fluent-plugin-cloudwatch-logs-yajl 0.4.5

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 1a9ff9da35695288dfdbeca3ba8ed98a7a7ff2cd
+  data.tar.gz: 0d2dc63be5193df07e3dcbf91c229dbbf8797428
+SHA512:
+  metadata.gz: 4e48ea1183b4d9bbc2e491cce9e6ef9ccf5133099851182c637cb69573d033bae47fa06daded92b196fa67867a1289fa18b103c674097ffc900c32b63e2be22d
+  data.tar.gz: 570be1022decbab4f8f9ea124e149060f78aeca0f7caf1f7e546c1a7ecb77bd31bd31914ac824dbcee565a5a0c6e6e421f52f698d20fb085f0add272dd6ad4a2

data/.gitignore

@@ -0,0 +1,22 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp
+*.bundle
+*.so
+*.o
+*.a
+mkmf.log

data/Gemfile

@@ -0,0 +1,5 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in fluent-plugin-cloudwatch-logs.gemspec
+gem 'fluentd', '~> 0.12.0'
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2014 Ryota Arai
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,266 @@
+# fluent-plugin-cloudwatch-logs
+
+[![Gem Version](https://badge.fury.io/rb/fluent-plugin-cloudwatch-logs.svg)](http://badge.fury.io/rb/fluent-plugin-cloudwatch-logs)
+
+[CloudWatch Logs](http://aws.amazon.com/blogs/aws/cloudwatch-log-service/) Plugin for Fluentd
+
+## Installation
+
+    $ gem install fluent-plugin-cloudwatch-logs
+
+## Preparation
+
+Create IAM user with a policy like the following:
+
+```json
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "logs:*",
+        "s3:GetObject"
+      ],
+      "Resource": [
+        "arn:aws:logs:us-east-1:*:*",
+        "arn:aws:s3:::*"
+      ]
+    }
+  ]
+}
+```
+
+Set region and credentials:
+
+```
+$ export AWS_REGION=us-east-1
+$ export AWS_ACCESS_KEY_ID="YOUR_ACCESS_KEY"
+$ export AWS_SECRET_ACCESS_KEY="YOUR_SECRET_ACCESS_KEY"
+```
+
+## Example
+
+Start fluentd:
+
+```
+$ fluentd -c example/fluentd.conf
+```
+
+Send sample log to CloudWatch Logs:
+
+```
+$ echo '{"hello":"world"}' | fluent-cat test.cloudwatch_logs.out
+```
+
+Fetch sample log from CloudWatch Logs:
+
+```
+# stdout
+2014-07-17 00:28:02 +0900 test.cloudwatch_logs.in: {"hello":"world"}
+```
+
+## Configuration
+### out_cloudwatch_logs
+
+```
+<match tag>
+  type cloudwatch_logs
+  log_group_name log-group-name
+  log_stream_name log-stream-name
+  auto_create_stream true
+  #message_keys key1,key2,key3,...
+  #max_message_length 32768
+  #use_tag_as_group false
+  #use_tag_as_stream false
+  #include_time_key true
+  #localtime true
+  #log_group_name_key group_name_key
+  #log_stream_name_key stream_name_key
+  #remove_log_group_name_key true
+  #remove_log_stream_name_key true
+  #put_log_events_retry_wait 1s
+  #put_log_events_retry_limit 17
+  #put_log_events_disable_retry_limit false
+</match>
+```
+
+* `log_group_name`: name of log group to store logs
+* `log_stream_name`: name of log stream to store logs
+* `auto_create_stream`: to create log group and stream automatically
+* `message_keys`: keys to send messages as events
+* `max_message_length`: maximum length of the message
+* `max_events_per_batch`: maximum number of events to send at once (default 10000)
+* `use_tag_as_group`: to use tag as a group name
+* `use_tag_as_stream`: to use tag as a stream name
+* `include_time_key`: include time key as part of the log entry (defaults to UTC)
+* `localtime`: use localtime timezone for `include_time_key` output (overrides UTC default)
+* `log_group_name_key`: use specified field of records as log group name
+* `log_stream_name_key`: use specified field of records as log stream name
+* `remove_log_group_name_key`: remove field specified by `log_group_name_key`
+* `remove_log_stream_name_key`: remove field specified by `log_stream_name_key`
+* `put_log_events_retry_wait`: time before retrying PutLogEvents (retry interval increases exponentially like `put_log_events_retry_wait * (2 ^ retry_count)`)
+* `put_log_events_retry_limit`: maximum count of retry (if exceeding this, the events will be discarded)
+* `put_log_events_disable_retry_limit`: if true, `put_log_events_retry_limit` will be ignored
+
+### in_cloudwatch_logs
+
+```
+<source>
+  type cloudwatch_logs
+  tag cloudwatch.in
+  log_group_name group
+  log_stream_name stream
+  #use_log_stream_name_prefix true
+  state_file /var/lib/fluent/group_stream.in.state
+</source>
+```
+
+* `tag`: fluentd tag
+* `log_group_name`: name of log group to fetch logs
+* `log_stream_name`: name of log stream to fetch logs
+* `use_log_stream_name_prefix`: to use `log_stream_name` as log stream name prefix (default false)
