log-export-container 1.0.53
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/bin/log-export-container +11 -0
- data/conf-utils.rb +106 -0
- data/create-conf.rb +22 -0
- data/fluentd/etc/classify-default-csv.conf +39 -0
- data/fluentd/etc/classify-default-json.conf +38 -0
- data/fluentd/etc/classify-syslog-csv.conf +94 -0
- data/fluentd/etc/classify-tcp-csv.conf +89 -0
- data/fluentd/etc/input-extract-audit-entities.conf +9 -0
- data/fluentd/etc/input-file-csv.conf +10 -0
- data/fluentd/etc/input-file-json.conf +9 -0
- data/fluentd/etc/input-json-chunk.conf +3 -0
- data/fluentd/etc/input-syslog-csv.conf +13 -0
- data/fluentd/etc/input-syslog-json.conf +12 -0
- data/fluentd/etc/input-tcp-csv.conf +12 -0
- data/fluentd/etc/input-tcp-json.conf +11 -0
- data/fluentd/etc/monitoring.conf +25 -0
- data/fluentd/etc/output-azure-loganalytics.conf +9 -0
- data/fluentd/etc/output-bigquery.conf +13 -0
- data/fluentd/etc/output-cloudwatch.conf +11 -0
- data/fluentd/etc/output-datadog.conf +10 -0
- data/fluentd/etc/output-elasticsearch-8.conf +5 -0
- data/fluentd/etc/output-kafka.conf +11 -0
- data/fluentd/etc/output-logz.conf +8 -0
- data/fluentd/etc/output-loki.conf +5 -0
- data/fluentd/etc/output-mongo.conf +9 -0
- data/fluentd/etc/output-remote-syslog.conf +11 -0
- data/fluentd/etc/output-s3.conf +15 -0
- data/fluentd/etc/output-splunk-hec.conf +12 -0
- data/fluentd/etc/output-stdout.conf +3 -0
- data/fluentd/etc/output-sumologic.conf +10 -0
- data/fluentd/etc/output-template.conf +4 -0
- data/fluentd/etc/process.conf +19 -0
- data/fluentd/plugins/filter_sdm_decode_chunk_events.rb +71 -0
- data/fluentd/plugins/parser_sdm_json.rb +29 -0
- data/fluentd/scripts/dump_sdm_entities.rb +117 -0
- data/start.rb +34 -0
- metadata +365 -0
@@ -0,0 +1,12 @@
|
|
1
|
+
<store>
|
2
|
+
@type splunk_hec
|
3
|
+
hec_host "#{ENV['SPLUNK_HEC_HOST']}"
|
4
|
+
hec_port "#{ENV['SPLUNK_HEC_PORT']}"
|
5
|
+
hec_token "#{ENV['SPLUNK_HEC_TOKEN']}"
|
6
|
+
|
7
|
+
# ssl params
|
8
|
+
insecure_ssl true
|
9
|
+
|
10
|
+
# for more config options
|
11
|
+
# see https://github.com/splunk/fluent-plugin-splunk-hec
|
12
|
+
</store>
|
@@ -0,0 +1,10 @@
|
|
1
|
+
<store>
|
2
|
+
@type sumologic
|
3
|
+
endpoint "#{ENV['SUMOLOGIC_ENDPOINT']}"
|
4
|
+
log_format json
|
5
|
+
source_name sdm
|
6
|
+
source_category "#{ENV['SUMOLOGIC_SOURCE_CATEGORY']}"
|
7
|
+
|
8
|
+
# for more config options
|
9
|
+
# see https://github.com/SumoLogic/fluentd-output-sumologic
|
10
|
+
</store>
|
@@ -0,0 +1,19 @@
|
|
1
|
+
# Config file for processing log traces
|
2
|
+
|
3
|
+
# Sanitizer Rules
|
4
|
+
# see https://github.com/fluent/fluent-plugin-sanitizer
|
