From d07fad9ca8b109212b839b11d722067cadc9c19b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Taveira=20Ara=C3=BAjo?= Date: Fri, 19 Apr 2024 13:45:13 -0700 Subject: [PATCH] feat(forwarder): add preset for VPC Flow Logs (#229) Identify VPC Flow Logs with a custom content type. --- handler/forwarder/override/presets/aws/v1.yaml | 7 +++++++ handler/forwarder/override/presets_test.go | 12 ++++++++++++ 2 files changed, 19 insertions(+) diff --git a/handler/forwarder/override/presets/aws/v1.yaml b/handler/forwarder/override/presets/aws/v1.yaml index 1840e4b9..3f4967ec 100644 --- a/handler/forwarder/override/presets/aws/v1.yaml +++ b/handler/forwarder/override/presets/aws/v1.yaml @@ -34,3 +34,10 @@ source: '\d{12}_CloudTrail_[a-z\d-]+_\d{8}T\d{4}Z_[a-zA-Z0-9-]+\.json\.gz$' override: content-type: 'application/x-aws-cloudtrail' + +- id: vpcFlowLogs + match: + source: '\d{12}_vpcflowlogs_[a-z\d-]+_[a-zA-Z0-9-]+_\d{8}T\d{4}Z_[a-zA-Z0-9-]+\.log\.gz$' + override: + content-type: 'application/x-aws-vpcflowlogs' + diff --git a/handler/forwarder/override/presets_test.go b/handler/forwarder/override/presets_test.go index bcffb1c9..2c4e057d 100644 --- a/handler/forwarder/override/presets_test.go +++ b/handler/forwarder/override/presets_test.go @@ -60,6 +60,18 @@ func TestPresets(t *testing.T) { MetadataDirective: types.MetadataDirectiveReplace, }, }, + { + Input: &s3.CopyObjectInput{ + CopySource: aws.String("test-bucket/AWSLogs/123456789012/vpcflowlogs/eu-central-1/2024/04/18/123456789012_vpcflowlogs_eu-central-1_fl-0d867ec290a114c9d_20240418T2155Z_9b1b75d1.log.gz"), + ContentEncoding: aws.String("gzip"), + }, + Expect: &s3.CopyObjectInput{ + CopySource: aws.String("test-bucket/AWSLogs/123456789012/vpcflowlogs/eu-central-1/2024/04/18/123456789012_vpcflowlogs_eu-central-1_fl-0d867ec290a114c9d_20240418T2155Z_9b1b75d1.log.gz"), + ContentType: aws.String("application/x-aws-vpcflowlogs"), + ContentEncoding: aws.String("gzip"), + MetadataDirective: types.MetadataDirectiveReplace, + }, + }, }, }, }