Class: Fluent::Plugin::Logcheck::FilterDecision

Inherits:

Object

• Object
• Fluent::Plugin::Logcheck::FilterDecision

Extended by:

T::Sig

Defined in:

lib/fluent/plugin/logcheck/filter_decision.rb

Overview

FilterDecision represents the result of applying logcheck rules to a log message

Constant Summary

IGNORE =

Constant representing the ignore decision type

T.let(:ignore, Symbol)

ALERT =

Constant representing the alert decision type

T.let(:alert, Symbol)

PASS =

Constant representing the pass decision type

T.let(:pass, Symbol)

Instance Attribute Summary

• #decision ⇒ Symbol readonly
• #message ⇒ String readonly
• #rule ⇒ T.untyped readonly
• #rule_type ⇒ Symbol^? readonly

Class Method Summary

• .alert(rule, message) ⇒ FilterDecision

  Create an alert decision.

• .ignore(rule, message) ⇒ FilterDecision

  Create an ignore decision.

• .pass(message) ⇒ FilterDecision

  Create a pass decision (no rules matched).

Instance Method Summary

• #alert? ⇒ Boolean

  Check if the decision is to alert on the message.

• #description ⇒ String

  Get a human-readable description of the decision.

• #ignore? ⇒ Boolean

  Check if the decision is to ignore the message.

• #initialize(decision, rule, message) constructor

  Create a new filter decision.

• #matched? ⇒ Boolean

  Check if a rule matched.

• #pass? ⇒ Boolean

  Check if the decision is to pass the message through.

• #to_h ⇒ Hash{Symbol => T.untyped}

  Convert to hash for logging/debugging.

Constructor Details

#initialize(decision, rule, message)

Create a new filter decision

Parameters:

• decision (Symbol) —

  The decision type (:ignore, :alert, :pass)

• rule (T.untyped) —

  The rule that matched (if any)

• message (String) —

  The original log message

# File 'lib/fluent/plugin/logcheck/filter_decision.rb', line 41

def initialize(decision, rule, message)
  @decision = decision
  @rule = rule
  @rule_type = T.let(rule&.type, T.nilable(Symbol))
  @message = message
end

Instance Attribute Details

#decision ⇒ Symbol (readonly)

Returns:

• (Symbol)

# File 'lib/fluent/plugin/logcheck/filter_decision.rb', line 25

def decision
  @decision
end

#message ⇒ String (readonly)

Returns:

• (String)

# File 'lib/fluent/plugin/logcheck/filter_decision.rb', line 34

def message
  @message
end

#rule ⇒ T.untyped (readonly)

Returns:

• (T.untyped)

# File 'lib/fluent/plugin/logcheck/filter_decision.rb', line 28

def rule
  @rule
end

#rule_type ⇒ Symbol^? (readonly)

Returns:

• (Symbol, nil)

# File 'lib/fluent/plugin/logcheck/filter_decision.rb', line 31

def rule_type
  @rule_type
end

Class Method Details

.alert(rule, message) ⇒ FilterDecision

Create an alert decision

Parameters:

• rule (T.untyped) —

  The rule that matched

• message (String) —

  The log message

Returns:

• (FilterDecision) —

  New alert decision

# File 'lib/fluent/plugin/logcheck/filter_decision.rb', line 120

def self.alert(rule, message)
  new(ALERT, rule, message)
end

.ignore(rule, message) ⇒ FilterDecision

Create an ignore decision

Parameters:

• rule (T.untyped) —

  The rule that matched

• message (String) —

  The log message

Returns:

• (FilterDecision) —

  New ignore decision

# File 'lib/fluent/plugin/logcheck/filter_decision.rb', line 111

def self.ignore(rule, message)
  new(IGNORE, rule, message)
end

.pass(message) ⇒ FilterDecision

Create a pass decision (no rules matched)

Parameters:

• message (String) —

  The log message

Returns:

• (FilterDecision) —

  New pass decision

# File 'lib/fluent/plugin/logcheck/filter_decision.rb', line 128

def self.pass(message)
  new(PASS, nil, message)
end

Instance Method Details

#alert? ⇒ Boolean

Check if the decision is to alert on the message

Returns:

• (Boolean) —

  True if message should generate an alert

# File 'lib/fluent/plugin/logcheck/filter_decision.rb', line 58

def alert?
  @decision == ALERT
end

#description ⇒ String

Get a human-readable description of the decision

Returns:

• (String) —

  Description of the decision

# File 'lib/fluent/plugin/logcheck/filter_decision.rb', line 79

def description
  case @decision
  when IGNORE
    "Message ignored by #{@rule_type} rule: #{@rule.raw_pattern}"
  when ALERT
    "Alert triggered by #{@rule_type} rule: #{@rule.raw_pattern}"
  when PASS
    'Message passed through (no matching rules)'
  else
    "Unknown decision: #{@decision}"
  end
end

#ignore? ⇒ Boolean

Check if the decision is to ignore the message

Returns:

• (Boolean) —

  True if message should be ignored

# File 'lib/fluent/plugin/logcheck/filter_decision.rb', line 51

def ignore?
  @decision == IGNORE
end

#matched? ⇒ Boolean

Check if a rule matched

Returns:

• (Boolean) —

  True if a rule matched

# File 'lib/fluent/plugin/logcheck/filter_decision.rb', line 72

def matched?
  !@rule.nil?
end

#pass? ⇒ Boolean

Check if the decision is to pass the message through

Returns:

• (Boolean) —

  True if message should pass through unchanged

# File 'lib/fluent/plugin/logcheck/filter_decision.rb', line 65

def pass?
  @decision == PASS
end

#to_h ⇒ Hash{Symbol => T.untyped}

Convert to hash for logging/debugging

Returns:

• (Hash{Symbol => T.untyped}) —

  Hash representation of the decision

# File 'lib/fluent/plugin/logcheck/filter_decision.rb', line 95

def to_h
  {
    decision: @decision,
    rule_type: @rule_type,
    pattern: @rule&.raw_pattern,
    source: @rule&.source_file,
    line: @rule&.line_number,
    message_preview: @message[0..100]
  }
end