5
|
+
|
6
|
+
# <filter **>
|
7
|
+
# @type sanitizer
|
8
|
+
# hash_salt sdmsalt
|
9
|
+
# <rule>
|
10
|
+
# keys query
|
11
|
+
# pattern_regex /SET PASSWORD .*/
|
12
|
+
# pattern_regex_prefix "CHANGE_PASSWORD"
|
13
|
+
# </rule>
|
14
|
+
# <rule>
|
15
|
+
# keys query
|
16
|
+
# pattern_regex /ALTER USER .+ IDENTIFIED BY .+/
|
17
|
+
# pattern_regex_prefix "CHANGE_PASSWORD"
|
18
|
+
# </rule>
|
19
|
+
# </filter>
|
@@ -0,0 +1,71 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'fluent/plugin/parser'
|
4
|
+
require 'fluent/plugin/parser_json'
|
5
|
+
|
6
|
+
module Fluent::Plugin
|
7
|
+
class SDMDecodeChunkEventsFilter < Filter
|
8
|
+
Fluent::Plugin.register_filter('sdm_decode_chunk_events', self)
|
9
|
+
|
10
|
+
def filter(tag, time, record)
|
11
|
+
decode_chunk_log(record)
|
12
|
+
end
|
13
|
+
|
14
|
+
private
|
15
|
+
|
16
|
+
def decode_chunk_log(record)
|
17
|
+
decoded_events = []
|
18
|
+
|
19
|
+
full_cmd_entry = ''
|
20
|
+
total_elapsed_millis = 0
|
21
|
+
start_time_regular = zulu_date_to_regular(record['timestamp'])
|
22
|
+
begin
|
23
|
+
record['events'].each do |event|
|
24
|
+
duration, command = extract_cmd_entry_info(event)
|
25
|
+
one_line_cmd_entry = command.gsub("\r", '')
|
26
|
+
total_elapsed_millis += duration
|
27
|
+
full_cmd_entry = "#{full_cmd_entry}#{one_line_cmd_entry}"
|
28
|
+
|
29
|
+
next unless end_of_line(one_line_cmd_entry)
|
30
|
+
|
31
|
+
end_time_regular = add_millis(start_time_regular, total_elapsed_millis)
|
32
|
+
|
33
|
+
item = {
|
34
|
+
'data' => full_cmd_entry.split("\n"),
|
35
|
+
'startTimestamp' => start_time_regular,
|
36
|
+
'endTimestamp' => end_time_regular
|
37
|
+
}
|
38
|
+
|
39
|
+
decoded_events << item
|
40
|
+
|
41
|
+
full_cmd_entry = ''
|
42
|
+
total_elapsed_millis = 0
|
43
|
+
start_time_regular = end_time_regular
|
44
|
+
end
|
45
|
+
|
46
|
+
record['decodedEvents'] = decoded_events unless record['decodedEvents']
|
47
|
+
rescue StandardError => _e
|
48
|
+
puts "An error ocurred: #{_e.message}"
|
49
|
+
end
|
50
|
+
|
51
|
+
record
|
52
|
+
end
|
53
|
+
|
54
|
+
def end_of_line(line)
|
55
|
+
line.include? "\n"
|
56
|
+
end
|
57
|
+
|
58
|
+
def zulu_date_to_regular(input_date)
|
59
|
+
input_date.gsub(/[0-9]{,3} \+[0-9]{,4} UTC$/, '')
|
60
|
+
end
|
61
|
+
|
62
|
+
def extract_cmd_entry_info(line)
|
63
|
+
[line['duration'], Base64.decode64(line['data']).force_encoding('utf-8')]
|
64
|
+
end
|
65
|
+
|
66
|
+
def add_millis(input_date, input_millis)
|
67
|
+
new_date = Time.parse input_date
|
68
|
+
(new_date.to_time + input_millis / 1000.0).iso8601(3).to_s
|
69
|
+
end
|
70
|
+
end
|
71
|
+
end
|
