def setup(self): """Setup before each method""" self.env = { 'lambda_region': 'us-east-1', 'account_id': '123456789012', 'lambda_function_name': 'test_kinesis_stream', 'lambda_alias': 'production' } self.config = load_config('test/unit/conf') self.log_metadata = self.config['logs']
def setup(self): self.env = { 'lambda_region': 'us-east-1', 'account_id': '123456789012', 'lambda_function_name': 'stream_alert_test', 'lambda_alias': 'production' } self.config = load_config('test/unit/conf') self.log_metadata = self.config['logs'] pass
def handler(event, context): """StreamAlert Lambda function handler. Loads the configuration for the StreamAlert function which contains: available data sources, log formats, parser modes, and sinks. Classifies logs sent into the stream into a parsed type. Matches records against rules. Args: event: An AWS event mapped to a specific source/entity (kinesis stream or an s3 bucket event) containing data emitted to the stream. context: An AWS context object which provides metadata on the currently executing lambda function. Returns: None """ logger.debug('Number of Records: %d', len(event.get('Records'))) config = load_config() env = load_env(context) # process_alerts(event['Records']) alerts_to_send = [] # TODO(jack): Move this into classification for record in event.get('Records'): payload = StreamPayload(raw_record=record) classifier = StreamClassifier(config=config) classifier.map_source(payload) # If the kinesis stream or s3 bucket is not in our config, # go onto the next record. if not payload.valid_source: continue if payload.service == 's3': s3_file_lines = StreamPreParsers.pre_parse_s3(payload.raw_record) for line in s3_file_lines: data = line.rstrip() payload.refresh_record(data) classifier.classify_record(payload, data) process_alerts(payload, alerts_to_send) elif payload.service == 'kinesis': data = StreamPreParsers.pre_parse_kinesis(payload.raw_record) classifier.classify_record(payload, data) process_alerts(payload, alerts_to_send) if alerts_to_send: if env['lambda_alias'] == 'development': logger.info('%s alerts triggered', len(alerts_to_send)) for alert in alerts_to_send: logger.info(alert) StreamSink(alerts_to_send, config, env).sink() else: logger.debug('Valid data, no alerts: %s', payload)
def run(self, event, context): """StreamAlert Lambda function handler. Loads the configuration for the StreamAlert function which contains: available data sources, log formats, parser modes, and sinks. Classifies logs sent into the stream into a parsed type. Matches records against rules. Args: event: An AWS event mapped to a specific source/entity (kinesis stream or an s3 bucket event) containing data emitted to the stream. context: An AWS context object which provides metadata on the currently executing lambda function. Returns: None """ logger.debug('Number of Records: %d', len(event.get('Records'))) config = load_config() env = load_env(context) for record in event.get('Records'): payload = StreamPayload(raw_record=record) classifier = StreamClassifier(config=config) classifier.map_source(payload) # If the kinesis stream or s3 bucket is not in our config, # go onto the next record if not payload.valid_source: continue if payload.service == 's3': self.s3_process(payload, classifier) elif payload.service == 'kinesis': self.kinesis_process(payload, classifier) else: logger.info('Unsupported service: %s', payload.service) # Give the user control over handling generated alerts if self.return_alerts: return self.alerts else: self.send_alerts(env)
def setup(self): """Setup before each method""" # load config self.config = load_config('test/unit/conf') # load JSON parser class self.parser_class = get_parser('json')