grok 0.0.4 → 0.0.5
Sign up to get free protection for your applications and to get access to all the features.
- data/README.rdoc +27 -0
- data/VERSION +1 -1
- data/lib/grok.rb +6 -0
- data/lib/grok/watcher.rb +28 -5
- metadata +24 -13
data/README.rdoc
CHANGED
@@ -59,6 +59,19 @@ weeks (w), days (d), hours (h), minutes (m) and seconds (s). For example
|
|
59
59
|
'1d2h3s' => 1 day, 2 hours and 3 seconds
|
60
60
|
'2y3m' => 2 years and 3 minutes
|
61
61
|
|
62
|
+
=== Ignoring log events
|
63
|
+
If you want grok to ignore certain log events, you can simply pass a regexp to the ignore function.
|
64
|
+
|
65
|
+
ignore /regexp/
|
66
|
+
|
67
|
+
This is particularly useful if you have a catch-all event in your script somewhere
|
68
|
+
|
69
|
+
ignore /kernel: imklog [\d\.]+, log source = \/proc\/kmsg started/
|
70
|
+
|
71
|
+
on /(.*) do |line|
|
72
|
+
#foo
|
73
|
+
end
|
74
|
+
|
62
75
|
=== Other events
|
63
76
|
==== Exit
|
64
77
|
You can also define event handlers to run when your script exits (for the
|
@@ -81,6 +94,20 @@ input.
|
|
81
94
|
|
82
95
|
You can define as many of these event handlers as you'd like
|
83
96
|
|
97
|
+
==== SIGUSR1 and SIGUSR2
|
98
|
+
You can define event handlers to run whenever your grok process receives
|
99
|
+
SIGUSR1 or SIGUSR2 as well.
|
100
|
+
|
101
|
+
on :usr1 do
|
102
|
+
puts "SIGUSR1 received"
|
103
|
+
end
|
104
|
+
|
105
|
+
on :usr2 do
|
106
|
+
puts "SIGUSR2 received"
|
107
|
+
end
|
108
|
+
|
109
|
+
You can define as many of these event handlers as you'd like.
|
110
|
+
|
84
111
|
== Note on Patches/Pull Requests
|
85
112
|
|
86
113
|
* Fork the project.
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
0.0.
|
1
|
+
0.0.5
|
data/lib/grok.rb
CHANGED
@@ -19,7 +19,13 @@ def start(&block)
|
|
19
19
|
$watcher.on_start(&block)
|
20
20
|
end
|
21
21
|
|
22
|
+
def ignore(match)
|
23
|
+
$watcher.ignore(match)
|
24
|
+
end
|
25
|
+
|
22
26
|
trap "SIGINT", proc { $watcher.stop }
|
27
|
+
trap "SIGUSR1", proc { $watcher.usr1 }
|
28
|
+
trap "SIGUSR2", proc { $watcher.usr2 }
|
23
29
|
|
24
30
|
at_exit do
|
25
31
|
unless defined?(Test::Unit)
|
data/lib/grok/watcher.rb
CHANGED
@@ -11,18 +11,29 @@ module Grok
|
|
11
11
|
@events = {}
|
12
12
|
@event_log = {}
|
13
13
|
@config = Config.new(nil, 10, 0, nil)
|
14
|
-
|
15
|
-
#instance_eval(&b) if block_given?