@@ -0,0 +1,29 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'fluent/plugin/parser'
|
4
|
+
require 'fluent/plugin/parser_json'
|
5
|
+
|
6
|
+
# Remove characters before JSON from SDM log lines, format:
|
7
|
+
# 2021-06-22T17:15:19Z ip-172-31-3-25 strongDM[734548]: {\"type\":\"complete\",\"timestamp\":\"2021-06-22T17:15:19.758785454Z\",\"uuid\":\"01uJSIaxJKEf6y85VRAoypiPJUGJ\",\"duration\":0,\"records\":1}
|
8
|
+
module Fluent::Plugin
|
9
|
+
class SDMJsonParser < Parser
|
10
|
+
Fluent::Plugin.register_parser('sdm_json', self)
|
11
|
+
|
12
|
+
def configure(conf)
|
13
|
+
super
|
14
|
+
@parser = Fluent::Plugin::JSONParser.new
|
15
|
+
@parser.configure(Fluent::Config::Element.new('ROOT', '', {}, []))
|
16
|
+
end
|
17
|
+
|
18
|
+
def parse(text)
|
19
|
+
idx = text.index('{')
|
20
|
+
if idx
|
21
|
+
text = text[idx..-1]
|
22
|
+
end
|
23
|
+
@parser.parse(text) do |_, r|
|
24
|
+
text = r
|
25
|
+
end
|
26
|
+
yield Fluent::EventTime.now, text
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
@@ -0,0 +1,117 @@
|
|
1
|
+
require 'json'
|
2
|
+
require 'date'
|
3
|
+
require 'open3'
|
4
|
+
require 'socket'
|
5
|
+
|
6
|
+
SIGTERM = 15
|
7
|
+
|
8
|
+
AUDIT_ENTITY_TYPES = {
|
9
|
+
"activities" => "activity",
|
10
|
+
"resources" => "resource",
|
11
|
+
"users" => "user",
|
12
|
+
"roles" => "role",
|
13
|
+
}
|
14
|
+
|
15
|
+
def get_audit_rows(entity_name)
|
16
|
+
if entity_name == "activities"
|
17
|
+
return get_audit_activities_rows
|
18
|
+
end
|
19
|
+
output = `sdm audit #{entity_name} -j`
|
20
|
+
output.split("\n")
|
21
|
+
end
|
22
|
+
|
23
|
+
def get_audit_activities_rows
|
24
|
+
interval_time = extract_activities_interval
|
25
|
+
if interval_time == nil
|
26
|
+
stream_activities
|
27
|
+
return
|
28
|
+
end
|
29
|
+
datetime_from = DateTime.now - (interval_time + 1.0)/(24*60)
|
30
|
+
datetime_to = DateTime.now - 1.0/(24*60)
|
31
|
+
output = `sdm audit activities -j -e --from "#{datetime_from.to_s}" --to "#{datetime_to.to_s}"`
|
32
|
+
output.split("\n")
|
33
|
+
end
|
34
|
+
|
35
|
+
def extract_activities_interval
|
36
|
+
extract_entities = ENV['LOG_EXPORT_CONTAINER_EXTRACT_AUDIT']
|
37
|
+
if ENV['LOG_EXPORT_CONTAINER_EXTRACT_AUDIT_ACTIVITIES_INTERVAL'] != nil
|
38
|
+
interval = ENV['LOG_EXPORT_CONTAINER_EXTRACT_AUDIT_ACTIVITIES_INTERVAL'].to_i
|
39
|
+
elsif extract_entities&.match /activities\/stream/
|
40
|
+
return nil
|
41
|
+
else
|
42
|
+
interval_match = extract_entities&.match /activities\/+(\d+)/
|
43
|
+
interval = interval_match ? interval_match[1].to_i : 15
|
44
|
+
end
|
45
|
+
interval
|
46
|
+
end
|
47
|
+
|
48
|
+
def stream_activities
