Add writer types to schema for Outbound Adapter and upgraded to Splunk 1.0.0

Update README
This commit is contained in:
David Turanski
2013-01-23 16:45:35 -05:00
committed by Gunnar Hillert
parent 1adcce712e
commit 43f9246f54
60 changed files with 3613 additions and 2758 deletions

117
README.md
View File

@@ -5,8 +5,8 @@ The SI adapter includes Outbound Channel Adapter and Inbound Channel Adapter.
Inbound channel adapter :
-----------------------------------------------------------------------------
Inbound channel adapter is used to get data out of Splunk and put into
Spring Integration's channel. There are 5 ways to get data out of Splunk:
The Inbound channel adapter is used to read data from Splunk and output a message containing the data to a Spring Integration channel. There are 5 ways to get data from Splunk:
* Blocking
* Non blocking
* Saved search
@@ -15,99 +15,134 @@ Spring Integration's channel. There are 5 ways to get data out of Splunk:
### Blocking search:
~~~~~xml
```xml
<int-splunk:inbound-channel-adapter id="splunkInboundChannelAdapter"
auto-startup="true" search="search spring:example"
search="search spring:example"
splunk-server-ref="splunkServer"
channel="inputFromSplunk" mode="BLOCKING" earliestTime="-1d" latestTime="now" initEarliestTime="-1d">
<int:poller fixed-rate="5" time-unit="SECONDS"/>
</int-splunk:inbound-channel-adapter>
~~~~~
```
### Non blocking search:
~~~~~xml
```xml
<int-splunk:inbound-channel-adapter id="splunkInboundChannelAdapter"
auto-startup="true" search="search spring:example"
search="search spring:example"
splunk-server-ref="splunkServer"
channel="inputFromSplunk" mode="NORMAL" earliestTime="-1d" latestTime="now" initEarliestTime="-1d">
<int:poller fixed-rate="5" time-unit="SECONDS"/>
</int-splunk:inbound-channel-adapter>
~~~~~
```
### Saved search:
~~~~~xml
```xml
<int-splunk:inbound-channel-adapter id="splunkInboundChannelAdapter"
auto-startup="true" savedSearch="test" splunk-server-ref="splunkServer"
savedSearch="test" splunk-server-ref="splunkServer"
channel="inputFromSplunk" mode="SAVEDSEARCH" earliestTime="-1d" latestTime="now" initEarliestTime="-1d">
<int:poller fixed-rate="5" time-unit="SECONDS"/>
</int-splunk:inbound-channel-adapter>
~~~~~
```
### Realtime search:
~~~~~xml
```xml
<int-splunk:inbound-channel-adapter id="splunkInboundChannelAdapter"
auto-startup="true" search="search spring:example" splunk-server-ref="splunkServer" channel="inputFromSplunk"
search="search spring:example" splunk-server-ref="splunkServer" channel="inputFromSplunk"
mode="REALTIME" earliestTime="-5s" latestTime="rt" initEarliestTime="-1d">
<int:poller fixed-rate="5" time-unit="SECONDS"/>
</int-splunk:inbound-channel-adapter>
~~~~~
```
### Export:
~~~~~xml
```xml
<int-splunk:inbound-channel-adapter id="splunkInboundChannelAdapter"
auto-startup="true" search="search spring:example" splunk-server-ref="splunkServer" channel="inputFromSplunk"
mode="EXPORT" earliestTime="-5d" latestTime="now" initEarliestTime="-1d">
<int:poller fixed-rate="5" time-unit="SECONDS"/>
</int-splunk:inbound-channel-adapter>
~~~~~
```
Outbound channel adapter:
----------------------------------------------------------------------------------------------
Outbound channel adapter is used to put data into Splunk from
channels in Spring Integration. There are 3 kinds of method to put data
* REST(submit)
* stream
* tcp
The Outbound channel adapter is used to write data to Splunk from a Spring Integration message channel. There are 3 types of data writers provided:
* submit - Use's Splunk's REST API. Appropriate for small or infrequent data loads. Posts data to a named index or the default if not specified.
* index - Streams data to a named index or the default if not specified.
* tcp - Streams data to a tcp port associated with a defined tcp input.
The outbound channel adapter requires a child *-writer element which defines related attributes:
### Submit:
~~~~~xml
```xml
<int-splunk:outbound-channel-adapter
id="splunkOutboundChannelAdapter" auto-startup="true" order="1"
id="splunkOutboundChannelAdapter"
channel="outputToSplunk"
splunk-server-ref="splunkServer" pool-server-connection="true"
sourceType="spring-integration" source="example2" ingest="SUBMIT">
splunk-server-ref="splunkServer"
sourceType="spring-integration"
source="example2">
<int-splunk:submit-writer index="foo"/>
</int-splunk:outbound-channel-adapter>
```
~~~~~
### Index:
### Stream:
~~~~~xml
```xml
<int-splunk:outbound-channel-adapter
id="splunkOutboundChannelAdapter" auto-startup="true" order="1"
channel="outputToSplunk" splunk-server-ref="splunkServer"
ingest="STREAM">
id="splunkOutboundChannelAdapter"
channel="outputToSplunk"
splunk-server-ref="splunkServer"
>
<int-splunk:index-writer index="someIndex"/>
</int-splunk:outbound-channel-adapter>
```
~~~~~
### TCP
### tcp
~~~~~xml
```xml
<int-splunk:outbound-channel-adapter
id="splunkOutboundChannelAdapter" auto-startup="true" order="1"
channel="outputToSplunk" splunk-server-ref="splunkServer"
ingest="TCP" tcpPort="9999">
id="splunkOutboundChannelAdapter"
channel="outputToSplunk"
splunk-server-ref="splunkServer"
>
<int-splunk:tcp-writer port="9999"/>
</int-splunk:outbound-channel-adapter>
```
*NOTE: The input must exist and be enabled on the server*
~~~~~
### Configuring The Splunk Server connection
```xml
<int-splunk:server id="splunkServer" username="admin" password="password" timeout="5000" host="somehost.someplace.com" port="9000" />
```
Additional server properties include (see [splunk](http://docs.splunk.com/Documentation/Splunk/latest) documentation for details):
* app
* scheme
* scope
* owner
The default host is *localhost* and the default port is *8089*. The *timeout* attribute indicates how long to wait for a connection in miliseconds.
Development
-----------------
### To build:
### Build:
./gradlew build
### To generate Eclipse metadata (.classpath and .project files), do the following:
### Import the project to Eclipse:
To generate Eclipse metadata (e.g., .classpath and .project files), do the following:
./gradlew eclipse

View File

@@ -21,20 +21,8 @@ repositories {
maven { url 'http://repo.springsource.org/plugins-release' } // for bundlor
}
sourceCompatibility=1.5
targetCompatibility=1.5
ext {
cglibVersion = '2.2'
junitVersion = '4.8.2'
log4jVersion = '1.2.12'
mockitoVersion = '1.9.0'
springVersion = '3.1.2.RELEASE'
springIntegrationVersion = '2.1.2.RELEASE'
commonsLangVersion = '2.6'
commonsPoolVersion = '1.6'
splunkVersion = '0.8.0'
}
sourceCompatibility=1.6
targetCompatibility=1.6
// See http://www.gradle.org/docs/current/userguide/dependency_management.html#sub:configurations
// and http://www.gradle.org/docs/current/dsl/org.gradle.api.artifacts.ConfigurationContainer.html

View File

@@ -1 +1,10 @@
version=0.5.0.BUILD-SNAPSHOT
cglibVersion=2.2
junitVersion=4.8.2
log4jVersion=1.2.12
mockitoVersion=1.9.0
springVersion=3.1.2.RELEASE
springIntegrationVersion=2.1.2.RELEASE
commonsLangVersion=2.6
commonsPoolVersion=1.6
splunkVersion =1.0.0

View File

@@ -52,22 +52,14 @@ public class SplunkInboundChannelAdapterParser extends AbstractPollingInboundCha
splunkDataReaderBuilder.addPropertyValue("count", count);
}
IntegrationNamespaceUtils.setValueIfAttributeDefined(splunkDataReaderBuilder, element, "fieldList");
IntegrationNamespaceUtils.setValueIfAttributeDefined(splunkDataReaderBuilder, element, "field-list");
IntegrationNamespaceUtils.setValueIfAttributeDefined(splunkDataReaderBuilder, element, "search");
IntegrationNamespaceUtils.setValueIfAttributeDefined(splunkDataReaderBuilder, element, "savedSearch");
IntegrationNamespaceUtils.setValueIfAttributeDefined(splunkDataReaderBuilder, element, "saved-search");
IntegrationNamespaceUtils.setValueIfAttributeDefined(splunkDataReaderBuilder, element, "owner");
IntegrationNamespaceUtils.setValueIfAttributeDefined(splunkDataReaderBuilder, element, "app");
IntegrationNamespaceUtils.setValueIfAttributeDefined(splunkDataReaderBuilder, element, "initEarliestTime");
String earliestTime = element.getAttribute("earliestTime");
if (StringUtils.hasText(earliestTime)) {
splunkDataReaderBuilder.addPropertyValue("earliestTime", earliestTime);
}
String latestTime = element.getAttribute("latestTime");
if (StringUtils.hasText(latestTime)) {
splunkDataReaderBuilder.addPropertyValue("latestTime", latestTime);
}
IntegrationNamespaceUtils.setValueIfAttributeDefined(splunkDataReaderBuilder, element, "init-earliest-time");
IntegrationNamespaceUtils.setValueIfAttributeDefined(splunkDataReaderBuilder, element, "earliest-time");
IntegrationNamespaceUtils.setValueIfAttributeDefined(splunkDataReaderBuilder, element, "latest-time");
BeanDefinitionBuilder connectionFactoryBuilder = BeanDefinitionBuilder.genericBeanDefinition(SplunkConnectionFactory.class);

View File

@@ -1,5 +1,5 @@
/*
* Copyright 2002-2012 the original author or authors.
* Copyright 2002-2013 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -24,15 +24,20 @@ import org.springframework.integration.config.xml.AbstractOutboundChannelAdapter
import org.springframework.integration.config.xml.IntegrationNamespaceUtils;
import org.springframework.integration.splunk.outbound.SplunkOutboundChannelAdapter;
import org.springframework.integration.splunk.support.ConnectionFactoryFactoryBean;
import org.springframework.integration.splunk.support.SplunkDataWriter;
import org.springframework.integration.splunk.support.SplunkArgsFactoryBean;
import org.springframework.integration.splunk.support.SplunkConnectionFactory;
import org.springframework.integration.splunk.support.SplunkIndexWriter;
import org.springframework.integration.splunk.support.SplunkSubmitWriter;
import org.springframework.integration.splunk.support.SplunkTcpWriter;
import org.springframework.util.StringUtils;
import org.springframework.util.xml.DomUtils;
import org.w3c.dom.Element;
/**
* The parser for the Splunk Outbound Channel Adapter.
*
* @author Jarred Li
* @author David Turanski
* @since 1.0
*
*/
@@ -53,18 +58,16 @@ public class SplunkOutboundChannelAdapterParser extends AbstractOutboundChannelA
BeanDefinitionBuilder splunkOutboundChannelAdapterBuilder = BeanDefinitionBuilder.genericBeanDefinition(SplunkOutboundChannelAdapter.class);
BeanDefinitionBuilder splunkExecutorBuilder = SplunkParserUtils.getSplunkExecutorBuilder(element, parserContext);
BeanDefinitionBuilder splunkDataWriterBuilder = BeanDefinitionBuilder.genericBeanDefinition(SplunkDataWriter.class);
IntegrationNamespaceUtils.setValueIfAttributeDefined(splunkDataWriterBuilder, element, "sourceType");
IntegrationNamespaceUtils.setValueIfAttributeDefined(splunkDataWriterBuilder, element, "source");
IntegrationNamespaceUtils.setValueIfAttributeDefined(splunkDataWriterBuilder, element, "index");
IntegrationNamespaceUtils.setValueIfAttributeDefined(splunkDataWriterBuilder, element, "ingest");
IntegrationNamespaceUtils.setValueIfAttributeDefined(splunkDataWriterBuilder, element, "tcpPort");
IntegrationNamespaceUtils.setValueIfAttributeDefined(splunkDataWriterBuilder, element, "host");
IntegrationNamespaceUtils.setValueIfAttributeDefined(splunkDataWriterBuilder, element, "hostRegex");
BeanDefinitionBuilder connectionFactoryBuilder = BeanDefinitionBuilder.genericBeanDefinition(SplunkConnectionFactory.class);
String splunkServerBeanName = element.getAttribute("splunk-server-ref");
BeanDefinitionBuilder argsBuilder = BeanDefinitionBuilder.genericBeanDefinition(SplunkArgsFactoryBean.class);
IntegrationNamespaceUtils.setValueIfAttributeDefined(argsBuilder, element, "source-type");
IntegrationNamespaceUtils.setValueIfAttributeDefined(argsBuilder, element, "source");
IntegrationNamespaceUtils.setValueIfAttributeDefined(argsBuilder, element, "host");
IntegrationNamespaceUtils.setValueIfAttributeDefined(argsBuilder, element, "host-regex");
BeanDefinitionBuilder connectionFactoryBuilder = BeanDefinitionBuilder.genericBeanDefinition(SplunkConnectionFactory.class);
String splunkServerBeanName = element.getAttribute("splunk-server-ref");
if (StringUtils.hasText(splunkServerBeanName)) {
connectionFactoryBuilder.addConstructorArgReference(splunkServerBeanName);
}
@@ -72,14 +75,17 @@ public class SplunkOutboundChannelAdapterParser extends AbstractOutboundChannelA
BeanDefinitionBuilder connectionFactoryFactoryBeanBuilder = BeanDefinitionBuilder.genericBeanDefinition(ConnectionFactoryFactoryBean.class);
connectionFactoryFactoryBeanBuilder.addConstructorArgValue(connectionFactoryBuilder.getBeanDefinition());
connectionFactoryFactoryBeanBuilder.addConstructorArgValue(element.getAttribute("pool-server-connection"));
splunkDataWriterBuilder.addConstructorArgValue(connectionFactoryFactoryBeanBuilder.getBeanDefinition());
BeanDefinitionBuilder dataWriterBuilder = parseDataWriter(element, parserContext);
dataWriterBuilder.addConstructorArgValue(connectionFactoryFactoryBeanBuilder.getBeanDefinition());
dataWriterBuilder.addConstructorArgValue(argsBuilder.getBeanDefinition());
String channelAdapterId = this.resolveId(element, splunkOutboundChannelAdapterBuilder.getRawBeanDefinition(),
parserContext);
String splunkExecutorBeanName = channelAdapterId + ".splunkExecutor";
String splunkDataWriterBeanName = splunkExecutorBeanName + ".writer";
parserContext.registerBeanComponent(new BeanComponentDefinition(splunkDataWriterBuilder.getBeanDefinition(),
parserContext.registerBeanComponent(new BeanComponentDefinition(dataWriterBuilder.getBeanDefinition(),
splunkDataWriterBeanName));
splunkExecutorBuilder.addPropertyReference("writer", splunkDataWriterBeanName);
@@ -93,5 +99,31 @@ public class SplunkOutboundChannelAdapterParser extends AbstractOutboundChannelA
return splunkOutboundChannelAdapterBuilder.getBeanDefinition();
}
private BeanDefinitionBuilder parseDataWriter(Element element, ParserContext parserContext) {
BeanDefinitionBuilder dataWriterBuilder = null;
Element dataWriter = null;
if (DomUtils.getChildElementByTagName(element, "index-writer") != null) {
dataWriter = DomUtils.getChildElementByTagName(element, "index-writer");
dataWriterBuilder = BeanDefinitionBuilder.genericBeanDefinition(SplunkIndexWriter.class);
IntegrationNamespaceUtils.setValueIfAttributeDefined(dataWriterBuilder, dataWriter, "index");
}
if (DomUtils.getChildElementByTagName(element, "submit-writer") != null) {
dataWriter = DomUtils.getChildElementByTagName(element, "submit-writer");
dataWriterBuilder = BeanDefinitionBuilder.genericBeanDefinition(SplunkSubmitWriter.class);
IntegrationNamespaceUtils.setValueIfAttributeDefined(dataWriterBuilder, dataWriter, "index");
}
if (DomUtils.getChildElementByTagName(element, "tcp-writer") != null) {
dataWriter = DomUtils.getChildElementByTagName(element, "tcp-writer");
dataWriterBuilder = BeanDefinitionBuilder.genericBeanDefinition(SplunkTcpWriter.class);
IntegrationNamespaceUtils.setValueIfAttributeDefined(dataWriterBuilder, dataWriter, "port");
}
IntegrationNamespaceUtils.setValueIfAttributeDefined(dataWriterBuilder, element, "auto-startup");
return dataWriterBuilder;
}
}

View File

@@ -20,7 +20,7 @@ import org.springframework.beans.factory.xml.AbstractSimpleBeanDefinitionParser;
import org.springframework.beans.factory.xml.BeanDefinitionParserDelegate;
import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.integration.config.xml.IntegrationNamespaceUtils;
import org.springframework.integration.splunk.entity.SplunkServer;
import org.springframework.integration.splunk.support.SplunkServer;
import org.w3c.dom.Element;
/**
@@ -29,7 +29,7 @@ import org.w3c.dom.Element;
* The XML element is like this:
* <pre>
* {@code
* <splunk:server id="splunkServer" host="host" port="8089" userName="admin" password="password"
* <splunk:server id="splunkServer" host="host" port="8089" username="admin" password="password"
* scheme="https" owner="admin" app="search"/>
* }
*
@@ -54,8 +54,9 @@ public class SplunkServerParser extends AbstractSimpleBeanDefinitionParser {
IntegrationNamespaceUtils.setValueIfAttributeDefined(builder, element, "scheme");
IntegrationNamespaceUtils.setValueIfAttributeDefined(builder, element, "app");
IntegrationNamespaceUtils.setValueIfAttributeDefined(builder, element, "owner");
IntegrationNamespaceUtils.setValueIfAttributeDefined(builder, element, "userName");
IntegrationNamespaceUtils.setValueIfAttributeDefined(builder, element, "username");
IntegrationNamespaceUtils.setValueIfAttributeDefined(builder, element, "password");
IntegrationNamespaceUtils.setValueIfAttributeDefined(builder, element, "timeout");
}

View File

@@ -17,7 +17,7 @@ package org.springframework.integration.splunk.core;
import java.util.List;
import org.springframework.integration.splunk.entity.SplunkData;
import org.springframework.integration.splunk.event.SplunkEvent;
/**
* Data reader to read Splunk data from the service.
@@ -27,6 +27,6 @@ import org.springframework.integration.splunk.entity.SplunkData;
*/
public interface DataReader {
List<SplunkData> search() throws Exception;
List<SplunkEvent> search() throws Exception;
}

