
Security News
/Research
Wallet-Draining npm Package Impersonates Nodemailer to Hijack Crypto Transactions
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
fluent-plugin-azure-storage-append-blob
Advanced tools
Fluentd out plugin to do something.
Azure Storage Append Blob output plugin buffers logs in local file and uploads them to Azure Storage Append Blob periodically.
gem install fluent-plugin-azure-storage-append-blob
Add following line to your Gemfile:
gem "fluent-plugin-azure-storage-append-blob"
And then execute:
bundle
<match pattern>
type azure-storage-append-blob
azure_storage_account <your azure storage account>
azure_storage_access_key <your azure storage access key> # leave empty to use MSI
azure_storage_sas_token <your azure storage sas token> # leave empty to use MSI
azure_imds_api_version <Azure Instance Metadata Service API Version> # only used for MSI
azure_token_refresh_interval <refresh interval in min> # only used for MSI
azure_container <your azure storage container>
auto_create_container true
path logs/
azure_object_key_format %{path}%{time_slice}_%{index}.log
time_slice_format %Y%m%d-%H
# if you want to use %{tag} or %Y/%m/%d/ like syntax in path / azure_blob_name_format,
# need to specify tag for %{tag} and time for %Y/%m/%d in <buffer> argument.
<buffer tag,time>
@type file
path /var/log/fluent/azurestorageappendblob
timekey 120 # 2 minutes
timekey_wait 60
timekey_use_utc true # use utc
</buffer>
</match>
azure_storage_account
(Required)Your Azure Storage Account Name. This can be retrieved from Azure Management portal.
azure_storage_access_key
or azure_storage_sas_token
(Either required or both empty to use MSI)Your Azure Storage Access Key (Primary or Secondary) or shared access signature (SAS) token. This also can be retrieved from Azure Management portal.
If both are empty, the plugin will use the local Managed Identity endpoint to obtain a token for the target storage account.
azure_imds_api_version
(Optional, only for MSI)Default: 2019-08-15
The Instance Metadata Service is used during the OAuth flow to obtain an access token. This API is versioned and specifying the version is mandatory.
See here for more details.
azure_token_refresh_interval
(Optional, only for MSI)Default: 60 (1 hour)
When using MSI, the initial access token needs to be refreshed periodically.
azure_container
(Required)Azure Storage Container name
auto_create_container
This plugin creates the Azure container if it does not already exist exist when you set 'auto_create_container' to true.
The default value is true
azure_object_key_format
The format of Azure Storage object keys. You can use several built-in variables:
to decide keys dynamically.
%{path} is exactly the value of path configured in the configuration file. E.g., "logs/" in the example configuration above. %{time_slice} is the time-slice in text that are formatted with time_slice_format. %{index} is used only if your blob exceed Azure 50000 blocks limit per blob to prevent data loss. Its not required to use this parameter.
The default format is "%{path}%{time_slice}-%{index}.log".
For instance, using the example configuration above, actual object keys on Azure Storage will be something like:
"logs/20130111-22-0.log"
"logs/20130111-23-0.log"
"logs/20130112-00-0.log"
With the configuration:
azure_object_key_format %{path}/events/ts=%{time_slice}/events.log
path log
time_slice_format %Y%m%d-%H
You get:
"log/events/ts=20130111-22/events.log"
"log/events/ts=20130111-23/events.log"
"log/events/ts=20130112-00/events.log"
The fluent-mixin-config-placeholders mixin is also incorporated, so additional variables such as %{hostname}, etc. can be used in the azure_object_key_format
. This is useful in preventing filename conflicts when writing from multiple servers.
azure_object_key_format %{path}/events/ts=%{time_slice}/events-%{hostname}.log
time_slice_format
Format of the time used in the file name. Default is '%Y%m%d'. Use '%Y%m%d%H' to split files hourly.
gem install bundler
bundle install
bundle exec rake test
Create Storage Account and VM with enabled MSI
Setup Docker ang Git
SSH into VM
Download this repo
git clone https://github.com/microsoft/fluent-plugin-azure-storage-append-blob.git
cd fluent-plugin-azure-storage-append-blob
Build Docker image
docker build -t fluent .
Run Docker image with different set of parameters:
STORAGE_ACCOUNT
: required, name of your storage accountSTORAGE_ACCESS_KEY
: storage account access keySTORAGE_SAS_TOKEN
: storage sas token with enough permissions for the pluginYou need to specify STORAGE_ACCOUNT
and one of auth ways. If you run it from VM with MSI,
just STORAGE_ACCOUNT
is required. Keep in mind, there is no way to refresh MSI Token, so
ensure you setup proper permissions first.
docker run -it -e STORAGE_ACCOUNT=<storage> -e STORAGE_ACCESS_KEY=<key> fluent
This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.microsoft.com.
When you submit a pull request, a CLA-bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.
FAQs
Unknown package
We found that fluent-plugin-azure-storage-append-blob demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
/Research
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
Security News
This episode explores the hard problem of reachability analysis, from static analysis limits to handling dynamic languages and massive dependency trees.
Security News
/Research
Malicious Nx npm versions stole secrets and wallet info using AI CLI tools; Socket’s AI scanner detected the supply chain attack and flagged the malware.