Class: Fluent::Plugin::Logcheck::RuleEngine

Inherits:

Object

• Object
• Fluent::Plugin::Logcheck::RuleEngine

Extended by:

T::Sig

Defined in:

lib/fluent/plugin/logcheck/rule_engine.rb

Overview

RuleEngine handles the core filtering logic with rule type precedence

Constant Summary

RULE_PRECEDENCE =

Rule type precedence (higher number = higher precedence)

T.let({
  cracking: 3,     # Highest precedence - security alerts
  violations: 2,   # Medium precedence - system violations
  ignore: 1 # Lowest precedence - ignore rules
}.freeze, T::Hash[Symbol, Integer])

Instance Method Summary

• #add_rule_set(rule_set)

  Add a rule set to the engine.

• #add_rule_sets(rule_sets)

  Add multiple rule sets to the engine.

• #clear_rule_sets

  Clear all rule sets from the engine.

• #filter(message) ⇒ FilterDecision

  Apply filtering logic to a log message.

• #initialize(logger: nil) constructor
• #reset_statistics

  Reset all filtering statistics to zero.

• #rule_set_count ⇒ Integer

  Get the number of loaded rule sets.

• #statistics ⇒ Hash{Symbol => T.untyped}

  Get filtering statistics.

• #total_rule_count ⇒ Integer

  Get the total number of rules across all rule sets.

Constructor Details

#initialize(logger: nil)

Parameters:

• logger (T.untyped) (defaults to: nil)

# File 'lib/fluent/plugin/logcheck/rule_engine.rb', line 22

def initialize(logger: nil)
  @logger = T.let(logger, T.untyped)
  @rule_sets = T.let([], T::Array[T.untyped])
  @stats = T.let({
                   total_messages: 0,
                   ignored_messages: 0,
                   alert_messages: 0,
                   passed_messages: 0,
                   rule_matches: Hash.new(0)
                 }, T::Hash[Symbol, T.untyped])
end

Instance Method Details

#add_rule_set(rule_set)

This method returns an undefined value.

Add a rule set to the engine

Parameters:

• rule_set (T.untyped) —

  Rule set to add

# File 'lib/fluent/plugin/logcheck/rule_engine.rb', line 37

def add_rule_set(rule_set)
  @rule_sets << rule_set
  log_info "Added rule set: #{rule_set.type} with #{rule_set.size} rules from #{rule_set.source_path}"
end

#add_rule_sets(rule_sets)

This method returns an undefined value.

Add multiple rule sets to the engine

Parameters:

• rule_sets (Array<T.untyped>) —

  Rule sets to add

# File 'lib/fluent/plugin/logcheck/rule_engine.rb', line 45

def add_rule_sets(rule_sets)
  rule_sets.each { |rule_set| add_rule_set(rule_set) }
end

#clear_rule_sets

This method returns an undefined value.

Clear all rule sets from the engine

# File 'lib/fluent/plugin/logcheck/rule_engine.rb', line 51

def clear_rule_sets
  @rule_sets.clear
  log_info 'Cleared all rule sets'
end

#filter(message) ⇒ FilterDecision

Apply filtering logic to a log message

Parameters:

• message (String) —

  The log message to filter

Returns:

• (FilterDecision) —

  The filtering decision based on rule matches

# File 'lib/fluent/plugin/logcheck/rule_engine.rb', line 74

def filter(message)
  @stats[:total_messages] = T.cast(@stats[:total_messages], Integer) + 1

  # Find all matching rules across all rule sets
  matching_rules = find_matching_rules(message)

  if matching_rules.empty?
    # No rules matched - pass the message through
    decision = FilterDecision.pass(message)
    @stats[:passed_messages] = T.cast(@stats[:passed_messages], Integer) + 1
    log_debug "No rules matched for message: #{message[0..50]}..."
  else
    # Apply rule precedence to determine the final decision
    decision = apply_rule_precedence(matching_rules, message)
    update_stats(decision)
    log_debug "Applied #{decision.decision} decision for message: #{message[0..50]}..."
  end

  decision
end

#reset_statistics

This method returns an undefined value.

Reset all filtering statistics to zero

# File 'lib/fluent/plugin/logcheck/rule_engine.rb', line 104

def reset_statistics
  @stats = {
    total_messages: 0,
    ignored_messages: 0,
    alert_messages: 0,
    passed_messages: 0,
    rule_matches: Hash.new(0)
  }
end

#rule_set_count ⇒ Integer

Get the number of loaded rule sets

Returns:

• (Integer) —

  Number of rule sets currently loaded

# File 'lib/fluent/plugin/logcheck/rule_engine.rb', line 59

def rule_set_count
  @rule_sets.size
end

#statistics ⇒ Hash{Symbol => T.untyped}

Get filtering statistics

Returns:

• (Hash{Symbol => T.untyped}) —

  Statistics about filtering operations including message counts and rule matches

# File 'lib/fluent/plugin/logcheck/rule_engine.rb', line 98

def statistics
  @stats.dup
end

#total_rule_count ⇒ Integer

Get the total number of rules across all rule sets

Returns:

• (Integer) —

  Total number of rules across all loaded rule sets

# File 'lib/fluent/plugin/logcheck/rule_engine.rb', line 66

def total_rule_count
  @rule_sets.sum(&:size)
end