func()

in apps/oracledb.go [843:920]


func (lr LoggingProcessorOracleDBAudit) Components(ctx context.Context, tag string, uid string) []fluentbit.Component {
	components := confgenerator.LoggingProcessorParseMultilineRegex{
		LoggingProcessorParseRegexComplex: confgenerator.LoggingProcessorParseRegexComplex{
			Parsers: []confgenerator.RegexParser{
				{
					// Sample log:  Wed Sep 14 16:18:03 2022 +00:00
					//				LENGTH : '623'
					//				ACTION :[373] 'select distinct 'ALTER SYSTEM KILL SESSION ''' || stat.sid || ',' ||
					//								sess.serial# ||
					//								decode(substr(inst.version, 1, 4),
					//										'12.1', ''' immediate ', ''' force timeout 0 ') ||
					//								'-- process 73841'
					//				FROM SYS.V$mystat stat, v$session sess, v$instance inst
					//				where stat.sid=sess.sid
					//				union all
					//				select '/' from dual'
					//				DATABASE USER:[1] '/'
					//				PRIVILEGE :[6] 'SYSDBA'
					//				CLIENT USER:[6] 'oracle'
					//				CLIENT TERMINAL:[5] 'pts/1'
					//				STATUS:[1] '0'
					//				DBID:[10] '1643176521'
					//				SESSIONID:[10] '4294967295'
					//				USERHOST:[7] 'oradb19'
					//				CLIENT ADDRESS:[0] ''
					//				ACTION NUMBER:[1] '3'
					Regex: `^(?<timestamp>\w+\s+\w+\s+\d+\s+\d+:\d+:\d+\s+\d+\s+(?:[-+]\d+:\d+|Z))\n` +
						`LENGTH\s*:(?:\[\d*\])?\s*'(?<length>.*)'\n` +
						`ACTION\s*:(?:\[\d*\])?\s*'(?<action>[\s\S]*)'\n` +
						`DATABASE USER\s*:(?:\[\d*\])?\s*'(?<database_user>.*)'\n` +
						`PRIVILEGE\s*:(?:\[\d*\])?\s*'(?<privilege>.*)'\n` +
						`CLIENT USER\s*:(?:\[\d*\])?\s*'(?<client_user>.*)'\n` +
						`CLIENT TERMINAL\s*:(?:\[\d*\])?\s*'(?<client_terminal>.*)'\n` +
						`STATUS\s*:(?:\[\d*\])?\s*'(?<status>.*)'\n` +
						`DBID\s*:(?:\[\d*\])?\s*'(?<dbid>.*)'\n` +
						`SESSIONID\s*:(?:\[\d*\])?\s*'(?<sessionid>.*)'\n` +
						`USERHOST\s*:(?:\[\d*\])?\s*'(?<user_host>.*)'\n` +
						`CLIENT ADDRESS\s*:(?:\[\d*\])?\s*'(?<client_address>.*)'\n` +
						`ACTION NUMBER\s*:(?:\[\d*\])?\s*'(?<action_number>.*)'\n?`,
					Parser: confgenerator.ParserShared{
						TimeKey:    "timestamp",
						TimeFormat: "%a %b %d %H:%M:%S %Y %z",
						Types: map[string]string{
							"length":        "int",
							"action_number": "int",
							"dbid":          "int",
							"sessionid":     "int",
							"status":        "int",
						},
					},
				},
			},
		},
		Rules: []confgenerator.MultilineRule{
			{
				StateName: "start_state",
				NextState: "cont",
				Regex:     `^\w+ \w+ {1,2}\d+ {1,2}\d+:\d+:\d+ \d+ (?:[-+]\d+:\d+|Z)`,
			},
			{
				StateName: "cont",
				NextState: "cont",
				Regex:     `^(?!\w+ \w+ {1,2}\d+ {1,2}\d+:\d+:\d+ \d+ (?:[-+]\d+:\d+|Z)).*$`,
			},
		},
	}.Components(ctx, tag, uid)

	severityVal := "INFO"

	components = append(components,
		confgenerator.LoggingProcessorModifyFields{
			Fields: map[string]*confgenerator.ModifyField{
				"severity":                 {StaticValue: &severityVal},
				InstrumentationSourceLabel: instrumentationSourceValue(lr.Type()),
			},
		}.Components(ctx, tag, uid)...)
	return components
}