Code doesn't get executed

mahsa_b · July 17, 2017, 5:31pm

Hi ,
I have a block of code like this:

if "vlan" in [tags] {
    grok {
      patterns_dir => ["./patterns/custom-patterns"]
      match => { "message" => ["configure vlan %{WORD:vlan} add ports %{PORTS:ports} %{TAG_INFO:tagInfo}",
                             "configure vlan %{WORD:vlan} tag %{NUMBER:vid}",
                             "configure vlan %{WORD:vlan} ipaddress %{IP:ip} %{IP:subnet}" ]}
      add_tag => ["vlan_info"]
    }

  if "vlan_info" in [tags] {

    # TODO: Doesn't Work !!! investigate why.
    # Extract the 'Correct' list of the ports ; the line contains the port in this format 19, 28, 46-48
    # and this code convert it to 19, 28, 46, 47, 48
    ruby {
      code => "
        if (defined?(ports))
          correct_ports = []
          comma_separated_ports = ports.split(',')
          comma_separated_ports.each{|p|
            p.gsub!(/\s+/, '')

            if p.include? '-'
              dash_separated_ports = p.split('-')
              for i in dash_separated_ports.first..dash_separated_ports.last
                correct_ports.push(i)
              end
            else
              correct_ports.push(p)
            end
          }

          event.set('ports', correct_ports)
       end
      "
    }
  }
}

the part written in Ruby plugin doesn't seem to get executed and I am not sure why ports is always undefined even though I am adding it to the event.
any idea?

mahsa_b · July 17, 2017, 7:00pm

ok I found my mistake. I should have used event.get('ports') instead of 'ports'

system · August 14, 2017, 7:00pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.