Sha256: d5910f24811e9933aa3d580599e11a300ce87d3a363391fdd5f2ffdd21cd65f3
Contents?: true
Size: 1.13 KB
Versions: 2
Compression:
Stored size: 1.13 KB
Contents
module Fluent::Plugin
class FortigateLogs < Parser
Fluent::Plugin.register_parser('fortigate_logs', self)
config_param :headerDelimiter, :string, default: '<([0-9]){3}>'
config_param :delimiter, :string, default: '\\s(?=(?:[^\\"]*\\"[^\\"]*\\")*[^\\"]*$)'
config_param :separator, :string, default: "="
def configure(conf)
super
@time_parser = Fluent::TimeParser.new(@time_format)
end
def parse(logContent)
record ={}
begin
_, _, recordSet = logContent.split(/#{Regexp.new(@headerDelimiter)}/)
recordSet.split(/#{Regexp.new(@delimiter)}/).each { |kv|
k, v = kv.split(@separator, 2)
record[k] = v.delete_prefix('"').delete_suffix('"')
}
time = @time_parser.parse(record.values[0]+' '+record.values[1])
rescue StandardError => e
time = Time.now
record[0]=DateTime.now
record[1]=Time.now
record[2]= "Unable to parse the record due to error: "+e.full_message
record[3]= "Error inspection: "+e.backtrace.inspect.to_str()
record[4]= logContent
end
yield time, record
end
end
end
Version data entries
2 entries across 2 versions & 1 rubygems
| Version | Path |
|---|---|
| fluent-plugin-fortigate-logs-parser-1.0.1 | lib/fluent/plugin/parser_fortigate_logs.rb |
| fluent-plugin-fortigate-logs-parser-1.0.0 | lib/fluent/plugin/parser_fortigate_logs.rb |