-
-
Save eredding-rmn/07f1b368ac4f62697445 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/lib64/fluent/ruby/bin/ruby | |
| require 'json' | |
| require 'aws-sdk' | |
| require 'msgpack' | |
| require 'logger' | |
| #log = Logger.new("/tmp/debug.log", 3) | |
| #log.level = Logger::DEBUG | |
| def gunzip(data) | |
| sio = StringIO.new(data) | |
| gz = Zlib::GzipReader.new(sio) | |
| read_data = gz.read | |
| gz.close | |
| read_data | |
| end | |
| def get_trail_log(line) | |
| raw_log = JSON.load(line) | |
| json_log = raw_log['body'] | |
| trail_log = JSON.load(json_log) | |
| trail_row_log = trail_log['Message'] | |
| trail_row_log.each_line do |record| | |
| if record != "CloudTrail validation message." | |
| file = JSON.parse(record) | |
| gz_log = file['s3ObjectKey'].join | |
| AWS.config( | |
| :access_key_id => 'AKxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx', | |
| :secret_access_key => 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx', | |
| ) | |
| s3 = AWS::S3.new | |
| obj = s3.buckets['your_backet_name'].objects["#{gz_log}"] | |
| obj.read do |raw| | |
| trail_logs = JSON.parse(gunzip(raw)) | |
| return trail_logs | |
| end | |
| end | |
| end | |
| end | |
| while line = STDIN.gets.chomp | |
| trail_logs = get_trail_log(line) | |
| logs = trail_logs['Records'] | |
| log.info("#{logs}") | |
| logs.each do |log| | |
| parsed_log = JSON.generate(log) | |
| print parsed_log + "\n" | |
| end | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment