grok 0.0.4 → 0.0.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/README.rdoc +27 -0
- data/VERSION +1 -1
- data/lib/grok.rb +6 -0
- data/lib/grok/watcher.rb +28 -5
- metadata +24 -13
data/README.rdoc
CHANGED
@@ -59,6 +59,19 @@ weeks (w), days (d), hours (h), minutes (m) and seconds (s). For example
|
|
59
59
|
'1d2h3s' => 1 day, 2 hours and 3 seconds
|
60
60
|
'2y3m' => 2 years and 3 minutes
|
61
61
|
|
62
|
+
=== Ignoring log events
|
63
|
+
If you want grok to ignore certain log events, you can simply pass a regexp to the ignore function.
|
64
|
+
|
65
|
+
ignore /regexp/
|
66
|
+
|
67
|
+
This is particularly useful if you have a catch-all event in your script somewhere
|
68
|
+
|
69
|
+
ignore /kernel: imklog [\d\.]+, log source = \/proc\/kmsg started/
|
70
|
+
|
71
|
+
on /(.*) do |line|
|
72
|
+
#foo
|
73
|
+
end
|
74
|
+
|
62
75
|
=== Other events
|
63
76
|
==== Exit
|
64
77
|
You can also define event handlers to run when your script exits (for the
|
@@ -81,6 +94,20 @@ input.
|
|
81
94
|
|
82
95
|
You can define as many of these event handlers as you'd like
|
83
96
|
|
97
|
+
==== SIGUSR1 and SIGUSR2
|
98
|
+
You can define event handlers to run whenever your grok process receives
|
99
|
+
SIGUSR1 or SIGUSR2 as well.
|
100
|
+
|
101
|
+
on :usr1 do
|
102
|
+
puts "SIGUSR1 received"
|
103
|
+
end
|
104
|
+
|
105
|
+
on :usr2 do
|
106
|
+
puts "SIGUSR2 received"
|
107
|
+
end
|
108
|
+
|
109
|
+
You can define as many of these event handlers as you'd like.
|
110
|
+
|
84
111
|
== Note on Patches/Pull Requests
|
85
112
|
|
86
113
|
* Fork the project.
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
0.0.
|
1
|
+
0.0.5
|
data/lib/grok.rb
CHANGED
@@ -19,7 +19,13 @@ def start(&block)
|
|
19
19
|
$watcher.on_start(&block)
|
20
20
|
end
|
21
21
|
|
22
|
+
def ignore(match)
|
23
|
+
$watcher.ignore(match)
|
24
|
+
end
|
25
|
+
|
22
26
|
trap "SIGINT", proc { $watcher.stop }
|
27
|
+
trap "SIGUSR1", proc { $watcher.usr1 }
|
28
|
+
trap "SIGUSR2", proc { $watcher.usr2 }
|
23
29
|
|
24
30
|
at_exit do
|
25
31
|
unless defined?(Test::Unit)
|
data/lib/grok/watcher.rb
CHANGED
@@ -11,18 +11,29 @@ module Grok
|
|
11
11
|
@events = {}
|
12
12
|
@event_log = {}
|
13
13
|
@config = Config.new(nil, 10, 0, nil)
|
14
|
-
|
15
|
-
#instance_eval(&b) if block_given?
|
14
|
+
@catchable_signals = [:usr1, :usr2]
|
16
15
|
end
|
17
16
|
|
18
17
|
def configure(&b)
|
19
18
|
b.call(@config)
|
20
19
|
end
|
21
20
|
|
22
|
-
def
|
21
|
+
def ignore(match)
|
23
22
|
match = match.to_s if match.is_a? Integer
|
24
|
-
|
25
|
-
|
23
|
+
(@events[:ignore] ||= []) << [Regexp.new(match)]
|
24
|
+
end
|
25
|
+
|
26
|
+
def on(match, opts={}, &block)
|
27
|
+
if match.is_a? Symbol
|
28
|
+
if @catchable_signals.include? match
|
29
|
+
(@events[match] ||= []) << block
|
30
|
+
puts @events
|
31
|
+
end
|
32
|
+
else
|
33
|
+
match = match.to_s if match.is_a? Integer
|
34
|
+
within = opts[:within] ? Grok.parse_time_string(opts[:within]) : nil
|
35
|
+
(@events[:log] ||= []) << [Regexp.new(match), block, opts[:times], within]
|
36
|
+
end
|
26
37
|
end
|
27
38
|
|
28
39
|
def on_exit(&block)
|
@@ -58,6 +69,14 @@ module Grok
|
|
58
69
|
dispatch(:exit)
|
59
70
|
end
|
60
71
|
|
72
|
+
def usr1
|
73
|
+
dispatch(:usr1)
|
74
|
+
end
|
75
|
+
|
76
|
+
def usr2
|
77
|
+
dispatch(:usr2)
|
78
|
+
end
|
79
|
+
|
61
80
|
private
|
62
81
|
def find(type, log)
|
63
82
|
if events = @events[type]
|
@@ -90,6 +109,10 @@ module Grok
|
|
90
109
|
|
91
110
|
if event == :start
|
92
111
|
@events[:start].each { |block| invoke block }
|
112
|
+
elsif @catchable_signals.include? event
|
113
|
+
@events[event].each { |block| invoke block }
|
114
|
+
elsif handler = find(:ignore, log)
