log-export-container 1.0.53

Sign up to get free protection for your applications and to get access to all the features.
Files changed (38) hide show
  1. checksums.yaml +7 -0
  2. data/bin/log-export-container +11 -0
  3. data/conf-utils.rb +106 -0
  4. data/create-conf.rb +22 -0
  5. data/fluentd/etc/classify-default-csv.conf +39 -0
  6. data/fluentd/etc/classify-default-json.conf +38 -0
  7. data/fluentd/etc/classify-syslog-csv.conf +94 -0
  8. data/fluentd/etc/classify-tcp-csv.conf +89 -0
  9. data/fluentd/etc/input-extract-audit-entities.conf +9 -0
  10. data/fluentd/etc/input-file-csv.conf +10 -0
  11. data/fluentd/etc/input-file-json.conf +9 -0
  12. data/fluentd/etc/input-json-chunk.conf +3 -0
  13. data/fluentd/etc/input-syslog-csv.conf +13 -0
  14. data/fluentd/etc/input-syslog-json.conf +12 -0
  15. data/fluentd/etc/input-tcp-csv.conf +12 -0
  16. data/fluentd/etc/input-tcp-json.conf +11 -0
  17. data/fluentd/etc/monitoring.conf +25 -0
  18. data/fluentd/etc/output-azure-loganalytics.conf +9 -0
  19. data/fluentd/etc/output-bigquery.conf +13 -0
  20. data/fluentd/etc/output-cloudwatch.conf +11 -0
  21. data/fluentd/etc/output-datadog.conf +10 -0
  22. data/fluentd/etc/output-elasticsearch-8.conf +5 -0
  23. data/fluentd/etc/output-kafka.conf +11 -0
  24. data/fluentd/etc/output-logz.conf +8 -0
  25. data/fluentd/etc/output-loki.conf +5 -0
  26. data/fluentd/etc/output-mongo.conf +9 -0
  27. data/fluentd/etc/output-remote-syslog.conf +11 -0
  28. data/fluentd/etc/output-s3.conf +15 -0
  29. data/fluentd/etc/output-splunk-hec.conf +12 -0
  30. data/fluentd/etc/output-stdout.conf +3 -0
  31. data/fluentd/etc/output-sumologic.conf +10 -0
  32. data/fluentd/etc/output-template.conf +4 -0
  33. data/fluentd/etc/process.conf +19 -0
  34. data/fluentd/plugins/filter_sdm_decode_chunk_events.rb +71 -0
  35. data/fluentd/plugins/parser_sdm_json.rb +29 -0
  36. data/fluentd/scripts/dump_sdm_entities.rb +117 -0
  37. data/start.rb +34 -0
  38. metadata +365 -0
data/fluentd/etc/output-splunk-hec.conf ADDED
@@ -0,0 +1,12 @@
1
+ <store>
2
+ @type splunk_hec
3
+ hec_host "#{ENV['SPLUNK_HEC_HOST']}"
4
+ hec_port "#{ENV['SPLUNK_HEC_PORT']}"
5
+ hec_token "#{ENV['SPLUNK_HEC_TOKEN']}"
6
+
7
+ # ssl params
8
+ insecure_ssl true
9
+
10
+ # for more config options
11
+ # see https://github.com/splunk/fluent-plugin-splunk-hec
12
+ </store>
data/fluentd/etc/output-stdout.conf ADDED
@@ -0,0 +1,3 @@
1
+ <store>
2
+ @type stdout
3
+ </store>
data/fluentd/etc/output-sumologic.conf ADDED
@@ -0,0 +1,10 @@
1
+ <store>
2
+ @type sumologic
3
+ endpoint "#{ENV['SUMOLOGIC_ENDPOINT']}"
4
+ log_format json
5
+ source_name sdm
6
+ source_category "#{ENV['SUMOLOGIC_SOURCE_CATEGORY']}"
7
+
8
+ # for more config options
9
+ # see https://github.com/SumoLogic/fluentd-output-sumologic
10
+ </store>
data/fluentd/etc/output-template.conf ADDED
@@ -0,0 +1,4 @@
1
+ <match **>
2
+ @type copy
3
+ $stores
4
+ </match>
data/fluentd/etc/process.conf ADDED
@@ -0,0 +1,19 @@
1
+ # Config file for processing log traces
2
+
3
+ # Sanitizer Rules
4
+ # see https://github.com/fluent/fluent-plugin-sanitizer
5
+
6
+ # <filter **>
7
+ # @type sanitizer
8
+ # hash_salt sdmsalt
9
+ # <rule>
10
+ # keys query
11
+ # pattern_regex /SET PASSWORD .*/