View File

@@ -15,7 +15,7 @@
*/
package org.springframework.integration.splunk.core;
import org.springframework.integration.splunk.entity.SplunkData;
import org.springframework.integration.splunk.event.SplunkEvent;
/**
* Data writer to write Splunk data into Splunk
@@ -26,6 +26,6 @@ import org.springframework.integration.splunk.entity.SplunkData;
*/
public interface DataWriter {
void write(SplunkData data) throws Exception;
void write(SplunkEvent data) throws Exception;
}

View File

@@ -0,0 +1,67 @@
/*
* Copyright 2011-2012 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.integration.splunk.event;
/**
* Splunk data entity
*
* @author Jarred Li
* @author Damien Dallimore damien@dtdsoftware.com
* @author David Turanski
* @since 1.0
*
*/
@SuppressWarnings("serial")
public class AcManagementEvent extends SplunkEvent {
/**
* Splunk Common Information Model(CIM) Fields
*/
// ------------------
// Account management
// ------------------
/**
* The domain containing the user that is affected by the account management
* event.
*/
public static String AC_MANAGEMENT_DEST_NT_DOMAIN = "dest_nt_domain";
/**
* Description of the account management change performed.
*/
public static String AC_MANAGEMENT_SIGNATURE = "signature";
/**
* The NT source of the destination. In the case of an account management
* event, this is the domain that contains the user that generated the
* event.
*/
public static String AC_MANAGEMENT_SRC_NT_DOMAIN = "src_nt_domain";
public void setAcManagementDestNtDomain(String acManagementDestNtDomain) {
addPair(AC_MANAGEMENT_DEST_NT_DOMAIN, acManagementDestNtDomain);
}
public void setAcManagementSignature(String acManagementSignature) {
addPair(AC_MANAGEMENT_SIGNATURE, acManagementSignature);
}
public void setAcManagementSrcNtDomain(String acManagementSrcNtDomain) {
addPair(AC_MANAGEMENT_SRC_NT_DOMAIN, acManagementSrcNtDomain);
}
}

View File

@@ -0,0 +1,84 @@
/*
* Copyright 2002-2013 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package org.springframework.integration.splunk.event;
/**
* @author David Turanski
*
*/
@SuppressWarnings("serial")
public class AuthEvent extends SplunkEvent {
// ----------------------------------
// Authentication - Access protection
// ----------------------------------
/**
* The action performed on the resource. success, failure
*/
public static String AUTH_ACTION = "action";
/**
* The application involved in the event (such as ssh, spunk, win:local).
*/
public static String AUTH_APP = "app";
/**
* The target involved in the authentication. If your field is named
* dest_host, dest_ip, dest_ipv6, or dest_nt_host you can alias it as dest
* to make it CIM-compliant.
*/
public static String AUTH_DEST = "dest";
/**
* The source involved in the authentication. In the case of endpoint
* protection authentication the src is the client. If your field is named
* src_host, src_ip, src_ipv6, or src_nt_host you can alias it as src to
* make it CIM-compliant.. It is required for all events dealing with
* endpoint protection (Authentication, change analysis, malware, system
* center, and update). Note: Do not confuse this with the event source or
* sourcetype fields.
*/
public static String AUTH_SRC = "src";
/**
* In privilege escalation events, src_user represents the user who
* initiated the privilege escalation.
*/
public static String AUTH_SRC_USER = "src_user";
/**
* The name of the user involved in the event, or who initiated the event.
* For authentication privilege escalation events this should represent the
* user targeted by the escalation.
*/
public static String AUTH_USER = "user";
public void setAuthApp(String authApp) {
addPair(AUTH_APP, authApp);
}
public void setAuthDest(String authDest) {
addPair(AUTH_DEST, authDest);
}
public void setAuthSrc(String authSrc) {
addPair(AUTH_SRC, authSrc);
}
public void setAuthSrcUser(String authSrcUser) {
addPair(AUTH_SRC_USER, authSrcUser);
}
public void setAuthUser(String authUser) {
addPair(AUTH_USER, authUser);
}
public void setAuthAction(String authAction) {
addPair(AUTH_ACTION, authAction);
}
}

View File

@@ -0,0 +1,95 @@
/*
* Copyright 2002-2013 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package org.springframework.integration.splunk.event;
/**
* @author David Turanski
*
*/
@SuppressWarnings("serial")
public class DnsEvent extends SplunkEvent {
// ----------------------------------
// DNS protocol
// ----------------------------------
/**
* The DNS domain that has been queried.
*/
public static String DNS_DEST_DOMAIN = "dest_domain";
/**
* The remote DNS resource record being acted upon.
*/
public static String DNS_DEST_RECORD = "dest_record";
/**
* The DNS zone that is being received by the slave as part of a zone
* transfer.
*/
public static String DNS_DEST_ZONE = "dest_zone";
/**
* The DNS resource record class.
*/
public static String DNS_RECORD_CLASS = "record_class";
/**
* The DNS resource record type.
*
* @see <a
* href="https://secure.wikimedia.org/wikipedia/en/wiki/List_of_DNS_record_types">see
* this Wikipedia article on DNS record types</a>
*/
public static String DNS_RECORD_TYPE = "record_type";
/**
* The local DNS domain that is being queried.
*/
public static String DNS_SRC_DOMAIN = "src_domain";
/**
* The local DNS resource record being acted upon.
*/
public static String DNS_SRC_RECORD = "src_record";
/**
* The DNS zone that is being transferred by the master as part of a zone
* transfer.
*/
public static String DNS_SRC_ZONE = "src_zone";
public void setDnsDestDomain(String dnsDestDomain) {
addPair(DNS_DEST_DOMAIN, dnsDestDomain);
}
public void setDnsDestRecord(String dnsDestRecord) {
addPair(DNS_DEST_RECORD, dnsDestRecord);
}
public void setDnsDestZone(String dnsDestZone) {
addPair(DNS_DEST_ZONE, dnsDestZone);
}
public void setDnsRecordClass(String dnsRecordClass) {
addPair(DNS_RECORD_CLASS, dnsRecordClass);
}
public void setDnsRecordType(String dnsRecordType) {
addPair(DNS_RECORD_TYPE, dnsRecordType);
}
public void setDnsSrcDomain(String dnsSrcDomain) {
addPair(DNS_SRC_DOMAIN, dnsSrcDomain);
}
public void setDnsSrcRecord(String dnsSrcRecord) {
addPair(DNS_SRC_RECORD, dnsSrcRecord);
}
public void setDnsSrcZone(String dnsSrcZone) {
addPair(DNS_SRC_ZONE, dnsSrcZone);
}
}

View File

@@ -0,0 +1,50 @@
/*
* Copyright 2002-2013 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package org.springframework.integration.splunk.event;
/**
* @author David Turanski
*
*/
@SuppressWarnings("serial")
public class EmailEvent extends SplunkEvent {
// ----------------------------------
// Email tracking
// ----------------------------------
/**
* The person to whom an email is sent.
*/
public static String EMAIL_RECIPIENT = "recipient";
/**
* The person responsible for sending an email.
*/
public static String EMAIL_SENDER = "sender";
/**
* The email subject line.
*/
public static String EMAIL_SUBJECT = "subject";
public void setEmailRecipient(String emailRecipient) {
addPair(EMAIL_RECIPIENT, emailRecipient);
}
public void setEmailSender(String emailSender) {
addPair(EMAIL_SENDER, emailSender);
}
public void setEmailSubject(String emailSubject) {
addPair(EMAIL_SUBJECT, emailSubject);
}
}

View File

@@ -0,0 +1,117 @@
/*
* Copyright 2002-2013 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package org.springframework.integration.splunk.event;
/**
* @author David Turanski
*
*/
@SuppressWarnings("serial")
public class EndpointProtectionEvent extends SplunkEvent {
// ----------------------------------
// Change analysis - Endpoint protection
// ----------------------------------
/**
* The action performed on the resource.
*/
public static String CHANGE_ENDPOINT_PROTECTION_ACTION = "action";
/**
* The type of change discovered in the change analysis event.
*/
public static String CHANGE_ENDPOINT_PROTECTION_CHANGE_TYPE = "change_type";
/**
* The host that was affected by the change. If your field is named
* dest_host,dest_ip,dest_ipv6, or dest_nt_host you can alias it as dest to
* make it CIM-compliant.
*/
public static String CHANGE_ENDPOINT_PROTECTION_DEST = "dest";
/**
* The hash signature of the modified resource.
*/
public static String CHANGE_ENDPOINT_PROTECTION_HASH = "hash";
/**
* The group ID of the modified resource.
*/
public static String CHANGE_ENDPOINT_PROTECTION_GID = "gid";
/**
* Indicates whether or not the modified resource is a directory.
*/
public static String CHANGE_ENDPOINT_PROTECTION_ISDR = "isdr";
/**
* The permissions mode of the modified resource.
*/
public static String CHANGE_ENDPOINT_PROTECTION_MODE = "mode";
/**
* The modification time of the modified resource.
*/
public static String CHANGE_ENDPOINT_PROTECTION_MODTIME = "modtime";
/**
* The file path of the modified resource.
*/
public static String CHANGE_ENDPOINT_PROTECTION_PATH = "path";
/**
* The size of the modified resource.
*/
public static String CHANGE_ENDPOINT_PROTECTION_SIZE = "size";
/**
* The user ID of the modified resource.
*/
public static String CHANGE_ENDPOINT_PROTECTION_UID = "uid";
public void setChangeEndpointProtectionAction(String changeEndpointProtectionAction) {
addPair(CHANGE_ENDPOINT_PROTECTION_ACTION, changeEndpointProtectionAction);
}
public void setChangeEndpointProtectionChangeType(String changeEndpointProtectionChangeType) {
addPair(CHANGE_ENDPOINT_PROTECTION_CHANGE_TYPE, changeEndpointProtectionChangeType);
}
public void setChangeEndpointProtectionDest(String changeEndpointProtectionDest) {
addPair(CHANGE_ENDPOINT_PROTECTION_DEST, changeEndpointProtectionDest);
}
public void setChangeEndpointProtectionHash(String changeEndpointProtectionHash) {
addPair(CHANGE_ENDPOINT_PROTECTION_HASH, changeEndpointProtectionHash);
}
public void setChangeEndpointProtectionGid(long changeEndpointProtectionGid) {
addPair(CHANGE_ENDPOINT_PROTECTION_GID, changeEndpointProtectionGid);
}
public void setChangeEndpointProtectionIsdr(boolean changeEndpointProtectionIsdr) {
addPair(CHANGE_ENDPOINT_PROTECTION_ISDR, changeEndpointProtectionIsdr);
}
public void setChangeEndpointProtectionMode(long changeEndpointProtectionMode) {
addPair(CHANGE_ENDPOINT_PROTECTION_MODE, changeEndpointProtectionMode);
}
public void setChangeEndpointProtectionModtime(String changeEndpointProtectionModtime) {
addPair(CHANGE_ENDPOINT_PROTECTION_MODTIME, changeEndpointProtectionModtime);
}
public void setChangeEndpointProtectionPath(String changeEndpointProtectionPath) {
addPair(CHANGE_ENDPOINT_PROTECTION_PATH, changeEndpointProtectionPath);
}
public void setChangeEndpointProtectionSize(long changeEndpointProtectionSize) {
addPair(CHANGE_ENDPOINT_PROTECTION_SIZE, changeEndpointProtectionSize);
}
public void setChangeEndpointProtectionUid(long changeEndpointProtectionUid) {
addPair(CHANGE_ENDPOINT_PROTECTION_UID, changeEndpointProtectionUid);
}
}

View File

@@ -0,0 +1,93 @@
/*
* Copyright 2002-2013 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package org.springframework.integration.splunk.event;
/**
* @author David Turanski
*
*/
@SuppressWarnings("serial")
public class FileEvent extends SplunkEvent {
// ----------------------------------
// File management
// ----------------------------------
/**
* The time the file (the object of the event) was accessed.
*/
public static String FILE_ACCESS_TIME = "file_access_time";
/**
* The time the file (the object of the event) was created.
*/
public static String FILE_CREATE_TIME = "file_create_time";
/**
* A cryptographic identifier assigned to the file object affected by the
* event.
*/
public static String FILE_HASH = "file_hash";
/**
* The time the file (the object of the event) was altered.
*/
public static String FILE_MODIFY_TIME = "file_modify_time";
/**
* The name of the file that is the object of the event (without location
* information related to local file or directory structure).
*/
public static String FILE_NAME = "file_name";
/**
* The location of the file that is the object of the event, in terms of
* local file and directory structure.
*/
public static String FILE_PATH = "file_path";
/**
* Access controls associated with the file affected by the event.
*/
public static String FILE_PERMISSION = "file_permission";
/**
* The size of the file that is the object of the event. Indicate whether
* Bytes, KB, MB, GB.
*/
public static String FILE_SIZE = "file_size";
public void setFileAccessTime(long fileAccessTime) {
addPair(FILE_ACCESS_TIME, fileAccessTime);
}
public void setFileCreateTime(long fileCreateTime) {
addPair(FILE_CREATE_TIME, fileCreateTime);
}
public void setFileHash(String fileHash) {
addPair(FILE_HASH, fileHash);
}
public void setFileModifyTime(long fileModifyTime) {
addPair(FILE_MODIFY_TIME, fileModifyTime);
}
public void setFileName(String fileName) {
addPair(FILE_NAME, fileName);
}
public void setFilePath(String filePath) {
addPair(FILE_PATH, filePath);
}
public void setFilePermission(String filePermission) {
addPair(FILE_PERMISSION, filePermission);
}
public void setFileSize(long fileSize) {
addPair(FILE_SIZE, fileSize);
}
}

View File

@@ -0,0 +1,126 @@
/*
* Copyright 2002-2013 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package org.springframework.integration.splunk.event;
/**
* @author David Turanski
*
*/
@SuppressWarnings("serial")
public class IntrusionDetectionEvent extends SplunkEvent {
// ----------------------------------
// Intrusion detection
// ----------------------------------
/**
* The category of the triggered signature.
*/
public static String INTRUSION_DETECTION_CATEGORY = "category";
/**
* The destination of the attack detected by the intrusion detection system
* (IDS). If your field is named dest_host, dest_ip, dest_ipv6, or
* dest_nt_host you can alias it as dest to make it CIM-compliant.
*/
public static String INTRUSION_DETECTION_DEST = "dest";
/**
* The device that detected the intrusion event.
*/
public static String INTRUSION_DETECTION_DVC = "dvc";
/**
* The type of IDS that generated the event.
*/
public static String INTRUSION_DETECTION_IDS_TYPE = "ids_type";
/**
* The product name of the vendor technology generating network protection
* data, such as IDP, Providentia, and ASA.
*
* Note: Required for all events dealing with network protection (Change
* analysis, proxy, malware, intrusion detection, packet filtering, and
* vulnerability).
*/
public static String INTRUSION_DETECTION_PRODUCT = "product";
/**
* The severity of the network protection event (such as critical, high,
* medium, low, or informational).
*
* Note: This field is a string. Please use a severity_id field for severity
* ID fields that are integer data types.
*/
public static String INTRUSION_DETECTION_SEVERITY = "severity";
/**
* The name of the intrusion detected on the client (the src), such as
* PlugAndPlay_BO and JavaScript_Obfuscation_Fre.
*/
public static String INTRUSION_DETECTION_SIGNATURE = "signature";
/**
* The source involved in the attack detected by the IDS. If your field is
* named src_host, src_ip, src_ipv6, or src_nt_host you can alias it as src
* to make it CIM-compliant.
*/
public static String INTRUSION_DETECTION_SRC = "src";
/**
* The user involved with the intrusion detection event.
*/
public static String INTRUSION_DETECTION_USER = "user";
/**
* The vendor technology used to generate network protection data, such as
* IDP, Providentia, and ASA.
*
* Note: Required for all events dealing with network protection (Change
* analysis, proxy, malware, intrusion detection, packet filtering, and
* vulnerability).
*/
public static String INTRUSION_DETECTION_VENDOR = "vendor";
public void setIntrusionDetectionCategory(String intrusionDetectionCategory) {
addPair(INTRUSION_DETECTION_CATEGORY, intrusionDetectionCategory);
}
public void setIntrusionDetectionDest(String intrusionDetectionDest) {
addPair(INTRUSION_DETECTION_DEST, intrusionDetectionDest);
}
public void setIntrusionDetectionDvc(String intrusionDetectionDvc) {
addPair(INTRUSION_DETECTION_DVC, intrusionDetectionDvc);
}
public void setIntrusionDetectionIdsType(String intrusionDetectionIdsType) {
addPair(INTRUSION_DETECTION_IDS_TYPE, intrusionDetectionIdsType);
}
public void setIntrusionDetectionProduct(String intrusionDetectionProduct) {
addPair(INTRUSION_DETECTION_PRODUCT, intrusionDetectionProduct);
}
public void setIntrusionDetectionSeverity(String intrusionDetectionSeverity) {
addPair(INTRUSION_DETECTION_SEVERITY, intrusionDetectionSeverity);
}
public void setIntrusionDetectionSignature(String intrusionDetectionSignature) {
addPair(INTRUSION_DETECTION_SIGNATURE, intrusionDetectionSignature);
}
public void setIntrusionDetectionSrc(String intrusionDetectionSrc) {
addPair(INTRUSION_DETECTION_SRC, intrusionDetectionSrc);
}
public void setIntrusionDetectionUser(String intrusionDetectionUser) {
addPair(INTRUSION_DETECTION_USER, intrusionDetectionUser);
}
public void setIntrusionDetectionVendor(String intrusionDetectionVendor) {
addPair(INTRUSION_DETECTION_VENDOR, intrusionDetectionVendor);
}
}

