Class: Fluent::AwsWafIPSetsOutput

Inherits:
TimeSlicedOutput
  • Object
show all
Defined in:
lib/fluent/plugin/out_aws_waf_ip_sets.rb

Instance Method Summary collapse

Constructor Details

#initializeAwsWafIPSetsOutput

Returns a new instance of AwsWafIPSetsOutput.



14
15
16
17
 
# File 'lib/fluent/plugin/out_aws_waf_ip_sets.rb', line 14

def initialize
  super
  require 'aws-sdk'
end

Instance Method Details

#configure(conf) ⇒ Object 



19
20
21
22
23
 
# File 'lib/fluent/plugin/out_aws_waf_ip_sets.rb', line 19

def configure(conf)
  super
  @white_list = @white_list.split(',')
  log.info("white list => #{@white_list}")
end

#format(tag, time, record) ⇒ Object 



44
45
46
 
# File 'lib/fluent/plugin/out_aws_waf_ip_sets.rb', line 44

def format(tag, time, record)
  [tag, time, record].to_msgpack
end

#shutdownObject 



40
41
42
 
# File 'lib/fluent/plugin/out_aws_waf_ip_sets.rb', line 40

def shutdown
  super
end

#startObject 



25
26
27
28
29
30
31
32
33
34
35
36
37
38
 
# File 'lib/fluent/plugin/out_aws_waf_ip_sets.rb', line 25

def start
  super
  options = {}
  options[:region] = @aws_region if @aws_region
  options[:access_key_id] = @aws_access_key_id if @aws_access_key_id
  options[:secret_access_key] = @aws_secret_access_key if @aws_secret_access_key
  @client = if @api_type == 'waf'
    Aws::WAF::Client.new(options)
  elsif @api_type == 'waf_regional'
    Aws::WAFRegional::Client.new(options)
  else
    raise Fluent::ConfigError, "unknown @api_type => [#{@api_type}]"
  end
end

#write(chunk) ⇒ Object 



48
49
50
51
52
53
54
55
56
57
58
59
 
# File 'lib/fluent/plugin/out_aws_waf_ip_sets.rb', line 48

def write(chunk)
  counter = Hash.new{ |h,k| h[k] = 0 }
  chunk.msgpack_each do |(tag, time, record)|
    counter[record[ip_address_key]] += 1
  end

  counter.each do |ip_address, count|
    if @dos_threshold < count
      update_ip_set(ip_address)
    end
  end
end