12
+ # pattern_regex_prefix "CHANGE_PASSWORD"
13
+ # </rule>
14
+ # <rule>
15
+ # keys query
16
+ # pattern_regex /ALTER USER .+ IDENTIFIED BY .+/
17
+ # pattern_regex_prefix "CHANGE_PASSWORD"
18
+ # </rule>
19
+ # </filter>
data/fluentd/plugins/filter_sdm_decode_chunk_events.rb ADDED
@@ -0,0 +1,71 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'fluent/plugin/parser'
4
+ require 'fluent/plugin/parser_json'
5
+
6
+ module Fluent::Plugin
7
+ class SDMDecodeChunkEventsFilter < Filter
8
+ Fluent::Plugin.register_filter('sdm_decode_chunk_events', self)
9
+
10
+ def filter(tag, time, record)
11
+ decode_chunk_log(record)
12
+ end
13
+
14
+ private
15
+
16
+ def decode_chunk_log(record)
17
+ decoded_events = []
18
+
19
+ full_cmd_entry = ''
20
+ total_elapsed_millis = 0
21
+ start_time_regular = zulu_date_to_regular(record['timestamp'])
22
+ begin
23
+ record['events'].each do |event|
24
+ duration, command = extract_cmd_entry_info(event)
25
+ one_line_cmd_entry = command.gsub("\r", '')
26
+ total_elapsed_millis += duration
27
+ full_cmd_entry = "#{full_cmd_entry}#{one_line_cmd_entry}"
28
+
29
+ next unless end_of_line(one_line_cmd_entry)
30
+
31
+ end_time_regular = add_millis(start_time_regular, total_elapsed_millis)
32
+
33
+ item = {
34
+ 'data' => full_cmd_entry.split("\n"),
35
+ 'startTimestamp' => start_time_regular,
36
+ 'endTimestamp' => end_time_regular
37
+ }
38
+
39
+ decoded_events << item
40
+
41
+ full_cmd_entry = ''
42
+ total_elapsed_millis = 0
43
+ start_time_regular = end_time_regular
44
+ end
45
+
46
+ record['decodedEvents'] = decoded_events unless record['decodedEvents']
47
+ rescue StandardError => _e
48
+ puts "An error ocurred: #{_e.message}"
49
+ end
50
+
51
+ record
52
+ end
53
+
54
+ def end_of_line(line)
55
+ line.include? "\n"
56
+ end
57
+
58
+ def zulu_date_to_regular(input_date)
59
+ input_date.gsub(/[0-9]{,3} \+[0-9]{,4} UTC$/, '')
60
+ end
61
+
62
+ def extract_cmd_entry_info(line)
63
+ [line['duration'], Base64.decode64(line['data']).force_encoding('utf-8')]
64
+ end
65
+
66
+ def add_millis(input_date, input_millis)
67
+ new_date = Time.parse input_date
68
+ (new_date.to_time + input_millis / 1000.0).iso8601(3).to_s
69
+ end
70
+ end
71
+ end
data/fluentd/plugins/parser_sdm_json.rb ADDED
@@ -0,0 +1,29 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'fluent/plugin/parser'
4
+ require 'fluent/plugin/parser_json'
5
+
6
+ # Remove characters before JSON from SDM log lines, format:
7
+ # 2021-06-22T17:15:19Z ip-172-31-3-25 strongDM[734548]: {\"type\":\"complete\",\"timestamp\":\"2021-06-22T17:15:19.758785454Z\",\"uuid\":\"01uJSIaxJKEf6y85VRAoypiPJUGJ\",\"duration\":0,\"records\":1}
8
+ module Fluent::Plugin
9
+ class SDMJsonParser < Parser
10
+ Fluent::Plugin.register_parser('sdm_json', self)
11
+
12
+ def configure(conf)
13
+ super
14
+ @parser = Fluent::Plugin::JSONParser.new
15
+ @parser.configure(Fluent::Config::Element.new('ROOT', '', {}, []))
16
+ end
17
+
18
+ def parse(text)
19
+ idx = text.index('{')
20
+ if idx
21
+ text = text[idx..-1]
22
+ end
23
+ @parser.parse(text) do |_, r|
24
+ text = r
25
+ end
26
+ yield Fluent::EventTime.now, text
27
+ end
28
+ end
29
+ end
data/fluentd/scripts/dump_sdm_entities.rb ADDED
@@ -0,0 +1,117 @@
