fluent-plugin-newrelic 1.1.4 → 1.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8cb4af63cf04a60335e50efdc0861bb8207a8486abf19c119f19622c0d36f523
-  data.tar.gz: c64ccd499c958400b1be3459c7ec9c864515baa7155839f817a6627e5bef14a5
+  metadata.gz: aa7f85405e5ce666734d15281351981ca8d702e75efafc4b70221a5967c04426
+  data.tar.gz: cf1c6e0c8d5bb12f5f3c2af3adf05c414eb79ae80b700c70ab606b5ba3235c1c
 SHA512:
-  metadata.gz: da6b7569f2f5555c902673beff340926993167cb68b8f11f6154c80fe48a82158ff7eb41c86828517ee56f1957417822ad25a8203ef18e9a9c4b4121222f93cd
-  data.tar.gz: e7bbc86ca57b5c20df3e81c7ff61750b0a8e0cad1424ec22ca1cab875de2159fabb8becb768600b7959cab7cd48a4c69a51af4ba3204fc79ae656932dfac4ead
+  metadata.gz: e543ee72fc1808b59c121b85bc14df698c7eaeb8c762276a806f8171d07beccab88fb246f6d05277fb739602137ee77324013cf6aa87467b7528a8b89c345080
+  data.tar.gz: d7bcfaf304976556e14b666a5068d6cb16db89f1188712a5964e0ac25a3e5b808bf53144cbf8160bb71272c654ea35d245d395e393d43ad5bc43eabd49bf4d4b

data/.github/workflows/merge-to-master.yml

@@ -0,0 +1,40 @@
+name: New Relic Fluentd Output Plugin - Merge to master
+
+on:
+  push:
+    branches:
+      - master
+
+jobs:
+  ci:
+    name: Continuous Delivery pipeline
+    runs-on: ubuntu-18.04
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Setup Ruby, bundler and install dependencies
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ruby-2.7.2
+          bundler-cache: true # runs 'bundle install' and caches installed gems automatically
+
+      - name: Run unit tests
+        run: bundle exec rake
+
+      - name: Publish Unit Test Results
+        uses: EnricoMi/publish-unit-test-result-action@v1.5
+        if: always()
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          files: '**/TEST-*.xml'
+
+      - name: Build gem
+        run: gem build newrelic-fluentd-output.gemspec
+
+      - name: Publish fluent-plugin-newrelic to rubygems.org
+        env:
+          GEM_HOST_API_KEY: ${{ secrets.GEM_HOST_API_KEY }}
+        run: |
+          gem push fluent-plugin-newrelic-*.gem

data/.github/workflows/pr.yml

@@ -0,0 +1,28 @@
+name: New Relic Fluentd Output Plugin - Pull Request
+
+on: [pull_request]
+
+jobs:
+  ci:
+    name: Continuous Integration pipeline
+    runs-on: ubuntu-18.04
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Setup Ruby, bundler and install dependencies
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ruby-2.5.8
+          bundler-cache: true # runs 'bundle install' and caches installed gems automatically
+
+      - name: Run unit tests
+        run: bundle exec rake
+
+      - name: Publish Unit Test Results
+        uses: EnricoMi/publish-unit-test-result-action@v1.5
+        if: always()
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          files: '**/TEST-*.xml'

data/.github/workflows/repolinter.yml

@@ -0,0 +1,31 @@
+# NOTE: This file should always be named `repolinter.yml` to allow
+# workflow_dispatch to work properly
+name: Repolinter Action
+
+# NOTE: This workflow will ONLY check the default branch!
+# Currently there is no elegant way to specify the default
+# branch in the event filtering, so branches are instead
+# filtered in the "Test Default Branch" step.
+on: [push, workflow_dispatch]
+
+jobs:
+  repolint:
+    name: Run Repolinter
+    runs-on: ubuntu-latest
+    steps:
+      - name: Test Default Branch
+        id: default-branch
+        uses: actions/github-script@v2
+        with:
+          script: |
+            const data = await github.repos.get(context.repo)
+            return data.data && data.data.default_branch === context.ref.split('/').slice(-1)[0]
+      - name: Checkout Self
+        if: ${{ steps.default-branch.outputs.result == 'true' }}
+        uses: actions/checkout@v2
+      - name: Run Repolinter
+        if: ${{ steps.default-branch.outputs.result == 'true' }}
+        uses: newrelic/repolinter-action@v1
+        with:
+          config_url: https://raw.githubusercontent.com/newrelic/.github/main/repolinter-rulesets/community-plus.yml
+          output_type: issue