|
49
|
+
stdout_and_stderr, thread = open_activities_stream
|
50
|
+
process_activity_stream(stdout_and_stderr)
|
51
|
+
Process.kill(SIGTERM, thread.pid)
|
52
|
+
end
|
53
|
+
|
54
|
+
def open_activities_stream
|
55
|
+
must_stream_json = ENV['LOG_EXPORT_CONTAINER_INPUT'].include?("json")
|
56
|
+
command = "sdm audit activities -e -f"
|
57
|
+
if must_stream_json
|
58
|
+
command += " -j"
|
59
|
+
end
|
60
|
+
_, stdout_and_stderr, thread = Open3.popen2e(command)
|
61
|
+
[stdout_and_stderr, thread]
|
62
|
+
end
|
63
|
+
|
64
|
+
def send_socket_message(message)
|
65
|
+
client = TCPSocket.open('localhost', 5140)
|
66
|
+
client.puts "<5>#{message}"
|
67
|
+
client.close
|
68
|
+
end
|
69
|
+
|
70
|
+
def parse_entity(entity, entity_name)
|
71
|
+
parsed_entity = JSON.parse(entity)
|
72
|
+
parsed_entity['type'] = AUDIT_ENTITY_TYPES[entity_name]
|
73
|
+
parsed_entity
|
74
|
+
end
|
75
|
+
|
76
|
+
def process_activity_stream(stdout)
|
77
|
+
must_stream_json = ENV['LOG_EXPORT_CONTAINER_INPUT'].include?("json")
|
78
|
+
stdout.each do |line|
|
79
|
+
if must_stream_json
|
80
|
+
message = JSON.generate(parse_entity(line, 'activities'))
|
81
|
+
else
|
82
|
+
message = line.gsub("\n", "") + ",activity"
|
83
|
+
end
|
84
|
+
send_socket_message(message)
|
85
|
+
end
|
86
|
+
end
|
87
|
+
|
88
|
+
def parse_rows(rows, entity_name)
|
89
|
+
parsed_rows = []
|
90
|
+
rows.each do |row|
|
91
|
+
parsed_rows << parse_entity(row, AUDIT_ENTITY_TYPES[entity_name])
|
92
|
+
end
|
93
|
+
parsed_rows
|
94
|
+
end
|
95
|
+
|
96
|
+
def print_rows(rows)
|
97
|
+
rows.each { |row| puts "#{JSON.generate(row)}" }
|
98
|
+
end
|
99
|
+
|
100
|
+
def dump_entities(entity_name)
|
101
|
+
unless AUDIT_ENTITY_TYPES.keys.include?(entity_name.to_s)
|
102
|
+
return
|
103
|
+
end
|
104
|
+
begin
|
105
|
+
rows = get_audit_rows(entity_name)
|
106
|
+
unless rows
|
107
|
+
return
|
108
|
+
end
|
109
|
+
parsed_rows = parse_rows(rows, entity_name)
|
110
|
+
print_rows(parsed_rows)
|
111
|
+
rescue StandardError => _e
|
112
|
+
error = {"error" => "An error ocurred while extracting the audit #{entity_name.to_s} data: #{_e}", "type" => "unclass"}
|
113
|
+
send_socket_message(JSON.generate(error))
|
114
|
+
end
|
115
|
+
end
|
116
|
+
|
117
|
+
dump_entities(ARGV[0])
|
data/start.rb
ADDED
@@ -0,0 +1,34 @@
|
|
1
|
+
::USING_WINDOWS = !!((RUBY_PLATFORM =~ /(win|w)(32|64)$/) || (RUBY_PLATFORM =~ /mswin|mingw/))
|
2
|
+
|
3
|
+
if ENV["SDM_ADMIN_TOKEN"]
|
4
|
+
puts('Starting SDM')
|
5
|
+
result = system("sdm --admin-token #{ENV['SDM_ADMIN_TOKEN']} login")
|
6
|
+
unless result
|
7
|
+
puts "You need to install SDM CLI."
