Example 1 with AWSLogMessage
use of org.graylog.integrations.aws.AWSLogMessage in project graylog-plugin-integrations by Graylog2.
the class KinesisService method detectAndParseMessage.
/**
* Detect the message type.
*
* @param logMessage A string containing the actual log message.
* @param timestamp The message timestamp.
* @param kinesisStreamName The stream name.
* @param logGroupName The CloudWatch log group name.
* @param logStreamName The CloudWatch log stream name.
* @param compressed Indicates if the payload is compressed and probably from CloudWatch.
* @return A {@code KinesisHealthCheckResponse} with the fully parsed message and type.
*/
private KinesisHealthCheckResponse detectAndParseMessage(String logMessage, DateTime timestamp, String kinesisStreamName, String logGroupName, String logStreamName, boolean compressed) {
LOG.debug("Attempting to detect the type of log message. message [{}] stream [{}] log group [{}].", logMessage, kinesisStreamName, logGroupName);
final AWSLogMessage awsLogMessage = new AWSLogMessage(logMessage);
AWSMessageType awsMessageType = awsLogMessage.detectLogMessageType(compressed);
LOG.debug("The message is type [{}]", awsMessageType);
final String responseMessage = String.format("Success. The message is a %s message.", awsMessageType.getLabel());
final KinesisLogEntry logEvent = KinesisLogEntry.create(kinesisStreamName, logGroupName, logStreamName, timestamp, logMessage);
final Codec.Factory<? extends Codec> codecFactory = this.availableCodecs.get(awsMessageType.getCodecName());
if (codecFactory == null) {
throw new BadRequestException(String.format("A codec with name [%s] could not be found.", awsMessageType.getCodecName()));
}
// TODO: Do we need to provide a valid configuration here?
final Codec codec = codecFactory.create(Configuration.EMPTY_CONFIGURATION);
final byte[] payload;
try {
payload = objectMapper.writeValueAsBytes(logEvent);
} catch (JsonProcessingException e) {
throw new BadRequestException("Encoding the message to bytes failed.", e);
}
final Message fullyParsedMessage = codec.decode(new RawMessage(payload));
if (fullyParsedMessage == null) {
throw new BadRequestException(String.format("Message decoding failed. More information might be " + "available by enabling Debug logging. message [%s]", logMessage));
}
LOG.debug("Successfully parsed message type [{}] with codec [{}].", awsMessageType, awsMessageType.getCodecName());
return KinesisHealthCheckResponse.create(awsMessageType, responseMessage, fullyParsedMessage.getFields());
}
Also used :
AWSLogMessage(org.graylog.integrations.aws.AWSLogMessage)
Codec(org.graylog2.plugin.inputs.codecs.Codec)
AWSLogMessage(org.graylog.integrations.aws.AWSLogMessage)
RawMessage(org.graylog2.plugin.journal.RawMessage)
Message(org.graylog2.plugin.Message)
BadRequestException(javax.ws.rs.BadRequestException)
KinesisLogEntry(org.graylog.integrations.aws.cloudwatch.KinesisLogEntry)
AWSMessageType(org.graylog.integrations.aws.AWSMessageType)
RawMessage(org.graylog2.plugin.journal.RawMessage)
JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException)
Example 2 with AWSLogMessage
use of org.graylog.integrations.aws.AWSLogMessage in project graylog-plugin-integrations by Graylog2.
the class KinesisServiceTest method testLogIdentification.
@Test
public void testLogIdentification() {
// Verify that an ACCEPT flow log us detected as a flow log.
AWSLogMessage logMessage = new AWSLogMessage("2 123456789010 eni-abc123de 172.31.16.139 172.31.16.21 20641 22 6 20 4249 1418530010 1418530070 ACCEPT OK");
assertEquals(AWSMessageType.KINESIS_CLOUDWATCH_FLOW_LOGS, logMessage.detectLogMessageType(true));
// Verify that an ACCEPT flow log us detected as a flow log.
logMessage = new AWSLogMessage("2 123456789010 eni-abc123de 172.31.16.139 172.31.16.21 20641 22 6 20 4249 1418530010 1418530070 REJECT OK");
assertEquals(AWSMessageType.KINESIS_CLOUDWATCH_FLOW_LOGS, logMessage.detectLogMessageType(true));
// Verify that a message with 14 spaces (instead of 13) is not identified as a flow log.
