require_relative 'antimalware_lib'
require_relative 'oms_common'
require 'logger'
module Fluent
  class AntimalwareFilter < Filter

    Fluent::Plugin.register_filter('filter_antimalware', self)

    def configure(conf)
        super
        # Do the usual configuration here
        @hostname = OMS::Common.get_hostname or "Unknown host"
    end

    def start
        super
        # This is the first method to be called when it starts running
        # Use it to allocate resources, etc.
    end

    def shutdown
        super
        # This method is called when Fluentd is shutting down.
        # Use it to free up resources, etc.
    end

    def filter(tag, time, record)
        # Create Antimalware blob and Operation blobs based on collectantimalwareinfo script scan & assessment results
        antimalware = OMS::Antimalware.new(@log)
        @log.info "antimalware filter started..."
        antimalware_blob, operation_blob = antimalware.transform_and_wrap(record, @hostname, time)
        @log.info "antimalware_blob after transform_and_wrap: " + antimalware_blob.to_s

        if !operation_blob.nil?
            # Send Operation error to FuentD pipeline if operation blob is not null.
            # The data is formatted in correct ODS format and no more handling is required
            @log.info "Fluent::emit am operational blob"
            Fluent::Engine.emit("oms.antimalware_operation", time, operation_blob)
        end
        
        if !antimalware_blob.nil?
            @log.info "Fluent::return antimalware blob"
            return antimalware_blob
        end
    end # filter
  end # class
end # module