|
8
|
+
return
|
9
|
+
end
|
10
|
+
listen_thread = Thread.new { system('sdm listen', :out => File::NULL, :err => File::NULL) }
|
11
|
+
until system('sdm status', :out => File::NULL) do
|
12
|
+
sleep(1)
|
13
|
+
end
|
14
|
+
end
|
15
|
+
|
16
|
+
puts("Creating Fluentd conf file")
|
17
|
+
require "#{ENV['FLUENTD_DIR']}/../create-conf.rb"
|
18
|
+
|
19
|
+
fluentd_pkg_name = "fluentd"
|
20
|
+
fluentd_pkg_version = "> 0.a"
|
21
|
+
|
22
|
+
puts("Starting Fluentd")
|
23
|
+
|
24
|
+
if ::USING_WINDOWS
|
25
|
+
fluentd_path = "fluentd"
|
26
|
+
elsif Gem.respond_to?(:activate_bin_path)
|
27
|
+
# when using Linux sometimes the "fluentd" binary is not called,
|
28
|
+
# so to ensure the proper execution we need to provide the full binary path
|
29
|
+
fluentd_path = Gem.activate_bin_path(fluentd_pkg_name, fluentd_pkg_name, fluentd_pkg_version)
|
30
|
+
else
|
31
|
+
fluentd_path = Gem.bin_path(fluentd_pkg_name, fluentd_pkg_name, fluentd_pkg_version)
|
32
|
+
end
|
33
|
+
|
34
|
+
system("#{fluentd_path} -c #{ENV['FLUENTD_DIR']}/etc/fluent.conf -p #{ENV['FLUENTD_DIR']}/plugins")
|
metadata
ADDED
@@ -0,0 +1,365 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: log-export-container
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 1.0.53
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- StrongDM
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2022-10-31 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: fluentd
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - ">="
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '0'
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - ">="
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '0'
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: fluent
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - ">="
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '0'
|
34
|
+
type: :runtime
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - ">="
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '0'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: fluent-plugin-rewrite-tag-filter
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - ">="
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '0'
|
48
|
+
type: :runtime
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - ">="
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '0'
|
55
|
+
- !ruby/object:Gem::Dependency
|
56
|
+
name: fluent-plugin-s3
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
58
|
+
requirements:
|
59
|
+
- - ">="
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: '0'
|
62
|
+
type: :runtime
|
63
|
+
prerelease: false
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
65
|
+
requirements:
|
66
|
+
- - ">="
|
67
|
+
- !ruby/object:Gem::Version
|
68
|
+
version: '0'
|
69
|
+
- !ruby/object:Gem::Dependency
|
70
|
+
name: fluent-plugin-cloudwatch-logs
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
72
|
+
requirements:
|
73
|
+
- - ">="
|
74
|
+
- !ruby/object:Gem::Version
|
75
|
+
version: '0'
|
76
|
+
type: :runtime
|
77
|
+
prerelease: false
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
79
|
+
requirements:
|
80
|
+
- - ">="
|
81
|
+
- !ruby/object:Gem::Version
|
82
|
+
version: '0'
|
83
|
+
- !ruby/object:Gem::Dependency
|
84
|
+
name: fluent-plugin-splunk-hec
|
85
|
+
requirement: !ruby/object:Gem::Requirement
|
86
|
+
requirements:
|
87
|
+
- - ">="
|
88
|
+
- !ruby/object:Gem::Version
|
89
|
+
version: '0'
|
90
|
+
type: :runtime
|
91
|
+
prerelease: false