1
+ require 'json'
2
+ require 'date'
3
+ require 'open3'
4
+ require 'socket'
5
+
6
+ SIGTERM = 15
7
+
8
+ AUDIT_ENTITY_TYPES = {
9
+ "activities" => "activity",
10
+ "resources" => "resource",
11
+ "users" => "user",
12
+ "roles" => "role",
13
+ }
14
+
15
+ def get_audit_rows(entity_name)
16
+ if entity_name == "activities"
17
+ return get_audit_activities_rows
18
+ end
19
+ output = `sdm audit #{entity_name} -j`
20
+ output.split("\n")
21
+ end
22
+
23
+ def get_audit_activities_rows
24
+ interval_time = extract_activities_interval
25
+ if interval_time == nil
26
+ stream_activities
27
+ return
28
+ end
29
+ datetime_from = DateTime.now - (interval_time + 1.0)/(24*60)
30
+ datetime_to = DateTime.now - 1.0/(24*60)
31
+ output = `sdm audit activities -j -e --from "#{datetime_from.to_s}" --to "#{datetime_to.to_s}"`
32
+ output.split("\n")
33
+ end
34
+
35
+ def extract_activities_interval
36
+ extract_entities = ENV['LOG_EXPORT_CONTAINER_EXTRACT_AUDIT']
37
+ if ENV['LOG_EXPORT_CONTAINER_EXTRACT_AUDIT_ACTIVITIES_INTERVAL'] != nil
38
+ interval = ENV['LOG_EXPORT_CONTAINER_EXTRACT_AUDIT_ACTIVITIES_INTERVAL'].to_i
39
+ elsif extract_entities&.match /activities\/stream/
40
+ return nil
41
+ else
42
+ interval_match = extract_entities&.match /activities\/+(\d+)/
43
+ interval = interval_match ? interval_match[1].to_i : 15
44
+ end
45
+ interval
46
+ end
47
+
48
+ def stream_activities
49
+ stdout_and_stderr, thread = open_activities_stream
50
+ process_activity_stream(stdout_and_stderr)
51
+ Process.kill(SIGTERM, thread.pid)
52
+ end
53
+
54
+ def open_activities_stream
55
+ must_stream_json = ENV['LOG_EXPORT_CONTAINER_INPUT'].include?("json")
56
+ command = "sdm audit activities -e -f"
57
+ if must_stream_json
58
+ command += " -j"
59
+ end
60
+ _, stdout_and_stderr, thread = Open3.popen2e(command)
61
+ [stdout_and_stderr, thread]
62
+ end
63
+
64
+ def send_socket_message(message)
65
+ client = TCPSocket.open('localhost', 5140)
66
+ client.puts "<5>#{message}"
67
+ client.close
68
+ end
69
+
70
+ def parse_entity(entity, entity_name)
71
+ parsed_entity = JSON.parse(entity)
72
+ parsed_entity['type'] = AUDIT_ENTITY_TYPES[entity_name]
73
+ parsed_entity
74
+ end
75
+
76
+ def process_activity_stream(stdout)
77
+ must_stream_json = ENV['LOG_EXPORT_CONTAINER_INPUT'].include?("json")
78
+ stdout.each do |line|
79
+ if must_stream_json
80
+ message = JSON.generate(parse_entity(line, 'activities'))
81
+ else
82
+ message = line.gsub("\n", "") + ",activity"
83
+ end
84
+ send_socket_message(message)
85
+ end
86
+ end
87
+
88
+ def parse_rows(rows, entity_name)
89
+ parsed_rows = []
90
+ rows.each do |row|
91
+ parsed_rows << parse_entity(row, AUDIT_ENTITY_TYPES[entity_name])
92
+ end
93
+ parsed_rows
94
+ end
95
+
96
+ def print_rows(rows)
97
+ rows.each { |row| puts "#{JSON.generate(row)}" }
98
+ end
99
+
100
+ def dump_entities(entity_name)
101
+ unless AUDIT_ENTITY_TYPES.keys.include?(entity_name.to_s)
102
+ return
103
+ end
104
+ begin
105
+ rows = get_audit_rows(entity_name)
106
+ unless rows
107
+ return
108
+ end
109
+ parsed_rows = parse_rows(rows, entity_name)
110
+ print_rows(parsed_rows)
111
+ rescue StandardError => _e
112
