Skip to content

Commit

Permalink
merging tag with source
Browse files Browse the repository at this point in the history
  • Loading branch information
@mdaneri
mdaneri committed Nov 1, 2024
1 parent 6c26f67 commit af60232
Show file tree
Hide file tree
Showing 3 changed files with 91 additions and 66 deletions.
9 changes: 6 additions & 3 deletions examples/Logging.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,7 +84,7 @@ Start-PodeServer -browse {
}

if ( $LoggingType -icontains 'syslog') {
$logging += New-PodeSyslogLoggingMethod -Server 127.0.0.1 -Transport UDP -AsUTC -ISO8601 -FailureAction Report
$logging += New-PodeSyslogLoggingMethod -Server 127.0.0.1 -Transport UDP -AsUTC -ISO8601 -FailureAction Report
}

if ($logging.Count -eq 0) {
Expand All @@ -95,14 +95,17 @@ Start-PodeServer -browse {
}

New-PodeFileLoggingMethod -Name 'error' -MaxDays 4 -Format RFC5424 -ISO8601 | Enable-PodeErrorLogging -Raw -Levels Error
New-PodeFileLoggingMethod -Name 'default' -MaxDays 4 -Format Simple -ISO8601 | Enable-PodeDefaultLogging -Raw
@(
(New-PodeFileLoggingMethod -Name 'default' -MaxDays 4 -Format Simple -ISO8601)
(New-PodeSyslogLoggingMethod -Server 127.0.0.1 -Transport UDP -AsUTC -ISO8601 -SyslogProtocol RFC3164 -FailureAction Report -DefaultTag 'test')
) | Enable-PodeDefaultLogging -Raw
$logging | Add-PodeLogging -Name 'mylog' -Raw:$Raw

Write-PodeLog -Name 'mylog' -Message 'just started' -Level 'Info'
# GET request for web page on "localhost:8081/"
Add-PodeRoute -Method Get -Path '/' -ScriptBlock {
Write-PodeLog -Name 'mylog' -Message 'My custom log' -Level 'Info'
Write-PodeLog -Message "This is for the deafult log."
Write-PodeLog -Message 'This is for the deafult log.'
Write-PodeViewResponse -Path 'simple' -Data @{ 'numbers' = @(1, 2, 3); }
}

Expand Down
79 changes: 29 additions & 50 deletions src/Private/Logging.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -206,7 +206,7 @@ function ConvertTo-PodeSyslogFormat {
$message = ($RawItem.Message | Protect-PodeLogItem)
}
}

#write-podehost $RawItem -Explode
# Map $Level to syslog severity
switch ($RawItem.Level) {
'emergency' { $severity = 0; break }
Expand All @@ -225,22 +225,22 @@ function ConvertTo-PodeSyslogFormat {
$facility = 1 # User-level messages
$priority = ($facility * 8) + $severity

$processId = $PID
# Determine the syslog message format
switch ($RFC) {
'RFC3164' {
# Set the max message length per RFC 3164 section 4.1
$MaxLength = 1024
# Assemble the full syslog formatted message
$timestamp = $RawItem.Date.ToString('MMM dd HH:mm:ss')
$fullSyslogMessage = "<$priority>$timestamp $($PodeContext.Server.ComputerName) $Source[$processId]: $message"
$fullSyslogMessage = "<$priority>$timestamp $($PodeContext.Server.ComputerName) $($RawItem.Tag): $message"
break
}
'RFC5424' {
$processId = $PID
$timestamp = $RawItem.Date.ToString('yyyy-MM-ddTHH:mm:ss.ffffffK')

# Assemble the full syslog formatted message
$fullSyslogMessage = "<$priority>1 $timestamp $($PodeContext.Server.ComputerName) $Source $processId - - $message"
$fullSyslogMessage = "<$priority>1 $timestamp $($PodeContext.Server.ComputerName) $($RawItem.Tag) $processId - - $message"

# Set the max message length per RFC 5424 section 6.1
$MaxLength = 2048
Expand Down Expand Up @@ -268,6 +268,7 @@ function ConvertTo-PodeSyslogFormat {
if ($MaxLength -gt 0 -and $fullSyslogMessage.Length -gt $MaxLength) {
return $fullSyslogMessage.Substring(0, $MaxLength)
}
write-podehost $fullSyslogMessage
# Return the full syslog formatted message
return $fullSyslogMessage
}
Expand Down Expand Up @@ -424,7 +425,7 @@ function Get-PodeLoggingRestfulMethod {
return {
param($MethodId)

