Sha256: d01c943aefcd75951146755fd7ca7942662b4eac622f92446efb1e220e1076fb

Contents?: true

Size: 1.02 KB

Versions: 3

Compression:

Stored size: 1.02 KB

Contents

# encoding: UTF-8
require 'json'

class Fluent::ModsecurityFilter < Fluent::Filter

    Fluent::Plugin.register_filter('modsecurity', self)

    desc "Path prefix of the detail log"
    config_param :path_prefix, :string, default: "/var/log"

    def configure(conf)
        super
        @path_prefix = conf['path_prefix']
    end

    def filter(tag, time, record)
        log_path = ""
        record.each{ |key, value|
            if value.is_a?(String)
                token = value.split(" ")
                token.each { |v|
                    if v.start_with?(@path_prefix)
                        log_path = v
                        break
                    end
                }
            end
        }
        #find detail log and append to record
        unless log_path.to_s.strip.empty?
            file = File.read(log_path)
            data_hash = JSON.parse(file)
            #copy transaction object to original record
            record['transaction'] = data_hash['transaction']
        end
        record
    end
end

Version data entries

3 entries across 3 versions & 1 rubygems

Version Path
fluent-plugin-modsecurity-0.1.6 lib/fluent/plugin/filter_modsecurity.rb
fluent-plugin-modsecurity-0.1.5 lib/fluent/plugin/filter_modsecurity.rb
fluent-plugin-modsecurity-0.1.4 lib/fluent/plugin/filter_modsecurity.rb