+* `state_file`: file to store current state (e.g. next\_forward\_token)
+* `aws_use_sts`: use [AssumeRoleCredentials](http://docs.aws.amazon.com/sdkforruby/api/Aws/AssumeRoleCredentials.html) to authenticate, rather than the [default credential hierarchy](http://docs.aws.amazon.com/sdkforruby/api/Aws/CloudWatchLogs/Client.html#initialize-instance_method). See 'Cross-Account Operation' below for more detail.
+* `aws_sts_role_arn`: the role ARN to assume when using cross-account sts authentication
+* `aws_sts_session_name`: the session name to use with sts authentication (default: `fluentd`)
+
+This plugin uses [fluent-mixin-config-placeholders](https://github.com/tagomoris/fluent-mixin-config-placeholders) and you can use addtional variables such as %{hostname}, %{uuid}, etc. These variables are useful to put hostname in `log_stream_name`.
+
+## Test
+
+Set credentials:
+
+```
+$ export AWS_REGION=us-east-1
+$ export AWS_ACCESS_KEY_ID="YOUR_ACCESS_KEY"
+$ export AWS_SECRET_ACCESS_KEY="YOUR_SECRET_KEY"
+```
+
+Run tests:
+
+```
+$ rake test
+```
+
+Or, If you do not want to use IAM roll or ENV(this is just like writing to configuration file) :
+
+```
+$ rake aws_key_id=YOUR_ACCESS_KEY aws_sec_key=YOUR_SECRET_KEY region=us-east-1 test
+```
+
+## Caution
+
+- If an event message exceeds API limit (256KB), the event will be discarded.
+
+## Cross-Account Operation
+In order to have an instance of this plugin running in one AWS account to fetch logs from another account cross-account IAM authentication is required. Whilst this can be accomplished by configuring specific instances of the plugin manually with credentials for the source account in question this is not desirable for a number of reasons.
+
+In this case IAM can be used to allow the fluentd instance in one account ("A") to ingest Cloudwatch logs from another ("B") via the following mechanic:
+
+* plugin instance running in account "A" has an IAM instance role assigned to the underlying EC2 instance
+* The IAM instance role and associated policies permit the EC2 instance to assume a role in another account
+* An IAM role in account "B" and associated policies allow read access to the Cloudwatch Logs service, as appropriate.
+
+### IAM Detail: Consuming Account "A"
+
+* Create an IAM role `cloudwatch`
+* Attach a policy to allow the role holder to assume another role (where `ACCOUNT-B` is substituted for the appropriate account number):
+
+```
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "sts:*"
+            ],
+            "Resource": [
+                "arn:aws:iam::ACCOUNT-B:role/fluentd"
+            ]
+        }
+    ]
+}
+```
+
+* Ensure the EC2 instance on which this plugin is executing as role `cloudwatch` as its assigned IAM instance role.
+
+### IAM Detail: Log Source Account "B"
+
+* Create an IAM role `fluentd`
+* Ensure the `fluentd` role as account "A" as a trusted entity:
+
+```
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "AWS": "arn:aws:iam::ACCOUNT-A:root"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+```
+
+* Attach a policy:
+
+```
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "logs:DescribeDestinations",
+                "logs:DescribeExportTasks",
+                "logs:DescribeLogGroups",
+                "logs:DescribeLogStreams",
+                "logs:DescribeMetricFilters",
+                "logs:DescribeSubscriptionFilters",
+                "logs:FilterLogEvents",
+                "logs:GetLogEvents"
+            ],
+            "Resource": [
+                "arn:aws:logs:eu-west-1:ACCOUNT-B:log-group:LOG_GROUP_NAME_FOR_CONSUMPTION:*"
+            ]
+        }
+    ]
+}
+```
+
+### Configuring the plugin for STS authentication
+```
+<source>
+  type cloudwatch_logs
+  region us-east-1      # You must supply a region
+  aws_use_sts true
+  aws_sts_role_arn arn:aws:iam::ACCOUNT-B:role/fluentd
+  log_group_name LOG_GROUP_NAME_FOR_CONSUMPTION
+  log_stream_name SOME_PREFIX
+  use_log_stream_name_prefix true
+  state_file /path/to/state_file
+  format /(?<message>.+)/
+</source>
+```
+
+## TODO
+
+* out_cloudwatch_logs
+  * if the data is too big for API, split into multiple requests
+  * format
+  * check data size
+* in_cloudwatch_logs
+  * format
+  * fallback to start_time because next_token expires after 24 hours
+
+## Contributing
+
+1. Fork it ( https://github.com/[my-github-username]/fluent-plugin-cloudwatch-logs/fork )
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create a new Pull Request

