Class: Fluent::WinEvtLog

Inherits:
Input
  • Object
show all
Defined in:
lib/fluent/plugin/in_winevtlog.rb

Defined Under Namespace

Classes: FilePositionEntry, MemoryPositionEntry, PositionFile, WindowsLogWatcher

Constant Summary collapse

@@KEY_MAP = 
{"record_number" => :record_number, 
"time_generated" => :time_generated, 
"time_written" => :time_written, 
"event_id" => :event_id, 
"event_type" => :event_type, 
"event_category" => :category, 
"source_name" => :source, 
"computer_name" => :computer, 
"user" => :user, 
"description" => :description}

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initializeWinEvtLog

Returns a new instance of WinEvtLog.



29
30
31
32
33
34
 
# File 'lib/fluent/plugin/in_winevtlog.rb', line 29

def initialize
  super
  @cats = []
  @keynames = []
  @tails = {}
end

Instance Attribute Details

#catsObject (readonly)

Returns the value of attribute cats.



27
28
29
 
# File 'lib/fluent/plugin/in_winevtlog.rb', line 27

def cats
  @cats
end

Instance Method Details

#close_watcher(wlw) ⇒ Object 



99
100
101
102
 
# File 'lib/fluent/plugin/in_winevtlog.rb', line 99

def close_watcher(wlw)
  wlw.close
  # flush_buffer(wlw)
end

#configure(conf) ⇒ Object 



36
37
38
39
40
41
42
43
44
45
46
47
48
 
# File 'lib/fluent/plugin/in_winevtlog.rb', line 36

def configure(conf)
  super
  @cats = @category.split(',').map {|cat| cat.strip }.uniq
  if @cats.empty?
    raise ConfigError, "winevtlog: 'category' parameter is required on winevtlog input"
  end
  @keynames = @keys.split(',').map {|k| k.strip }.uniq
  if @keynames.empty?
    @keynames = @@KEY_MAP.keys
  end
  @tag = tag
  @stop = false
end

#receive_lines(lines, pe) ⇒ Object 



111
112
113
114
115
116
117
118
119
120
121
122
123
 
# File 'lib/fluent/plugin/in_winevtlog.rb', line 111

def receive_lines(lines, pe)
  return if lines.empty?
  begin
    for r in lines
      h = Hash[@keynames.map {|k| [k, r.send(@@KEY_MAP[k])]}]
      Engine.emit(@tag, Engine.now, h)
      pe[1] +=1
    end
  rescue
    $log.error "unexpected error", :error=>$!.to_s
    $log.error_backtrace
  end
end

#runObject 



104
105
106
107
108
109
 
# File 'lib/fluent/plugin/in_winevtlog.rb', line 104

def run
  @loop.run
rescue
  $log.error "unexpected error", :error=>$!.to_s
  $log.error_backtrace
end

#setup_wacther(cat, pe) ⇒ Object 



68
69
70
71
72
 
# File 'lib/fluent/plugin/in_winevtlog.rb', line 68

def setup_wacther(cat, pe)
  wlw = WindowsLogWatcher.new(cat, pe, &method(:receive_lines))
  wlw.attach(@loop)
  wlw
end

#shutdownObject 



61
62
63
64
65
66
 
# File 'lib/fluent/plugin/in_winevtlog.rb', line 61

def shutdown
  stop_watchers(@tails.keys, true)
  @loop.stop rescue nil
  @thread.join
  @pf_file.close if @pf_file
end

#startObject 



50
51
52
53
54
55
56
57
58
59
 
# File 'lib/fluent/plugin/in_winevtlog.rb', line 50

def start
  if @pos_file
    @pf_file = File.open(@pos_file, File::RDWR|File::CREAT|File::BINARY, DEFAULT_FILE_PERMISSION)
    @pf_file.sync = true
    @pf = PositionFile.parse(@pf_file)
  end
  @loop = Coolio::Loop.new
  start_watchers(@cats)
  @thread = Thread.new(&method(:run))
end

#start_watchers(cats) ⇒ Object 



74
75
76
77
78
79
80
81
82
83
84
85
86
87
 
# File 'lib/fluent/plugin/in_winevtlog.rb', line 74

def start_watchers(cats)
  cats.each { |cat|
    pe = nil
    if @pf
      pe = @pf[cat]
      if @read_from_head && pe.read_num.zero?
        el = EventLog.open(cat)
        pe.update(el.oldest_record_number-1,1)
        el.close
      end
    end
    @tails[cat] = setup_wacther(cat, pe)
  }
end

#stop_watchers(cats, unwatched = false) ⇒ Object 



89
90
91
92
93
94
95
96
97
 
# File 'lib/fluent/plugin/in_winevtlog.rb', line 89

def stop_watchers(cats, unwatched = false)
  cats.each { |cat|
    wlw = @tails.delete(cat)
    if wlw
      wlw.unwatched = unwatched
      close_watcher(wlw)
    end
  }
end