|
115
|
+
# do nothing!
|
93
116
|
elsif handler = find(event, log)
|
94
117
|
regexp, block, times, within = *handler
|
95
118
|
self.match = log.match(regexp).captures
|
metadata
CHANGED
@@ -1,7 +1,12 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: grok
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
|
4
|
+
prerelease: false
|
5
|
+
segments:
|
6
|
+
- 0
|
7
|
+
- 0
|
8
|
+
- 5
|
9
|
+
version: 0.0.5
|
5
10
|
platform: ruby
|
6
11
|
authors:
|
7
12
|
- Tim Sharpe
|
@@ -9,29 +14,33 @@ autorequire:
|
|
9
14
|
bindir: bin
|
10
15
|
cert_chain: []
|
11
16
|
|
12
|
-
date: 2010-
|
17
|
+
date: 2010-04-14 00:00:00 +10:00
|
13
18
|
default_executable:
|
14
19
|
dependencies:
|
15
20
|
- !ruby/object:Gem::Dependency
|
16
21
|
name: thoughtbot-shoulda
|
17
|
-
|
18
|
-
|
19
|
-
version_requirements: !ruby/object:Gem::Requirement
|
22
|
+
prerelease: false
|
23
|
+
requirement: &id001 !ruby/object:Gem::Requirement
|
20
24
|
requirements:
|
21
25
|
- - ">="
|
22
26
|
- !ruby/object:Gem::Version
|
27
|
+
segments:
|
28
|
+
- 0
|
23
29
|
version: "0"
|
24
|
-
|
30
|
+
type: :development
|
31
|
+
version_requirements: *id001
|
25
32
|
- !ruby/object:Gem::Dependency
|
26
33
|
name: file-tail
|
27
|
-
|
28
|
-
|
29
|
-
version_requirements: !ruby/object:Gem::Requirement
|
34
|
+
prerelease: false
|
35
|
+
requirement: &id002 !ruby/object:Gem::Requirement
|
30
36
|
requirements:
|
31
37
|
- - ">="
|
32
38
|
- !ruby/object:Gem::Version
|
39
|
+
segments:
|
40
|
+
- 0
|
33
41
|
version: "0"
|
34
|
-
|
42
|
+
type: :runtime
|
43
|
+
version_requirements: *id002
|
35
44
|
description: A more featureful replacement for SEC (Simple Event Correlator) in Ruby.
|
36
45
|
email: tim@sharpe.id.au
|
37
46
|
executables: []
|
@@ -68,18 +77,20 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
68
77
|
requirements:
|
69
78
|
- - ">="
|
70
79
|
- !ruby/object:Gem::Version
|
80
|
+
segments:
|
81
|
+
- 0
|
71
82
|
version: "0"
|
72
|
-
version:
|
73
83
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
74
84
|
requirements:
|
75
85
|
- - ">="
|
76
86
|
- !ruby/object:Gem::Version
|
87
|
+
segments:
|
88
|
+
- 0
|
77
89
|
version: "0"
|
78
|
-
version:
|
79
90
|
requirements: []
|
80
91
|
|
81
92
|
rubyforge_project:
|
82
|
-
rubygems_version: 1.3.
|
93
|
+
rubygems_version: 1.3.6
|
83
94
|
signing_key:
|
84
95
|
specification_version: 3
|
85
96
|
summary: A ruby log event correlator
|