data/Rakefile

@@ -0,0 +1,9 @@
+require "bundler/gem_tasks"
+
+require 'rake/testtask'
+
+Rake::TestTask.new(:test) do |test|
+  test.libs << 'test'
+  test.test_files = FileList['test/plugin/*.rb']
+end
+

data/example/fluentd.conf

@@ -0,0 +1,23 @@
+<source>
+  type forward
+</source>
+
+<source>
+  type cloudwatch_logs
+  tag test.cloudwatch_logs.in
+  log_group_name fluent-plugin-cloudwatch-example
+  log_stream_name fluent-plugin-cloudwatch-example
+  state_file /tmp/fluent-plugin-cloudwatch-example.state
+</source>
+
+<match test.cloudwatch_logs.out>
+  type cloudwatch_logs
+  log_group_name fluent-plugin-cloudwatch-example
+  log_stream_name fluent-plugin-cloudwatch-example
+  auto_create_stream true
+</match>
+
+<match test.cloudwatch_logs.in>
+  type stdout
+</match>
+

data/fluent-plugin-cloudwatch-logs.gemspec

@@ -0,0 +1,29 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'fluent/plugin/cloudwatch/logs/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "fluent-plugin-cloudwatch-logs-yajl"
+  spec.version       = Fluent::Plugin::Cloudwatch::Logs::VERSION
+  spec.authors       = ["Todd Scott"]
+  spec.email         = ["tscott1213@gmail.com"]
+  spec.summary       = %q{CloudWatch Logs Plugin for Fluentd}
+  spec.homepage      = "https://github.com/tscott1213/fluent-plugin-cloudwatch-logs"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files -z`.split("\x0")
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency 'fluentd'
+  spec.add_dependency 'yajl-ruby', '~> 1.0'
+  spec.add_dependency 'aws-sdk-cloudwatchlogs', '~> 1.0'
+  spec.add_dependency 'fluent-mixin-config-placeholders', '>= 0.2.0'
+
+  spec.add_development_dependency "bundler", "~> 1.6"
+  spec.add_development_dependency "rake"
+  spec.add_development_dependency "test-unit"
+  spec.add_development_dependency "mocha"
+end

data/lib/fluent/plugin/cloudwatch/logs.rb

@@ -0,0 +1,11 @@
+require "fluent/plugin/cloudwatch/logs/version"
+
+module Fluent
+  module Plugin
+    module Cloudwatch
+      module Logs
+        # Your code goes here...
+      end
+    end
+  end
+end

data/lib/fluent/plugin/cloudwatch/logs/version.rb

@@ -0,0 +1,9 @@
+module Fluent
+  module Plugin
+    module Cloudwatch
+      module Logs
+        VERSION = "0.4.5"
+      end
+    end
+  end
+end

