Class: Fluent::Plugin::SslCheckInput

Inherits:

Input

• Object
• Input
• Fluent::Plugin::SslCheckInput

Defined in:

lib/fluent/plugin/in_ssl_check.rb

Overview

ssl_check input plugin

check ssl service

Defined Under Namespace

Classes: SslClient, SslInfo

Constant Summary

NAME =

'ssl_check'

DEFAULT_TAG =

NAME

DEFAULT_PORT =

443

DEFAULT_INTERVAL =

600

DEFAULT_SNI =

true

DEFAULT_VERIFY_MODE =

:peer

DEFAULT_TIMEOUT =

5

DEFAULT_LOG_EVENTS =

true

DEFAULT_METRIC_EVENTS =

false

DEFAULT_EVENT_PREFIX =

''

Instance Method Summary

• #check ⇒ Object

  rubocop:disable Lint/SuppressedException.

• #configure(conf) ⇒ Object

  rubocop:disable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity, Metrics/AbcSize, Style/DoubleNegation.

• #emit_logs(ssl_info) ⇒ Object
• #emit_metric_expirency(ssl_info) ⇒ Object
• #emit_metric_status(ssl_info) ⇒ Object
• #emit_metrics(ssl_info) ⇒ Object
• #fetch_ssl_info(host, port) ⇒ Object

  rubocop:enable Lint/SuppressedException.

• #start ⇒ Object

  rubocop:enable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity, Metrics/AbcSize, Style/DoubleNegation.

Instance Method Details

#check ⇒ Object

rubocop:disable Lint/SuppressedException

# File 'lib/fluent/plugin/in_ssl_check.rb', line 105

def check
  hosts.each do |host_full|
    host, port = host_full.split(':')
    port = (port || DEFAULT_PORT).to_i
    ssl_info = fetch_ssl_info(host, port)
    emit_logs(ssl_info) if log_events
    emit_metrics(ssl_info) if metric_events
  rescue StandardError
  end
end

#configure(conf) ⇒ Object

rubocop:disable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity, Metrics/AbcSize, Style/DoubleNegation

Raises:

• (Fluent::ConfigError)

# File 'lib/fluent/plugin/in_ssl_check.rb', line 80

def configure(conf)
  super

  raise Fluent::ConfigError, 'tag can not be empty.' if !tag || tag.empty?
  raise Fluent::ConfigError, 'hosts can not be empty.' unless hosts
  raise Fluent::ConfigError, 'interval can not be < 1.' if !interval || interval < 1
  raise Fluent::ConfigError, 'ca_path should be a dir.' if ca_path && !File.directory?(ca_path)
  raise Fluent::ConfigError, 'ca_file should be a file.' if ca_file && !File.file?(ca_file)
  raise Fluent::ConfigError, 'cert should be a file.' if cert && !File.file?(cert)
  raise Fluent::ConfigError, 'key should be a file.' if key && !File.file?(key)
  raise Fluent::ConfigError, 'cert and key should be specified.' if !!cert ^ !!key

  log.warn("#{NAME}: hosts is empty, nothing to process") if hosts.empty?
end

#emit_logs(ssl_info) ⇒ Object

# File 'lib/fluent/plugin/in_ssl_check.rb', line 128

def emit_logs(ssl_info)
  record = {
    'timestamp' => ssl_info.time.send("to_#{timestamp_format}"),
    'status' => ssl_info.status,
    'host' => ssl_info.host,
    'port' => ssl_info.port,
    'ssl_version' => ssl_info.ssl_version,
    'ssl_dn' => ssl_info.subject_s,
    'ssl_not_after' => ssl_info.not_after,
    'expire_in_days' => ssl_info.expire_in_days,
    'serial' => ssl_info.serial
  }
  record.update('error_class' => ssl_info.error_class) if ssl_info.error_class
  router.emit(tag, Fluent::EventTime.from_time(ssl_info.time), record)
end

#emit_metric_expirency(ssl_info) ⇒ Object

# File 'lib/fluent/plugin/in_ssl_check.rb', line 164

def emit_metric_expirency(ssl_info)
  return if ssl_info.error

  record = {
    'timestamp' => ssl_info.time.send("to_#{timestamp_format}"),
    'metric_name' => 'ssl_expirency',
    'metric_value' => ssl_info.expire_in_days,
    "#{event_prefix}host" => ssl_info.host,
    "#{event_prefix}port" => ssl_info.port,
    "#{event_prefix}ssl_dn" => ssl_info.subject_s,
    "#{event_prefix}serial" => ssl_info.serial
  }
  router.emit(tag, Fluent::EventTime.from_time(ssl_info.time), record)
end

#emit_metric_status(ssl_info) ⇒ Object

# File 'lib/fluent/plugin/in_ssl_check.rb', line 149

def emit_metric_status(ssl_info)
  record = {
    'timestamp' => ssl_info.time.send("to_#{timestamp_format}"),
    'metric_name' => 'ssl_status',
    'metric_value' => ssl_info.status,
    "#{event_prefix}host" => ssl_info.host,
    "#{event_prefix}port" => ssl_info.port,
    "#{event_prefix}ssl_dn" => ssl_info.subject_s,
    "#{event_prefix}ssl_version" => ssl_info.ssl_version,
    "#{event_prefix}ssl_not_after" => ssl_info.not_after,
    "#{event_prefix}serial" => ssl_info.serial
  }
  router.emit(tag, Fluent::EventTime.from_time(ssl_info.time), record)
end

#emit_metrics(ssl_info) ⇒ Object

# File 'lib/fluent/plugin/in_ssl_check.rb', line 144

def emit_metrics(ssl_info)
  emit_metric_status(ssl_info)
  emit_metric_expirency(ssl_info)
end

#fetch_ssl_info(host, port) ⇒ Object

rubocop:enable Lint/SuppressedException

# File 'lib/fluent/plugin/in_ssl_check.rb', line 117

def fetch_ssl_info(host, port)
  ssl_client = SslClient.new(
    host: host, port: port,
    ca_path: ca_path, ca_file: ca_file,
    sni: sni, verify_mode: ssl_verify_mode,
    cert: cert, key: key,
    timeout: timeout
  )
  ssl_client.ssl_info
end

#start ⇒ Object

rubocop:enable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity, Metrics/AbcSize, Style/DoubleNegation

# File 'lib/fluent/plugin/in_ssl_check.rb', line 96

def start
  super

  timer_execute(:ssl_check_timer, 1, repeat: false, &method(:check)) if interval > 60

  timer_execute(:ssl_check_timer, interval, repeat: true, &method(:check))
end