View File

@@ -0,0 +1,143 @@
/*
* Copyright 2002-2013 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package org.springframework.integration.splunk.event;
/**
* @author David Turanski
*
*/
@SuppressWarnings("serial")
public class MalwareEndpointProtectionEvent extends SplunkEvent {
// ----------------------------------
// Malware - Endpoint protection
// ----------------------------------
/**
* The outcome of the infection
*/
public static String MALWARE_ENDPOINT_PROTECTION_ACTION = "action";
/**
* The NT domain of the destination (the dest_bestmatch).
*/
public static String MALWARE_ENDPOINT_PROTECTION_DEST_NT_DOMAIN = "dest_nt_domain";
/**
* The cryptographic hash of the file associated with the malware event
* (such as the malicious or infected file).
*/
public static String MALWARE_ENDPOINT_PROTECTION_FILE_HASH = "file_hash";
/**
* The name of the file involved in the malware event (such as the infected
* or malicious file).
*/
public static String MALWARE_ENDPOINT_PROTECTION_FILE_NAME = "file_name";
/**
* The path of the file involved in the malware event (such as the infected
* or malicious file).
*/
public static String MALWARE_ENDPOINT_PROTECTION_FILE_PATH = "file_path";
/**
* The product name of the vendor technology (the vendor field) that is
* generating malware data (such as Antivirus or EPO).
*/
public static String MALWARE_ENDPOINT_PROTECTION_PRODUCT = "product";
/**
* The product version number of the vendor technology installed on the
* client (such as 10.4.3 or 11.0.2).
*/
public static String MALWARE_ENDPOINT_PROTECTION_PRODUCT_VERSION = "product_version";
/**
* The name of the malware infection detected on the client (the src), such
* as Trojan.Vundo,Spyware.Gaobot,W32.Nimbda).
*
* Note: This field is a string. Please use a signature_id field for
* signature ID fields that are integer data types.
*/
public static String MALWARE_ENDPOINT_PROTECTION_SIGNATURE = "signature";
/**
* The current signature definition set running on the client, such as
* 11hsvx)
*/
public static String MALWARE_ENDPOINT_PROTECTION_SIGNATURE_VERSION = "signature_version";
/**
* The target affected or infected by the malware. If your field is named
* dest_host, dest_ip, dest_ipv6, or dest_nt_host you can alias it as dest
* to make it CIM-compliant.
*/
public static String MALWARE_ENDPOINT_PROTECTION_DEST = "dest";
/**
* The NT domain of the source (the src).
*/
public static String MALWARE_ENDPOINT_PROTECTION_SRC_NT_DOMAIN = "src_nt_domain";
/**
* The name of the user involved in the malware event.
*/
public static String MALWARE_ENDPOINT_PROTECTION_USER = "user";
/**
* The name of the vendor technology generating malware data, such as
* Symantec or McAfee.
*/
public static String MALWARE_ENDPOINT_PROTECTION_VENDOR = "vendor";
public void setMalwareEndpointProtectionAction(String malwareEndpointProtectionAction) {
addPair(MALWARE_ENDPOINT_PROTECTION_ACTION, malwareEndpointProtectionAction);
}
public void setMalwareEndpointProtectionDestNtDomain(String malwareEndpointProtectionDestNtDomain) {
addPair(MALWARE_ENDPOINT_PROTECTION_DEST_NT_DOMAIN, malwareEndpointProtectionDestNtDomain);
}
public void setMalwareEndpointProtectionFileHash(String malwareEndpointProtectionFileHash) {
addPair(MALWARE_ENDPOINT_PROTECTION_FILE_HASH, malwareEndpointProtectionFileHash);
}
public void setMalwareEndpointProtectionFileName(String malwareEndpointProtectionFileName) {
addPair(MALWARE_ENDPOINT_PROTECTION_FILE_NAME, malwareEndpointProtectionFileName);
}
public void setMalwareEndpointProtectionFilePath(String malwareEndpointProtectionFilePath) {
addPair(MALWARE_ENDPOINT_PROTECTION_FILE_PATH, malwareEndpointProtectionFilePath);
}
public void setMalwareEndpointProtectionProduct(String malwareEndpointProtectionProduct) {
addPair(MALWARE_ENDPOINT_PROTECTION_PRODUCT, malwareEndpointProtectionProduct);
}
public void setMalwareEndpointProtectionProductVersion(String malwareEndpointProtectionProductVersion) {
addPair(MALWARE_ENDPOINT_PROTECTION_PRODUCT_VERSION, malwareEndpointProtectionProductVersion);
}
public void setMalwareEndpointProtectionSignature(String malwareEndpointProtectionSignature) {
addPair(MALWARE_ENDPOINT_PROTECTION_SIGNATURE, malwareEndpointProtectionSignature);
}
public void setMalwareEndpointProtectionSignatureVersion(String malwareEndpointProtectionSignatureVersion) {
addPair(MALWARE_ENDPOINT_PROTECTION_SIGNATURE_VERSION, malwareEndpointProtectionSignatureVersion);
}
public void setMalwareEndpointProtectionDest(String malwareEndpointProtectionDest) {
addPair(MALWARE_ENDPOINT_PROTECTION_DEST, malwareEndpointProtectionDest);
}
public void setMalwareEndpointProtectionSrcNtDomain(String malwareEndpointProtectionSrcNtDomain) {
addPair(MALWARE_ENDPOINT_PROTECTION_SRC_NT_DOMAIN, malwareEndpointProtectionSrcNtDomain);
}
public void setMalwareEndpointProtectionUser(String malwareEndpointProtectionUser) {
addPair(MALWARE_ENDPOINT_PROTECTION_USER, malwareEndpointProtectionUser);
}
public void setMalwareEndpointProtectionVendor(String malwareEndpointProtectionVendor) {
addPair(MALWARE_ENDPOINT_PROTECTION_VENDOR, malwareEndpointProtectionVendor);
}
}

View File

@@ -0,0 +1,64 @@
/*
* Copyright 2002-2013 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package org.springframework.integration.splunk.event;
/**
* @author David Turanski
*
*/
@SuppressWarnings("serial")
public class MalwareNetworkProtectionEvent extends SplunkEvent {
// ----------------------------------
// Malware - Network protection
// ----------------------------------
/**
* The product name of the vendor technology generating network protection
* data, such as IDP, Proventia, and ASA.
*
* Note: Required for all events dealing with network protection (Change
* analysis, proxy, malware, intrusion detection, packet filtering, and
* vulnerability).
*/
public static String MALWARE_NETWORK_PROTECTION_PRODUCT = "product";
/**
* The severity of the network protection event (such as critical, high,
* medium, low, or informational).
*
* Note: This field is a string. Please use a severity_id field for severity
* ID fields that are integer data types.
*/
public static String MALWARE_NETWORK_PROTECTION_SEVERITY = "severity";
/**
* The vendor technology used to generate network protection data, such as
* IDP, Proventia, and ASA.
*
* Note: Required for all events dealing with network protection (Change
* analysis, proxy, malware, intrusion detection, packet filtering, and
* vulnerability).
*/
public static String MALWARE_NETWORK_PROTECTION_VENDOR = "vendor";
public void setMalwareNetworkProtectionProduct(String malwareNetworkProtectionProduct) {
addPair(MALWARE_NETWORK_PROTECTION_PRODUCT, malwareNetworkProtectionProduct);
}
public void setMalwareNetworkProtectionSeverity(String malwareNetworkProtectionSeverity) {
addPair(MALWARE_NETWORK_PROTECTION_SEVERITY, malwareNetworkProtectionSeverity);
}
public void setMalwareNetworkProtectionVendor(String malwareNetworkProtectionVendor) {
addPair(MALWARE_NETWORK_PROTECTION_VENDOR, malwareNetworkProtectionVendor);
}
}

View File

@@ -0,0 +1,57 @@
/*
* Copyright 2002-2013 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package org.springframework.integration.splunk.event;
/**
* @author David Turanski
*
*/
@SuppressWarnings("serial")
public class NetworkProtectionEvent extends SplunkEvent {
// ----------------------------------
// Change analysis - Network protection
// ----------------------------------
/**
* The type of change observed.
*/
public static String CHANGE_NETWORK_PROTECTION_ACTION = "action";
/**
* The command that initiated the change.
*/
public static String CHANGE_NETWORK_PROTECTION_COMMAND = "command";
/**
* The device that is directly affected by the change.
*/
public static String CHANGE_NETWORK_PROTECTION_DVC = "dvc";
/**
* The user that initiated the change.
*/
public static String CHANGE_NETWORK_PROTECTION_USER = "user";
public void setChangeNetworkProtectionAction(String changeNetworkProtectionAction) {
addPair(CHANGE_NETWORK_PROTECTION_ACTION, changeNetworkProtectionAction);
}
public void setChangeNetworkProtectionCommand(String changeNetworkProtectionCommand) {
addPair(CHANGE_NETWORK_PROTECTION_COMMAND, changeNetworkProtectionCommand);
}
public void setChangeNetworkProtectionDvc(String changeNetworkProtectionDvc) {
addPair(CHANGE_NETWORK_PROTECTION_DVC, changeNetworkProtectionDvc);
}
public void setChangeNetworkProtectionUser(String changeNetworkProtectionUser) {
addPair(CHANGE_NETWORK_PROTECTION_USER, changeNetworkProtectionUser);
}
}

View File

@@ -0,0 +1,76 @@
/*
* Copyright 2002-2013 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package org.springframework.integration.splunk.event;
/**
* @author David Turanski
*
*/
@SuppressWarnings("serial")
public class NetworkTrafficEssEvent extends SplunkEvent {
// ----------------------------------
// Network traffic - ESS
// ----------------------------------
/**
* The action of the network traffic.
*/
public static String NETWORK_TRAFFIC_ESS_ACTION = "action";
/**
* The destination port of the network traffic.
*/
public static String NETWORK_TRAFFIC_ESS_DEST_PORT = "dest_port";
/**
* The product name of the vendor technology generating NetworkProtection
* data, such as IDP, Proventia, and ASA.
*
* Note: Required for all events dealing with network protection (Change
* analysis, proxy, malware, intrusion detection, packet filtering, and
* vulnerability).
*/
public static String NETWORK_TRAFFIC_ESS_PRODUCT = "product";
/**
* The source port of the network traffic.
*/
public static String NETWORK_TRAFFIC_ESS_SRC_PORT = "src_port";
/**
* The vendor technology used to generate NetworkProtection data, such as
* IDP, Proventia, and ASA.
*
* Note: Required for all events dealing with network protection (Change
* analysis, proxy, malware, intrusion detection, packet filtering, and
* vulnerability).
*/
public static String NETWORK_TRAFFIC_ESS_VENDOR = "vendor";
public void setNetworkTrafficEssAction(String networkTrafficEssAction) {
addPair(NETWORK_TRAFFIC_ESS_ACTION, networkTrafficEssAction);
}
public void setNetworkTrafficEssDestPort(int networkTrafficEssDestPort) {
addPair(NETWORK_TRAFFIC_ESS_DEST_PORT, networkTrafficEssDestPort);
}
public void setNetworkTrafficEssProduct(String networkTrafficEssProduct) {
addPair(NETWORK_TRAFFIC_ESS_PRODUCT, networkTrafficEssProduct);
}
public void setNetworkTrafficEssSrcPort(int networkTrafficEssSrcPort) {
addPair(NETWORK_TRAFFIC_ESS_SRC_PORT, networkTrafficEssSrcPort);
}
public void setNetworkTrafficEssVendor(String networkTrafficEssVendor) {
addPair(NETWORK_TRAFFIC_ESS_VENDOR, networkTrafficEssVendor);
}
}