data/lib/fluent/plugin/in_cloudwatch_logs.rb

@@ -0,0 +1,164 @@
+require 'fluent/input'
+require 'fluent/parser'
+
+module Fluent
+  require 'fluent/mixin/config_placeholders'
+
+  class CloudwatchLogsInput < Input
+    Plugin.register_input('cloudwatch_logs', self)
+
+    include Fluent::Mixin::ConfigPlaceholders
+
+    # Define `router` method of v0.12 to support v0.10.57 or earlier
+    unless method_defined?(:router)
+      define_method("router") { Engine }
+    end
+
+    config_param :aws_key_id, :string, :default => nil, :secret => true
+    config_param :aws_sec_key, :string, :default => nil, :secret => true
+    config_param :aws_use_sts, :bool, default: false
+    config_param :aws_sts_role_arn, :string, default: nil
+    config_param :aws_sts_session_name, :string, default: 'fluentd'
+    config_param :region, :string, :default => nil
+    config_param :tag, :string
+    config_param :log_group_name, :string
+    config_param :log_stream_name, :string
+    config_param :use_log_stream_name_prefix, :bool, default: false
+    config_param :state_file, :string
+    config_param :fetch_interval, :time, default: 60
+    config_param :http_proxy, :string, default: nil
+
+    def initialize
+      super
+
+      require 'aws-sdk-cloudwatchlogs'
+    end
+
+    def placeholders
+      [:percent]
+    end
+
+    def configure(conf)
+      super
+      configure_parser(conf)
+    end
+
+    def start
+      options = {}
+      options[:region] = @region if @region
+      options[:http_proxy] = @http_proxy if @http_proxy
+
+      if @aws_use_sts
+        Aws.config[:region] = options[:region]
+        options[:credentials] = Aws::AssumeRoleCredentials.new(
+          role_arn: @aws_sts_role_arn,
+          role_session_name: @aws_sts_session_name
+        )
+      else
+        options[:credentials] = Aws::Credentials.new(@aws_key_id, @aws_sec_key) if @aws_key_id && @aws_sec_key
+      end
+
+      @logs = Aws::CloudWatchLogs::Client.new(options)
+
+      @finished = false
+      @thread = Thread.new(&method(:run))
+    end
+
+    def shutdown
+      @finished = true
+      @thread.join
+    end
+
+    private
+    def configure_parser(conf)
+      if conf['format']
+        @parser = Fluent::TextParser.new
+        @parser.configure(conf)
+      end
+    end
+
+    def state_file_for(log_stream_name)
+      return "#{@state_file}_#{log_stream_name.gsub(File::SEPARATOR, '-')}" if log_stream_name
+      return @state_file
+    end
+
+    def next_token(log_stream_name)
+      return nil unless File.exist?(state_file_for(log_stream_name))
+      File.read(state_file_for(log_stream_name)).chomp
+    end
+
+    def store_next_token(token, log_stream_name = nil)
+      open(state_file_for(log_stream_name), 'w') do |f|
+        f.write token
+      end
+    end
+
+    def run
+      @next_fetch_time = Time.now
+
+      until @finished
+        if Time.now > @next_fetch_time
+          @next_fetch_time += @fetch_interval
+
+          if @use_log_stream_name_prefix
+            log_streams = describe_log_streams
+            log_streams.each do |log_stream|
+              log_stream_name = log_stream.log_stream_name
+              events = get_events(log_stream_name)
+              events.each do |event|
+                emit(log_stream_name, event)
+              end
+            end
+          else
+            events = get_events(@log_stream_name)
+            events.each do |event|
+              emit(log_stream_name, event)
+            end
+          end
+        end
+        sleep 1
+      end
+    end
+
+    def emit(stream, event)
+      if @parser
+        record = @parser.parse(event.message)
+        router.emit(@tag, record[0], record[1])
+      else
+        time = (event.timestamp / 1000).floor
+        record = Yajl.load(event.message)
+        router.emit(@tag, time, record)
+      end
+    end
+
+    def get_events(log_stream_name)
+      request = {
+        log_group_name: @log_group_name,
+        log_stream_name: log_stream_name
+      }
+      request[:next_token] = next_token(log_stream_name) if next_token(log_stream_name)
+      response = @logs.get_log_events(request)
+      store_next_token(response.next_forward_token, log_stream_name)
+
+      response.events
+    end
+
+    def describe_log_streams(log_streams = nil, next_token = nil)
+      request = {
+        log_group_name: @log_group_name
+      }
+      request[:next_token] = next_token if next_token
+      request[:log_stream_name_prefix] = @log_stream_name
+      response = @logs.describe_log_streams(request)
+      if log_streams
+        log_streams.concat(response.log_streams)
+      else
+        log_streams = response.log_streams
+      end
+      if response.next_token
+        log_streams = describe_log_streams(log_streams, response.next_token)
+      end
+      log_streams
+    end
+  end
+end