+ error = {"error" => "An error ocurred while extracting the audit #{entity_name.to_s} data: #{_e}", "type" => "unclass"}
113
+ send_socket_message(JSON.generate(error))
114
+ end
115
+ end
116
+
117
+ dump_entities(ARGV[0])
data/start.rb ADDED
@@ -0,0 +1,34 @@
1
+ ::USING_WINDOWS = !!((RUBY_PLATFORM =~ /(win|w)(32|64)$/) || (RUBY_PLATFORM =~ /mswin|mingw/))
2
+
3
+ if ENV["SDM_ADMIN_TOKEN"]
4
+ puts('Starting SDM')
5
+ result = system("sdm --admin-token #{ENV['SDM_ADMIN_TOKEN']} login")
6
+ unless result
7
+ puts "You need to install SDM CLI."
8
+ return
9
+ end
10
+ listen_thread = Thread.new { system('sdm listen', :out => File::NULL, :err => File::NULL) }
11
+ until system('sdm status', :out => File::NULL) do
12
+ sleep(1)
13
+ end
14
+ end
15
+
16
+ puts("Creating Fluentd conf file")
17
+ require "#{ENV['FLUENTD_DIR']}/../create-conf.rb"
18
+
19
+ fluentd_pkg_name = "fluentd"
20
+ fluentd_pkg_version = "> 0.a"
21
+
22
+ puts("Starting Fluentd")
23
+
24
+ if ::USING_WINDOWS
25
+ fluentd_path = "fluentd"
26
+ elsif Gem.respond_to?(:activate_bin_path)
27
+ # when using Linux sometimes the "fluentd" binary is not called,
28
+ # so to ensure the proper execution we need to provide the full binary path
29
+ fluentd_path = Gem.activate_bin_path(fluentd_pkg_name, fluentd_pkg_name, fluentd_pkg_version)
30
+ else
31
+ fluentd_path = Gem.bin_path(fluentd_pkg_name, fluentd_pkg_name, fluentd_pkg_version)
32
+ end
33
+
34
+ system("#{fluentd_path} -c #{ENV['FLUENTD_DIR']}/etc/fluent.conf -p #{ENV['FLUENTD_DIR']}/plugins")
metadata ADDED
@@ -0,0 +1,365 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: log-export-container
3
+ version: !ruby/object:Gem::Version
4
+ version: 1.0.53
5
+ platform: ruby
6
+ authors:
7
+ - StrongDM
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2022-10-31 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: fluentd
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ">="
18
+ - !ruby/object:Gem::Version
19
+ version: '0'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - ">="
25
+ - !ruby/object:Gem::Version
26
+ version: '0'
27
+ - !ruby/object:Gem::Dependency
28
+ name: fluent
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - ">="
32
+ - !ruby/object:Gem::Version
33
+ version: '0'
34
+ type: :runtime
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - ">="
39
+ - !ruby/object:Gem::Version
40
+ version: '0'
41
+ - !ruby/object:Gem::Dependency
42
+ name: fluent-plugin-rewrite-tag-filter
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - ">="
46
+ - !ruby/object:Gem::Version
47
+ version: '0'
48
+ type: :runtime
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - ">="
53
+ - !ruby/object:Gem::Version
54
+ version: '0'
55
+ - !ruby/object:Gem::Dependency
56
+ name: fluent-plugin-s3
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - ">="
60
+ - !ruby/object:Gem::Version
61
+ version: '0'
62
+ type: :runtime
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - ">="
67
+ - !ruby/object:Gem::Version
68
+ version: '0'
69
+ - !ruby/object:Gem::Dependency
70
+ name: fluent-plugin-cloudwatch-logs
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - ">="
74
+ - !ruby/object:Gem::Version
75
+ version: '0'
76
+ type: :runtime
77
+ prerelease: false
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - ">="
