Class Collector
The Collector template creates an instance of this class (called instance
) to contain
a number of utility data objects and methods. These data objects control operation of the Collector,
define the environment, and help locate files on disk.
The template handles most things to do with the Collector object, but if you need to reference
parameters to affect parsing, or use the Session multi-line record handling routines, you will
use this class.
Defined in: collector.js.
Constructor Attributes | Constructor Name and Description |
---|---|
Collector(uuid)
This class represents the Collector ESM object.
|
Field Attributes | Field Name and Description |
---|---|
An object that contains various configuration information about this Collector
like parameters, maps, etc.
|
|
Flag used to set the destination of audit output to an event.
|
|
Flag used to set the destination of audit output to a log
|
|
This object stores the maps that will be used to control record conversion and for looking
up external business-relevance data.
|
|
Storage area for anonymous parsing routines - can then be attached to sessions.
|
|
A prototype Event object that is used to construct a new output event each time through
the processing loop.
|
|
Area where SQLQuery objects are stored.
|
|
Flag which indicates whether the current event should be sent or not.
|
|
Storage area for partial event sessions.
|
|
The UUID of this Collector.
|
Method Attributes | Method Name and Description |
---|---|
cleanup()
Cleans up the environment when the Collector is stopped.
|
|
This method is used to provide locally-defined custom initialization of the Collector.
|
|
The initialize method is used to perform any event source-specific initialization
routines required to support processing of data from this event source.
|
|
reset()
The reset method resets the Collector after processing is completed for the previous
record.
|
|
The loadMaps method loads in a standard set of parameters and
maps that will be used by this Collector to control operations and
to transform objects.
|
|
sleep(sec)
The sleep method simply puts the Collector to sleep for the specified number of seconds.
|
|
start()
Starts this Collector in ESM.
|
|
stop()
Stops this Collector in ESM.
|
Class Detail
Collector(uuid)
This class represents the Collector ESM object.
The Collector class provides methods used to manipulate Collectors in ESM such as starting and stopping,
and is also used to contain the execution environment for a running Collector script.
Author: Novell Engineering.
Author: Novell Engineering.
- Parameters:
- {String} uuid
- ID of the Collector you want to access.
Field Detail
{Object}
CONFIG
An object that contains various configuration information about this Collector
like parameters, maps, etc.
Here are the usual contents:
instance.CONFIG.params.<parameter>
: An object that contains the parameters set during configuration of this Collector.instance.CONFIG.scriptContext
: An instance of the script context, which is the Java representation of the running script.instance.CONFIG.collDir
: The directory in which this Collector is located. Can be used to find external files to load.instance.CONFIG.commonDir
: The directory used to hold files that can be referenced by all Collectors.
{Flag}
EVENT
Flag used to set the destination of audit output to an event.
{Flag}
LOG
Flag used to set the destination of audit output to a log
{Object}
MAPS
This object stores the maps that will be used to control record conversion and for looking
up external business-relevance data. For example, the instance.MAPS.Rec2Evt map defines how normal
records will be converted to output events.
Example:
// in instance.initialize() method: this.MAPS.SeverityMap = new KeyMap(this.CONFIG.collDir + "/Severity.map"); // When you need to apply it in rec.normalize(): var srcSev = this.s_RXBufferString.substr(x,y); this.sentinelSev = instance.MAPS.SeverityMap.lookup(srcSev);
{Hash}
PARSER
Storage area for anonymous parsing routines - can then be attached to sessions.
{Event}
protoEvt
A prototype Event object that is used to construct a new output event each time through
the processing loop.
Note that you can pre-set static attributes on this prototype object by editing the protoEvt.map
file or by adding code to set attributes directly. Make sure you use the standard field labels.
{Hash}
QUERIES
Area where SQLQuery objects are stored.
The SQLQuery objects stored here should be named based on the event source UUIDs with which they are associated;
ordinarily this will be handled automatically by the Connector when it detects new DB event sources, but you
can manipulate these manually if necessary.
- See:
- SQLQuery
{Boolean}
SEND_EVENT
Flag which indicates whether the current event should be sent or not. Your code should set this
to "true" once you've determined if the input record is a valid event and you have completed
parsing.
{Hash}
STORE
Storage area for partial event sessions.
Put partial records in sessions stored here and attach expiration timers and parsers to them.
- See:
- Session
{UUID}
UUID
The UUID of this Collector.
Method Detail
cleanup()
Cleans up the environment when the Collector is stopped.
Use this method to shut down or close any external connections necessary when the Collector is
stopped. This is rarely necessary as most ESM components already shut down on their own.
Defined in: release.js.
Defined in: release.js.
- Returns:
- void
{Boolean}
customInit()
This method is used to provide locally-defined custom initialization of the Collector.
Useful variables:
- instance.CONFIG.collDir
- The directory that will contain all the Collector plugin files
- this.CONFIG.commonDir
- The directory where this custom code resides - you can add additional files as necessary
- Returns:
- {Boolean} Result
{Boolean}
initialize()
The initialize method is used to perform any event source-specific initialization
routines required to support processing of data from this event source.
Defined in: release.js.
Common things done in this section are:
- Load any custom parameters
- Pre-set static event fields in the instance.protoEvt object
- Send any initialization strings to the Connector
Defined in: release.js.
- Returns:
- {Boolean} Whether the initialization was successful
{Boolean}
reset()
The reset method resets the Collector after processing is completed for the previous
record. It will create a new, empty record to receive the next input, and also a new
Event object that is a clone of the prototype event (so that static fields can be preset).
Side effects:
instance.SEND_EVENT
is set to falserec
is created as an empty Record objectcurEvt
is created as a clone of the prototype Event object- Host/IP resolution maps are refreshed
- IP/User resolution maps are refreshed
- Any stored Session objects that are ready for processing are processed
- Returns:
- {Boolean} Result
{Boolean}
scriptInit()
The loadMaps method loads in a standard set of parameters and
maps that will be used by this Collector to control operations and
to transform objects.
- Returns:
- {Boolean} Result
{Boolean}
sleep(sec)
The sleep method simply puts the Collector to sleep for the specified number of seconds.
- Parameters:
- {Number} sec
- Number of seconds to sleep
- Returns:
- {Boolean} Result
start()
Starts this Collector in ESM.
stop()
Stops this Collector in ESM.