|
92
|
+
version_requirements: !ruby/object:Gem::Requirement
|
93
|
+
requirements:
|
94
|
+
- - ">="
|
95
|
+
- !ruby/object:Gem::Version
|
96
|
+
version: '0'
|
97
|
+
- !ruby/object:Gem::Dependency
|
98
|
+
name: fluent-plugin-datadog
|
99
|
+
requirement: !ruby/object:Gem::Requirement
|
100
|
+
requirements:
|
101
|
+
- - ">="
|
102
|
+
- !ruby/object:Gem::Version
|
103
|
+
version: '0'
|
104
|
+
type: :runtime
|
105
|
+
prerelease: false
|
106
|
+
version_requirements: !ruby/object:Gem::Requirement
|
107
|
+
requirements:
|
108
|
+
- - ">="
|
109
|
+
- !ruby/object:Gem::Version
|
110
|
+
version: '0'
|
111
|
+
- !ruby/object:Gem::Dependency
|
112
|
+
name: fluent-plugin-azure-loganalytics
|
113
|
+
requirement: !ruby/object:Gem::Requirement
|
114
|
+
requirements:
|
115
|
+
- - ">="
|
116
|
+
- !ruby/object:Gem::Version
|
117
|
+
version: '0'
|
118
|
+
type: :runtime
|
119
|
+
prerelease: false
|
120
|
+
version_requirements: !ruby/object:Gem::Requirement
|
121
|
+
requirements:
|
122
|
+
- - ">="
|
123
|
+
- !ruby/object:Gem::Version
|
124
|
+
version: '0'
|
125
|
+
- !ruby/object:Gem::Dependency
|
126
|
+
name: fluent-plugin-sumologic_output
|
127
|
+
requirement: !ruby/object:Gem::Requirement
|
128
|
+
requirements:
|
129
|
+
- - ">="
|
130
|
+
- !ruby/object:Gem::Version
|
131
|
+
version: '0'
|
132
|
+
type: :runtime
|
133
|
+
prerelease: false
|
134
|
+
version_requirements: !ruby/object:Gem::Requirement
|
135
|
+
requirements:
|
136
|
+
- - ">="
|
137
|
+
- !ruby/object:Gem::Version
|
138
|
+
version: '0'
|
139
|
+
- !ruby/object:Gem::Dependency
|
140
|
+
name: fluent-plugin-sanitizer
|
141
|
+
requirement: !ruby/object:Gem::Requirement
|
142
|
+
requirements:
|
143
|
+
- - ">="
|
144
|
+
- !ruby/object:Gem::Version
|
145
|
+
version: '0'
|
146
|
+
type: :runtime
|
147
|
+
prerelease: false
|
148
|
+
version_requirements: !ruby/object:Gem::Requirement
|
149
|
+
requirements:
|
150
|
+
- - ">="
|
151
|
+
- !ruby/object:Gem::Version
|
152
|
+
version: '0'
|
153
|
+
- !ruby/object:Gem::Dependency
|
154
|
+
name: fluent-plugin-kafka
|
155
|
+
requirement: !ruby/object:Gem::Requirement
|
156
|
+
requirements:
|
157
|
+
- - ">="
|
158
|
+
- !ruby/object:Gem::Version
|
159
|
+
version: '0'
|
160
|
+
type: :runtime
|
161
|
+
prerelease: false
|
162
|
+
version_requirements: !ruby/object:Gem::Requirement
|
163
|
+
requirements:
|
164
|
+
- - ">="
|
165
|
+
- !ruby/object:Gem::Version
|
166
|
+
version: '0'
|
167
|
+
- !ruby/object:Gem::Dependency
|
168
|
+
name: fluent-plugin-mongo
|
169
|
+
requirement: !ruby/object:Gem::Requirement
|
170
|
+
requirements:
|
171
|
+
- - ">="
|
172
|
+
- !ruby/object:Gem::Version
|
173
|
+
version: '0'
|
174
|
+
type: :runtime
|
175
|
+
prerelease: false
|
176
|
+
version_requirements: !ruby/object:Gem::Requirement
|
177
|
+
requirements:
|
178
|
+
- - ">="
|
179
|
+
- !ruby/object:Gem::Version
|
180
|
+
version: '0'
|
181
|
+
- !ruby/object:Gem::Dependency
|
182
|
+
name: fluent-plugin-logzio
|
183
|
+
requirement: !ruby/object:Gem::Requirement
|
184
|
+
requirements:
|
185
|
+
- - ">="
|
186
|
+
- !ruby/object:Gem::Version
|
187
|
+
version: '0'
|
188
|
+
type: :runtime
|
189
|
+
prerelease: false
|
190
|
+
version_requirements: !ruby/object:Gem::Requirement
|
191
|
+
requirements:
|
192
|
+
- - ">="
|
193
|
+
- !ruby/object:Gem::Version
|
194
|
+
version: '0'
|
195
|
+
- !ruby/object:Gem::Dependency
|
196
|
+
name: fluent-plugin-grafana-loki
|
197
|
+
requirement: !ruby/object:Gem::Requirement
