key in the record.  
+To add the hostname key in the record, use fluent-plugin-record-reformer together.
+
+## TODO
+
+patches welcome!
+
+## Copyright
+
+Copyright © 2013- Kentaro Yoshida (@yoshi_ken)
+
+## License
+
+Apache License, Version 2.0

data/Rakefile

@@ -0,0 +1,10 @@
+require "bundler/gem_tasks"
+require "rake/testtask"
+Rake::TestTask.new(:test) do |test|
+  test.libs << 'lib' << 'test'
+  test.pattern = 'test/**/test_*.rb'
+  test.verbose = true
+end
+
+task :default => :test
+

data/example1.conf

@@ -0,0 +1,41 @@
+# it is a sample to store batch process statistics into elasticsearch to visualize with kibana.
+
+# this guide using following plugins.
+# * fluent-plugin-watch-process
+# * fluent-plugin-record-reformer
+# * fluent-plugin-elasticsearch
+
+<source>
+  type watch_process
+
+  # specify output tag
+  tag          batch_process
+
+  # filter specific user owned process. if no need to filter, delete this line.
+  lookup_user  batchuser
+
+  # ps command execute interval time
+  interval     10s
+</source>
+
+<match batch_process>
+  type         record_reformer
+  output_tag   reformed.${tag}
+  enable_ruby  false
+  <record>
+    # add hostname key into record
+    hostname   ${hostname}
+  </record>
+</match>
+
+<match reformed.*>
+  type       elasticsearch
+  host       localhost
+  port       9200
+  logstash_format  true
+  logstash_prefix  logstash
+  type_name        batch
+
+  # write record interval
+  flush_interval   10sec
+</match>

data/example2.conf

@@ -0,0 +1,34 @@
+# it is a sample to save process information as audit log into AWS S3 which filename isolated by hostname.
+
+# this guide using following plugins.
+# * fluent-plugin-watch-process
+# * fluent-plugin-s3
+
+<source>
+  type watch_process
+
+  # use ${hostname} placeholder to use filename
+  tag          batch_process.${hostname}
+
+  # filter specific user owned process. if no need to filter, delete this line.
+  lookup_user  batchuser
+
+  # ps command execute interval time
+  interval     1s
+</source>
+
+<match batch_process.*>
+  type s3
+
+  aws_key_id YOUR_AWS_KEY_ID
+  aws_sec_key YOUR_AWS_SECRET/KEY
+  s3_bucket YOUR_S3_BUCKET_NAME
+  s3_endpoint s3-ap-northeast-1.amazonaws.com
+  s3_object_key_format %{path}%{time_slice}_%{index}.%{file_extension}
+  path barch_process_logs/
+  buffer_path /var/log/fluent/s3_batch_process
+
+  time_slice_format %Y%m%d-%H
+  time_slice_wait 10m
+  utc
+</match>

data/fluent-plugin-watch-process.gemspec

@@ -0,0 +1,20 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+
+Gem::Specification.new do |s|
+  s.name        = "fluent-plugin-watch-process"
+  s.version     = "0.0.1"
+  s.authors     = ["Kentaro Yoshida"]
+  s.email       = ["y.ken.studio@gmail.com"]
+  s.homepage    = "https://github.com/y-ken/fluent-plugin-watch-process"
+  s.summary     = %q{Fluentd Input plugin to collect process information via ps command.}
+
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.require_paths = ["lib"]
+
+  # specify any dependencies:
+  s.add_development_dependency "rake"
+  s.add_runtime_dependency "fluentd"
+end

