Package org.graylog.integrations.aws

Class AWSLogMessage

java.lang.Object

org.graylog.integrations.aws.AWSLogMessage

public class AWSLogMessage
extends Object

A helper class that supports the ability to detect the type of AWS log message.

Constructor Summary

Constructors

Constructor	Description
AWSLogMessage(String logMessage)

Method Summary

Modifier and Type	Method	Description
AWSMessageType	detectLogMessageType(boolean compressed)	Detects the type of log message.
boolean	isFlowLog()	Flow logs are space-delimited messages.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

AWSLogMessage

public AWSLogMessage(String logMessage)

Method Details

detectLogMessageType

public AWSMessageType detectLogMessageType(boolean compressed)

Detects the type of log message.

Parameters:

compressed - Indicates if the payload is compressed and probably from CloudWatch.

Returns:

A Type indicating the which kind of log message has been detected.

isFlowLog

public boolean isFlowLog()

Flow logs are space-delimited messages. See https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html

Sample: 2 123456789010 eni-abc123de 172.31.16.139 172.31.16.21 20641 22 6 20 4249 1418530010 1418530070 ACCEPT OK

Match a message with exactly 13 spaces and either the word ACCEPT or REJECT. Use simple if checks instead of regex to keep this simple. Performance should not be a concern, since this is only called once during the healthcheck.

Returns:

true if message is a flow log.