81
+ - !ruby/object:Gem::Version
82
+ version: '0'
83
+ - !ruby/object:Gem::Dependency
84
+ name: fluent-plugin-splunk-hec
85
+ requirement: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - ">="
88
+ - !ruby/object:Gem::Version
89
+ version: '0'
90
+ type: :runtime
91
+ prerelease: false
92
+ version_requirements: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - ">="
95
+ - !ruby/object:Gem::Version
96
+ version: '0'
97
+ - !ruby/object:Gem::Dependency
98
+ name: fluent-plugin-datadog
99
+ requirement: !ruby/object:Gem::Requirement
100
+ requirements:
101
+ - - ">="
102
+ - !ruby/object:Gem::Version
103
+ version: '0'
104
+ type: :runtime
105
+ prerelease: false
106
+ version_requirements: !ruby/object:Gem::Requirement
107
+ requirements:
108
+ - - ">="
109
+ - !ruby/object:Gem::Version
110
+ version: '0'
111
+ - !ruby/object:Gem::Dependency
112
+ name: fluent-plugin-azure-loganalytics
113
+ requirement: !ruby/object:Gem::Requirement
114
+ requirements:
115
+ - - ">="
116
+ - !ruby/object:Gem::Version
117
+ version: '0'
118
+ type: :runtime
119
+ prerelease: false
120
+ version_requirements: !ruby/object:Gem::Requirement
121
+ requirements:
122
+ - - ">="
123
+ - !ruby/object:Gem::Version
124
+ version: '0'
125
+ - !ruby/object:Gem::Dependency
126
+ name: fluent-plugin-sumologic_output
127
+ requirement: !ruby/object:Gem::Requirement
128
+ requirements:
129
+ - - ">="
130
+ - !ruby/object:Gem::Version
131
+ version: '0'
132
+ type: :runtime
133
+ prerelease: false
134
+ version_requirements: !ruby/object:Gem::Requirement
135
+ requirements:
136
+ - - ">="
137
+ - !ruby/object:Gem::Version
138
+ version: '0'
139
+ - !ruby/object:Gem::Dependency
140
+ name: fluent-plugin-sanitizer
141
+ requirement: !ruby/object:Gem::Requirement
142
+ requirements:
143
+ - - ">="
144
+ - !ruby/object:Gem::Version
145
+ version: '0'
146
+ type: :runtime
147
+ prerelease: false
148
+ version_requirements: !ruby/object:Gem::Requirement
149
+ requirements:
150
+ - - ">="
151
+ - !ruby/object:Gem::Version
152
+ version: '0'
153
+ - !ruby/object:Gem::Dependency
154
+ name: fluent-plugin-kafka
155
+ requirement: !ruby/object:Gem::Requirement
156
+ requirements:
157
+ - - ">="
158
+ - !ruby/object:Gem::Version
159
+ version: '0'
160
+ type: :runtime
161
+ prerelease: false
162
+ version_requirements: !ruby/object:Gem::Requirement
163
+ requirements:
164
+ - - ">="
165
+ - !ruby/object:Gem::Version
166
+ version: '0'
167
+ - !ruby/object:Gem::Dependency
168
+ name: fluent-plugin-mongo
169
+ requirement: !ruby/object:Gem::Requirement
170
+ requirements:
171
+ - - ">="
172
+ - !ruby/object:Gem::Version
173
+ version: '0'
174
+ type: :runtime
175
+ prerelease: false
176
+ version_requirements: !ruby/object:Gem::Requirement
177
+ requirements:
178
+ - - ">="
179
+ - !ruby/object:Gem::Version
180
+ version: '0'
181
+ - !ruby/object:Gem::Dependency
182
+ name: fluent-plugin-logzio
183
+ requirement: !ruby/object:Gem::Requirement
184
+ requirements:
185
+ - - ">="
186
+ - !ruby/object:Gem::Version
187
+ version: '0'
188
+ type: :runtime
189
+ prerelease: false
190
+ version_requirements: !ruby/object:Gem::Requirement
191
+ requirements:
192
+ - - ">="
193
+ - !ruby/object:Gem::Version
