fluent-plugin-winevtlog 0.0.2 → 0.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/fluent-plugin-winevtlog.gemspec +1 -1
- data/lib/fluent/plugin/in_winevtlog.rb +38 -34
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 238726bd6a49e60ad9e2f165ddbf87b351e0436d
|
4
|
+
data.tar.gz: ba9b3af62d8460e2791a470a1f7fb2807be1f8c0
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 14da61cc1fa48009ec2e3bec9dce3dc4e5434b2bd628196fd025df8a9cb6f7df683cee73c641f1f836ee929484196c58f2e928f51ced102b3578c77f1f507929
|
7
|
+
data.tar.gz: 9c5136757333abc4c15a322a790fdad842896300024acee918efdc972878d8f7a79a663d62dc9d7ab150fa82fdbfa42d55699cf6875b4e091f5ed54fb7460e3d
|
@@ -4,7 +4,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
4
4
|
|
5
5
|
Gem::Specification.new do |spec|
|
6
6
|
spec.name = "fluent-plugin-winevtlog"
|
7
|
-
spec.version = "0.0.
|
7
|
+
spec.version = "0.0.3"
|
8
8
|
spec.authors = ["okahashi117"]
|
9
9
|
spec.email = ["naruki_okahashi@jbat.co.jp"]
|
10
10
|
spec.summary = %q{Input plugin to read windows event log.}
|
@@ -20,26 +20,26 @@ module Fluent
|
|
20
20
|
config_param :tag, :string
|
21
21
|
config_param :read_interval, :time, :default => 2
|
22
22
|
config_param :pos_file, :string, :default => nil
|
23
|
-
config_param :
|
24
|
-
config_param :
|
23
|
+
config_param :channel, :string, :default => 'Application'
|
24
|
+
config_param :key, :string, :default => ''
|
25
25
|
config_param :read_from_head, :bool, :default => false
|
26
26
|
|
27
|
-
attr_reader :
|
27
|
+
attr_reader :chs
|
28
28
|
|
29
29
|
def initialize
|
30
30
|
super
|
31
|
-
@
|
31
|
+
@chs = []
|
32
32
|
@keynames = []
|
33
33
|
@tails = {}
|
34
34
|
end
|
35
35
|
|
36
36
|
def configure(conf)
|
37
37
|
super
|
38
|
-
@
|
39
|
-
if @
|
40
|
-
raise ConfigError, "winevtlog: '
|
38
|
+
@chs = @channel.split(',').map {|ch| ch.strip.downcase }.uniq
|
39
|
+
if @chs.empty?
|
40
|
+
raise ConfigError, "winevtlog: 'channel' parameter is required on winevtlog input"
|
41
41
|
end
|
42
|
-
@keynames = @
|
42
|
+
@keynames = @key.split(',').map {|k| k.strip }.uniq
|
43
43
|
if @keynames.empty?
|
44
44
|
@keynames = @@KEY_MAP.keys
|
45
45
|
end
|
@@ -54,7 +54,7 @@ module Fluent
|
|
54
54
|
@pf = PositionFile.parse(@pf_file)
|
55
55
|
end
|
56
56
|
@loop = Coolio::Loop.new
|
57
|
-
start_watchers(@
|
57
|
+
start_watchers(@chs)
|
58
58
|
@thread = Thread.new(&method(:run))
|
59
59
|
end
|
60
60
|
|
@@ -65,30 +65,30 @@ module Fluent
|
|
65
65
|
@pf_file.close if @pf_file
|
66
66
|
end
|
67
67
|
|
68
|
-
def setup_wacther(
|
69
|
-
wlw = WindowsLogWatcher.new(
|
68
|
+
def setup_wacther(ch, pe)
|
69
|
+
wlw = WindowsLogWatcher.new(ch, pe, &method(:receive_lines))
|
70
70
|
wlw.attach(@loop)
|
71
71
|
wlw
|
72
72
|
end
|
73
73
|
|
74
|
-
def start_watchers(
|
75
|
-
|
74
|
+
def start_watchers(chs)
|
75
|
+
chs.each { |ch|
|
76
76
|
pe = nil
|
77
77
|
if @pf
|
78
|
-
pe = @pf[
|
78
|
+
pe = @pf[ch]
|
79
79
|
if @read_from_head && pe.read_num.zero?
|
80
|
-
el = EventLog.open(
|
80
|
+
el = EventLog.open(ch)
|
81
81
|
pe.update(el.oldest_record_number-1,1)
|
82
82
|
el.close
|
83
83
|
end
|
84
84
|
end
|
85
|
-
@tails[
|
85
|
+
@tails[ch] = setup_wacther(ch, pe)
|
86
86
|
}
|
87
87
|
end
|
88
88
|
|
89
|
-
def stop_watchers(
|
90
|
-
|
91
|
-
wlw = @tails.delete(
|
89
|
+
def stop_watchers(chs, unwatched = false)
|
90
|
+
chs.each { |ch|
|
91
|
+
wlw = @tails.delete(ch)
|
92
92
|
if wlw
|
93
93
|
wlw.unwatched = unwatched
|
94
94
|
close_watcher(wlw)
|
@@ -108,11 +108,13 @@ module Fluent
|
|
108
108
|
$log.error_backtrace
|
109
109
|
end
|
110
110
|
|
111
|
-
def receive_lines(lines, pe)
|
111
|
+
def receive_lines(ch, lines, pe)
|
112
112
|
return if lines.empty?
