Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OCI split data in different tables #11499

Draft
wants to merge 15 commits into
base: master
Choose a base branch
from
+50 −17
Draft

OCI split data in different tables #11499

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
c9cbf2d
Update main.py
v-sabiraj Nov 27, 2024
5585c28
Update OCILogsConn.zip
v-sabiraj Nov 27, 2024
addec7a
Update main.py
v-sabiraj Nov 28, 2024
6cea78b
Update OCILogs.yaml
v-sabiraj Nov 28, 2024
d4fbc05
Update OCILogsConn.zip
v-sabiraj Nov 28, 2024
654126c
Updated logtype to create new default table
v-sabiraj Dec 3, 2024
520da25
Update OCILogs.yaml
v-sabiraj Dec 3, 2024
31abef3
Update main.py
v-sabiraj Dec 5, 2024
4c15dfe
Update OCILogsConn.zip
v-sabiraj Dec 5, 2024
659ce90
Added logging and changed the eventtype logic
v-sabiraj Dec 6, 2024
0bbbb65
Update OCILogsConn.zip
v-sabiraj Dec 6, 2024
8e4c04d
grouping events based on types
v-sabiraj Dec 9, 2024
72e8c7d
Update sentinel_connector.py
v-sabiraj Dec 9, 2024
e05d51e
Update OCILogsConn.zip
v-sabiraj Dec 9, 2024
8bf7be9
Updated log type value
v-sabiraj Dec 13, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 22 additions & 0 deletions Solutions/Oracle Cloud Infrastructure/Data Connectors/AzureFunctionOCILogs/main.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,25 @@
process_events(stream_client, StreamOcid, cursor, limit, sentinel_connector, start_ts)
logging.info(f'Function finished. Sent events {sentinel_connector.successfull_sent_events_number}.')


def determine_log_type(event):
"""
Determine the Azure Sentinel log type based on the event type.
"""
event_type = event.get("type", "default")
if "com.oraclecloud.loadbalancer" in event_type:
return "OCI_LoadBalancerLogs"
# elif event_type == "com.oraclecloud.loadbalancer.error":
# return "OCI_LoadBalancerLogs"
Fixed Show fixed Hide fixed
Fixed Show fixed Hide fixed
Fixed Show fixed Hide fixed
Comment on lines +64 to +65

Check notice

Code scanning / CodeQL

Commented-out code Note

This comment appears to contain commented-out code.
elif "com.oraclecloud.audit" in event_type:
return "OCI_AuditLogs"
elif "com.oraclecloud.virtualNetwork" in event_type:
return "OCI_VirtualNetworkLogs"
elif "com.oraclecloud.compute" in event_type:
return "OCI_ComputeInstanceLogs"
else:
return "OCI_Logs" # Default log type

def parse_key(key_input):
try:
begin_line = re.search(r'-----BEGIN [A-Z ]+-----', key_input).group()
Expand Down Expand Up @@ -127,6 +146,8 @@
#if event != 'ok' and event != 'Test':
event = json.loads(event)
if "data" in event:
# Determine table based on event type
log_type = determine_log_type(event)
if "request" in event["data"] and event["type"] != "com.oraclecloud.loadbalancer.access":
if event["data"]["request"] is not None and "headers" in event["data"]["request"]:
event["data"]["request"]["headers"] = json.dumps(event["data"]["request"]["headers"])
Expand All @@ -143,6 +164,7 @@
if event["data"]["stateChange"] is not None and "current" in event["data"]["stateChange"] :
event["data"]["stateChange"]["current"] = json.dumps(
event["data"]["stateChange"]["current"])
sentinel.log_type = log_type
sentinel.send(event)

sentinel.flush()
Expand Down
Binary file modified Solutions/Oracle Cloud Infrastructure/Data Connectors/OCILogsConn.zip
View file
Open in desktop
Binary file not shown.
Loading