194
+ version: '0'
195
+ - !ruby/object:Gem::Dependency
196
+ name: fluent-plugin-grafana-loki
197
+ requirement: !ruby/object:Gem::Requirement
198
+ requirements:
199
+ - - ">="
200
+ - !ruby/object:Gem::Version
201
+ version: '0'
202
+ type: :runtime
203
+ prerelease: false
204
+ version_requirements: !ruby/object:Gem::Requirement
205
+ requirements:
206
+ - - ">="
207
+ - !ruby/object:Gem::Version
208
+ version: '0'
209
+ - !ruby/object:Gem::Dependency
210
+ name: fluent-plugin-remote_syslog
211
+ requirement: !ruby/object:Gem::Requirement
212
+ requirements:
213
+ - - ">="
214
+ - !ruby/object:Gem::Version
215
+ version: '0'
216
+ type: :runtime
217
+ prerelease: false
218
+ version_requirements: !ruby/object:Gem::Requirement
219
+ requirements:
220
+ - - ">="
221
+ - !ruby/object:Gem::Version
222
+ version: '0'
223
+ - !ruby/object:Gem::Dependency
224
+ name: fluent-plugin-elasticsearch
225
+ requirement: !ruby/object:Gem::Requirement
226
+ requirements:
227
+ - - '='
228
+ - !ruby/object:Gem::Version
229
+ version: 5.2.4
230
+ type: :runtime
231
+ prerelease: false
232
+ version_requirements: !ruby/object:Gem::Requirement
233
+ requirements:
234
+ - - '='
235
+ - !ruby/object:Gem::Version
236
+ version: 5.2.4
237
+ - !ruby/object:Gem::Dependency
238
+ name: fluent-plugin-bigquery
239
+ requirement: !ruby/object:Gem::Requirement
240
+ requirements:
241
+ - - ">="
242
+ - !ruby/object:Gem::Version
243
+ version: '0'
244
+ type: :runtime
245
+ prerelease: false
246
+ version_requirements: !ruby/object:Gem::Requirement
247
+ requirements:
248
+ - - ">="
249
+ - !ruby/object:Gem::Version
250
+ version: '0'
251
+ - !ruby/object:Gem::Dependency
252
+ name: fluent-plugin-prometheus
253
+ requirement: !ruby/object:Gem::Requirement
254
+ requirements:
255
+ - - ">="
256
+ - !ruby/object:Gem::Version
257
+ version: '0'
258
+ type: :runtime
259
+ prerelease: false
260
+ version_requirements: !ruby/object:Gem::Requirement
261
+ requirements:
262
+ - - ">="
263
+ - !ruby/object:Gem::Version
264
+ version: '0'
265
+ - !ruby/object:Gem::Dependency
266
+ name: test-unit
267
+ requirement: !ruby/object:Gem::Requirement
268
+ requirements:
269
+ - - ">="
270
+ - !ruby/object:Gem::Version
271
+ version: '0'
272
+ type: :runtime
273
+ prerelease: false
274
+ version_requirements: !ruby/object:Gem::Requirement
275
+ requirements:
276
+ - - ">="
277
+ - !ruby/object:Gem::Version
278
+ version: '0'
279
+ - !ruby/object:Gem::Dependency
280
+ name: rspec
281
+ requirement: !ruby/object:Gem::Requirement
282
+ requirements:
283
+ - - ">="
284
+ - !ruby/object:Gem::Version
285
+ version: '0'
286
+ type: :runtime
287
+ prerelease: false
288
+ version_requirements: !ruby/object:Gem::Requirement
289
+ requirements:
290
+ - - ">="
291
+ - !ruby/object:Gem::Version
292
+ version: '0'
293
+ description: The application acts as a syslog concentrator. Customers that want to
294
+ export their strongDM query logs to a third party logging service can use the application
295
+ to do so. They configure the application for the appropriate target. Deploy the
296
+ application. Configure their strongDM gateways to logs to a syslog destination and
297
+ set the destination to the address of the logging application host.