View File

@@ -0,0 +1,438 @@
/*
* Copyright 2002-2013 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package org.springframework.integration.splunk.event;
/**
* @author David Turanski
*
*/
@SuppressWarnings("serial")
public class NetworkTrafficGenericEvent extends SplunkEvent {
// ----------------------------------
// Network traffic - Generic
// ----------------------------------
/**
* The ISO layer 7 (application layer) protocol, such as HTTP, HTTPS, SSH,
* and IMAP.
*/
public static String NETWORK_TRAFFIC_GENERIC_APP_LAYER = "app_layer";
/**
* How many bytes this device/interface received.
*/
public static String NETWORK_TRAFFIC_GENERIC_BYTES_IN = "bytes_in";
/**
* How many bytes this device/interface transmitted.
*/
public static String NETWORK_TRAFFIC_GENERIC_BYTES_OUT = "bytes_out";
/**
* 802.11 channel number used by a wireless network.
*/
public static String NETWORK_TRAFFIC_GENERIC_CHANNEL = "channel";
/**
* The Common Vulnerabilities and Exposures (CVE) reference value.
*/
public static String NETWORK_TRAFFIC_GENERIC_CVE = "cve";
/**
* The destination application being targeted.
*/
public static String NETWORK_TRAFFIC_GENERIC_DEST_APP = "dest_app";
/**
* The destination command and control service channel.
*/
public static String NETWORK_TRAFFIC_GENERIC_DEST_CNC_CHANNEL = "dest_cnc_channel";
/**
* The destination command and control service name.
*/
public static String NETWORK_TRAFFIC_GENERIC_DEST_CNC_NAME = "dest_cnc_name";
/**
* The destination command and control service port.
*/
public static String NETWORK_TRAFFIC_GENERIC_DEST_CNC_PORT = "dest_cnc_port";
/**
* The country associated with a packet's recipient.
*/
public static String NETWORK_TRAFFIC_GENERIC_DEST_COUNTRY = "dest_country";
/**
* The fully qualified host name of a packet's recipient. For HTTP sessions,
* this is the host header.
*/
public static String NETWORK_TRAFFIC_GENERIC_DEST_HOST = "dest_host";
/**
* The interface that is listening remotely or receiving packets locally.
*/
public static String NETWORK_TRAFFIC_GENERIC_DEST_INT = "dest_int";
/**
* The IPv4 address of a packet's recipient.
*/
public static String NETWORK_TRAFFIC_GENERIC_DEST_IP = "dest_ip";
/**
* The IPv6 address of a packet's recipient.
*/
public static String NETWORK_TRAFFIC_GENERIC_DEST_IPV6 = "dest_ipv6";
/**
* The (physical) latitude of a packet's destination.
*/
public static String NETWORK_TRAFFIC_GENERIC_DEST_LAT = "dest_lat";
/**
* The (physical) longitude of a packet's destination.
*/
public static String NETWORK_TRAFFIC_GENERIC_DEST_LONG = "dest_long";
/**
* The destination TCP/IP layer 2 Media Access Control (MAC) address of a
* packet's destination.
*/
public static String NETWORK_TRAFFIC_GENERIC_DEST_MAC = "dest_mac";
/**
* The Windows NT domain containing a packet's destination.
*/
public static String NETWORK_TRAFFIC_GENERIC_DEST_NT_DOMAIN = "dest_nt_domain";
/**
* The Windows NT host name of a packet's destination.
*/
public static String NETWORK_TRAFFIC_GENERIC_DEST_NT_HOST = "dest_nt_host";
/**
* TCP/IP port to which a packet is being sent.
*/
public static String NETWORK_TRAFFIC_GENERIC_DEST_PORT = "dest_port";
/**
* The NATed IPv4 address to which a packet has been sent.
*/
public static String NETWORK_TRAFFIC_GENERIC_DEST_TRANSLATED_IP = "dest_translated_ip";
/**
* The NATed port to which a packet has been sent.
*/
public static String NETWORK_TRAFFIC_GENERIC_DEST_TRANSLATED_PORT = "dest_translated_port";
/**
* The numbered Internet Protocol version.
*/
public static String NETWORK_TRAFFIC_GENERIC_IP_VERSION = "ip_version";
/**
* The network interface through which a packet was transmitted.
*/
public static String NETWORK_TRAFFIC_GENERIC_OUTBOUND_INTERFACE = "outbound_interface";
/**
* How many packets this device/interface received.
*/
public static String NETWORK_TRAFFIC_GENERIC_PACKETS_IN = "packets_in";
/**
* How many packets this device/interface transmitted.
*/
public static String NETWORK_TRAFFIC_GENERIC_PACKETS_OUT = "packets_out";
/**
* The OSI layer 3 (Network Layer) protocol, such as IPv4/IPv6, ICMP, IPsec,
* IGMP or RIP.
*/
public static String NETWORK_TRAFFIC_GENERIC_PROTO = "proto";
/**
* The session identifier. Multiple transactions build a session.
*/
public static String NETWORK_TRAFFIC_GENERIC_SESSION_ID = "session_id";
/**
* The 802.11 service set identifier (ssid) assigned to a wireless session.
*/
public static String NETWORK_TRAFFIC_GENERIC_SSID = "ssid";
/**
* The country from which the packet was sent.
*/
public static String NETWORK_TRAFFIC_GENERIC_SRC_COUNTRY = "src_country";
/**
* The fully qualified host name of the system that transmitted the packet.
* For Web logs, this is the HTTP client.
*/
public static String NETWORK_TRAFFIC_GENERIC_SRC_HOST = "src_host";
/**
* The interface that is listening locally or sending packets remotely.
*/
public static String NETWORK_TRAFFIC_GENERIC_SRC_INT = "src_int";
/**
* The IPv4 address of the packet's source. For Web logs, this is the http
* client.
*/
public static String NETWORK_TRAFFIC_GENERIC_SRC_IP = "src_ip";
/**
* The IPv6 address of the packet's source.
*/
public static String NETWORK_TRAFFIC_GENERIC_SRC_IPV6 = "src_ipv6";
/**
* The (physical) latitude of the packet's source.
*/
public static String NETWORK_TRAFFIC_GENERIC_SRC_LAT = "src_lat";
/**
* The (physical) longitude of the packet's source.
*/
public static String NETWORK_TRAFFIC_GENERIC_SRC_LONG = "src_long";
/**
* The Media Access Control (MAC) address from which a packet was
* transmitted.
*/
public static String NETWORK_TRAFFIC_GENERIC_SRC_MAC = "src_mac";
/**
* The Windows NT domain containing the machines that generated the event.
*/
public static String NETWORK_TRAFFIC_GENERIC_SRC_NT_DOMAIN = "src_nt_domain";
/**
* The Windows NT hostname of the system that generated the event.
*/
public static String NETWORK_TRAFFIC_GENERIC_SRC_NT_HOST = "src_nt_host";
/**
* The network port from which a packet originated.
*/
public static String NETWORK_TRAFFIC_GENERIC_SRC_PORT = "src_port";
/**
* The NATed IPv4 address from which a packet has been sent.
*/
public static String NETWORK_TRAFFIC_GENERIC_SRC_TRANSLATED_IP = "src_translated_ip";
/**
* The NATed network port from which a packet has been sent.
*/
public static String NETWORK_TRAFFIC_GENERIC_SRC_TRANSLATED_PORT = "src_translated_port";
/**
* The application, process, or OS subsystem that generated the event.
*/
public static String NETWORK_TRAFFIC_GENERIC_SYSLOG_ID = "syslog_id";
/**
* The criticality of an event, as recorded by UNIX syslog.
*/
public static String NETWORK_TRAFFIC_GENERIC_SYSLOG_PRIORITY = "syslog_priority";
/**
* The TCP flag(s) specified in the event.
*/
public static String NETWORK_TRAFFIC_GENERIC_TCP_FLAG = "tcp_flag";
/**
* The hex bit that specifies TCP 'type of service'
*
* @see <a href="http://en.wikipedia.org/wiki/Type_of_Service">Type of
* Service</a>
*/
public static String NETWORK_TRAFFIC_GENERIC_TOS = "tos";
/**
* The transport protocol.
*/
public static String NETWORK_TRAFFIC_GENERIC_TRANSPORT = "transport";
/**
* The "time to live" of a packet or datagram.
*/
public static String NETWORK_TRAFFIC_GENERIC_TTL = "ttl";
/**
* The numeric identifier assigned to the virtual local area network (VLAN)
* specified in the record.
*/
public static String NETWORK_TRAFFIC_GENERIC_VLAN_ID = "vlan_id";
/**
* The name assigned to the virtual local area network (VLAN) specified in
* the record.
*/
public static String NETWORK_TRAFFIC_GENERIC_VLAN_NAME = "vlan_name";
public void setNetworkTrafficGenericAppLayer(String networkTrafficGenericAppLayer) {
addPair(NETWORK_TRAFFIC_GENERIC_APP_LAYER, networkTrafficGenericAppLayer);
}
public void setNetworkTrafficGenericBytesIn(long networkTrafficGenericBytesIn) {
addPair(NETWORK_TRAFFIC_GENERIC_BYTES_IN, networkTrafficGenericBytesIn);
}
public void setNetworkTrafficGenericBytesOut(long networkTrafficGenericBytesOut) {
addPair(NETWORK_TRAFFIC_GENERIC_BYTES_OUT, networkTrafficGenericBytesOut);
}
public void setNetworkTrafficGenericChannel(String networkTrafficGenericChannel) {
addPair(NETWORK_TRAFFIC_GENERIC_CHANNEL, networkTrafficGenericChannel);
}
public void setNetworkTrafficGenericCve(String networkTrafficGenericCve) {
addPair(NETWORK_TRAFFIC_GENERIC_CVE, networkTrafficGenericCve);
}
public void setNetworkTrafficGenericDestApp(String networkTrafficGenericDestApp) {
addPair(NETWORK_TRAFFIC_GENERIC_DEST_APP, networkTrafficGenericDestApp);
}
public void setNetworkTrafficGenericDestCncChannel(String networkTrafficGenericDestCncChannel) {
addPair(NETWORK_TRAFFIC_GENERIC_DEST_CNC_CHANNEL, networkTrafficGenericDestCncChannel);
}
public void setNetworkTrafficGenericDestCncName(String networkTrafficGenericDestCncName) {
addPair(NETWORK_TRAFFIC_GENERIC_DEST_CNC_NAME, networkTrafficGenericDestCncName);
}
public void setNetworkTrafficGenericDestCncPort(String networkTrafficGenericDestCncPort) {
addPair(NETWORK_TRAFFIC_GENERIC_DEST_CNC_PORT, networkTrafficGenericDestCncPort);
}
public void setNetworkTrafficGenericDestCountry(String networkTrafficGenericDestCountry) {
addPair(NETWORK_TRAFFIC_GENERIC_DEST_COUNTRY, networkTrafficGenericDestCountry);
}
public void setNetworkTrafficGenericDestHost(String networkTrafficGenericDestHost) {
addPair(NETWORK_TRAFFIC_GENERIC_DEST_HOST, networkTrafficGenericDestHost);
}
public void setNetworkTrafficGenericDestInt(String networkTrafficGenericDestInt) {
addPair(NETWORK_TRAFFIC_GENERIC_DEST_INT, networkTrafficGenericDestInt);
}
public void setNetworkTrafficGenericDestIp(String networkTrafficGenericDestIp) {
addPair(NETWORK_TRAFFIC_GENERIC_DEST_IP, networkTrafficGenericDestIp);
}
public void setNetworkTrafficGenericDestIpv6(String networkTrafficGenericDestIpv6) {
addPair(NETWORK_TRAFFIC_GENERIC_DEST_IPV6, networkTrafficGenericDestIpv6);
}
public void setNetworkTrafficGenericDestLat(int networkTrafficGenericDestLat) {
addPair(NETWORK_TRAFFIC_GENERIC_DEST_LAT, networkTrafficGenericDestLat);
}
public void setNetworkTrafficGenericDestLong(int networkTrafficGenericDestLong) {
addPair(NETWORK_TRAFFIC_GENERIC_DEST_LONG, networkTrafficGenericDestLong);
}
public void setNetworkTrafficGenericDestMac(String networkTrafficGenericDestMac) {
addPair(NETWORK_TRAFFIC_GENERIC_DEST_MAC, networkTrafficGenericDestMac);
}
public void setNetworkTrafficGenericDestNtDomain(String networkTrafficGenericDestNtDomain) {
addPair(NETWORK_TRAFFIC_GENERIC_DEST_NT_DOMAIN, networkTrafficGenericDestNtDomain);
}
public void setNetworkTrafficGenericDestNtHost(String networkTrafficGenericDestNtHost) {
addPair(NETWORK_TRAFFIC_GENERIC_DEST_NT_HOST, networkTrafficGenericDestNtHost);
}
public void setNetworkTrafficGenericDestPort(int networkTrafficGenericDestPort) {
addPair(NETWORK_TRAFFIC_GENERIC_DEST_PORT, networkTrafficGenericDestPort);
}
public void setNetworkTrafficGenericDestTranslatedIp(String networkTrafficGenericDestTranslatedIp) {
addPair(NETWORK_TRAFFIC_GENERIC_DEST_TRANSLATED_IP, networkTrafficGenericDestTranslatedIp);
}
public void setNetworkTrafficGenericDestTranslatedPort(int networkTrafficGenericDestTranslatedPort) {
addPair(NETWORK_TRAFFIC_GENERIC_DEST_TRANSLATED_PORT, networkTrafficGenericDestTranslatedPort);
}
public void setNetworkTrafficGenericIpVersion(int networkTrafficGenericIpVersion) {
addPair(NETWORK_TRAFFIC_GENERIC_IP_VERSION, networkTrafficGenericIpVersion);
}
public void setNetworkTrafficGenericOutboundInterface(String networkTrafficGenericOutboundInterface) {
addPair(NETWORK_TRAFFIC_GENERIC_OUTBOUND_INTERFACE, networkTrafficGenericOutboundInterface);
}
public void setNetworkTrafficGenericPacketsIn(long networkTrafficGenericPacketsIn) {
addPair(NETWORK_TRAFFIC_GENERIC_PACKETS_IN, networkTrafficGenericPacketsIn);
}
public void setNetworkTrafficGenericPacketsOut(long networkTrafficGenericPacketsOut) {
addPair(NETWORK_TRAFFIC_GENERIC_PACKETS_OUT, networkTrafficGenericPacketsOut);
}
public void setNetworkTrafficGenericProto(String networkTrafficGenericProto) {
addPair(NETWORK_TRAFFIC_GENERIC_PROTO, networkTrafficGenericProto);
}
public void setNetworkTrafficGenericSessionId(String networkTrafficGenericSessionId) {
addPair(NETWORK_TRAFFIC_GENERIC_SESSION_ID, networkTrafficGenericSessionId);
}
public void setNetworkTrafficGenericSsid(String networkTrafficGenericSsid) {
addPair(NETWORK_TRAFFIC_GENERIC_SSID, networkTrafficGenericSsid);
}
public void setNetworkTrafficGenericSrcCountry(String networkTrafficGenericSrcCountry) {
addPair(NETWORK_TRAFFIC_GENERIC_SRC_COUNTRY, networkTrafficGenericSrcCountry);
}
public void setNetworkTrafficGenericSrcHost(String networkTrafficGenericSrcHost) {
addPair(NETWORK_TRAFFIC_GENERIC_SRC_HOST, networkTrafficGenericSrcHost);
}
public void setNetworkTrafficGenericSrcInt(String networkTrafficGenericSrcInt) {
addPair(NETWORK_TRAFFIC_GENERIC_SRC_INT, networkTrafficGenericSrcInt);
}
public void setNetworkTrafficGenericSrcIp(String networkTrafficGenericSrcIp) {
addPair(NETWORK_TRAFFIC_GENERIC_SRC_IP, networkTrafficGenericSrcIp);
}
public void setNetworkTrafficGenericSrcIpv6(String networkTrafficGenericSrcIpv6) {
addPair(NETWORK_TRAFFIC_GENERIC_SRC_IPV6, networkTrafficGenericSrcIpv6);
}
public void setNetworkTrafficGenericSrcLat(int networkTrafficGenericSrcLat) {
addPair(NETWORK_TRAFFIC_GENERIC_SRC_LAT, networkTrafficGenericSrcLat);
}
public void setNetworkTrafficGenericSrcLong(int networkTrafficGenericSrcLong) {
addPair(NETWORK_TRAFFIC_GENERIC_SRC_LONG, networkTrafficGenericSrcLong);
}
public void setNetworkTrafficGenericSrcMac(String networkTrafficGenericSrcMac) {
addPair(NETWORK_TRAFFIC_GENERIC_SRC_MAC, networkTrafficGenericSrcMac);
}
public void setNetworkTrafficGenericSrcNtDomain(String networkTrafficGenericSrcNtDomain) {
addPair(NETWORK_TRAFFIC_GENERIC_SRC_NT_DOMAIN, networkTrafficGenericSrcNtDomain);
}
public void setNetworkTrafficGenericSrcNtHost(String networkTrafficGenericSrcNtHost) {
addPair(NETWORK_TRAFFIC_GENERIC_SRC_NT_HOST, networkTrafficGenericSrcNtHost);
}
public void setNetworkTrafficGenericSrcPort(int networkTrafficGenericSrcPort) {
addPair(NETWORK_TRAFFIC_GENERIC_SRC_PORT, networkTrafficGenericSrcPort);
}
public void setNetworkTrafficGenericSrcTranslatedIp(String networkTrafficGenericSrcTranslatedIp) {
addPair(NETWORK_TRAFFIC_GENERIC_SRC_TRANSLATED_IP, networkTrafficGenericSrcTranslatedIp);
}
public void setNetworkTrafficGenericSrcTranslatedPort(int networkTrafficGenericSrcTranslatedPort) {
addPair(NETWORK_TRAFFIC_GENERIC_SRC_TRANSLATED_PORT, networkTrafficGenericSrcTranslatedPort);
}
public void setNetworkTrafficGenericSyslogId(String networkTrafficGenericSyslogId) {
addPair(NETWORK_TRAFFIC_GENERIC_SYSLOG_ID, networkTrafficGenericSyslogId);
}
public void setNetworkTrafficGenericSyslogPriority(String networkTrafficGenericSyslogPriority) {
addPair(NETWORK_TRAFFIC_GENERIC_SYSLOG_PRIORITY, networkTrafficGenericSyslogPriority);
}
public void setNetworkTrafficGenericTcpFlag(String networkTrafficGenericTcpFlag) {
addPair(NETWORK_TRAFFIC_GENERIC_TCP_FLAG, networkTrafficGenericTcpFlag);
}
public void setNetworkTrafficGenericTos(String networkTrafficGenericTos) {
addPair(NETWORK_TRAFFIC_GENERIC_TOS, networkTrafficGenericTos);
}
public void setNetworkTrafficGenericTransport(String networkTrafficGenericTransport) {
addPair(NETWORK_TRAFFIC_GENERIC_TRANSPORT, networkTrafficGenericTransport);
}
public void setNetworkTrafficGenericTtl(int networkTrafficGenericTtl) {
addPair(NETWORK_TRAFFIC_GENERIC_TTL, networkTrafficGenericTtl);
}
public void setNetworkTrafficGenericVlanId(long networkTrafficGenericVlanId) {
addPair(NETWORK_TRAFFIC_GENERIC_VLAN_ID, networkTrafficGenericVlanId);
}
public void setNetworkTrafficGenericVlanName(String networkTrafficGenericVlanName) {
addPair(NETWORK_TRAFFIC_GENERIC_VLAN_NAME, networkTrafficGenericVlanName);
}
}

View File

@@ -0,0 +1,75 @@
/*
* Copyright 2002-2013 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package org.springframework.integration.splunk.event;
/**
* @author David Turanski
*
*/
@SuppressWarnings("serial")
public class PacketFilterEvent extends SplunkEvent {
// ----------------------------------
// Packet filtering
// ----------------------------------
/**
* The action the filtering device (the dvc_bestmatch field) performed on
* the communication.
*/
public static String PACKET_FILTERING_ACTION = "action";
/**
* The IP port of the packet's destination, such as 22.
*/
public static String PACKET_FILTERING_DEST_PORT = "dest_port";
/**
* The direction the packet is traveling.
*/
public static String PACKET_FILTERING_DIRECTION = "direction";
/**
* The name of the packet filtering device. If your field is named dvc_host,
* dvc_ip, or dvc_nt_host you can alias it as dvc to make it CIM-compliant.
*/
public static String PACKET_FILTERING_DVC = "dvc";
/**
* The rule which took action on the packet, such as 143.
*/
public static String PACKET_FILTERING_RULE = "rule";
/**
* The IP port of the packet's source, such as 34541.
*/
public static String PACKET_FILTERING_SVC_PORT = "svc_port";
public void setPacketFilteringAction(String packetFilteringAction) {
addPair(PACKET_FILTERING_ACTION, packetFilteringAction);
}
public void setPacketFilteringDestPort(int packetFilteringDestPort) {
addPair(PACKET_FILTERING_DEST_PORT, packetFilteringDestPort);
}
public void setPacketFilteringDirection(String packetFilteringDirection) {
addPair(PACKET_FILTERING_DIRECTION, packetFilteringDirection);
}
public void setPacketFilteringDvc(String packetFilteringDvc) {
addPair(PACKET_FILTERING_DVC, packetFilteringDvc);
}
public void setPacketFilteringRule(String packetFilteringRule) {
addPair(PACKET_FILTERING_RULE, packetFilteringRule);
}
public void setPacketFilteringSvcPort(int packetFilteringSvcPort) {
addPair(PACKET_FILTERING_SVC_PORT, packetFilteringSvcPort);
}
}

View File

@@ -0,0 +1,133 @@
/*
* Copyright 2002-2013 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package org.springframework.integration.splunk.event;
/**
* @author David Turanski
*
*/
@SuppressWarnings("serial")
public class ProxyEvent extends SplunkEvent {
// ----------------------------------
// Proxy
// ----------------------------------
/**
* The action taken by the proxy.
*/
public static String PROXY_ACTION = "action";
/**
* The destination of the network traffic (the remote host).
*/
public static String PROXY_DEST = "dest";
/**
* The content-type of the requested HTTP resource.
*/
public static String PROXY_HTTP_CONTENT_TYPE = "http_content_type";
/**
* The HTTP method used to request the resource.
*/
public static String PROXY_HTTP_METHOD = "http_method";
/**
* The HTTP referrer used to request the HTTP resource.
*/
public static String PROXY_HTTP_REFER = "http_refer";
/**
* The HTTP response code.
*/
public static String PROXY_HTTP_RESPONSE = "http_response";
/**
* The user agent used to request the HTTP resource.
*/
public static String PROXY_HTTP_USER_AGENT = "http_user_agent";
/**
* The product name of the vendor technology generating Network Protection
* data, such as IDP, Providentia, and ASA.
*/
public static String PROXY_PRODUCT = "product";
/**
* The source of the network traffic (the client requesting the connection).
*/
public static String PROXY_SRC = "src";
/**
* The HTTP response code indicating the status of the proxy request.
*/
public static String PROXY_STATUS = "status";
/**
* The user that requested the HTTP resource.
*/
public static String PROXY_USER = "user";
/**
* The URL of the requested HTTP resource.
*/
public static String PROXY_URL = "url";
/**
* The vendor technology generating Network Protection data, such as IDP,
* Providentia, and ASA.
*/
public static String PROXY_VENDOR = "vendor";
public void setProxyAction(String proxyAction) {
addPair(PROXY_ACTION, proxyAction);
}
public void setProxyDest(String proxyDest) {
addPair(PROXY_DEST, proxyDest);
}
public void setProxyHttpContentType(String proxyHttpContentType) {
addPair(PROXY_HTTP_CONTENT_TYPE, proxyHttpContentType);
}
public void setProxyHttpMethod(String proxyHttpMethod) {
addPair(PROXY_HTTP_METHOD, proxyHttpMethod);
}
public void setProxyHttpRefer(String proxyHttpRefer) {
addPair(PROXY_HTTP_REFER, proxyHttpRefer);
}
public void setProxyHttpResponse(int proxyHttpResponse) {
addPair(PROXY_HTTP_RESPONSE, proxyHttpResponse);
}
public void setProxyHttpUserAgent(String proxyHttpUserAgent) {
addPair(PROXY_HTTP_USER_AGENT, proxyHttpUserAgent);
}
public void setProxyProduct(String proxyProduct) {
addPair(PROXY_PRODUCT, proxyProduct);
}
public void setProxySrc(String proxySrc) {
addPair(PROXY_SRC, proxySrc);
}
public void setProxyStatus(int proxyStatus) {
addPair(PROXY_STATUS, proxyStatus);
}
public void setProxyUser(String proxyUser) {
addPair(PROXY_USER, proxyUser);
}
public void setProxyUrl(String proxyUrl) {
addPair(PROXY_URL, proxyUrl);
}
public void setProxyVendor(String proxyVendor) {
addPair(PROXY_VENDOR, proxyVendor);
}
}