|
198
|
+
requirements:
|
199
|
+
- - ">="
|
200
|
+
- !ruby/object:Gem::Version
|
201
|
+
version: '0'
|
202
|
+
type: :runtime
|
203
|
+
prerelease: false
|
204
|
+
version_requirements: !ruby/object:Gem::Requirement
|
205
|
+
requirements:
|
206
|
+
- - ">="
|
207
|
+
- !ruby/object:Gem::Version
|
208
|
+
version: '0'
|
209
|
+
- !ruby/object:Gem::Dependency
|
210
|
+
name: fluent-plugin-remote_syslog
|
211
|
+
requirement: !ruby/object:Gem::Requirement
|
212
|
+
requirements:
|
213
|
+
- - ">="
|
214
|
+
- !ruby/object:Gem::Version
|
215
|
+
version: '0'
|
216
|
+
type: :runtime
|
217
|
+
prerelease: false
|
218
|
+
version_requirements: !ruby/object:Gem::Requirement
|
219
|
+
requirements:
|
220
|
+
- - ">="
|
221
|
+
- !ruby/object:Gem::Version
|
222
|
+
version: '0'
|
223
|
+
- !ruby/object:Gem::Dependency
|
224
|
+
name: fluent-plugin-elasticsearch
|
225
|
+
requirement: !ruby/object:Gem::Requirement
|
226
|
+
requirements:
|
227
|
+
- - '='
|
228
|
+
- !ruby/object:Gem::Version
|
229
|
+
version: 5.2.4
|
230
|
+
type: :runtime
|
231
|
+
prerelease: false
|
232
|
+
version_requirements: !ruby/object:Gem::Requirement
|
233
|
+
requirements:
|
234
|
+
- - '='
|
235
|
+
- !ruby/object:Gem::Version
|
236
|
+
version: 5.2.4
|
237
|
+
- !ruby/object:Gem::Dependency
|
238
|
+
name: fluent-plugin-bigquery
|
239
|
+
requirement: !ruby/object:Gem::Requirement
|
240
|
+
requirements:
|
241
|
+
- - ">="
|
242
|
+
- !ruby/object:Gem::Version
|
243
|
+
version: '0'
|
244
|
+
type: :runtime
|
245
|
+
prerelease: false
|
246
|
+
version_requirements: !ruby/object:Gem::Requirement
|
247
|
+
requirements:
|
248
|
+
- - ">="
|
249
|
+
- !ruby/object:Gem::Version
|
250
|
+
version: '0'
|
251
|
+
- !ruby/object:Gem::Dependency
|
252
|
+
name: fluent-plugin-prometheus
|
253
|
+
requirement: !ruby/object:Gem::Requirement
|
254
|
+
requirements:
|
255
|
+
- - ">="
|
256
|
+
- !ruby/object:Gem::Version
|
257
|
+
version: '0'
|
258
|
+
type: :runtime
|
259
|
+
prerelease: false
|
260
|
+
version_requirements: !ruby/object:Gem::Requirement
|
261
|
+
requirements:
|
262
|
+
- - ">="
|
263
|
+
- !ruby/object:Gem::Version
|
264
|
+
version: '0'
|
265
|
+
- !ruby/object:Gem::Dependency
|
266
|
+
name: test-unit
|
267
|
+
requirement: !ruby/object:Gem::Requirement
|
268
|
+
requirements:
|
269
|
+
- - ">="
|
270
|
+
- !ruby/object:Gem::Version
|
271
|
+
version: '0'
|
272
|
+
type: :runtime
|
273
|
+
prerelease: false
|
274
|
+
version_requirements: !ruby/object:Gem::Requirement
|
275
|
+
requirements:
|
276
|
+
- - ">="
|
277
|
+
- !ruby/object:Gem::Version
|
278
|
+
version: '0'
|
279
|
+
- !ruby/object:Gem::Dependency
|
280
|
+
name: rspec
|
281
|
+
requirement: !ruby/object:Gem::Requirement
|
282
|
+
requirements:
|
283
|
+
- - ">="
|
284
|
+
- !ruby/object:Gem::Version
|
285
|
+
version: '0'
|
286
|
+
type: :runtime
|
287
|
+
prerelease: false
|
288
|
+
version_requirements: !ruby/object:Gem::Requirement
|
289
|
+
requirements:
|
290
|
+
- - ">="
|
291
|
+
- !ruby/object:Gem::Version
|
292
|
+
version: '0'
|
293
|
+
description: The application acts as a syslog concentrator. Customers that want to
|
294
|
+
export their strongDM query logs to a third party logging service can use the application
|
295
|
+
to do so. They configure the application for the appropriate target. Deploy the
|
296
|
+
application. Configure their strongDM gateways to logs to a syslog destination and
|
297
|
+
set the destination to the address of the logging application host.
