Class: Fluent::WinEvtLog

Inherits:
Input
  • Object
show all
Defined in:
lib/fluent/plugin/in_winevtlog.rb

Defined Under Namespace

Classes: FilePositionEntry, MemoryPositionEntry, PositionFile, WindowsLogWatcher

Constant Summary collapse

@@KEY_MAP = 
{"record_number" => :record_number, 
"time_generated" => :time_generated, 
"time_written" => :time_written, 
"event_id" => :event_id, 
"event_type" => :event_type, 
"event_category" => :category, 
"source_name" => :source, 
"computer_name" => :computer, 
"user" => :user, 
"description" => :description}

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initializeWinEvtLog

Returns a new instance of WinEvtLog.



32
33
34
35
36
37
 
# File 'lib/fluent/plugin/in_winevtlog.rb', line 32

def initialize
  super
  @chs = []
  @keynames = []
  @tails = {}
end

Instance Attribute Details

#chsObject (readonly)

Returns the value of attribute chs.



30
31
32
 
# File 'lib/fluent/plugin/in_winevtlog.rb', line 30

def chs
  @chs
end

Instance Method Details

#close_watcher(wlw) ⇒ Object 



103
104
105
106
 
# File 'lib/fluent/plugin/in_winevtlog.rb', line 103

def close_watcher(wlw)
  wlw.close
  # flush_buffer(wlw)
end

#configure(conf) ⇒ Object 



39
40
41
42
43
44
45
46
47
48
49
50
51
 
# File 'lib/fluent/plugin/in_winevtlog.rb', line 39

def configure(conf)
  super
  @chs = @channel.split(',').map {|ch| ch.strip.downcase }.uniq
  if @chs.empty?
    raise ConfigError, "winevtlog: 'channel' parameter is required on winevtlog input"
  end
  @keynames = @key.split(',').map {|k| k.strip }.uniq
  if @keynames.empty?
    @keynames = @@KEY_MAP.keys
  end
  @tag = tag
  @stop = false
end

#receive_lines(ch, lines, pe) ⇒ Object 



115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
 
# File 'lib/fluent/plugin/in_winevtlog.rb', line 115

def receive_lines(ch, lines, pe)
  return if lines.empty?
  begin
    for r in lines
      h = {"channel" => ch}
      @keynames.each {|k| h[k]=r.send(@@KEY_MAP[k]).to_s}
      #h = Hash[@keynames.map {|k| [k, r.send(@@KEY_MAP[k]).to_s]}]
      router.emit(@tag, Engine.now, h)
      pe[1] +=1
    end
  rescue
    $log.error "unexpected error", :error=>$!.to_s
    $log.error_backtrace
  end
end

#runObject 



108
109
110
111
112
113
 
# File 'lib/fluent/plugin/in_winevtlog.rb', line 108

def run
  @loop.run
rescue
  $log.error "unexpected error", :error=>$!.to_s
  $log.error_backtrace
end

#setup_wacther(ch, pe) ⇒ Object 



72
73
74
75
76
 
# File 'lib/fluent/plugin/in_winevtlog.rb', line 72

def setup_wacther(ch, pe)
  wlw = WindowsLogWatcher.new(@read_interval, ch, pe, &method(:receive_lines))
  wlw.attach(@loop)
  wlw
end

#shutdownObject 



65
66
67
68
69
70
 
# File 'lib/fluent/plugin/in_winevtlog.rb', line 65

def shutdown
  stop_watchers(@tails.keys, true)
  @loop.stop rescue nil
  @thread.join
  @pf_file.close if @pf_file
end

#startObject 



53
54
55
56
57
58
59
60
61
62
63
 
# File 'lib/fluent/plugin/in_winevtlog.rb', line 53

def start
  super
  if @pos_file
    @pf_file = File.open(@pos_file, File::RDWR|File::CREAT|File::BINARY)
    @pf_file.sync = true
    @pf = PositionFile.parse(@pf_file)
  end
  @loop = Coolio::Loop.new
  start_watchers(@chs)
  @thread = Thread.new(&method(:run))
end

#start_watchers(chs) ⇒ Object 



78
79
80
81
82
83
84
85
86
87
88
89
90
91
 
# File 'lib/fluent/plugin/in_winevtlog.rb', line 78

def start_watchers(chs)
  chs.each { |ch|
    pe = nil
    if @pf
      pe = @pf[ch]
      if @read_from_head && pe.read_num.zero?
        el = EventLog.open(ch)
        pe.update(el.oldest_record_number-1,1)
        el.close
      end
    end
    @tails[ch] = setup_wacther(ch, pe)
  }
end

#stop_watchers(chs, unwatched = false) ⇒ Object 



93
94
95
96
97
98
99
100
101
 
# File 'lib/fluent/plugin/in_winevtlog.rb', line 93

def stop_watchers(chs, unwatched = false)
  chs.each { |ch|
    wlw = @tails.delete(ch)
    if wlw
      wlw.unwatched = unwatched
      close_watcher(wlw)
    end
  }
end