View File

@@ -0,0 +1,567 @@
/*
* Copyright 2011-2012 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.integration.splunk.event;
import java.io.Serializable;
import java.util.Date;
import java.util.Map;
import org.apache.commons.lang.time.FastDateFormat;
/**
* Splunk data entity
*
* @author Jarred Li
* @author Damien Dallimore damien@dtdsoftware.com
* @since 1.0
*
*/
@SuppressWarnings("serial")
public class SplunkEvent implements Serializable {
private Map<String, String> eventData;
/**
* Contents of the event message
*/
private StringBuffer eventMessage;
/**
* Whether or not to put quotes around values
*/
protected boolean quoteValues = true;
/**
* Whether or not to add a date to the event string
*/
protected boolean useInternalDate = true;
/**
* default key value delimiter
*/
protected static final String KVDELIM = "=";
/**
* default pair delimiter
*/
protected static final String PAIRDELIM = " ";
/**
* default quote char
*/
protected static final char QUOTE = '"';
/**
* default date format is using internal generated date
*/
protected static final String DATEFORMATPATTERN = "yyyy-MM-dd HH:mm:ss:SSSZ";
/**
* Date Formatter instance
*/
protected static FastDateFormat DATEFORMATTER = FastDateFormat.getInstance(DATEFORMATPATTERN);
/**
* Event prefix fields
*/
protected static final String PREFIX_NAME = "name";
protected static final String PREFIX_EVENT_ID = "event_id";
/**
* Java Throwable type fields
*/
protected static final String THROWABLE_CLASS = "throwable_class";
protected static final String THROWABLE_MESSAGE = "throwable_message";
protected static final String THROWABLE_STACKTRACE_ELEMENTS = "stacktrace_elements";
protected static final String LINEBREAK = "\n";
// ----------------------------------
// Common event fields
// ----------------------------------
/**
* A device-specific classification provided as part of the event.
*/
public static String COMMON_CATEGORY = "category";
/**
* A device-specific classification provided as part of the event.
*/
public static String COMMON_COUNT = "count";
/**
* The free-form description of a particular event.
*/
public static String COMMON_DESC = "desc";
/**
* The name of a given DHCP pool on a DHCP server.
*/
public static String COMMON_DHCP_POOL = "dhcp_pool";
/**
* The amount of time the event lasted.
*/
public static String COMMON_DURATION = "duration";
/**
* The fully qualified domain name of the device transmitting or recording
* the log record.
*/
public static String COMMON_DVC_HOST = "dvc_host";
/**
* The IPv4 address of the device reporting the event.
*/
public static String COMMON_DVC_IP = "dvc_ip";
/**
* The IPv6 address of the device reporting the event.
*/
public static String COMMON_DVC_IP6 = "dvc_ip6";
/**
* The free-form description of the device's physical location.
*/
public static String COMMON_DVC_LOCATION = "dvc_location";
/**
* The MAC (layer 2) address of the device reporting the event.
*/
public static String COMMON_DVC_MAC = "dvc_mac";
/**
* The Windows NT domain of the device recording or transmitting the event.
*/
public static String COMMON_DVC_NT_DOMAIN = "dvc_nt_domain";
/**
* The Windows NT host name of the device recording or transmitting the
* event.
*/
public static String COMMON_DVC_NT_HOST = "dvc_nt_host";
/**
* Time at which the device recorded the event.
*/
public static String COMMON_DVC_TIME = "dvc_time";
/**
* The event's specified end time.
*/
public static String COMMON_END_TIME = "end_time";
/**
* A unique identifier that identifies the event. This is unique to the
* reporting device.
*/
public static String COMMON_EVENT_ID = "event_id";
/**
* The length of the datagram, event, message, or packet.
*/
public static String COMMON_LENGTH = "length";
/**
* The log-level that was set on the device and recorded in the event.
*/
public static String COMMON_LOG_LEVEL = "log_level";
/**
* The name of the event as reported by the device. The name should not
* contain information that's already being parsed into other fields from
* the event, such as IP addresses.
*/
public static String COMMON_NAME = "name";
/**
* An integer assigned by the device operating system to the process
* creating the record.
*/
public static String COMMON_PID = "pid";
/**
* An environment-specific assessment of the event's importance, based on
* elements such as event severity, business function of the affected
* system, or other locally defined variables.
*/
public static String COMMON_PRIORITY = "priority";
/**
* The product that generated the event.
*/
public static String COMMON_PRODUCT = "product";
/**
* The version of the product that generated the event.
*/
public static String COMMON_PRODUCT_VERSION = "product_version";
/**
* The result root cause, such as connection refused, timeout, crash, and so
* on.
*/
public static String COMMON_REASON = "reason";
/**
* The action result. Often is a binary choice: succeeded and failed,
* allowed and denied, and so on.
*/
public static String COMMON_RESULT = "result";
/**
* The severity (or priority) of an event as reported by the originating
* device.
*/
public static String COMMON_SEVERITY = "severity";
/**
* The event's specified start time.
*/
public static String COMMON_START_TIME = "start_time";
/**
* The transaction identifier.
*/
public static String COMMON_TRANSACTION_ID = "transaction_id";
/**
* A uniform record locator (a web address, in other words) included in a
* record.
*/
public static String COMMON_URL = "url";
/**
* The vendor who made the product that generated the event.
*/
public static String COMMON_VENDOR = "vendor";
// ----------------------------------
// Update
// ----------------------------------
/**
* The name of the installed update.
*/
public static String UPDATE_PACKAGE = "package";
public SplunkEvent(Map<String, String> data) {
this.eventMessage = new StringBuffer();
this.eventData = data;
for (String key : data.keySet()) {
this.addPair(key, data.get(key));
}
}
/**
* Constructor.
*
* @param eventName
* the event name
* @param eventID
* the event id
* @param useInternalDate
* Whether or not to add a date to the event string
* @param quoteValues
* Whether or not to put quotes around values
*/
public SplunkEvent(String eventName, String eventID, boolean useInternalDate, boolean quoteValues) {
this.eventMessage = new StringBuffer();
this.quoteValues = quoteValues;
this.useInternalDate = useInternalDate;
addPair(PREFIX_NAME, eventName);
addPair(PREFIX_EVENT_ID, eventID);
}
/**
* Constructor.Will add internally generated date and put quotes around
* values.
*
* @param eventName
* the event name
* @param eventID
* the event ID
*/
public SplunkEvent(String eventName, String eventID) {
this(eventName, eventID, true, true);
}
/**
* Default constructor
*/
public SplunkEvent() {
this.eventMessage = new StringBuffer();
}
/**
* Simple shallow cloning method
*/
public SplunkEvent clone() {
SplunkEvent clone = new SplunkEvent();
clone.quoteValues = this.quoteValues;
clone.useInternalDate = this.useInternalDate;
clone.eventMessage.append(this.eventMessage);
return clone;
}
public Map<String, String> getEventData() {
return eventData;
}
/**
* Add a key value pair
*
* @param key
* @param value
*/
public void addPair(String key, char value) {
addPair(key, String.valueOf(value));
}
/**
* Add a key value pair
*
* @param key
* @param value
*/
public void addPair(String key, boolean value) {
addPair(key, String.valueOf(value));
}
/**
* Add a key value pair
*
* @param key
* @param value
*/
public void addPair(String key, double value) {
addPair(key, String.valueOf(value));
}
/**
* Add a key value pair
*
* @param key
* @param value
*/
public void addPair(String key, long value) {
addPair(key, String.valueOf(value));
}
/**
* Add a key value pair
*
* @param key
* @param value
*/
public void addPair(String key, int value) {
addPair(key, String.valueOf(value));
}
/**
* Add a key value pair
*
* @param key
* @param value
*/
public void addPair(String key, Object value) {
addPair(key, value.toString());
}
/**
* Utility method for formatting Throwable,Error,Exception objects in a more
* linear and Splunk friendly manner than printStackTrace
*
* @param throwable
* the Throwable object to add to the event
*/
public void addThrowable(Throwable throwable) {
addThrowableObject(throwable, -1);
}
/**
* Utility method for formatting Throwable,Error,Exception objects in a more
* linear and Splunk friendly manner than printStackTrace
*
* @param throwable
* the Throwable object to add to the event
* @param stackTraceDepth
* maximum number of stacktrace elements to log
*/
public void addThrowable(Throwable throwable, int stackTraceDepth) {
addThrowableObject(throwable, stackTraceDepth);
}
/**
* Internal private method for formatting Throwable,Error,Exception objects
* in a more linear and Splunk friendly manner than printStackTrace
*
* @param throwable
* the Throwable object to add to the event
* @param stackTraceDepth
* maximum number of stacktrace elements to log, -1 for all
*/
private void addThrowableObject(Throwable throwable, int stackTraceDepth) {
addPair(THROWABLE_CLASS, throwable.getClass().getCanonicalName());
addPair(THROWABLE_MESSAGE, throwable.getMessage());
StackTraceElement[] elements = throwable.getStackTrace();
StringBuffer sb = new StringBuffer();
int depth = 0;
for (StackTraceElement element : elements) {
depth++;
if (stackTraceDepth == -1 || stackTraceDepth >= depth)
sb.append(element.toString()).append(",");
else
break;
}
addPair(THROWABLE_STACKTRACE_ELEMENTS, sb.toString());
}
/**
* Add a key value pair
*
* @param key
* @param value
*/
public void addPair(String key, String value) {
if (quoteValues)
this.eventMessage.append(key).append(KVDELIM).append(QUOTE).append(value).append(QUOTE).append(PAIRDELIM);
else
this.eventMessage.append(key).append(KVDELIM).append(value).append(PAIRDELIM);
}
@Override
/**
* return the completed event message
*/
public String toString() {
String event = "";
if (useInternalDate) {
StringBuffer clonedMessage = new StringBuffer();
clonedMessage.append(DATEFORMATTER.format(new Date())).append(PAIRDELIM).append(this.eventMessage);
event = clonedMessage.toString();
}
else
event = eventMessage.toString();
// trim off trailing pair delim char(s)
String result = event.substring(0, event.length() - PAIRDELIM.length()) + LINEBREAK;
return result;
}
public void setCommonCategory(String commonCategory) {
addPair(COMMON_CATEGORY, commonCategory);
}
public void setCommonCount(String commonCount) {
addPair(COMMON_COUNT, commonCount);
}
public void setCommonDesc(String commonDesc) {
addPair(COMMON_DESC, commonDesc);
}
public void setCommonDhcpPool(String commonDhcpPool) {
addPair(COMMON_DHCP_POOL, commonDhcpPool);
}
public void setCommonDuration(long commonDuration) {
addPair(COMMON_DURATION, commonDuration);
}
public void setCommonDvcHost(String commonDvcHost) {
addPair(COMMON_DVC_HOST, commonDvcHost);
}
public void setCommonDvcIp(String commonDvcIp) {
addPair(COMMON_DVC_IP, commonDvcIp);
}
public void setCommonDvcIp6(String commonDvcIp6) {
addPair(COMMON_DVC_IP6, commonDvcIp6);
}
public void setCommonDvcLocation(String commonDvcLocation) {
addPair(COMMON_DVC_LOCATION, commonDvcLocation);
}
public void setCommonDvcMac(String commonDvcMac) {
addPair(COMMON_DVC_MAC, commonDvcMac);
}
public void setCommonDvcNtDomain(String commonDvcNtDomain) {
addPair(COMMON_DVC_NT_DOMAIN, commonDvcNtDomain);
}
public void setCommonDvcNtHost(String commonDvcNtHost) {
addPair(COMMON_DVC_NT_HOST, commonDvcNtHost);
}
public void setCommonDvcTime(long commonDvcTime) {
addPair(COMMON_DVC_TIME, commonDvcTime);
}
public void setCommonEndTime(long commonEndTime) {
addPair(COMMON_END_TIME, commonEndTime);
}
public void setCommonEventId(long commonEventId) {
addPair(COMMON_EVENT_ID, commonEventId);
}
public void setCommonLength(long commonLength) {
addPair(COMMON_LENGTH, commonLength);
}
public void setCommonLogLevel(String commonLogLevel) {
addPair(COMMON_LOG_LEVEL, commonLogLevel);
}
public void setCommonName(String commonName) {
addPair(COMMON_NAME, commonName);
}
public void setCommonPid(long commonPid) {
addPair(COMMON_PID, commonPid);
}
public void setCommonPriority(long commonPriority) {
addPair(COMMON_PRIORITY, commonPriority);
}
public void setCommonProduct(String commonProduct) {
addPair(COMMON_PRODUCT, commonProduct);
}
public void setCommonProductVersion(long commonProductVersion) {
addPair(COMMON_PRODUCT_VERSION, commonProductVersion);
}
public void setCommonReason(String commonReason) {
addPair(COMMON_REASON, commonReason);
}
public void setCommonResult(String commonResult) {
addPair(COMMON_RESULT, commonResult);
}
public void setCommonSeverity(String commonSeverity) {
addPair(COMMON_SEVERITY, commonSeverity);
}
public void setCommonStartTime(long commonStartTime) {
addPair(COMMON_START_TIME, commonStartTime);
}
public void setCommonTransactionId(String commonTransactionId) {
addPair(COMMON_TRANSACTION_ID, commonTransactionId);
}
public void setCommonUrl(String commonUrl) {
addPair(COMMON_URL, commonUrl);
}
public void setCommonVendor(String commonVendor) {
addPair(COMMON_VENDOR, commonVendor);
}
public void setUpdatePackage(String updatePackage) {
addPair(UPDATE_PACKAGE, updatePackage);
}
}

View File

@@ -0,0 +1,184 @@
/*
* Copyright 2002-2013 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package org.springframework.integration.splunk.event;
/**
* @author David Turanski
*
*/
@SuppressWarnings("serial")
public class SystemCenterEvent extends SplunkEvent {
// ----------------------------------
// System center
// ----------------------------------
/**
* The running application or service on the system (the src field), such as
* explorer.exe or sshd.
*/
public static String SYSTEM_CENTER_APP = "app";
/**
* The amount of disk space available per drive or mount (the mount field)
* on the system (the src field).
*/
public static String SYSTEM_CENTER_FREEMBYTES = "FreeMBytes";
/**
* The version of operating system installed on the host (the src field),
* such as 6.0.1.4 or 2.6.27.30-170.2.82.fc10.x86_64.
*/
public static String SYSTEM_CENTER_KERNEL_RELEASE = "kernel_release";
/**
* Human-readable version of the SystemUptime value.
*/
public static String SYSTEM_CENTER_LABEL = "label";
/**
* The drive or mount reporting available disk space (the FreeMBytes field)
* on the system (the src field).
*/
public static String SYSTEM_CENTER_MOUNT = "mount";
/**
* The name of the operating system installed on the host (the src), such as
* Microsoft Windows Server 2003 or GNU/Linux).
*/
public static String SYSTEM_CENTER_OS = "os";
/**
* The percentage of processor utilization.
*/
public static String SYSTEM_CENTER_PERCENTPROCESSORTIME = "PercentProcessorTime";
/**
* The setlocaldefs setting from the SE Linux configuration.
*/
public static String SYSTEM_CENTER_SETLOCALDEFS = "setlocaldefs";
/**
* Values from the SE Linux configuration file.
*/
public static String SYSTEM_CENTER_SELINUX = "selinux";
/**
* The SE Linux type (such as targeted).
*/
public static String SYSTEM_CENTER_SELINUXTYPE = "selinuxtype";
/**
* The shell provided to the User Account (the user field) upon logging into
* the system (the src field).
*/
public static String SYSTEM_CENTER_SHELL = "shell";
/**
* The TCP/UDP source port on the system (the src field).
*/
public static String SYSTEM_CENTER_SRC_PORT = "src_port";
/**
* The sshd protocol version.
*/
public static String SYSTEM_CENTER_SSHD_PROTOCOL = "sshd_protocol";
/**
* The start mode of the given service.
*/
public static String SYSTEM_CENTER_STARTMODE = "Startmode";
/**
* The number of seconds since the system (the src) has been "up."
*/
public static String SYSTEM_CENTER_SYSTEMUPTIME = "SystemUptime";
/**
* The total amount of available memory on the system (the src).
*/
public static String SYSTEM_CENTER_TOTALMBYTES = "TotalMBytes";
/**
* The amount of used memory on the system (the src).
*/
public static String SYSTEM_CENTER_USEDMBYTES = "UsedMBytes";
/**
* The User Account present on the system (the src).
*/
public static String SYSTEM_CENTER_USER = "user";
/**
* The number of updates the system (the src) is missing.
*/
public static String SYSTEM_CENTER_UPDATES = "updates";
public void setSystemCenterApp(String systemCenterApp) {
addPair(SYSTEM_CENTER_APP, systemCenterApp);
}
public void setSystemCenterFreembytes(long systemCenterFreembytes) {
addPair(SYSTEM_CENTER_FREEMBYTES, systemCenterFreembytes);
}
public void setSystemCenterKernelRelease(String systemCenterKernelRelease) {
addPair(SYSTEM_CENTER_KERNEL_RELEASE, systemCenterKernelRelease);
}
public void setSystemCenterLabel(String systemCenterLabel) {
addPair(SYSTEM_CENTER_LABEL, systemCenterLabel);
}
public void setSystemCenterMount(String systemCenterMount) {
addPair(SYSTEM_CENTER_MOUNT, systemCenterMount);
}
public void setSystemCenterOs(String systemCenterOs) {
addPair(SYSTEM_CENTER_OS, systemCenterOs);
}
public void setSystemCenterPercentprocessortime(int systemCenterPercentprocessortime) {
addPair(SYSTEM_CENTER_PERCENTPROCESSORTIME, systemCenterPercentprocessortime);
}
public void setSystemCenterSetlocaldefs(int systemCenterSetlocaldefs) {
addPair(SYSTEM_CENTER_SETLOCALDEFS, systemCenterSetlocaldefs);
}
public void setSystemCenterSelinux(String systemCenterSelinux) {
addPair(SYSTEM_CENTER_SELINUX, systemCenterSelinux);
}
public void setSystemCenterSelinuxtype(String systemCenterSelinuxtype) {
addPair(SYSTEM_CENTER_SELINUXTYPE, systemCenterSelinuxtype);
}
public void setSystemCenterShell(String systemCenterShell) {
addPair(SYSTEM_CENTER_SHELL, systemCenterShell);
}
public void setSystemCenterSrcPort(int systemCenterSrcPort) {
addPair(SYSTEM_CENTER_SRC_PORT, systemCenterSrcPort);
}
public void setSystemCenterSshdProtocol(String systemCenterSshdProtocol) {
addPair(SYSTEM_CENTER_SSHD_PROTOCOL, systemCenterSshdProtocol);
}
public void setSystemCenterStartmode(String systemCenterStartmode) {
addPair(SYSTEM_CENTER_STARTMODE, systemCenterStartmode);
}
public void setSystemCenterSystemuptime(long systemCenterSystemuptime) {
addPair(SYSTEM_CENTER_SYSTEMUPTIME, systemCenterSystemuptime);
}
public void setSystemCenterTotalmbytes(long systemCenterTotalmbytes) {
addPair(SYSTEM_CENTER_TOTALMBYTES, systemCenterTotalmbytes);
}
public void setSystemCenterUsedmbytes(long systemCenterUsedmbytes) {
addPair(SYSTEM_CENTER_USEDMBYTES, systemCenterUsedmbytes);
}
public void setSystemCenterUser(String systemCenterUser) {
addPair(SYSTEM_CENTER_USER, systemCenterUser);
}
public void setSystemCenterUpdates(long systemCenterUpdates) {
addPair(SYSTEM_CENTER_UPDATES, systemCenterUpdates);
}
}

View File

@@ -0,0 +1,55 @@
/*
* Copyright 2002-2013 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package org.springframework.integration.splunk.event;
/**
* @author David Turanski
*
*/
@SuppressWarnings("serial")
public class TrafficEvent extends SplunkEvent {
// ----------------------------------
// Traffic
// ----------------------------------
/**
* The destination of the network traffic. If your field is named dest_host,
* dest_ip, dest_ipv6, or dest_nt_host you can alias it as dest to make it
* CIM-compliant.
*/
public static String TRAFFIC_DEST = "dest";
/**
* The name of the packet filtering device. If your field is named dvc_host,
* dvc_ip, or dvc_nt_host you can alias it as dvc to make it CIM-compliant.
*/
public static String TRAFFIC_DVC = "dvc";
/**
* The source of the network traffic. If your field is named src_host,
* src_ip, src_ipv6, or src_nt_host you can alias it as src to make it
* CIM-compliant.
*/
public static String TRAFFIC_SRC = "src";
public void setTrafficDest(String trafficDest) {
addPair(TRAFFIC_DEST, trafficDest);
}
public void setTrafficDvc(String trafficDvc) {
addPair(TRAFFIC_DVC, trafficDvc);
}
public void setTrafficSrc(String trafficSrc) {
addPair(TRAFFIC_SRC, trafficSrc);
}
}

