grok 0.0.3 → 0.0.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/README.rdoc +10 -0
- data/VERSION +1 -1
- data/examples/gtrace.rb +28 -0
- data/lib/grok.rb +5 -1
- data/lib/grok/watcher.rb +10 -2
- metadata +4 -2
data/README.rdoc
CHANGED
|
@@ -71,6 +71,16 @@ purposes of printing a summary, or whatever you want).
|
|
|
71
71
|
You can define as many of these handlers as you'd like and they'll be run
|
|
72
72
|
when the Ruby process has been sent a SIGINT.
|
|
73
73
|
|
|
74
|
+
==== Start
|
|
75
|
+
You can also define event handlers to run before Grok starts reading it's
|
|
76
|
+
input.
|
|
77
|
+
|
|
78
|
+
start do
|
|
79
|
+
puts "Starting"
|
|
80
|
+
end
|
|
81
|
+
|
|
82
|
+
You can define as many of these event handlers as you'd like
|
|
83
|
+
|
|
74
84
|
== Note on Patches/Pull Requests
|
|
75
85
|
|
|
76
86
|
* Fork the project.
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
0.0.
|
|
1
|
+
0.0.4
|
data/examples/gtrace.rb
ADDED
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
# Little proof of concept script that straces a running command and tells
|
|
2
|
+
# you how long it's spent in each syscall (aggregated) on exit.
|
|
3
|
+
#
|
|
4
|
+
# ruby gtrace.rb <PID>
|
|
5
|
+
|
|
6
|
+
require 'rubygems'
|
|
7
|
+
require 'grok'
|
|
8
|
+
|
|
9
|
+
configure do |c|
|
|
10
|
+
c.process = "strace -T -p #{ARGV[0]} 2>&1"
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
start do
|
|
14
|
+
@syscalls = {}
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
on /(\S+)\(.* .([\d\.]+)./ do |syscall, seconds|
|
|
18
|
+
if !@syscalls[syscall]
|
|
19
|
+
@syscalls[syscall] = 0.0
|
|
20
|
+
end
|
|
21
|
+
@syscalls[syscall] += seconds.to_f
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
exit do
|
|
25
|
+
@syscalls.keys.each { |syscall|
|
|
26
|
+
puts "#{syscall}: #{@syscalls[syscall].to_s} seconds"
|
|
27
|
+
}
|
|
28
|
+
end
|
data/lib/grok.rb
CHANGED
data/lib/grok/watcher.rb
CHANGED
|
@@ -25,11 +25,17 @@ module Grok
|
|
|
25
25
|
(@events[:log] ||= []) << [Regexp.new(match), block, opts[:times], within]
|
|
26
26
|
end
|
|
27
27
|
|
|
28
|
-
def
|
|
28
|
+
def on_exit(&block)
|
|
29
29
|
(@events[:exit] ||= []) << block
|
|
30
30
|
end
|
|
31
31
|
|
|
32
|
+
def on_start(&block)
|
|
33
|
+
(@events[:start] ||= []) << block
|
|
34
|
+
end
|
|
35
|
+
|
|
32
36
|
def start
|
|
37
|
+
dispatch(:start)
|
|
38
|
+
|
|
33
39
|
if !@config.file.nil?
|
|
34
40
|
File.open(@config.file) do |log|
|
|
35
41
|
log.extend(File::Tail)
|
|
@@ -82,7 +88,9 @@ module Grok
|
|
|
82
88
|
Process.exit
|
|
83
89
|
end
|
|
84
90
|
|
|
85
|
-
if
|
|
91
|
+
if event == :start
|
|
92
|
+
@events[:start].each { |block| invoke block }
|
|
93
|
+
elsif handler = find(event, log)
|
|
86
94
|
regexp, block, times, within = *handler
|
|
87
95
|
self.match = log.match(regexp).captures
|
|
88
96
|
(@event_log[match] ||= []) << Time.now.to_i
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: grok
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Tim Sharpe
|
|
@@ -9,7 +9,7 @@ autorequire:
|
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
11
|
|
|
12
|
-
date: 2010-02-
|
|
12
|
+
date: 2010-02-19 00:00:00 +11:00
|
|
13
13
|
default_executable:
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
@@ -48,6 +48,7 @@ files:
|
|
|
48
48
|
- README.rdoc
|
|
49
49
|
- Rakefile
|
|
50
50
|
- VERSION
|
|
51
|
+
- examples/gtrace.rb
|
|
51
52
|
- examples/ssh_sentry.rb
|
|
52
53
|
- lib/grok.rb
|
|
53
54
|
- lib/grok/time.rb
|
|
@@ -85,4 +86,5 @@ summary: A ruby log event correlator
|
|
|
85
86
|
test_files:
|
|
86
87
|
- test/test_grok.rb
|
|
87
88
|
- test/helper.rb
|
|
89
|
+
- examples/gtrace.rb
|
|
88
90
|
- examples/ssh_sentry.rb
|