Class: LogStash::Inputs::AkamaiSiem

Inherits:

Base

• Object
• Base
• LogStash::Inputs::AkamaiSiem

Extended by:

PluginMixins::ValidatorSupport::FieldReferenceValidationAdapter

Includes:

PluginMixins::ECSCompatibilitySupport::TargetCheck, PluginMixins::EventSupport::EventFactoryAdapter, PluginMixins::EventSupport::FromJsonHelper, PluginMixins::Scheduler

Defined in:

lib/logstash/inputs/akamai_siem/exception.rb,
lib/logstash/inputs/akamai_siem/request.rb,
lib/logstash/inputs/akamai_siem.rb

Defined Under Namespace

Classes: Exception, Request

Constant Summary

QUERY_PARAMETERS =

[
%w[offset],
%w[offset limit],
%w[from],
%w[from limit],
%w[from to],
%w[from to limit],

Instance Attribute Summary

• #template ⇒ Object readonly

  Returns the value of attribute template.

Instance Method Summary

• #close ⇒ Object
• #register ⇒ Object
• #run(queue) ⇒ Object
• #run_once(queue) ⇒ Object
• #setup_schedule(queue) ⇒ Object
• #stop ⇒ Object

Instance Attribute Details

#template ⇒ Object (readonly)

Returns the value of attribute template.

# File 'lib/logstash/inputs/akamai_siem.rb', line 80

def template
  @template
end

Instance Method Details

#close ⇒ Object

# File 'lib/logstash/inputs/akamai_siem.rb', line 103

def close
  close_client
end

#register ⇒ Object

# File 'lib/logstash/inputs/akamai_siem.rb', line 83

def register
  @host = Socket.gethostname.force_encoding(Encoding::UTF_8)
  @offset = nil
  @from = nil
  @to = nil
  @limit = nil

  @template = Addressable::Template.new(File.join(base_url, "siem/v1/configs", "{configs_ids}", "{?query*}"))

  setup_ecs_field!
  query_validation!
  # LogStash::Logging::Logger::configure_logging('debug')
end

#run(queue) ⇒ Object

# File 'lib/logstash/inputs/akamai_siem.rb', line 159

def run(queue)
  setup_schedule(queue)
end

#run_once(queue) ⇒ Object

# File 'lib/logstash/inputs/akamai_siem.rb', line 177

def run_once(queue)
  url = template.expand({
                    "configs_ids" => configs_ids.join(';'),
                    "query" => normalize_query,
                  },
  )


  timestamp = eg_timestamp
  nonce = new_nonce
  headers.update({
    "accept" => "application/json",
  })
  options = {}
  method = 'get'

  request = build_request(method) do |req|
    req.update_uri(url)         if url
    req.headers.update(headers) if headers
    yield(req) if block_given?
  end

  request[KEY] = make_auth_header(request, timestamp, nonce)

  request_async(
    queue,
    request
  )
  client.execute! unless stop?
end

#setup_schedule(queue) ⇒ Object

Raises:

• (Logstash::ConfigurationError)

# File 'lib/logstash/inputs/akamai_siem.rb', line 163

def setup_schedule(queue)
  # schedule hash must contain exactly one of the allowed keys
  msg_invalid_schedule = "Invalid config. schedule hash must contain " +
    "exactly one of the following keys - cron, at, every or in"
  raise Logstash::ConfigurationError, msg_invalid_schedule if @schedule.keys.length != 1
  schedule_type = @schedule.keys.first
  schedule_value = @schedule[schedule_type]
  raise LogStash::ConfigurationError, msg_invalid_schedule unless %w(cron every at in).include?(schedule_type)

  opts = schedule_type == "every" ? { first_in: 0.01 } : {}
  scheduler.public_send(schedule_type, schedule_value, opts) { run_once(queue) }
  scheduler.join
end

#stop ⇒ Object

# File 'lib/logstash/inputs/akamai_siem.rb', line 98

def stop
  close_client
end