10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
# File 'lib/fluent/plugin/filter_nais_kubeapiserver.rb', line 10
def filter(tag, time, record)
if record.has_key?('auditID')
record['x_level'] = record.delete('level')
record['level'] = 'Audit'
if record.has_key?('user')
if record['user'].has_key?('username')
if m = record['user']['username'].match(/^https:\/\/sts\.windows\.net.*\#(.+)/)
record['x_username'] = record['user']['username']
record['user'] = m[1]
else
record['user'] = record['user']['username']
end
end
end
record['method'] = record.delete('verb') if record.has_key?('verb')
record['uri'] = record.delete('requestURI') if record.has_key?('requestURI')
record.merge!(::Nais::Log::Parser.parse_uri(record['uri']))
if record.has_key?('sourceIPs')
ips = record['sourceIPs'].is_a?(Array) ? record['sourceIPs'] : [ record['sourceIPs'] ]
ok = true
ips.each{|ip|
ok = (ip.is_a?(String) && ip =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/ ? true : false)
break unless ok
}
record['remote_ip'] = record.delete('sourceIPs') if ok
end
record['@timestamp'] = record.delete('stageTimestamp') if record.has_key?('stageTimestamp')
record.delete('apiVersion')
record['message'] = record['method'] + ' ' + record['uri'] unless record.has_key?('message')
end
record
end
|