grok 0.0.0 → 0.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/README.rdoc +5 -5
- data/VERSION +1 -1
- data/examples/ssh_sentry.rb +1 -1
- data/lib/grok.rb +6 -6
- data/lib/grok/watcher.rb +10 -9
- metadata +1 -1
data/README.rdoc
CHANGED
|
@@ -23,18 +23,18 @@ There's only a few configuration parameters for Grok at this stage
|
|
|
23
23
|
* replay: The number of lines to read from the bottom of the file on startup
|
|
24
24
|
|
|
25
25
|
=== Responding to log events
|
|
26
|
-
At it's most basic, you can simply get Grok to print
|
|
26
|
+
At it's most basic, you can simply get Grok to print out each message as it
|
|
27
27
|
receives them (pretty pointless)
|
|
28
|
-
on
|
|
29
|
-
puts
|
|
28
|
+
on /(.*)/ do |line|
|
|
29
|
+
puts line
|
|
30
30
|
end
|
|
31
31
|
|
|
32
32
|
Lets try something a bit more useful though. Lets say I want to know every
|
|
33
33
|
time there's an SSH authenitcation failure. For that, we can make use of the
|
|
34
34
|
RegExp functionality in the event handlers
|
|
35
35
|
|
|
36
|
-
on
|
|
37
|
-
puts "SSH authentication failure for #{username} from #{ip}
|
|
36
|
+
on /sshd\[\d+\]: Failed password for ([\d\w]+) from ([\d\.]+)/ do |username, ip|
|
|
37
|
+
puts "SSH authentication failure for #{username} from #{ip}"
|
|
38
38
|
end
|
|
39
39
|
|
|
40
40
|
This is a bit better. You could go further to have it automatically block the
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
0.0.
|
|
1
|
+
0.0.1
|
data/examples/ssh_sentry.rb
CHANGED
data/lib/grok.rb
CHANGED
|
@@ -2,14 +2,14 @@ require 'grok/watcher'
|
|
|
2
2
|
|
|
3
3
|
$watcher = Grok::Watcher.new
|
|
4
4
|
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
def #{method}(*args, &block)
|
|
8
|
-
$watcher.#{method}(*args, &block)
|
|
9
|
-
end
|
|
10
|
-
EOF
|
|
5
|
+
def configure(*args, &block)
|
|
6
|
+
$watcher.configure(*args, &block)
|
|
11
7
|
end
|
|
12
8
|
|
|
9
|
+
def on(match, opts={}, &block)
|
|
10
|
+
$watcher.on(match, opts, &block)
|
|
11
|
+
end
|
|
12
|
+
|
|
13
13
|
at_exit do
|
|
14
14
|
unless defined?(Test::Unit)
|
|
15
15
|
raise $! if $!
|
data/lib/grok/watcher.rb
CHANGED
|
@@ -18,19 +18,12 @@ module Grok
|
|
|
18
18
|
b.call(@config)
|
|
19
19
|
end
|
|
20
20
|
|
|
21
|
-
def on(
|
|
21
|
+
def on(match, opts={}, &block)
|
|
22
|
+
event = :log
|
|
22
23
|
match = match.to_s if match.is_a? Integer
|
|
23
24
|
(@events[event] ||= []) << [Regexp.new(match), block]
|
|
24
25
|
end
|
|
25
26
|
|
|
26
|
-
def dispatch(event, log)
|
|
27
|
-
if handler = find(event, log)
|
|
28
|
-
regexp, block = *handler
|
|
29
|
-
self.match = log.match(regexp).captures
|
|
30
|
-
invoke block
|
|
31
|
-
end
|
|
32
|
-
end
|
|
33
|
-
|
|
34
27
|
def start
|
|
35
28
|
File.open(@config.file) do |log|
|
|
36
29
|
log.extend(File::Tail)
|
|
@@ -65,5 +58,13 @@ module Grok
|
|
|
65
58
|
__grok_event_handler(*bargs)
|
|
66
59
|
}
|
|
67
60
|
end
|
|
61
|
+
|
|
62
|
+
def dispatch(event, log)
|
|
63
|
+
if handler = find(event, log)
|
|
64
|
+
regexp, block = *handler
|
|
65
|
+
self.match = log.match(regexp).captures
|
|
66
|
+
invoke block
|
|
67
|
+
end
|
|
68
|
+
end
|
|
68
69
|
end
|
|
69
70
|
end
|