logMessage = new AWSLogMessage("2 123456789010 eni-abc123de 172.31.16.139 172.31.16.21 20641 22 6 20 4249 1418530010 1418530070 REJECT OK ONE-MORE-WORD");
assertEquals(AWSMessageType.KINESIS_RAW, logMessage.detectLogMessageType(false));
// Verify that a message with 12 spaces (instead of 13) is not identified as a flow log.
logMessage = new AWSLogMessage("2 123456789010 eni-abc123de 172.31.16.139 172.31.16.21 20641 22 6 20 4249 1418530010 1418530070 REJECT");
assertEquals(AWSMessageType.KINESIS_RAW, logMessage.detectLogMessageType(false));
// Verify that it's detected as unknown
logMessage = new AWSLogMessage("haha this is not a real log message");
assertEquals(AWSMessageType.KINESIS_RAW, logMessage.detectLogMessageType(false));
}
Also used :
AWSLogMessage(org.graylog.integrations.aws.AWSLogMessage)
Test(org.junit.Test)
Example 3 with AWSLogMessage
use of org.graylog.integrations.aws.AWSLogMessage in project graylog-plugin-integrations by Graylog2.
the class KinesisPayloadDecoderTest method testCloudWatchRawDecoding.
@Test
public void testCloudWatchRawDecoding() throws IOException {
final List<KinesisLogEntry> logEntries = flowLogDecoder.processMessages(AWSTestingUtils.cloudWatchRawPayload(), Instant.now());
Assert.assertEquals(2, logEntries.size());
// Verify that there are two flow logs present in the parsed result.
Assert.assertEquals(2, logEntries.stream().filter(logEntry -> {
final AWSLogMessage logMessage = new AWSLogMessage(logEntry.message());
return logMessage.detectLogMessageType(true) == AWSMessageType.KINESIS_CLOUDWATCH_RAW;
}).count());
// Verify that both messages have to correct timestamp.
Assert.assertEquals(2, logEntries.stream().filter(logEntry -> logEntry.timestamp().equals(AWSTestingUtils.CLOUD_WATCH_TIMESTAMP)).count());
}
Also used :
AWSLogMessage(org.graylog.integrations.aws.AWSLogMessage)
KinesisLogEntry(org.graylog.integrations.aws.cloudwatch.KinesisLogEntry)
Test(org.junit.Test)
Example 4 with AWSLogMessage
use of org.graylog.integrations.aws.AWSLogMessage in project graylog-plugin-integrations by Graylog2.
the class KinesisPayloadDecoderTest method testCloudWatchFlowLogDecoding.
@Test
public void testCloudWatchFlowLogDecoding() throws IOException {
final List<KinesisLogEntry> logEntries = flowLogDecoder.processMessages(AWSTestingUtils.cloudWatchFlowLogPayload(), Instant.ofEpochMilli(AWSTestingUtils.CLOUD_WATCH_TIMESTAMP.getMillis()));
Assert.assertEquals(2, logEntries.size());
// Verify that there are two flowlogs present in the parsed result.
Assert.assertEquals(2, logEntries.stream().filter(logEntry -> {
final AWSLogMessage logMessage = new AWSLogMessage(logEntry.message());
return logMessage.isFlowLog();
}).count());
// Verify that both messages have to correct timestamp.
Assert.assertEquals(2, logEntries.stream().filter(logEntry -> logEntry.timestamp().equals(AWSTestingUtils.CLOUD_WATCH_TIMESTAMP)).count());
}
Also used :
AWSLogMessage(org.graylog.integrations.aws.AWSLogMessage)
KinesisLogEntry(org.graylog.integrations.aws.cloudwatch.KinesisLogEntry)
Test(org.junit.Test)
Aggregations
AWSLogMessage (org.graylog.integrations.aws.AWSLogMessage)4
KinesisLogEntry (org.graylog.integrations.aws.cloudwatch.KinesisLogEntry)3
Test (org.junit.Test)3
JsonProcessingException (com.fasterxml.jackson.core.JsonProcessingException)1
BadRequestException (javax.ws.rs.BadRequestException)1
AWSMessageType (org.graylog.integrations.aws.AWSMessageType)1
Message (org.graylog2.plugin.Message)1
Codec (org.graylog2.plugin.inputs.codecs.Codec)1
RawMessage (org.graylog2.plugin.journal.RawMessage)1