data/lib/fluent/plugin/in_watch_process.rb

@@ -0,0 +1,116 @@
+module Fluent
+  class WatchProcessInput < Fluent::Input
+    Plugin.register_input('watch_process', self)
+
+    config_param :tag, :string
+    config_param :command, :string, :default => nil
+    config_param :keys, :string, :default => nil
+    config_param :types, :string, :default => nil
+    config_param :interval, :string, :default => '5s'
+    config_param :lookup_user, :string, :default => nil
+    config_param :hostname_command, :string, :default => 'hostname'
+
+    Converters = {
+      'string' => lambda { |v| v.to_s },
+      'integer' => lambda { |v| v.to_i },
+      'float' => lambda { |v| v.to_f },
+      'bool' => lambda { |v|
+        case v.downcase
+        when 'true', 'yes', '1'
+          true
+        else
+          false
+        end
+      },
+      'time' => lambda { |v, time_parser|
+        time_parser.parse(v)
+      },
+      'array' => lambda { |v, delimiter|
+        v.to_s.split(delimiter)
+      }
+    }
+
+    def initialize
+      super
+      require 'time'
+    end
+
+    def configure(conf)
+      super
+
+      @command = @command || get_ps_command
+      @keys = @keys || %w(start_time user pid parent_pid cpu_time cpu_percent memory_percent mem_rss mem_size state proc_name command)
+      types = @types || %w(pid:integer parent_pid:integer cpu_percent:float memory_percent:float mem_rss:integer mem_size:integer)
+      @types_map = Hash[types.map{|v| v.split(':')}]
+      @lookup_user = @lookup_user.gsub(' ', '').split(',') unless @lookup_user.nil?
+      @interval = Config.time_value(@interval)
+      @hostname = `#{@hostname_command}`.chomp
+      $log.info "watch_process: polling start. :tag=>#{@tag} :lookup_user=>#{@lookup_user} :interval=>#{@interval} :command=>#{@command}"
+    end
+
+    def start
+      @thread = Thread.new(&method(:run))
+    end
+
+    def shutdown
+      Thread.kill(@thread)
+    end
+
+    def run
+      loop do
+        io = IO.popen(@command, 'r')
+        io.gets
+        while result = io.gets
+          values = result.chomp.strip.split(/\s+/, @keys.size + 4)
+          time = Time.parse(values[0...5].join(' '))
+          data = Hash[
+            @keys.zip([time.to_s, values.values_at(5..15)].flatten).map do |k,v|
+              v = Converters[@types_map[k]].call(v) if @types_map.include?(k)
+              [k,v]
+            end
+          ]
+          data['elapsed_time'] = (Time.now - Time.parse(data['start_time'])).to_i
+          next unless @lookup_user.nil? || @lookup_user.include?(data['user'])
+          tag = @tag.gsub(/(\${[a-z]+}|__[A-Z]+__)/, get_placeholder)
+          Engine.emit(tag, Engine.now, data)
+        end
+        io.close
+        sleep @interval
+      end
+    end
+
+    def get_ps_command
+      if OS.linux?
+        "LANG=en_US.UTF-8 && ps -ewwo lstart,user:20,pid,ppid,time,%cpu,%mem,rss,sz,s,comm,cmd"
+      elsif OS.mac?
+        "LANG=en_US.UTF-8 && ps -ewwo lstart,user,pid,ppid,time,%cpu,%mem,rss,vsz,state,comm,command"
+      end
+    end
+
+    module OS
+      # ref. http://stackoverflow.com/questions/170956/how-can-i-find-which-operating-system-my-ruby-program-is-running-on
+      def OS.windows?
+        (/cygwin|mswin|mingw|bccwin|wince|emx/ =~ RUBY_PLATFORM) != nil
+      end
+
+      def OS.mac?
+       (/darwin/ =~ RUBY_PLATFORM) != nil
+      end
+
+      def OS.unix?
+        !OS.windows?
+      end
+
+      def OS.linux?
+        OS.unix? and not OS.mac?
+      end
+    end
+
+    def get_placeholder
+      return {
+        '__HOSTNAME__' => @hostname,
+        '${hostname}' => @hostname,
+      }
+    end    
+  end
+end

data/test/helper.rb

@@ -0,0 +1,28 @@
+require 'rubygems'
+require 'bundler'
+begin
+  Bundler.setup(:default, :development)
+rescue Bundler::BundlerError => e
+  $stderr.puts e.message
+  $stderr.puts "Run `bundle install` to install missing gems"
+  exit e.status_code
+end
+require 'test/unit'
+
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+$LOAD_PATH.unshift(File.dirname(__FILE__))
+require 'fluent/test'
+unless ENV.has_key?('VERBOSE')
+  nulllogger = Object.new
+  nulllogger.instance_eval {|obj|
+    def method_missing(method, *args)
+      # pass
+    end
+  }
+  $log = nulllogger
+end
+
+require 'fluent/plugin/in_watch_process'
+
+class Test::Unit::TestCase
+end

data/test/plugin/test_in_watch_process.rb

@@ -0,0 +1,30 @@
+require 'helper'
+
+class WatchProcessInputTest < Test::Unit::TestCase
+  def setup
+    Fluent::Test.setup
+  end
+
+  CONFIG = %[
+    tag          input.watch_process
+    lookup_user  apache, mycron
+  ]
+
+  def create_driver(conf=CONFIG,tag='test')
+    Fluent::Test::OutputTestDriver.new(Fluent::WatchProcessInput, tag).configure(conf)
+  end
+
+  def test_configure
+    assert_raise(Fluent::ConfigError) {
+      d = create_driver('')
+    }
+    d = create_driver %[
+      tag          input.watch_process
+      lookup_user  apache, mycron
+    ]
+    d.instance.inspect
+    assert_equal 'input.watch_process', d.instance.tag
+    assert_equal ['apache', 'mycron'], d.instance.lookup_user
+  end
+end
+

metadata

@@ -0,0 +1,91 @@
+--- !ruby/object:Gem::Specification
+name: fluent-plugin-watch-process
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+  prerelease: 
+platform: ruby
+authors:
+- Kentaro Yoshida
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-01-16 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: fluentd
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: 
+email:
+- y.ken.studio@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- .travis.yml
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- example1.conf
+- example2.conf
+- fluent-plugin-watch-process.gemspec
+- lib/fluent/plugin/in_watch_process.rb
+- test/helper.rb
+- test/plugin/test_in_watch_process.rb
+homepage: https://github.com/y-ken/fluent-plugin-watch-process
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.23
+signing_key: 
+specification_version: 3
+summary: Fluentd Input plugin to collect process information via ps command.
+test_files:
+- test/helper.rb
+- test/plugin/test_in_watch_process.rb