Class: Fluent::Plugin::TwistlockSyslogFilter

Inherits:

Filter

• Object
• Filter
• Fluent::Plugin::TwistlockSyslogFilter

Defined in:

lib/fluent/plugin/filter_twistlock_syslog.rb

Instance Method Summary

• #configure(conf) ⇒ Object
• #filter(tag, time, record) ⇒ Object
• #start ⇒ Object

Instance Method Details

#configure(conf) ⇒ Object

# File 'lib/fluent/plugin/filter_twistlock_syslog.rb', line 11

def configure(conf)
  super
  unless File.file?(@key_path)
    raise Fluent::ConfigError, "Private key file must be present. #{@key_path} Please check."
  end
end

#filter(tag, time, record) ⇒ Object

# File 'lib/fluent/plugin/filter_twistlock_syslog.rb', line 21

def filter(tag, time, record)
  message = record[@key_name][0..-2]
  begin
    message.split(/(?<!\\|=)"\s/).each { |in_msg|
      keymap = in_msg.split('="')
      record[keymap[0]] = keymap[1]
    }
    record.delete("ident")
    record.delete("pid")
    record.delete("time")
    if record.key?("host_name")
      record["host"] = record["host_name"]
      record.delete("host_name")
    end
    signature = @private_key.sign(OpenSSL::Digest::SHA256.new, record[@key_name])
    record['checksum_signature'] = Base64.encode64(signature)
  rescue Exception => e
    log.warn "Unable to map record with message=#{record[@key_name]}"
    log.warn e.backtrace.inspect
  end
  record
end

#start ⇒ Object

# File 'lib/fluent/plugin/filter_twistlock_syslog.rb', line 17

def start
  super
  @private_key = OpenSSL::PKey::RSA.new(File.read(@key_path))
end