|
113
113
|
begin
|
114
114
|
for r in lines
|
115
|
-
h =
|
115
|
+
h = {"channel" => ch}
|
116
|
+
@keynames.each {|k| h[k]=r.send(@@KEY_MAP[k]).to_s}
|
117
|
+
#h = Hash[@keynames.map {|k| [k, r.send(@@KEY_MAP[k]).to_s]}]
|
116
118
|
Engine.emit(@tag, Engine.now, h)
|
117
119
|
pe[1] +=1
|
118
120
|
end
|
@@ -124,14 +126,14 @@ module Fluent
|
|
124
126
|
|
125
127
|
|
126
128
|
class WindowsLogWatcher
|
127
|
-
def initialize(
|
128
|
-
@
|
129
|
+
def initialize(ch, pe, &receive_lines)
|
130
|
+
@ch = ch
|
129
131
|
@pe = pe || MemoryPositionEntry.new
|
130
132
|
@receive_lines = receive_lines
|
131
133
|
@timer_trigger = TimerWatcher.new(1, true, &method(:on_notify))
|
132
134
|
end
|
133
135
|
|
134
|
-
attr_reader :
|
136
|
+
attr_reader :ch
|
135
137
|
attr_accessor :unwatched
|
136
138
|
attr_accessor :pe
|
137
139
|
|
@@ -149,7 +151,7 @@ module Fluent
|
|
149
151
|
end
|
150
152
|
|
151
153
|
def on_notify
|
152
|
-
el = EventLog.open(@
|
154
|
+
el = EventLog.open(@ch)
|
153
155
|
rl_sn = [el.oldest_record_number, el.total_records]
|
154
156
|
pe_sn = [@pe.read_start, @pe.read_num]
|
155
157
|
# if total_records is zero, oldest_record_number has no meaning.
|
@@ -170,7 +172,7 @@ module Fluent
|
|
170
172
|
cur_end += 0xFFFFFFFF
|
171
173
|
end
|
172
174
|
|
173
|
-
if (cur_end
|
175
|
+
if (cur_end < old_end)
|
174
176
|
# something occured.
|
175
177
|
@pe.update(rl_sn[0], rl_sn[1])
|
176
178
|
return
|
@@ -179,8 +181,10 @@ module Fluent
|
|
179
181
|
read_more = false
|
180
182
|
begin
|
181
183
|
numlines = cur_end - old_end
|
184
|
+
|
182
185
|
winlogs = el.read(Windows::Constants::EVENTLOG_SEEK_READ | Windows::Constants::EVENTLOG_FORWARDS_READ, old_end + 1)
|
183
|
-
@receive_lines.call(winlogs, pe_sn)
|
186
|
+
@receive_lines.call(@ch, winlogs, pe_sn)
|
187
|
+
|
184
188
|
@pe.update(pe_sn[0], pe_sn[1])
|
185
189
|
old_end = pe_sn[0] + pe_sn[1] -1
|
186
190
|
end while read_more
|
@@ -211,17 +215,17 @@ module Fluent
|
|
211
215
|
@last_pos = last_pos
|
212
216
|
end
|
213
217
|
|
214
|
-
def [](
|
215
|
-
if m = @map[
|
218
|
+
def [](ch)
|
219
|
+
if m = @map[ch]
|
216
220
|
return m
|
217
221
|
end
|
218
222
|
@file.pos = @last_pos
|
219
|
-
@file.write
|
223
|
+
@file.write ch
|
220
224
|
@file.write "\t"
|
221
225
|
seek = @file.pos
|
222
226
|
@file.write "00000000\t00000000\n"
|
223
227
|
@last_pos = @file.pos
|
224
|
-
@map[
|
228
|
+
@map[ch] = FilePositionEntry.new(@file, seek)
|
225
229
|
end
|
226
230
|
|
227
231
|
# parsing file and rebuild mysself
|
@@ -232,10 +236,10 @@ module Fluent
|
|
232
236
|
# check and get a matched line as m
|
233
237
|
m = /^([^\t]+)\t([0-9a-fA-F]+)\t([0-9a-fA-F]+)/.match(line)
|
234
238
|
next unless m
|
235
|
-
|
239
|
+
ch = m[1]
|
236
240
|
pos = m[2].to_i(16)
|
237
|
-
seek = file.pos - line.bytesize +
|
238
|
-
map[
|
241
|
+
seek = file.pos - line.bytesize + ch.bytesize + 1
|
242
|
+
map[ch] = FilePositionEntry.new(file, seek)
|
239
243
|
}
|
240
244
|
new(file, map, file.pos)
|
241
245
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: fluent-plugin-winevtlog
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- okahashi117
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2014-
|
11
|
+
date: 2014-10-07 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|