No commit activity in last 3 years
No release in over 3 years
Fluentd input/output plugin for managing monitoring alerts from CA Spectrum. Input supports polling CA Spectrum APIs. Output currently only supports updating events retrieved from Spectrum.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Dependencies

Development

Runtime

~> 0.12
~> 1.8
 Project Readme

Fluent::Plugin::Spectrum

fluent-plugin-spectrum is an input plug-in for Fluentd

Status

Build Status Gem Version Test Coverage Code Climate Dependency Status

Installation

These instructions assume you already have fluentd installed. If you don't, please run through [quick start for fluentd] (https://github.com/fluent/fluentd#quick-start)

Now after you have fluentd installed you can follow either of the steps below:

Add this line to your application's Gemfile:

gem 'fluent-plugin-spectrum'

Or install it yourself as:

$ gem install fluent-plugin-spectrum

Usage

Add the following into your fluentd config.

Simple:

<source>
  type spectrum
  endpoint spectrum.yourdomain.com 	# required, FQDN of endpoint
  user username  # required
  pass password  # required
  interval 60    # optional, interval in seconds, defaults to 300
</source>
<match alert.spectrum>
  type stdout
</match>

Advanced:

<source>
  type spectrum
  endpoint spectrum.yourdomain.com 	# required, FQDN of endpoint
  user username                     # required
  pass password                     # required
  interval 60                       # optional, interval in seconds, defaults to 300
  state_file /tmp/spectrum_state    # optional, file to keep state    
</source>
# using rename_key to map to new keynames
<match alert.spectrum>
  type rename_key
  deep_rename false
  remove_tag_prefix alert.spectrum
  append_tag alert
  rename_rule1 HOSTNAME source_hostname
  rename_rule2 IP_ADDRESS source_ip
  rename_rule3 ALARM_TITLE event_name
  rename_rule4 SEVERITY criticality
  rename_rule5 CREATION_DATE creation_time
  rename_rule6 ORIGINATING_EVENT_ATTR alert_description
  rename_rule7 MODEL_STRING source_type
  rename_rule8 ALARM_ID source_event_id
  rename_rule9 GC_NAME environment
</match>
# using key_picker to remove extra fields
<match alert>
  type key_picker
  keys event_type,intermediary_source,source_event_id,creation_time,criticality,event_name,source_hostname,source_ip,alert_description,source_type,environment
  add_tag_prefix processed.
</match>
# send to STDOUT
<match processed.alert>
  type stdout
</match>

Now startup fluentd

$ sudo fluentd -c fluent.conf &

Verify:

	You should see output like the following if you have events in spectrum and connectivity works.

	FluentD Log Lines:
	2015-03-05 15:04:02 -0800 [info]: Spectrum :: Polling alerts for time period: 1425596639 - 1425596642
	2015-03-05 15:04:07 -0800 [info]: Spectrum :: returned 1 alarms for period 1425596639 - 1425596647

	Output:
	2015-03-05 15:04:00 -0800 alert.spectrum: {"event_type":"alert.spectrum","intermediary_source":"spectrumapi001.corp.yourdomain.net","ALARM_ID":"54f8e0e0-e706-12c2-0165-005056a07ac5","CREATION_DATE":"1425596640","SEVERITY":"3","ALARM_TITLE":"LOGMATCH TRAPSEND CRIT","HOSTNAME":"yourhost001.corp.yourdomain.net","IP_ADDRESS":"10.10.0.14","ORIGINATING_EVENT_ATTR":"A SEC logmatch trapsend CRIT Your Alert Message here","MODEL_STRING":"Host_Device","ACKNOWLEDGED":"false","ALARM_STATUS":"","OCCURRENCES":"1","TROUBLE_SHOOTER":"","USER_CLEARABLE":"true","TROUBLE_TICKET_ID":"","PERSISTENT":"true","GC_NAME":"Your_Global_Collection"}

To Do

  • All flag to allow specifying spectrum attributes to get or get ALL

  • Add flag to allow start date/time if users want to backfill data from a specific date. then start loop.

  • Add flag to disable loop, if users only wanted to backfill from datetime to now or specific end time.

  • Adding test for update