View File

@@ -0,0 +1,134 @@
/*
* Copyright 2002-2013 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package org.springframework.integration.splunk.event;
/**
* @author David Turanski
*
*/
@SuppressWarnings("serial")
public class UserInfoUpdateEvent extends SplunkEvent {
// ----------------------------------
// User information updates
// ----------------------------------
/**
* A user that has been affected by a change. For example, user fflanda
* changed the name of user rhallen, so affected_user=rhallen.
*/
public static String USER_INFO_UPDATES_AFFECTED_USER = "affected_user";
/**
* The user group affected by a change.
*/
public static String USER_INFO_UPDATES_AFFECTED_USER_GROUP = "affected_user_group";
/**
* The identifier of the user group affected by a change.
*/
public static String USER_INFO_UPDATES_AFFECTED_USER_GROUP_ID = "affected_user_group_id";
/**
* The identifier of the user affected by a change.
*/
public static String USER_INFO_UPDATES_AFFECTED_USER_ID = "affected_user_id";
/**
* The security context associated with the user affected by a change.
*/
public static String USER_INFO_UPDATES_AFFECTED_USER_PRIVILEGE = "affected_user_privilege";
/**
* The name of the user affected by the recorded event.
*/
public static String USER_INFO_UPDATES_USER = "user";
/**
* A user group that is the object of an event, expressed in human-readable
* terms.
*/
public static String USER_INFO_UPDATES_USER_GROUP = "user_group";
/**
* The numeric identifier assigned to the user group event object.
*/
public static String USER_INFO_UPDATES_USER_GROUP_ID = "user_group_id";
/**
* The system-assigned identifier for the user affected by an event.
*/
public static String USER_INFO_UPDATES_USER_ID = "user_id";
/**
* The security context associated with the object of an event (the affected
* user).
*/
public static String USER_INFO_UPDATES_USER_PRIVILEGE = "user_privilege";
/**
* The name of the user that is the subject of an event--the user executing
* the action, in other words.
*/
public static String USER_INFO_UPDATES_USER_SUBJECT = "user_subject";
/**
* The ID number of the user that is the subject of an event.
*/
public static String USER_INFO_UPDATES_USER_SUBJECT_ID = "user_subject_id";
/**
* The security context associated with the subject of an event (the user
* causing a change).
*/
public static String USER_INFO_UPDATES_USER_SUBJECT_PRIVILEGE = "user_subject_privilege";
public void setUserInfoUpdatesAffectedUser(String userInfoUpdatesAffectedUser) {
addPair(USER_INFO_UPDATES_AFFECTED_USER, userInfoUpdatesAffectedUser);
}
public void setUserInfoUpdatesAffectedUserGroup(String userInfoUpdatesAffectedUserGroup) {
addPair(USER_INFO_UPDATES_AFFECTED_USER_GROUP, userInfoUpdatesAffectedUserGroup);
}
public void setUserInfoUpdatesAffectedUserGroupId(int userInfoUpdatesAffectedUserGroupId) {
addPair(USER_INFO_UPDATES_AFFECTED_USER_GROUP_ID, userInfoUpdatesAffectedUserGroupId);
}
public void setUserInfoUpdatesAffectedUserId(int userInfoUpdatesAffectedUserId) {
addPair(USER_INFO_UPDATES_AFFECTED_USER_ID, userInfoUpdatesAffectedUserId);
}
public void setUserInfoUpdatesAffectedUserPrivilege(String userInfoUpdatesAffectedUserPrivilege) {
addPair(USER_INFO_UPDATES_AFFECTED_USER_PRIVILEGE, userInfoUpdatesAffectedUserPrivilege);
}
public void setUserInfoUpdatesUser(String userInfoUpdatesUser) {
addPair(USER_INFO_UPDATES_USER, userInfoUpdatesUser);
}
public void setUserInfoUpdatesUserGroup(String userInfoUpdatesUserGroup) {
addPair(USER_INFO_UPDATES_USER_GROUP, userInfoUpdatesUserGroup);
}
public void setUserInfoUpdatesUserGroupId(int userInfoUpdatesUserGroupId) {
addPair(USER_INFO_UPDATES_USER_GROUP_ID, userInfoUpdatesUserGroupId);
}
public void setUserInfoUpdatesUserId(int userInfoUpdatesUserId) {
addPair(USER_INFO_UPDATES_USER_ID, userInfoUpdatesUserId);
}
public void setUserInfoUpdatesUserPrivilege(String userInfoUpdatesUserPrivilege) {
addPair(USER_INFO_UPDATES_USER_PRIVILEGE, userInfoUpdatesUserPrivilege);
}
public void setUserInfoUpdatesUserSubject(String userInfoUpdatesUserSubject) {
addPair(USER_INFO_UPDATES_USER_SUBJECT, userInfoUpdatesUserSubject);
}
public void setUserInfoUpdatesUserSubjectId(int userInfoUpdatesUserSubjectId) {
addPair(USER_INFO_UPDATES_USER_SUBJECT_ID, userInfoUpdatesUserSubjectId);
}
public void setUserInfoUpdatesUserSubjectPrivilege(String userInfoUpdatesUserSubjectPrivilege) {
addPair(USER_INFO_UPDATES_USER_SUBJECT_PRIVILEGE, userInfoUpdatesUserSubjectPrivilege);
}
}

View File

@@ -0,0 +1,70 @@
/*
* Copyright 2002-2013 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package org.springframework.integration.splunk.event;
/**
* @author David Turanski
*
*/
@SuppressWarnings("serial")
public class VulnerabilityEvent extends SplunkEvent {
// ----------------------------------
// Vulnerability
// ----------------------------------
/**
* The category of the discovered vulnerability.
*/
public static String VULNERABILITY_CATEGORY = "category";
/**
* The host with the discovered vulnerability. If your field is named
* dest_host, dest_ip, dest_ipv6, or dest_nt_host you can alias it as dest
* to make it CIM-compliant.
*/
public static String VULNERABILITY_DEST = "dest";
/**
* The operating system of the host containing the vulnerability detected on
* the client (the src field), such as SuSE Security Update, or cups
* security update.
*/
public static String VULNERABILITY_OS = "os";
/**
* The severity of the discovered vulnerability.
*/
public static String VULNERABILITY_SEVERITY = "severity";
/**
* The name of the vulnerability detected on the client (the src field),
* such as SuSE Security Update, or cups security update.
*/
public static String VULNERABILITY_SIGNATURE = "signature";
public void setVulnerabilityCategory(String vulnerabilityCategory) {
addPair(VULNERABILITY_CATEGORY, vulnerabilityCategory);
}
public void setVulnerabilityDest(String vulnerabilityDest) {
addPair(VULNERABILITY_DEST, vulnerabilityDest);
}
public void setVulnerabilityOs(String vulnerabilityOs) {
addPair(VULNERABILITY_OS, vulnerabilityOs);
}
public void setVulnerabilitySeverity(String vulnerabilitySeverity) {
addPair(VULNERABILITY_SEVERITY, vulnerabilitySeverity);
}
public void setVulnerabilitySignature(String vulnerabilitySignature) {
addPair(VULNERABILITY_SIGNATURE, vulnerabilitySignature);
}
}

View File

@@ -0,0 +1,49 @@
/*
* Copyright 2002-2013 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package org.springframework.integration.splunk.event;
/**
* @author David Turanski
*
*/
@SuppressWarnings("serial")
public class WindowsAdminEvent extends SplunkEvent {
// ----------------------------------
// Windows administration
// ----------------------------------
/**
* The object name (associated only with Windows).
*/
public static String WINDOWS_ADMIN_OBJECT_NAME = "object_name";
/**
* The object type (associated only with Windows).
*/
public static String WINDOWS_ADMIN_OBJECT_TYPE = "object_type";
/**
* The object handle (associated only with Windows).
*/
public static String WINDOWS_ADMIN_OBJECT_HANDLE = "object_handle";
public void setWindowsAdminObjectName(String windowsAdminObjectName) {
addPair(WINDOWS_ADMIN_OBJECT_NAME, windowsAdminObjectName);
}
public void setWindowsAdminObjectType(String windowsAdminObjectType) {
addPair(WINDOWS_ADMIN_OBJECT_TYPE, windowsAdminObjectType);
}
public void setWindowsAdminObjectHandle(String windowsAdminObjectHandle) {
addPair(WINDOWS_ADMIN_OBJECT_HANDLE, windowsAdminObjectHandle);
}
}

View File

@@ -20,7 +20,7 @@ import java.util.List;
import org.springframework.integration.Message;
import org.springframework.integration.context.IntegrationObjectSupport;
import org.springframework.integration.core.MessageSource;
import org.springframework.integration.splunk.entity.SplunkData;
import org.springframework.integration.splunk.event.SplunkEvent;
import org.springframework.integration.splunk.support.SplunkExecutor;
import org.springframework.integration.support.MessageBuilder;
import org.springframework.util.Assert;
@@ -32,7 +32,7 @@ import org.springframework.util.Assert;
* @since 1.0
*
*/
public class SplunkPollingChannelAdapter extends IntegrationObjectSupport implements MessageSource<List<SplunkData>> {
public class SplunkPollingChannelAdapter extends IntegrationObjectSupport implements MessageSource<List<SplunkEvent>> {
private final SplunkExecutor splunkExecutor;
@@ -62,8 +62,8 @@ public class SplunkPollingChannelAdapter extends IntegrationObjectSupport implem
* If {@link SplunkExecutor#poll()} returns null, this method will return
* <code>null</code>. Otherwise, a new {@link Message} is constructed and returned.
*/
public Message<List<SplunkData>> receive() {
List<SplunkData> payload = splunkExecutor.poll();
public Message<List<SplunkEvent>> receive() {
List<SplunkEvent> payload = splunkExecutor.poll();
if (payload == null) {
return null;
}

View File

@@ -0,0 +1,166 @@
/*
* Copyright 2011-2012 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.integration.splunk.support;
import java.io.IOException;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.io.Writer;
import java.net.Socket;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.context.SmartLifecycle;
import org.springframework.integration.splunk.core.Connection;
import org.springframework.integration.splunk.core.ConnectionFactory;
import org.springframework.integration.splunk.core.DataWriter;
import org.springframework.integration.splunk.event.SplunkEvent;
import org.springframework.util.Assert;
import com.splunk.Args;
import com.splunk.Service;
/**
* Base class for {@link DataWriter}s to write data into Splunk.
*
* @author Jarred Li
* @author David Turanski
* @since 1.0
*
*/
public abstract class AbstractSplunkDataWriter implements DataWriter, SmartLifecycle {
protected final Log logger = LogFactory.getLog(getClass());
protected ConnectionFactory<Service> connectionFactory;
protected Socket socket;
protected Service service;
protected Args args;
private boolean running;
private int phase;
private boolean autoStartup = true;
protected AbstractSplunkDataWriter(ConnectionFactory<Service> connectionFactory, Args args) {
Assert.notNull(connectionFactory,"connectionFactory cannot be null");
this.connectionFactory = connectionFactory;
Assert.notNull(args, "args cannot be null");
this.args = args;
}
public void write(SplunkEvent event) throws Exception {
if (logger.isDebugEnabled()) {
logger.debug("writing event to splunk:" + event);
}
doWrite(event, socket, service, args);
}
protected void doWrite(SplunkEvent event, Socket socket, Service service, Args args) throws IOException {
OutputStream ostream = socket.getOutputStream();
Writer writer = new OutputStreamWriter(ostream, "UTF8");
writer.write(event.toString());
writer.flush();
}
protected abstract Socket createSocket(Service service) throws IOException;
public Args getArgs() {
return args;
}
/* (non-Javadoc)
* @see org.springframework.context.Lifecycle#start()
*/
public synchronized void start() {
try {
Connection<Service> connection = connectionFactory.getConnection();
this.service = connection.getTarget();
socket = createSocket(service);
} catch (Exception e) {
throw new RuntimeException(e);
}
this.running = true;
}
/* (non-Javadoc)
* @see org.springframework.context.Lifecycle#stop()
*/
public synchronized void stop() {
if (!running) {
return;
}
try {
if (socket != null) {
socket.close();
}
connectionFactory.getConnection().close();
} catch (Exception e) {
throw new RuntimeException(e);
}
this.running = false;
}
/* (non-Javadoc)
* @see org.springframework.context.Lifecycle#isRunning()
*/
public boolean isRunning() {
return this.running;
}
/* (non-Javadoc)
* @see org.springframework.context.Phased#getPhase()
*/
public int getPhase() {
return this.phase;
}
public void setPhase(int phase) {
this.phase = phase;
}
/* (non-Javadoc)
* @see org.springframework.context.SmartLifecycle#isAutoStartup()
*/
public boolean isAutoStartup() {
return this.autoStartup;
}
public void setAutoStartup(boolean autoStartup) {
this.autoStartup = autoStartup;
}
/* (non-Javadoc)
* @see org.springframework.context.SmartLifecycle#stop(java.lang.Runnable)
*/
public synchronized void stop(Runnable callback) {
this.stop();
callback.run();
}
}

View File

@@ -0,0 +1,79 @@
/*
* Copyright 2002-2013 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package org.springframework.integration.splunk.support;
import com.splunk.Args;
/**
* Build {@link Args} instance. Supports method chaining
* @author David Turanski
*
*/
public class ArgsBuilder {
private String sourceType;
private String source;
private String host;
private String hostRegex;
public Args build() {
Args args = new Args();
if (sourceType != null) {
args.put("sourcetype", sourceType);
}
if (source != null) {
args.put("source", source);
}
if (host != null) {
args.put("host", host);
}
if (hostRegex != null) {
args.put("host_regex", hostRegex);
}
return args;
}
/**
* @param sourceType the sourceType to set
*/
public ArgsBuilder setSourceType(String sourceType) {
this.sourceType = sourceType;
return this;
}
/**
* @param source the source to set
*/
public ArgsBuilder setSource(String source) {
this.source = source;
return this;
}
/**
* @param host the host to set
*/
public ArgsBuilder setHost(String host) {
this.host = host;
return this;
}
/**
* @param hostRegex the hostRegex to set
*/
public ArgsBuilder setHostRegex(String hostRegex) {
this.hostRegex = hostRegex;
return this;
}
}

View File

@@ -1,31 +0,0 @@
/*
* Copyright 2011-2012 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.integration.splunk.support;
/**
* Method of pushing data into Splunk.
*
* Stream: Establish a connection, keep it open, and stream events until the connection is closed.Better for high volume input.
* Tcp: Create raw socket and send event data into the socket
* Submit: Send event data into Splunk with HTTP REST api
*
* @author Jarred Li
* @since 1.0
*
*/
public enum IngestType {
STREAM, TCP, SUBMIT;
}

View File

@@ -0,0 +1,75 @@
/*
* Copyright 2002-2013 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package org.springframework.integration.splunk.support;
import org.springframework.beans.factory.FactoryBean;
import com.splunk.Args;
/**
* {@link FactoryBean} that wraps {@link ArgsBuilder}
* @author David Turanski
*
*/
public class SplunkArgsFactoryBean implements FactoryBean<Args> {
private ArgsBuilder argsBuilder = new ArgsBuilder();
/* (non-Javadoc)
* @see org.springframework.beans.factory.FactoryBean#getObject()
*/
public Args getObject() throws Exception {
return argsBuilder.build();
}
/* (non-Javadoc)
* @see org.springframework.beans.factory.FactoryBean#getObjectType()
*/
public Class<?> getObjectType() {
return Args.class;
}
/* (non-Javadoc)
* @see org.springframework.beans.factory.FactoryBean#isSingleton()
*/
public boolean isSingleton() {
return true;
}
/**
* @param host the host to set
*/
public void setHost(String host) {
this.argsBuilder.setHost(host);
}
/**
* @param hostRegex the hostRegex to set
*/
public void setHostRegex(String hostRegex) {
this.argsBuilder.setHostRegex(hostRegex);
}
/**
* @param sourceType the sourceType to set
*/
public void setSourceType(String sourceType) {
this.argsBuilder.setSourceType(sourceType);
}
/**
* @param source the source to set
*/
public void setSource(String source) {
this.argsBuilder.setSource(source);
}
}

View File

@@ -17,9 +17,13 @@ package org.springframework.integration.splunk.support;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.Callable;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.Future;
import java.util.concurrent.TimeUnit;
import org.springframework.integration.splunk.core.Connection;
import org.springframework.integration.splunk.entity.SplunkServer;
import com.splunk.Service;
@@ -33,9 +37,10 @@ import com.splunk.Service;
public class SplunkConnection implements Connection<Service> {
private Service service;
public SplunkConnection(SplunkServer splunkServer) {
Map<String, Object> args = new HashMap<String, Object>();
final Map<String, Object> args = new HashMap<String, Object>();
if (splunkServer.getHost() != null) {
args.put("host", splunkServer.getHost());
}
@@ -52,9 +57,28 @@ public class SplunkConnection implements Connection<Service> {
args.put("owner", splunkServer.getOwner());
}
args.put("username", splunkServer.getUserName());
args.put("username", splunkServer.getUsername());
args.put("password", splunkServer.getPassword());
service = Service.connect(args);
ExecutorService executor = Executors.newSingleThreadExecutor();
Future<Service> future = executor.submit(new Callable<Service>(){
public Service call() throws Exception {
return Service.connect(args);
}
});
try {
if (splunkServer.getTimeout() > 0) {
service = future.get(splunkServer.getTimeout(),TimeUnit.MILLISECONDS);
} else {
service = future.get();
}
} catch (Exception e) {
throw new RuntimeException(String.format("could not connect to Splunk Server @ %s:%d - %s",
splunkServer.getHost(),splunkServer.getPort(),e.getMessage()));
}
}
/* (non-Javadoc)
@@ -76,6 +100,7 @@ public class SplunkConnection implements Connection<Service> {
}
return result;
}
/* (non-Javadoc)
* @see org.springframework.integration.splunk.core.IService#getService()

View File

@@ -1,5 +1,5 @@
/*
* Copyright 2011-2012 the original author or authors.
* Copyright 2011-2013 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -17,7 +17,6 @@ package org.springframework.integration.splunk.support;
import org.springframework.integration.splunk.core.Connection;
import org.springframework.integration.splunk.core.ConnectionFactory;
import org.springframework.integration.splunk.entity.SplunkServer;
import com.splunk.Service;
@@ -25,13 +24,14 @@ import com.splunk.Service;
* Factory to create Splunk connection.
*
* @author Jarred Li
* @author David Turanski
* @since 1.0
*
*/
public class SplunkConnectionFactory implements ConnectionFactory<Service> {
private SplunkServer splunkServer;
private SplunkConnection connection;
public SplunkConnectionFactory(SplunkServer server) {
this.splunkServer = server;
}
@@ -39,8 +39,11 @@ public class SplunkConnectionFactory implements ConnectionFactory<Service> {
/* (non-Javadoc)
* @see org.springframework.integration.splunk.core.ServiceFactory#getService()
*/
public Connection<Service> getConnection() throws Exception {
return new SplunkConnection(splunkServer);
public synchronized Connection<Service> getConnection() throws Exception {
if (connection == null || !connection.isOpen()) {
connection = new SplunkConnection(splunkServer);
}
return connection;
}
}