$log = @{}
$log = @{ }
while (!$PodeContext.Tokens.Cancellation.IsCancellationRequested) {
Start-Sleep -Milliseconds 100

Expand All @@ -435,99 +436,77 @@ function Get-PodeLoggingRestfulMethod {
$RawItem = $log.RawItem

# Ensure item and rawItem are arrays
if ($Item -isnot [array]) {
$Item = @($Item)
}
$Item = @($Item)
$RawItem = @($RawItem)

if ($RawItem -isnot [array]) {
$RawItem = @($RawItem)
}

# Determine the transport protocol and send the message
# Determine the platform and send the message
switch ($Options.Platform) {
'Splunk' {
# Construct the Splunk API URL
$url = "$($Options.BaseUrl)/services/collector"

# Set the headers for Splunk
$headers = @{
'Authorization' = "Splunk $($Options.Token)"
'Content-Type' = 'application/json'
}

$items = @()
for ($i = 0; $i -lt $Item.Length; $i++) {
# Mask values
$message = ($Item[$i] | Protect-PodeLogItem)
if ([string]::IsNullOrWhiteSpace($RawItem[$i].Level)) {
$severity = 'INFO'
}
else {
$severity = $RawItem[$i].Level.ToUpperInvariant()
}
$items += ConvertTo-Json -Compress -InputObject @{
event = $message
host = $PodeContext.Server.ComputerName
source = $Options.source
time = [math]::Round(($RawItem[$i].Date).ToUniversalTime().Subtract(([datetime]::UnixEpoch)).TotalSeconds)
fields = @{
severity = $severity
$items = $Item | ForEach-Object {
@{
event = ($_ | Protect-PodeLogItem)
host = $PodeContext.Server.ComputerName
source = $Options.source
sourcetype = $RawItem.Tag
time = [math]::Round(($RawItem.Date).ToUniversalTime().Subtract(([datetime]::UnixEpoch)).TotalSeconds)
fields = @{
severity = $RawItem.Level.ToUpperInvariant()
}
}
}
$body = $items | ConvertTo-Json -Compress

$body = $items -join ' '

# Send the message to Splunk
try {
Invoke-RestMethod -Uri $url -Method Post -Headers $headers -Body $body -SkipCertificateCheck:$Options.SkipCertificateCheck
}
catch {
Invoke-PodeHandleFailure -Message "Failed to send log to Splunk: $_" -FailureAction $Options.FailureAction
}

break
}

'LogInsight' {
# Construct the Log Insight API URL
$url = "$($Options.BaseUrl)/api/v1/messages/ingest/$($Options.Id)"

# Set the headers for Log Insight
$headers = @{
'Content-Type' = 'application/json'
}
$messages = @()
for ($i = 0; $i -lt $Item.Length; $i++) {
$messages += @{
text = ($Item[$i] | Protect-PodeLogItem)
timestamp = [math]::Round(($RawItem[$i].Date).ToUniversalTime().Subtract(([datetime]::UnixEpoch)).TotalSeconds)

$messages = $Item | ForEach-Object {
@{
text = ($_ | Protect-PodeLogItem)
timestamp = [math]::Round(($RawItem.Date).ToUniversalTime().Subtract(([datetime]::UnixEpoch)).TotalMilliseconds)
fields = @{
severity = $RawItem.Level.ToUpperInvariant()
tag = $RawItem.Tag
}
}
}

# Define the message payload
$payload = @{
messages = $messages
}

# Convert payload to JSON
$body = $payload | ConvertTo-Json -Compress

# Send the message to Log Insight
try {
Invoke-RestMethod -Uri $url -Method Post -Body $body -Headers $headers -SkipCertificateCheck:$Options.SkipCertificateCheck
}
catch {
Invoke-PodeHandleFailure -Message "Failed to send log to LogInsight: $_" -FailureAction $Options.FailureAction
}

break
}
}
}
}
}
}

}

<#
Expand Down
Loading

0 comments on commit af60232

Please sign in to comment.