|
14
|
+
@catchable_signals = [:usr1, :usr2]
|
16
15
|
end
|
17
16
|
|
18
17
|
def configure(&b)
|
19
18
|
b.call(@config)
|
20
19
|
end
|
21
20
|
|
22
|
-
def
|
21
|
+
def ignore(match)
|
23
22
|
match = match.to_s if match.is_a? Integer
|
24
|
-
|
25
|
-
|
23
|
+
(@events[:ignore] ||= []) << [Regexp.new(match)]
|
24
|
+
end
|
25
|
+
|
26
|
+
def on(match, opts={}, &block)
|
27
|
+
if match.is_a? Symbol
|
28
|
+
if @catchable_signals.include? match
|
29
|
+
(@events[match] ||= []) << block
|
30
|
+
puts @events
|
31
|
+
end
|
32
|
+
else
|
33
|
+
match = match.to_s if match.is_a? Integer
|
34
|
+
within = opts[:within] ? Grok.parse_time_string(opts[:within]) : nil
|
35
|
+
(@events[:log] ||= []) << [Regexp.new(match), block, opts[:times], within]
|
36
|
+
end
|
26
37
|
end
|
27
38
|
|
28
39
|
def on_exit(&block)
|
@@ -58,6 +69,14 @@ module Grok
|
|
58
69
|
dispatch(:exit)
|
59
70
|
end
|
60
71
|
|
72
|
+
def usr1
|
73
|
+
dispatch(:usr1)
|
74
|
+
end
|
75
|
+
|
76
|
+
def usr2
|
77
|
+
dispatch(:usr2)
|
78
|
+
end
|
79
|
+
|
61
80
|
private
|
62
81
|
def find(type, log)
|
63
82
|
if events = @events[type]
|
@@ -90,6 +109,10 @@ module Grok
|
|
90
109
|
|
91
110
|
if event == :start
|
92
111
|
@events[:start].each { |block| invoke block }
|
112
|
+
elsif @catchable_signals.include? event
|
113
|
+
@events[event].each { |block| invoke block }
|
114
|
+
elsif handler = find(:ignore, log)
|
115
|
+
# do nothing!
|
93
116
|
elsif handler = find(event, log)
|
94
117
|
regexp, block, times, within = *handler
|
95
118
|
self.match = log.match(regexp).captures
|
metadata
CHANGED
@@ -1,7 +1,12 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: grok
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
|
4
|
+
prerelease: false
|
5
|
+
segments:
|
6
|
+
- 0
|
7
|
+
- 0
|
8
|
+
- 5
|
9
|
+
version: 0.0.5
|
5
10
|
platform: ruby
|
6
11
|
authors:
|
7
12
|
- Tim Sharpe
|
@@ -9,29 +14,33 @@ autorequire:
|
|
9
14
|
bindir: bin
|
10
15
|
cert_chain: []
|
11
16
|
|
12
|
-
date: 2010-
|
17
|
+
date: 2010-04-14 00:00:00 +10:00
|
13
18
|
default_executable:
|
14
19
|
dependencies:
|
15
20
|
- !ruby/object:Gem::Dependency
|
16
21
|
name: thoughtbot-shoulda
|
17
|
-
|
18
|
-
|
19
|
-
version_requirements: !ruby/object:Gem::Requirement
|
22
|
+
prerelease: false
|
23
|
+
requirement: &id001 !ruby/object:Gem::Requirement
|
20
24
|
requirements:
|
21
25
|
- - ">="
|
22
26
|
- !ruby/object:Gem::Version
|
27
|
+
segments:
|
28
|
+
- 0
|
23
29
|
version: "0"
|
24
|
-
|
30
|
+
type: :development
|
31
|
+
version_requirements: *id001
|
25
32
|
- !ruby/object:Gem::Dependency
|
26
33
|
name: file-tail
|
27
|
-
|
28
|
-
|
29
|
-
version_requirements: !ruby/object:Gem::Requirement
|
34
|
+
prerelease: false
|
35
|
+
requirement: &id002 !ruby/object:Gem::Requirement
|
30
36
|
requirements:
|
31
37
|
- - ">="
|
32
38
|
- !ruby/object:Gem::Version
|
39
|
+
segments:
|
40
|
+
- 0
|
33
41
|
version: "0"
|
34
|
-
|
42
|
+
type: :runtime
|
43
|
+
version_requirements: *id002
|
35
44
|
description: A more featureful replacement for SEC (Simple Event Correlator) in Ruby.
|
36
45
|
email: tim@sharpe.id.au
|
37
46
|
executables: []
|
@@ -68,18 +77,20 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
68
77
|
requirements:
|
69
78
|
- - ">="
|
70
79
|
- !ruby/object:Gem::Version
|
80
|
+
segments:
|
81
|
+
- 0
|
71
82
|
version: "0"
|
72
|
-
version:
|
73
83
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
74
84
|
requirements:
|
75
85
|
- - ">="
|
76
86
|
- !ruby/object:Gem::Version
|
87
|
+
segments:
|
88
|
+
- 0
|
77
89
|
version: "0"
|
78
|
-
version:
|
79
90
|
requirements: []
|
80
91
|
|
81
92
|
rubyforge_project:
|
82
|
-
rubygems_version: 1.3.
|
93
|
+
rubygems_version: 1.3.6
|
83
94
|
signing_key:
|
84
95
|
specification_version: 3
|
85
96
|
summary: A ruby log event correlator
|