Class: Fluent::DosBlockAclOutput

Inherits:
TimeSlicedOutput
  • Object
show all
Defined in:
lib/fluent/plugin/out_dos_block_acl.rb

Instance Method Summary collapse

Constructor Details

#initializeDosBlockAclOutput

Returns a new instance of DosBlockAclOutput.



16
17
18
19
20
 
# File 'lib/fluent/plugin/out_dos_block_acl.rb', line 16

def initialize
  super
  require 'aws-sdk-v1'
  require 'pathname'
end

Instance Method Details

#configure(conf) ⇒ Object 



22
23
24
25
26
27
28
29
30
 
# File 'lib/fluent/plugin/out_dos_block_acl.rb', line 22

def configure(conf)
  super
  @white_list = @white_list.split(',')
  unless eval(@deny_rule_numbers_range).class == Range
    raise Fluent::ConfigError, "out_dos_block_acl: @deny_rule_numbers_range is not Range!"
  end
  @deny_rule_numbers_range = eval(@deny_rule_numbers_range).to_a
  @acl_entry_limit = @deny_rule_numbers_range.size
end

#format(tag, time, record) ⇒ Object 



60
61
62
 
# File 'lib/fluent/plugin/out_dos_block_acl.rb', line 60

def format(tag, time, record)
  [tag, time, record].to_msgpack
end

#shutdownObject 



53
54
55
56
57
58
 
# File 'lib/fluent/plugin/out_dos_block_acl.rb', line 53

def shutdown
  super
  unless @state_file.nil?
    save_status(@state_file)
  end
end

#startObject 



32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
 
# File 'lib/fluent/plugin/out_dos_block_acl.rb', line 32

def start
  super
  AWS.config(access_key_id: @aws_key_id, secret_access_key: @aws_sec_key, region: @region)
  @ec2 = AWS::EC2::Client.new
  acls = @ec2.describe_network_acls(network_acl_ids: [@network_acl_id])
  @allow_any_rule_number = acls[:network_acl_set].first[:entry_set].select {|r|
                     !r[:egress] && r[:cidr_block] == "0.0.0.0/0" && r[:rule_action] == "allow"
                   }.first[:rule_number]

  state = @state_file ? load_status(@state_file) : nil

  if state.nil?
    @rule_numbers = get_deny_rule_numbers
    @next_rule_index = get_next_rule_index
  else
    @rule_numbers = state[:rule_numbers]
    @next_rule_index = state[:next_rule_index]
  end
  $log.info("out_dos_block_acl: use deny rule numbers => #{@rule_numbers}")
end

#write(chunk) ⇒ Object 



64
65
66
67
68
69
70
71
72
73
74
75
76
 
# File 'lib/fluent/plugin/out_dos_block_acl.rb', line 64

def write(chunk)
  begin
    ip_addresses = []
    chunk.msgpack_each do |(tag,time,record)|
      ip_addresses << record[@ip_address_key]
    end
    counts = group_count(ip_addresses)
    dos_hash = counts.select {|k, v| v >= @dos_threshold }
    regist_deny_acl(dos_hash.keys)
  rescue => e
    $log.error("\n#{e.message}\n#{e.backtrace.join("\n")}")
  end
end