298
+ email:
299
+ executables:
300
+ - log-export-container
301
+ extensions: []
302
+ extra_rdoc_files: []
303
+ files:
304
+ - bin/log-export-container
305
+ - conf-utils.rb
306
+ - create-conf.rb
307
+ - fluentd/etc/classify-default-csv.conf
308
+ - fluentd/etc/classify-default-json.conf
309
+ - fluentd/etc/classify-syslog-csv.conf
310
+ - fluentd/etc/classify-tcp-csv.conf
311
+ - fluentd/etc/input-extract-audit-entities.conf
312
+ - fluentd/etc/input-file-csv.conf
313
+ - fluentd/etc/input-file-json.conf
314
+ - fluentd/etc/input-json-chunk.conf
315
+ - fluentd/etc/input-syslog-csv.conf
316
+ - fluentd/etc/input-syslog-json.conf
317
+ - fluentd/etc/input-tcp-csv.conf
318
+ - fluentd/etc/input-tcp-json.conf
319
+ - fluentd/etc/monitoring.conf
320
+ - fluentd/etc/output-azure-loganalytics.conf
321
+ - fluentd/etc/output-bigquery.conf
322
+ - fluentd/etc/output-cloudwatch.conf
323
+ - fluentd/etc/output-datadog.conf
324
+ - fluentd/etc/output-elasticsearch-8.conf
325
+ - fluentd/etc/output-kafka.conf
326
+ - fluentd/etc/output-logz.conf
327
+ - fluentd/etc/output-loki.conf
328
+ - fluentd/etc/output-mongo.conf
329
+ - fluentd/etc/output-remote-syslog.conf
330
+ - fluentd/etc/output-s3.conf
331
+ - fluentd/etc/output-splunk-hec.conf
332
+ - fluentd/etc/output-stdout.conf
333
+ - fluentd/etc/output-sumologic.conf
334
+ - fluentd/etc/output-template.conf
335
+ - fluentd/etc/process.conf
336
+ - fluentd/plugins/filter_sdm_decode_chunk_events.rb
337
+ - fluentd/plugins/parser_sdm_json.rb
338
+ - fluentd/scripts/dump_sdm_entities.rb
339
+ - start.rb
340
+ homepage: https://strongdm.github.io/log-export-container/
341
+ licenses:
342
+ - Apache-2.0
343
+ metadata:
344
+ source_code_uri: https://github.com/strongdm/log-export-container
345
+ post_install_message:
346
+ rdoc_options: []
347
+ require_paths:
348
+ - lib
349
+ required_ruby_version: !ruby/object:Gem::Requirement
350
+ requirements:
351
+ - - ">="
352
+ - !ruby/object:Gem::Version
353
+ version: '0'
354
+ required_rubygems_version: !ruby/object:Gem::Requirement
355
+ requirements:
356
+ - - ">="
357
+ - !ruby/object:Gem::Version
358
+ version: '0'
359
+ requirements: []
360
+ rubygems_version: 3.3.7
361
+ signing_key:
362
+ specification_version: 4
363
+ summary: An application that can be easily deployed and configured to export strongDM
364
+ query logs
365
+ test_files: []