|
298
|
+
email:
|
299
|
+
executables:
|
300
|
+
- log-export-container
|
301
|
+
extensions: []
|
302
|
+
extra_rdoc_files: []
|
303
|
+
files:
|
304
|
+
- bin/log-export-container
|
305
|
+
- conf-utils.rb
|
306
|
+
- create-conf.rb
|
307
|
+
- fluentd/etc/classify-default-csv.conf
|
308
|
+
- fluentd/etc/classify-default-json.conf
|
309
|
+
- fluentd/etc/classify-syslog-csv.conf
|
310
|
+
- fluentd/etc/classify-tcp-csv.conf
|
311
|
+
- fluentd/etc/input-extract-audit-entities.conf
|
312
|
+
- fluentd/etc/input-file-csv.conf
|
313
|
+
- fluentd/etc/input-file-json.conf
|
314
|
+
- fluentd/etc/input-json-chunk.conf
|
315
|
+
- fluentd/etc/input-syslog-csv.conf
|
316
|
+
- fluentd/etc/input-syslog-json.conf
|
317
|
+
- fluentd/etc/input-tcp-csv.conf
|
318
|
+
- fluentd/etc/input-tcp-json.conf
|
319
|
+
- fluentd/etc/monitoring.conf
|
320
|
+
- fluentd/etc/output-azure-loganalytics.conf
|
321
|
+
- fluentd/etc/output-bigquery.conf
|
322
|
+
- fluentd/etc/output-cloudwatch.conf
|
323
|
+
- fluentd/etc/output-datadog.conf
|
324
|
+
- fluentd/etc/output-elasticsearch-8.conf
|
325
|
+
- fluentd/etc/output-kafka.conf
|
326
|
+
- fluentd/etc/output-logz.conf
|
327
|
+
- fluentd/etc/output-loki.conf
|
328
|
+
- fluentd/etc/output-mongo.conf
|
329
|
+
- fluentd/etc/output-remote-syslog.conf
|
330
|
+
- fluentd/etc/output-s3.conf
|
331
|
+
- fluentd/etc/output-splunk-hec.conf
|
332
|
+
- fluentd/etc/output-stdout.conf
|
333
|
+
- fluentd/etc/output-sumologic.conf
|
334
|
+
- fluentd/etc/output-template.conf
|
335
|
+
- fluentd/etc/process.conf
|
336
|
+
- fluentd/plugins/filter_sdm_decode_chunk_events.rb
|
337
|
+
- fluentd/plugins/parser_sdm_json.rb
|
338
|
+
- fluentd/scripts/dump_sdm_entities.rb
|
339
|
+
- start.rb
|
340
|
+
homepage: https://strongdm.github.io/log-export-container/
|
341
|
+
licenses:
|
342
|
+
- Apache-2.0
|
343
|
+
metadata:
|
344
|
+
source_code_uri: https://github.com/strongdm/log-export-container
|
345
|
+
post_install_message:
|
346
|
+
rdoc_options: []
|
347
|
+
require_paths:
|
348
|
+
- lib
|
349
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
350
|
+
requirements:
|
351
|
+
- - ">="
|
352
|
+
- !ruby/object:Gem::Version
|
353
|
+
version: '0'
|
354
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
355
|
+
requirements:
|
356
|
+
- - ">="
|
357
|
+
- !ruby/object:Gem::Version
|
358
|
+
version: '0'
|
359
|
+
requirements: []
|
360
|
+
rubygems_version: 3.3.7
|
361
|
+
signing_key:
|
362
|
+
specification_version: 4
|
363
|
+
summary: An application that can be easily deployed and configured to export strongDM
|
364
|
+
query logs
|
365
|
+
test_files: []
|