forked from jfrog/log-analytics-splunk
-
Notifications
You must be signed in to change notification settings - Fork 0
/
fluentd-demo.conf
199 lines (190 loc) · 5.18 KB
/
fluentd-demo.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
# LOG LEVEL ERROR
<source>
@type dummy
@id log_level_error
tag jfrog.rt.artifactory.service
dummy '{"log_level":"ERROR"}'
</source>
# Data Transfers (GBs) Over Time.
<source>
@type dummy
@id data_transfer_over_time1
tag jfrog.rt.artifactory.request
rate 10
dummy '{"request_url":"/api/docker/johnp-docker/test/centos","repo":"johnp-docker","image":"centos","response_content_length":"1235343","request_content_length":"34323","return_status":"200","remote_address":"64.55.33.22"}'
</source>
<source>
@type dummy
@id data_transfer_over_time2
tag jfrog.rt.artifactory.request
rate 2
dummy '{"request_url":"/api/docker/docker-local/test/ubuntu","repo":"docker-local","image":"ubuntu","response_content_length":"1235543","request_content_length":"123","return_status":"401","remote_address":"33.44.11.22"}'
</source>
<source>
@type dummy
@id data_transfer_over_time3
tag jfrog.rt.artifactory.request
rate 5
dummy '{"request_url":"/api/docker/docker-local2/test/oraclelinux","repo":"docker-local2","image":"oraclelinux","response_content_length":"5535343","request_content_length":"33334323","return_status":"203","remote_address":"10.0.3.15"}'
</source>
<source>
@type dummy
@id data_transfer_over_time4
tag jfrog.rt.artifactory.request
rate 8
dummy '{"request_url":"/api/docker/docker-local3/test/redhat-ubi8","repo":"docker-local3","image":"redhat-ubi8","response_content_length":"5235343","request_content_length":"3499323","return_status":"201","remote_address":"107.1.3.34"}'
</source>
<source>
@type dummy
@id data_transfer_over_time5
tag jfrog.rt.artifactory.request
dummy '{"request_url":"/api/docker/docker-local4/test/debian","repo":"docker-local4","image":"debian","response_content_length":"1","request_content_length":"1","return_status":"201","remote_address":"1.1.3.2"}'
</source>
#send empty string
<source>
@type dummy
@id data_transfer_over_time6
tag jfrog.rt.artifactory.request
dummy '{"request_url":"/api/docker/docker-local4/test/debian","repo":"","image":"","response_content_length":"1","request_content_length":"1","return_status":"201","remote_address":"1.1.3.6"}'
</source>
# Audit Actions
<source>
@type dummy
@id audit_actions1
tag jfrog.rt.access.audit
rate 1
dummy '{"user":"johnp"}'
</source>
<source>
@type dummy
@id audit_actions2
tag jfrog.rt.access.audit
rate 2
dummy '{"user":"vinaya"}'
</source>
<source>
@type dummy
@id audit_actions3
tag jfrog.rt.access.audit
rate 3
dummy '{"user":"mahithab"}'
</source>
<source>
@type dummy
@id audit_actions4
tag jfrog.rt.access.audit
rate 4
dummy '{"user":"jefff"}'
</source>
# 500 errors
<source>
@type dummy
@id five_hundrend_errors
tag jfrog.rt.artifactory.request
dummy '{"return_status":"500"}'
</source>
# Xray Log Level Errors
<source>
@type dummy
@id xray_log_level_error
tag jfrog.xray.server.service
dummy '{"log_level":"ERROR"}'
</source>
# Xray 500 errors
<source>
@type dummy
@id xray_five_hundrend_errors
tag jfrog.xray.xray.request
dummy '{"return_status":"500"}'
</source>
# DENIED LOGINS
<source>
@type dummy
@id denied_logins1
tag jfrog.rt.artifactory.access
rate 5
dummy '{"action_response":"DENIED LOGIN","ip":"10.15.1.2","username":"vasuki"}'
</source>
<source>
@type dummy
@id denied_logins2
tag jfrog.rt.artifactory.access
rate 6
dummy '{"action_response":"DENIED LOGIN","ip":"51.10.13.22","username":"karol"}'
</source>
<source>
@type dummy
@id denied_logins3
tag jfrog.rt.artifactory.access
rate 4
dummy '{"action_response":"DENIED LOGIN","ip":"64.5.12.23","username":"mahithab"}'
</source>
<source>
@type dummy
@id denied_logins4
tag jfrog.rt.artifactory.access
rate 3
dummy '{"action_response":"DENIED LOGIN","ip":"107.10.12.27","username":"idog"}'
</source>
<source>
@type dummy
@id denied_logins5
tag jfrog.rt.artifactory.access
rate 5
dummy '{"action_response":"DENIED LOGIN","ip":"11.11.14.24","username":"jefff"}'
</source>
<source>
@type dummy
@id denied_logins6
tag jfrog.rt.artifactory.access
rate 60
dummy '{"action_response":"DENIED LOGIN","ip":"10.0.1.2","username":"badguy"}'
</source>
# ACCEPTED DEPLOY
<source>
@type dummy
@id accepted_deploy1
tag jfrog.rt.artifactory.access
rate 1
dummy '{"action_response":"ACCEPTED DEPLOY","ip":"64.5.12.23","username":"mahithab"}'
</source>
<source>
@type dummy
@id accepted_deploy2
tag jfrog.rt.artifactory.access
rate 2
dummy '{"action_response":"ACCEPTED DEPLOY","ip":"107.10.12.27","username":"idog"}'
</source>
<source>
@type dummy
@id accepted_deploy3
tag jfrog.rt.artifactory.access
rate 3
dummy '{"action_response":"ACCEPTED DEPLOY","ip":"11.11.14.24","username":"jefff"}'
</source>
# WHAT LOG IT WAS INTO THE JSON
<filter jfrog.**>
@type record_transformer
<record>
hostname "#{Socket.gethostname}"
log_source ${tag}
</record>
</filter>
<match jfrog.**>
@type splunk_hec
protocol https
hec_host HEC_HOST
hec_port HEC_PORT
hec_token HEC_TOKEN
index jfrog_splunk
format json
sourcetype_key log_source
use_fluentd_time false
# buffered output parameter
flush_interval 10s
insecure_ssl false
# ssl parameter
#use_ssl true
#ca_file /path/to/ca.pem
</match>
#END SPLUNK OUTPUT