| # This Source Code Form is subject to the terms of the Mozilla Public | |
| # License, v. 2.0. If a copy of the MPL was not distributed with this | |
| # file, You can obtain one at https://mozilla.org/MPL/2.0/. | |
| # Copyright (c) 2014 Mozilla Corporation | |
| class message(object): | |
| def __init__(self): | |
| '''register our criteria for being passed a message | |
| return a dict with fieldname:None to be sent anything with that field | |
| return a dict with fieldname:Value to be sent anything with that field/value | |
| return a string to be sent anything with any field matching that string evaluated as a regex. | |
| set the priority if you have a preference for order of plugins to run. | |
| 0 goes first, 100 is assumed/default if not sent | |
| ''' | |
| # this plugin inspects messages for whitelist stuff that | |
| # should be dropped and not processed any further. | |
| self.registration = ['ELB-HealthChecker/1.0'] | |
| self.priority = 1 | |
| def onMessage(self, message, metadata): | |
| # criteria for dropping messages | |
| # early exit by setting message = None and return | |
| if 'type' in message and message['type'] != 'auditd': | |
| return (message, metadata) | |
| if 'details' in message: | |
| # drop disabled for now | |
| # if 'signatureid' in message['details']: | |
| # if message['details'].lower() == 'execve' and \ | |
| # 'command' not in message['details']: | |
| # auditd entry without a command | |
| # likely a result of another command (java starting a job, etc.) | |
| # signal a drop | |
| # message = None | |
| # return message | |
| if 'http_user_agent' in message['details']: | |
| if message['details']['http_user_agent'] == 'ELB-HealthChecker/1.0': | |
| message = None | |
| return message | |
| return (message, metadata) | |