View File

@@ -30,7 +30,7 @@ import org.springframework.beans.factory.InitializingBean;
import org.springframework.integration.splunk.core.Connection;
import org.springframework.integration.splunk.core.ConnectionFactory;
import org.springframework.integration.splunk.core.DataReader;
import org.springframework.integration.splunk.entity.SplunkData;
import org.springframework.integration.splunk.event.SplunkEvent;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
@@ -176,7 +176,7 @@ public class SplunkDataReader implements DataReader, InitializingBean {
return app;
}
public List<SplunkData> search() throws Exception {
public List<SplunkEvent> search() throws Exception {
logger.debug("mode:" + mode);
switch (mode) {
case SAVEDSEARCH: {
@@ -292,7 +292,7 @@ public class SplunkDataReader implements DataReader, InitializingBean {
}
private List<SplunkData> runQuery(Args queryArgs) throws Exception {
private List<SplunkEvent> runQuery(Args queryArgs) throws Exception {
Connection<Service> connection = connectionFactory.getConnection();
try {
Job job = connection.getTarget().getJobs().create(search, queryArgs);
@@ -305,20 +305,20 @@ public class SplunkDataReader implements DataReader, InitializingBean {
}
}
private List<SplunkData> blockingSearch() throws Exception {
private List<SplunkEvent> blockingSearch() throws Exception {
logger.debug("block search start");
Args queryArgs = new Args();
queryArgs.put("exec_mode", "blocking");
Calendar startTime = Calendar.getInstance();
populateArgs(queryArgs, startTime, false);
List<SplunkData> data = runQuery(queryArgs);
List<SplunkEvent> data = runQuery(queryArgs);
lastSuccessfulReadTime = startTime;
return data;
}
private List<SplunkData> nonBlockingSearch() throws Exception {
private List<SplunkEvent> nonBlockingSearch() throws Exception {
logger.debug("non block search start");
Args queryArgs = new Args();
@@ -326,7 +326,7 @@ public class SplunkDataReader implements DataReader, InitializingBean {
Calendar startTime = Calendar.getInstance();
populateArgs(queryArgs, startTime, false);
List<SplunkData> data = runQuery(queryArgs);
List<SplunkEvent> data = runQuery(queryArgs);
lastSuccessfulReadTime = startTime;
return data;
}
@@ -336,7 +336,7 @@ public class SplunkDataReader implements DataReader, InitializingBean {
* @return
* @throws Exception
*/
private List<SplunkData> realtimeSearch() throws Exception {
private List<SplunkEvent> realtimeSearch() throws Exception {
logger.debug("realtime search start");
Args queryArgs = new Args();
@@ -344,7 +344,7 @@ public class SplunkDataReader implements DataReader, InitializingBean {
Calendar startTime = Calendar.getInstance();
populateArgs(queryArgs, startTime, true);
List<SplunkData> data = runQuery(queryArgs);
List<SplunkEvent> data = runQuery(queryArgs);
lastSuccessfulReadTime = startTime;
return data;
}
@@ -353,11 +353,11 @@ public class SplunkDataReader implements DataReader, InitializingBean {
* @throws Exception
*
*/
private List<SplunkData> exportSearch() throws Exception {
private List<SplunkEvent> exportSearch() throws Exception {
logger.debug("export start");
List<SplunkData> result = new ArrayList<SplunkData>();
List<SplunkEvent> result = new ArrayList<SplunkEvent>();
HashMap<String, String> data;
SplunkData splunkData;
SplunkEvent splunkData;
Args queryArgs = new Args();
Calendar startTime = Calendar.getInstance();
@@ -369,7 +369,7 @@ public class SplunkDataReader implements DataReader, InitializingBean {
InputStream os = connection.getTarget().export(search, queryArgs);
ResultsReaderXml resultsReader = new ResultsReaderXml(os);
while ((data = resultsReader.getNextEvent()) != null) {
splunkData = new SplunkData(data);
splunkData = new SplunkEvent(data);
result.add(splunkData);
}
return result;
@@ -379,7 +379,7 @@ public class SplunkDataReader implements DataReader, InitializingBean {
}
private List<SplunkData> savedSearch() throws Exception {
private List<SplunkEvent> savedSearch() throws Exception {
logger.debug("saved search start");
Args queryArgs = new Args();
@@ -414,7 +414,7 @@ public class SplunkDataReader implements DataReader, InitializingBean {
while (!job.isDone()) {
Thread.sleep(2000);
}
List<SplunkData> data = extractData(job);
List<SplunkEvent> data = extractData(job);
this.lastSuccessfulReadTime = startTime;
return data;
} finally {
@@ -422,10 +422,10 @@ public class SplunkDataReader implements DataReader, InitializingBean {
}
}
private List<SplunkData> extractData(Job job) throws Exception {
List<SplunkData> result = new ArrayList<SplunkData>();
private List<SplunkEvent> extractData(Job job) throws Exception {
List<SplunkEvent> result = new ArrayList<SplunkEvent>();
HashMap<String, String> data;
SplunkData splunkData;
SplunkEvent splunkData;
ResultsReader resultsReader;
int total = job.getResultCount();
@@ -437,7 +437,7 @@ public class SplunkDataReader implements DataReader, InitializingBean {
resultsReader = new ResultsReaderXml(stream);
while ((data = resultsReader.getNextEvent()) != null) {
splunkData = new SplunkData(data);
splunkData = new SplunkEvent(data);
result.add(splunkData);
}
}
@@ -452,7 +452,7 @@ public class SplunkDataReader implements DataReader, InitializingBean {
stream = job.getResults(outputArgs);
resultsReader = new ResultsReaderXml(stream);
while ((data = resultsReader.getNextEvent()) != null) {
splunkData = new SplunkData(data);
splunkData = new SplunkEvent(data);
result.add(splunkData);
}
offset += count;

View File

@@ -1,202 +0,0 @@
/*
* Copyright 2011-2012 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.integration.splunk.support;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.io.Writer;
import java.net.Socket;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.integration.splunk.core.Connection;
import org.springframework.integration.splunk.core.DataWriter;
import org.springframework.integration.splunk.core.ConnectionFactory;
import org.springframework.integration.splunk.entity.SplunkData;
import org.springframework.util.Assert;
import com.splunk.Args;
import com.splunk.Index;
import com.splunk.Receiver;
import com.splunk.Service;
/**
* Data writer to write data into Splunk. There are 3 ways to write data:
* REST submit, TCP socket and HTTP stream.
*
* @author Jarred Li
* @since 1.0
*
*/
public class SplunkDataWriter implements DataWriter, InitializingBean {
private static final Log logger = LogFactory.getLog(SplunkDataWriter.class);
private ConnectionFactory<Service> connectionFactory;
private String sourceType;
private String source;
private String index;
private IngestType ingest = IngestType.STREAM; //tcp, stream, submit
private int tcpPort;
private String host;
private String hostRegex;
public SplunkDataWriter(ConnectionFactory<Service> f) {
this.connectionFactory = f;
}
public void write(SplunkData data) throws Exception {
logger.debug("write message to splunk:" + data);
Connection<Service> connection = connectionFactory.getConnection();
Service service = connection.getTarget();
Index indexObject = null;
Receiver receiver = null;
OutputStream ostream;
Socket socket;
Writer writer = null;
Args args = new Args();
if (sourceType != null) {
args.put("sourcetype", sourceType);
}
if (source != null) {
args.put("source", source);
}
if (host != null) {
args.put("host", host);
}
if (hostRegex != null) {
args.put("host_regex", hostRegex);
}
try {
if (index != null) {
indexObject = service.getIndexes().get(index);
}
else {
receiver = service.getReceiver();
}
if ((ingest.equals(IngestType.STREAM) || ingest.equals(IngestType.TCP))) {
if (ingest.equals(IngestType.STREAM)) {
if (indexObject != null)
socket = indexObject.attach(args);
else
socket = receiver.attach(args);
}
else {
socket = service.open(tcpPort);
}
ostream = socket.getOutputStream();
writer = new OutputStreamWriter(ostream, "UTF8");
}
if ((ingest.equals(IngestType.STREAM) || ingest.equals(IngestType.TCP))) {
writer.write(data.toString());
writer.flush();
writer.close();
}
else {
if (index != null) {
indexObject.submit(args, data.toString());
}
else {
receiver.submit(args, data.toString());
}
}
} finally {
connection.close();
}
}
public void setSourceType(String sourceType) {
this.sourceType = sourceType;
}
public void setSource(String source) {
this.source = source;
}
public void setIndex(String index) {
this.index = index;
}
public void setIngest(IngestType ingest) {
this.ingest = ingest;
}
public void setTcpPort(int tcpPort) {
this.tcpPort = tcpPort;
}
public void setHost(String host) {
this.host = host;
}
public void setHostRegex(String hostRegex) {
this.hostRegex = hostRegex;
}
public String getSourceType() {
return sourceType;
}
public String getSource() {
return source;
}
public String getIndex() {
return index;
}
public IngestType getIngest() {
return ingest;
}
public int getTcpPort() {
return tcpPort;
}
public String getHost() {
return host;
}
public String getHostRegex() {
return hostRegex;
}
/* (non-Javadoc)
* @see org.springframework.beans.factory.InitializingBean#afterPropertiesSet()
*/
public void afterPropertiesSet() throws Exception {
Assert.notNull(ingest, "You must specify ingest type");
}
}

View File

@@ -25,7 +25,7 @@ import org.springframework.integration.MessageHandlingException;
import org.springframework.integration.MessagingException;
import org.springframework.integration.splunk.core.DataReader;
import org.springframework.integration.splunk.core.DataWriter;
import org.springframework.integration.splunk.entity.SplunkData;
import org.springframework.integration.splunk.event.SplunkEvent;
/**
* Bundles common core logic for the Splunk components.
@@ -57,7 +57,7 @@ public class SplunkExecutor implements InitializingBean {
*/
public Object executeOutboundOperation(final Message<?> message) {
try {
SplunkData payload = (SplunkData) message.getPayload();
SplunkEvent payload = (SplunkEvent) message.getPayload();
writer.write(payload);
} catch (Exception e) {
String errorMsg = "error in writing data into Splunk";
@@ -74,9 +74,9 @@ public class SplunkExecutor implements InitializingBean {
/**
* Execute the Splunk operation.
*/
public List<SplunkData> poll() {
public List<SplunkEvent> poll() {
logger.debug("poll start:");
List<SplunkData> queryData = null;
List<SplunkEvent> queryData = null;
try {
queryData = reader.search();
} catch (Exception e) {

View File

@@ -0,0 +1,74 @@
/*
* Copyright 2002-2013 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package org.springframework.integration.splunk.support;
import java.io.IOException;
import java.net.Socket;
import org.springframework.integration.splunk.core.ConnectionFactory;
import org.springframework.util.Assert;
import com.splunk.Args;
import com.splunk.Index;
import com.splunk.Receiver;
import com.splunk.Service;
/**
*
* DataWriter to stream data into Splunk using an optional index. If no index specified,
* the main default index is used.
*
* @author Jarred Li
* @author David Turanski
* @since 1.0
*
*/
public class SplunkIndexWriter extends AbstractSplunkDataWriter {
private String indexName;
/**
*
* @param connectionFactory
* @param args
*/
public SplunkIndexWriter(ConnectionFactory<Service> connectionFactory, Args args) {
super(connectionFactory, args);
}
/* (non-Javadoc)
* @see org.springframework.integration.splunk.support.SplunkDataWriter#createSocket(com.splunk.Service)
*/
@Override
protected Socket createSocket(Service service) throws IOException {
Index indexObject = null;
Receiver receiver = null;
Socket socket = null;
if (indexName != null) {
indexObject = service.getIndexes().get(indexName);
Assert.notNull(indexObject,String.format("cannot find index [%s]",indexName));
socket = indexObject.attach(args);
} else {
receiver = service.getReceiver();
socket = receiver.attach(args);
}
if (logger.isDebugEnabled()) {
logger.debug(String.format("created a socket on %s", socket.getRemoteSocketAddress()));
}
return socket;
}
}

View File

@@ -13,7 +13,9 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.integration.splunk.entity;
package org.springframework.integration.splunk.support;
import com.splunk.Service;
/**
* Splunk server entity
@@ -24,13 +26,14 @@ package org.springframework.integration.splunk.entity;
*/
public class SplunkServer {
private String host;
private int port;
private String scheme;
private String host = Service.DEFAULT_HOST;
private int port = Service.DEFAULT_PORT;
private String scheme = Service.DEFAULT_SCHEME;
private String app;
private String owner;
private String userName;
private String username;
private String password;
private int timeout;
/**
* @return the host
@@ -60,26 +63,50 @@ public class SplunkServer {
this.port = port;
}
/**
*
* @return
*/
public String getScheme() {
return scheme;
}
/**
*
* @param scheme
*/
public void setScheme(String scheme) {
this.scheme = scheme;
}
/**
*
* @return
*/
public String getApp() {
return app;
}
/**
*
* @param app
*/
public void setApp(String app) {
this.app = app;
}
/**
*
* @return
*/
public String getOwner() {
return owner;
}
/**
*
* @param owner
*/
public void setOwner(String owner) {
this.owner = owner;
}
@@ -87,15 +114,15 @@ public class SplunkServer {
/**
* @return the userName
*/
public String getUserName() {
return userName;
public String getUsername() {
return username;
}
/**
* @param userName the userName to set
* @param username the username to set
*/
public void setUserName(String userName) {
this.userName = userName;
public void setUsername(String username) {
this.username = username;
}
/**
@@ -112,6 +139,18 @@ public class SplunkServer {
this.password = password;
}
/**
* @return the timeout in ms.
*/
public int getTimeout() {
return timeout;
}
/**
* set the timeout in ms.
* @param timeout
*/
public void setTimeout(int timeout) {
this.timeout = timeout;
}
}

View File

@@ -0,0 +1,68 @@
/*
* Copyright 2002-2013 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package org.springframework.integration.splunk.support;
import java.io.IOException;
import java.net.Socket;
import org.springframework.integration.splunk.core.ConnectionFactory;
import org.springframework.integration.splunk.event.SplunkEvent;
import com.splunk.Args;
import com.splunk.Index;
import com.splunk.Receiver;
import com.splunk.Service;
/**
* @author David Turanski
*
*/
public class SplunkSubmitWriter extends AbstractSplunkDataWriter {
private String indexName;
/**
* @param connectionFactory
*/
public SplunkSubmitWriter(ConnectionFactory<Service> connectionFactory, Args args) {
super(connectionFactory, args);
}
/* (non-Javadoc)
* @see org.springframework.integration.splunk.support.SplunkDataWriter#doWrite(org.springframework.integration.splunk.event.SplunkEvent, java.net.Socket, com.splunk.Service, com.splunk.Args)
*/
@Override
protected void doWrite(SplunkEvent event, Socket socket, Service service, Args args) throws IOException {
Index index = getIndex();
if (index != null) {
index.submit(args, event.toString());
} else {
Receiver receiver = service.getReceiver();
receiver.submit(args, event.toString());
}
}
/* (non-Javadoc)
* @see org.springframework.integration.splunk.support.SplunkDataWriter#createSocket(com.splunk.Service)
*/
@Override
protected Socket createSocket(Service service) throws IOException {
return null;
}
private Index getIndex() {
return (indexName == null) ? null: service.getIndexes().get(indexName);
}
public void setIndexName(String indexName) {
this.indexName = indexName;
}
}

View File

@@ -0,0 +1,63 @@
/*
* Copyright 2002-2013 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package org.springframework.integration.splunk.support;
import java.io.IOException;
import java.net.Socket;
import org.springframework.integration.splunk.core.ConnectionFactory;
import org.springframework.util.Assert;
import com.splunk.Args;
import com.splunk.Input;
import com.splunk.Service;
/**
*
* A {@link SplunkStreamWriter} that creates a socket on a given port
* @author David Turanski
*
*/
public class SplunkTcpWriter extends AbstractSplunkDataWriter {
private int port;
/**
* @param connectionFactory
* @param args
*/
public SplunkTcpWriter(ConnectionFactory<Service> connectionFactory, Args args) {
super(connectionFactory, args);
}
/* (non-Javadoc)
* @see org.springframework.integration.splunk.support.SplunkDataWriter#createSocket(com.splunk.Service)
*/
@Override
protected Socket createSocket(Service service) throws IOException {
Input input = service.getInputs().get(String.valueOf(port));
Assert.notNull(input, "no input defined for port " + port);
Assert.isTrue(!input.isDisabled(),String.format("input on port %d is disabled",port));
Socket socket = service.open(port);
return socket;
}
/**
* @param port the port to set
*/
public void setPort(int port) {
this.port = port;
}
}

