def lambda_handler(event, context):
    """
    Auto-subscribe to log group from event.

    :param event: Event data from CloudWatch Logs.
    :type event: dict

    :param context: Lambda object context.
    :type context: obj

    :return: None
    :rtype: NoneType
    """
    # Grab the log group name from incoming event.
    log_group_name = event["detail"]["requestParameters"]["logGroupName"]

    # Check whether the prefix is set - the prefix is used to determine which logs we want.
    if not humio_subscription_prefix:
        helpers.create_subscription(log_client, log_group_name,
                                    humio_log_ingester_arn, context)

    else:
        # Check whether the log group's name starts with the set prefix.
        if log_group_name.startswith(humio_subscription_prefix):
            helpers.create_subscription(log_client, log_group_name,
                                        humio_log_ingester_arn, context)
Exemplo n.º 2
0
def lambda_handler(event, context):

    # grab all log groups with a token if we have it
    if 'nextToken' in event.keys():
        nextToken = event['nextToken']
        if humio_subscription_prefix:
            log_groups = log_client.describe_log_groups(
                logGroupNamePrefix=humio_subscription_prefix,
                nextToken=nextToken)
        else:
            log_groups = log_client.describe_log_groups(nextToken=nextToken)
    else:
        if humio_subscription_prefix:
            log_groups = log_client.describe_log_groups(
                logGroupNamePrefix=humio_subscription_prefix, )
        else:
            log_groups = log_client.describe_log_groups()

    # if we have a token, recursively fire another instance of backfiller with it
    if 'nextToken' in log_groups.keys():
        lambda_cli = boto3.client("lambda")
        event['nextToken'] = log_groups['nextToken']
        lambda_cli.invoke_async(FunctionName=context.function_name,
                                InvokeArgs=json.dumps(event))

    # loop through log groups
    for logGroup in log_groups['logGroups']:

        # grab all subscriptions for the specified log group
        all_subscription_filters = log_client.describe_subscription_filters(
            logGroupName=logGroup['logGroupName'])

        # first we check to see if there are any filters at all
        if all_subscription_filters['subscriptionFilters']:

            # if our function is not subscribed delete subscription and create ours
            if all_subscription_filters['subscriptionFilters'][0][
                    'destinationArn'] != humio_log_ingester_arn:
                helpers.delete_subscription(
                    log_client, logGroup['logGroupName'],
                    all_subscription_filters['subscriptionFilters'][0]
                    ['filterName'])
                helpers.create_subscription(log_client,
                                            logGroup['logGroupName'],
                                            humio_log_ingester_arn, context)

            # we are subbed
            else:
                print("We are subscribed to %s" % logGroup['logGroupName'])

        # there are no filters, lets subscribe!
        else:
            helpers.create_subscription(log_client, logGroup['logGroupName'],
                                        humio_log_ingester_arn, context)

        # keep hitting rate limits? TODO: find actual limits and back off using those
        sleep(0.8)
Exemplo n.º 3
0
def lambda_handler(event, context):

    # setup log client
    log_client = boto3.client('logs')

    # grab log group name from incoming event
    log_group_name = event['detail']['requestParameters']['logGroupName']

    # env vars
    humio_log_ingester_arn = os.environ['humio_log_ingester_arn']
    humio_subscription_prefix = os.environ['humio_subscription_prefix']

    # check if the prefix is empty
    if not humio_subscription_prefix:
        helpers.create_subscription(log_client, log_group_name,
                                    humio_log_ingester_arn, context)

    else:
        # check if log group name starts with our prefix
        if log_group_name.startswith(humio_subscription_prefix):
            helpers.create_subscription(log_client, log_group_name,
                                        humio_log_ingester_arn, context)
Exemplo n.º 4
0
def lambda_handler(event, context):
    """
    Back-filler function that lists all log groups and subscribes to them.

    :param event: Event data from CloudWatch Logs.
    :type event: dict

    :param context: Lambda context object.
    :type context: obj

    :return: None
    """
    # Grab all log groups with a token and/or prefix if we have them.
    if "nextToken" in event.keys():
        next_token = event["nextToken"]
        if humio_subscription_prefix:
            log_groups = log_client.describe_log_groups(
                logGroupNamePrefix=humio_subscription_prefix,
                nextToken=next_token
            )
        else:
            log_groups = log_client.describe_log_groups(
                nextToken=next_token
            )
    else:
        if humio_subscription_prefix:
            log_groups = log_client.describe_log_groups(
                logGroupNamePrefix=humio_subscription_prefix,
            )
        else:
            log_groups = log_client.describe_log_groups()

    # If we have a next token, recursively fire another instance of backfiller with it.
    if "nextToken" in log_groups.keys():
        lambda_client = boto3.client("lambda")
        event["nextToken"] = log_groups["nextToken"]
        lambda_client.invoke(
            FunctionName=context.function_name,
            InvocationType="Event",
            Payload=json.dumps(event)
        )

    # Loop through log groups.
    for log_group in log_groups["logGroups"]:
        # Grab all subscriptions for the specified log group.
        all_subscription_filters = log_client.describe_subscription_filters(
            logGroupName=log_group["logGroupName"]
        )

        # First we check to see if there are any filters at all.
        if all_subscription_filters["subscriptionFilters"]:
            # If our function is not subscribed, delete subscription and create ours.
            if all_subscription_filters["subscriptionFilters"][0]["destinationArn"] != humio_log_ingester_arn:
                helpers.delete_subscription(
                    log_client,
                    log_group["logGroupName"],
                    all_subscription_filters["subscriptionFilters"][0]["filterName"]
                )
                helpers.create_subscription(
                    log_client,
                    log_group["logGroupName"],
                    humio_log_ingester_arn,
                    context
                )
            # We are now subscribed.
            else:
                print("We are already subscribed to %s" % log_group["logGroupName"])
        # When there are no subscription filters, let us subscribe!
        else:
            helpers.create_subscription(
                log_client,
                log_group["logGroupName"],
                humio_log_ingester_arn, context
            )