View File

@@ -9,7 +9,7 @@
<xsd:import namespace="http://www.springframework.org/schema/beans" />
<xsd:import namespace="http://www.springframework.org/schema/tool" />
<xsd:import namespace="http://www.springframework.org/schema/integration"
schemaLocation="http://www.springframework.org/schema/integration/spring-integration-2.2.xsd" />
schemaLocation="http://www.springframework.org/schema/integration/spring-integration.xsd" />
<xsd:annotation>
<xsd:documentation><![CDATA[
@@ -85,7 +85,7 @@ Indicates the Splunk server owner name
</xsd:appinfo>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="userName" use="required">
<xsd:attribute name="username" use="required">
<xsd:annotation>
<xsd:documentation><![CDATA[
Indicates the userName to login Splunk server
@@ -110,7 +110,19 @@ Indicates the password to login Splunk server
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="scope" type="xsd:string" use="optional" />
<xsd:attribute name="id" type="xsd:ID" use="required" />
<xsd:attribute name="id" type="xsd:string" use="required" />
<xsd:attribute name="timeout" type="xsd:string" use="optional">
<xsd:annotation>
<xsd:documentation><![CDATA[
Indicates the connection timeout in ms.
]]></xsd:documentation>
<xsd:appinfo>
<tool:annotation kind="direct">
<tool:expected-type type="java.lang.Integer" />
</tool:annotation>
</xsd:appinfo>
</xsd:annotation>
</xsd:attribute>
</xsd:complexType>
</xsd:element>
@@ -168,7 +180,7 @@ Indicates the password to login Splunk server
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="fieldList" type="xsd:string">
<xsd:attribute name="field-list" type="xsd:string">
<xsd:annotation>
<xsd:documentation>
A comma-separated list of the fields to return
@@ -182,28 +194,28 @@ Indicates the password to login Splunk server
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="earliestTime" type="xsd:string">
<xsd:attribute name="earliest-time" type="xsd:string">
<xsd:annotation>
<xsd:documentation>
Time modifier for the start of the time window.
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="latestTime" type="xsd:string">
<xsd:attribute name="latest-time" type="xsd:string">
<xsd:annotation>
<xsd:documentation>
Time modifier for the end of the time window.
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="initEarliestTime" type="xsd:string" use="required">
<xsd:attribute name="init-earliest-time" type="xsd:string" use="required">
<xsd:annotation>
<xsd:documentation>
Time modifier for the start of the time window for the first search.
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="savedSearch" type="xsd:string">
<xsd:attribute name="saved-search" type="xsd:string">
<xsd:annotation>
<xsd:documentation>
Saved search.
@@ -226,6 +238,26 @@ Indicates the password to login Splunk server
</xsd:attribute>
</xsd:complexType>
</xsd:element>
<xsd:complexType name="indexWriterType">
<xsd:attribute name="index" type="xsd:string" use="optional">
<xsd:annotation>
<xsd:documentation>
Index to write to.
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
</xsd:complexType>
<xsd:complexType name="tcpWriterType">
<xsd:attribute name="port" type="xsd:string" use="required">
<xsd:annotation>
<xsd:documentation>
The port corresponding to a tcp Input
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
</xsd:complexType>
<xsd:element name="outbound-channel-adapter">
<xsd:annotation>
@@ -237,6 +269,29 @@ Indicates the password to login Splunk server
<xsd:sequence>
<xsd:element ref="integration:poller" minOccurs="0"
maxOccurs="1" />
<xsd:choice>
<xsd:element name="index-writer" type="indexWriterType">
<xsd:annotation>
<xsd:documentation>
Defines a Data Writer for streaming data to an index, or the default index if not specified.
</xsd:documentation>
</xsd:annotation>
</xsd:element>
<xsd:element name="tcp-writer" type="tcpWriterType">
<xsd:annotation>
<xsd:documentation>
Defines a Data Writer for streaming data to a tcp input port.
</xsd:documentation>
</xsd:annotation>
</xsd:element>
<xsd:element name="submit-writer" type="indexWriterType">
<xsd:annotation>
<xsd:documentation>
Defines a Data Writer to submit data, using the REST interface, to an index, or the default index if not specified.
</xsd:documentation>
</xsd:annotation>
</xsd:element>
</xsd:choice>
</xsd:sequence>
<xsd:attributeGroup ref="coreSplunkComponentAttributes" />
<xsd:attribute name="channel" type="xsd:string">
@@ -272,34 +327,14 @@ Indicates the password to login Splunk server
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="sourceType" type="xsd:string">
<xsd:attribute name="source-type" type="xsd:string">
<xsd:annotation>
<xsd:documentation>
Splunk event source type
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="index" type="xsd:string">
<xsd:annotation>
<xsd:documentation>
Splunk index name
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="ingest" type="xsd:string">
<xsd:annotation>
<xsd:documentation>
Splunk ingest method: tcp, streaming, submit. Default stream.
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="tcpPort" type="xsd:integer">
<xsd:annotation>
<xsd:documentation>
Splunk ingest method: tcp, streaming, submit. Default stream.
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="host" type="xsd:string">
<xsd:annotation>
<xsd:documentation>
@@ -307,7 +342,8 @@ Indicates the password to login Splunk server
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="hostRegex" type="xsd:string">
<xsd:attribute name="host-regex" type="xsd:string">
<xsd:annotation>
<xsd:documentation>
Host regex can be provided so Splunk can dynamically extract the host value from the log event

View File

@@ -15,6 +15,7 @@
*/
package org.springframework.integration.splunk.config.xml;
import static org.junit.Assert.*;
import junit.framework.Assert;
import org.junit.Test;
@@ -47,23 +48,22 @@ public class SplunkInboundChannelAdapterParserSavedSearchTests {
public void testParseSourceElementParserContext() {
SourcePollingChannelAdapter adapter = appContext.getBean("splunkInboundChannelAdapter",
SourcePollingChannelAdapter.class);
Assert.assertNotNull(adapter);
assertNotNull(adapter);
SplunkDataReader reader = appContext.getBean("splunkInboundChannelAdapter.splunkExecutor.reader",
SplunkDataReader.class);
Assert.assertNotNull(reader);
assertNotNull(reader);
SearchMode mode = SearchMode.SAVEDSEARCH;
Assert.assertEquals(mode, reader.getMode());
assertEquals(mode, reader.getMode());
String savedSearch = "savedSearch";
Assert.assertEquals(savedSearch, reader.getSavedSearch());
assertEquals(savedSearch, reader.getSavedSearch());
String owner = "admin";
Assert.assertEquals(owner, reader.getOwner());
assertEquals(owner, reader.getOwner());
String app = "search";
Assert.assertEquals(app, reader.getApp());
assertEquals(app, reader.getApp());
}
}

View File

@@ -15,14 +15,15 @@
*/
package org.springframework.integration.splunk.config.xml;
import static org.junit.Assert.assertTrue;
import junit.framework.Assert;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;
import org.springframework.integration.splunk.support.IngestType;
import org.springframework.integration.splunk.support.SplunkDataWriter;
import org.springframework.integration.splunk.support.AbstractSplunkDataWriter;
import org.springframework.integration.splunk.support.SplunkIndexWriter;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
@@ -46,19 +47,10 @@ public class SplunkOutboundChannelAdapterParserStreamTests {
Object adapter = appContext.getBean("splunkOutboundChannelAdapter");
Assert.assertNotNull(adapter);
SplunkDataWriter writer = appContext.getBean("splunkOutboundChannelAdapter.splunkExecutor.writer",
SplunkDataWriter.class);
AbstractSplunkDataWriter writer = appContext.getBean("splunkOutboundChannelAdapter.splunkExecutor.writer",
AbstractSplunkDataWriter.class);
Assert.assertNotNull(writer);
IngestType ingest = IngestType.STREAM;
Assert.assertEquals(ingest, writer.getIngest());
String host = "test.host";
Assert.assertEquals(host, writer.getHost());
String hostRegex = "test.host.*";
Assert.assertEquals(hostRegex, writer.getHostRegex());
assertTrue(writer instanceof SplunkIndexWriter);
}
}

View File

@@ -15,14 +15,17 @@
*/
package org.springframework.integration.splunk.config.xml;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
import junit.framework.Assert;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;
import org.springframework.integration.splunk.support.IngestType;
import org.springframework.integration.splunk.support.SplunkDataWriter;
import org.springframework.integration.splunk.support.AbstractSplunkDataWriter;
import org.springframework.integration.splunk.support.SplunkSubmitWriter;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
@@ -46,19 +49,19 @@ public class SplunkOutboundChannelAdapterParserTests {
Object adapter = appContext.getBean("splunkOutboundChannelAdapter");
Assert.assertNotNull(adapter);
SplunkDataWriter writer = appContext.getBean("splunkOutboundChannelAdapter.splunkExecutor.writer",
SplunkDataWriter.class);
Assert.assertNotNull(writer);
AbstractSplunkDataWriter writer = appContext.getBean("splunkOutboundChannelAdapter.splunkExecutor.writer",
AbstractSplunkDataWriter.class);
assertNotNull(writer);
assertTrue(writer instanceof SplunkSubmitWriter);
assertEquals(false,writer.isAutoStartup());
assertEquals(false,writer.isRunning());
String sourceType = "spring-integration";
Assert.assertEquals(sourceType, writer.getSourceType());
assertEquals(sourceType, writer.getArgs().get("sourcetype"));
String source = "example5";
Assert.assertEquals(source, writer.getSource());
IngestType ingest = IngestType.SUBMIT;
Assert.assertEquals(ingest, writer.getIngest());
assertEquals(source, writer.getArgs().get("source"));
}

View File

@@ -21,7 +21,7 @@ import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;
import org.springframework.integration.splunk.entity.SplunkServer;
import org.springframework.integration.splunk.support.SplunkServer;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
@@ -46,7 +46,7 @@ public class SplunkServerParserTests {
Assert.assertEquals("test.splunk.server", server.getHost());
Assert.assertEquals(8089, server.getPort());
Assert.assertEquals("admin", server.getUserName());
Assert.assertEquals("admin", server.getUsername());
Assert.assertEquals("password", server.getPassword());
Assert.assertEquals("https", server.getScheme());
Assert.assertEquals("admin", server.getOwner());

View File

@@ -25,7 +25,7 @@ import junit.framework.Assert;
import org.junit.Before;
import org.junit.Test;
import org.springframework.integration.splunk.entity.SplunkData;
import org.springframework.integration.splunk.event.SplunkEvent;
import org.springframework.integration.splunk.support.SplunkExecutor;
/**
@@ -50,13 +50,13 @@ public class SplunkPollingChannelAdapterTests {
*/
@Test
public void testReceive() {
List<SplunkData> data = new ArrayList<SplunkData>();
SplunkData sd = new SplunkData("spring", "spring:example");
List<SplunkEvent> data = new ArrayList<SplunkEvent>();
SplunkEvent sd = new SplunkEvent("spring", "spring:example");
sd.setCommonDesc("description");
data.add(sd);
when(executor.poll()).thenReturn(data);
List<SplunkData> received = inboundAdapter.receive().getPayload();
List<SplunkEvent> received = inboundAdapter.receive().getPayload();
Assert.assertEquals(1, received.size());
}

View File

@@ -19,7 +19,6 @@ import junit.framework.Assert;
import org.junit.Test;
import org.springframework.integration.splunk.core.ConnectionFactory;
import org.springframework.integration.splunk.entity.SplunkServer;
import com.splunk.Service;

View File

@@ -32,7 +32,7 @@ import org.junit.Test;
import org.springframework.core.io.ClassPathResource;
import org.springframework.integration.splunk.core.Connection;
import org.springframework.integration.splunk.core.ConnectionFactory;
import org.springframework.integration.splunk.entity.SplunkData;
import org.springframework.integration.splunk.event.SplunkEvent;
import com.splunk.Job;
import com.splunk.JobCollection;
@@ -60,7 +60,7 @@ public class SplunkDataReaderTests {
public void testBlockingSearch() throws Exception {
reader.setMode(SearchMode.BLOCKING);
reader.setSearch("search spring:example");
List<SplunkData> data = reader.search();
List<SplunkEvent> data = reader.search();
Assert.assertNotNull(data);
Assert.assertEquals(5, data.size());
}
@@ -69,7 +69,7 @@ public class SplunkDataReaderTests {
public void testNonBlockingSearch() throws Exception {
reader.setMode(SearchMode.NORMAL);
reader.setSearch("search spring:example");
List<SplunkData> data = reader.search();
List<SplunkEvent> data = reader.search();
Assert.assertNotNull(data);
Assert.assertEquals(5, data.size());
}
@@ -79,7 +79,7 @@ public class SplunkDataReaderTests {
public void testRealtimeSearch() throws Exception {
reader.setMode(SearchMode.REALTIME);
reader.setSearch("search spring:example");
List<SplunkData> data = reader.search();
List<SplunkEvent> data = reader.search();
Assert.assertNotNull(data);
Assert.assertEquals(5, data.size());
}

View File

@@ -22,7 +22,7 @@ import org.junit.Before;
import org.junit.Test;
import org.springframework.integration.splunk.core.Connection;
import org.springframework.integration.splunk.core.ConnectionFactory;
import org.springframework.integration.splunk.entity.SplunkData;
import org.springframework.integration.splunk.event.SplunkEvent;
import com.splunk.Args;
import com.splunk.Receiver;
@@ -35,31 +35,36 @@ import com.splunk.Service;
*/
public class SplunkDataWriterTests {
private SplunkDataWriter writer;
private AbstractSplunkDataWriter writer;
private static Receiver receiver = mock(Receiver.class);
private Args args;
@Before
public void before() {
writer = new SplunkDataWriter(new TestConnectioniFactory());
args = new Args();
writer = new SplunkSubmitWriter(new TestConnectionFactory(),args);
writer.start();
}
/**
* Test method for {@link org.springframework.integration.splunk.support.SplunkDataWriter#write(org.springframework.integration.splunk.entity.SplunkData)}.
* Test method for {@link org.springframework.integration.splunk.support.AbstractSplunkDataWriter#write(org.springframework.integration.splunk.event.SplunkEvent)}.
* @throws Exception
*/
@Test
public void testWrite() throws Exception {
writer.setIngest(IngestType.SUBMIT);
SplunkData sd = new SplunkData("spring", "spring:example");
SplunkEvent sd = new SplunkEvent("spring", "spring:example");
sd.setCommonDesc("description");
writer.write(sd);
Args args = new Args();
verify(receiver).submit(eq(args), matches(".*spring:example.*"));
verify(receiver).submit(eq(args), matches(".*spring:example.*\n"));
writer.stop();
}
public static class TestConnectioniFactory implements ConnectionFactory<Service> {
public static class TestConnectionFactory implements ConnectionFactory<Service> {
/* (non-Javadoc)
* @see org.springframework.integration.splunk.core.ConnectionFactory#getConnection()

View File

@@ -29,7 +29,7 @@ import org.junit.Test;
import org.springframework.integration.Message;
import org.springframework.integration.splunk.core.DataReader;
import org.springframework.integration.splunk.core.DataWriter;
import org.springframework.integration.splunk.entity.SplunkData;
import org.springframework.integration.splunk.event.SplunkEvent;
import org.springframework.integration.support.MessageBuilder;
/**
@@ -59,9 +59,9 @@ public class SplunkExecutorTests {
*/
@Test
public void testHandleMessage() throws Exception {
SplunkData sd = new SplunkData("spring", "spring:example");
SplunkEvent sd = new SplunkEvent("spring", "spring:example");
sd.setCommonDesc("description");
Message<SplunkData> message = MessageBuilder.withPayload(sd).build();
Message<SplunkEvent> message = MessageBuilder.withPayload(sd).build();
executor.handleMessage(message);
verify(writer).write(sd);
}
@@ -72,17 +72,17 @@ public class SplunkExecutorTests {
*/
@Test
public void testPoll() throws Exception {
List<SplunkData> data = new ArrayList<SplunkData>();
SplunkData sd = new SplunkData("spring", "spring:example");
List<SplunkEvent> data = new ArrayList<SplunkEvent>();
SplunkEvent sd = new SplunkEvent("spring", "spring:example");
sd.setCommonDesc("description");
data.add(sd);
sd = new SplunkData("spring", "spring:example");
sd = new SplunkEvent("spring", "spring:example");
sd.setCommonDesc("description");
data.add(sd);
when(reader.search()).thenReturn(data);
List<SplunkData> result = executor.poll();
List<SplunkEvent> result = executor.poll();
Assert.assertEquals(2, result.size());
}

View File

@@ -3,3 +3,5 @@ log4j.rootCategory=INFO, stdout
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
log4j.appender.stdout.layout.ConversionPattern=%d{HH:mm:ss.SSS} %-5p [%t][%c] %m%n
log4j.category.org.springframework.integration.splunk=DEBUG

View File

@@ -14,6 +14,6 @@
<context:component-scan base-package="org.springframework.integration.splunk.support"></context:component-scan>
<bean id="conversionService" class="org.springframework.context.support.ConversionServiceFactoryBean"/>
<int-splunk:server id="splunkServer" host="10.112.127.51" port="8089" userName="admin" password="password" owner="admin"/>
<int-splunk:server id="splunkServer" username="admin" password="password" owner="admin" timeout="5000"/>
</beans>

View File

@@ -16,9 +16,9 @@
<int-splunk:inbound-channel-adapter id="splunkInboundChannelAdapter"
auto-startup="false"
splunk-server-ref="splunkServer"
channel="inputFromSplunk" mode="SAVEDSEARCH" earliestTime="-1d" latestTime="now"
initEarliestTime="-1d" count="1000"
savedSearch="savedSearch" owner="admin" app="search">
channel="inputFromSplunk" mode="SAVEDSEARCH" earliest-time="-1d" latest-time="now"
init-earliest-time="-1d" count="1000"
saved-search="savedSearch" owner="admin" app="search">
<int:poller fixed-rate="5000"/>
</int-splunk:inbound-channel-adapter>

View File

@@ -16,8 +16,8 @@
<int-splunk:inbound-channel-adapter id="splunkInboundChannelAdapter"
auto-startup="false" search="search spring:example"
splunk-server-ref="splunkServer"
channel="inputFromSplunk" mode="BLOCKING" earliestTime="-1d" latestTime="now"
initEarliestTime="-1d" fieldList="field1, field2">
channel="inputFromSplunk" mode="BLOCKING" earliest-time="-1d" latest-time="now"
init-earliest-time="-1d" field-list="field1, field2">
<int:poller fixed-rate="5000"/>
</int-splunk:inbound-channel-adapter>

View File

@@ -11,14 +11,14 @@
<import resource="../../SplunkCommon-context.xml" />
<int:channel id="outputToSplunk">
</int:channel>
<int:channel id="outputToSplunk"/>
<int-splunk:outbound-channel-adapter
id="splunkOutboundChannelAdapter" auto-startup="true" order="1"
id="splunkOutboundChannelAdapter" auto-startup="false" order="1"
channel="outputToSplunk" splunk-server-ref="splunkServer"
pool-server-connection="true" sourceType="spring-integration" source="example5"
ingest="STREAM" host="test.host" hostRegex="test.host.*">
pool-server-connection="true" source-type="spring-integration" source="example5"
host="test.host" host-regex="test.host.*">
<int-splunk:index-writer/>
</int-splunk:outbound-channel-adapter>
</beans>

View File

@@ -11,14 +11,13 @@
<import resource="../../SplunkCommon-context.xml" />
<int:channel id="outputToSplunk">
</int:channel>
<int:channel id="outputToSplunk"/>
<int-splunk:outbound-channel-adapter
id="splunkOutboundChannelAdapter" auto-startup="true" order="1"
id="splunkOutboundChannelAdapter" auto-startup="false" order="1"
channel="outputToSplunk" splunk-server-ref="splunkServer"
pool-server-connection="true" sourceType="spring-integration" source="example5"
ingest="SUBMIT">
pool-server-connection="true" source-type="spring-integration" source="example5"
>
<int-splunk:submit-writer/>
</int-splunk:outbound-channel-adapter>
</beans>

View File

@@ -11,7 +11,7 @@
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
<int-splunk:server id="splunkServer" host="test.splunk.server"
port="8089" userName="admin" password="password" owner="admin" app="search"
port="8089" username="admin" password="password" owner="admin" app="search"
scheme="https" />
</beans>