data/.gitignore

@@ -5,7 +5,7 @@
 /coverage/
 /doc/
 /pkg/
-/spec/reports/
+/test/reports/
 /tmp/
 .DS_Store
 .ruby-version

data/DEVELOPER.md

@@ -44,34 +44,3 @@ instead of `<match **>`), so that your output plugin does not also pick up thing
 * Make sure things start up OK: `tail -f /var/log/td-agent/td-agent.log`
 * Cause a change that you've configured Fluentd to pick up: (`echo "FluentdTest" >> /usr/local/var/log/test.log`
 * Look in `https://one.newrelic.com/launcher/logger.log-launcher` for your log message ("FluentdTest")
-
-## Pushing changes to the public repo
-
-After updating the New Relic repo with changes, changes will need to be pushed to the public GitHub repo 
-at: https://github.com/newrelic/newrelic-fluentd-output
-
-Make sure you have the public set up as a remote called `public`:
-```
-git remote add public git@github.com:newrelic/newrelic-fluentd-output.git
-```
-
-Sync:
-```
-git checkout --orphan single-commit-for-public-sync && \
-    # Remove things we don't want sent to the public-sync repo \
-    rm grandcentral.yml DEVELOPER.md && \
-    # Create a single commit and force push it, overwriting the remote master \
-    git commit -am "Mirrored commit" && \
-    git push --force public single-commit-for-public-sync:master && \
-    # Clean up \
-    git checkout master && \
-    git branch -D single-commit-for-public-sync
-```
-
-# Push changes to RubyGems
-After updating the source code and gem version in `version.rb`, push the changes to RubyGems. 
-Note, you must be a gem owner to publish changes on [RubyGems.org](https://rubygems.org/profiles/NR-LOGGING)
-
-* Build the gem: `gem build newrelic-fluentd-output.gemspec`
-* Publish the gem: `gem push fluent-plugin-newrelic-<VERSION>.gem` 
-  with the updated version (example: `gem push fluent-plugin-newrelic-0.2.2.gem`)

data/Gemfile

@@ -4,5 +4,5 @@ source 'https://rubygems.org'
 gemspec
 
 group :development do
-  gem "rspec"
+  gem "ci_reporter_test_unit"
 end

data/README.md

@@ -1,14 +1,22 @@
+[![Community Project header](https://github.com/newrelic/opensource-website/raw/master/src/images/categories/Community_Project.png)](https://opensource.newrelic.com/oss-category/#community-project)
+
 # fluent-plugin-newrelic
 
 A [Fluentd](https://fluentd.org/) output plugin that sends logs to New Relic
 
 This project is provided AS-IS WITHOUT WARRANTY OR SUPPORT, although you can report issues and contribute to the project here on GitHub.
 
+## Examples
+
+Please see the [examples](examples/) directory for ways to build a Docker image with the New Relic output plugin and other configuration types
+that could be useful in your environment.
+
 ## Prerequisites
 
 Fluentd >= v1.0
 
 ## Installation
+
 Add the plugin to your fluentd agent:
 
 `fluent-gem install fluent-plugin-newrelic`
@@ -23,22 +31,22 @@ For more info, review [Fluentd's official documentation](https://docs.fluentd.or
 
 ### Required plugin configuration
 
-Exactly one of the following:
+This plugin must be configured with either a New Relic API Insert key, or a New Relic License key.
+If both types of keys are specified, the API Insert key will take precedence.
 
-| Property | Description |
-|---|---|
-| api_key | your New Relic API Insert key |
-| license_key | your New Relic License key |
+To specify an API Insert key, either set the `api_key` property in the configuration, or set the `NEW_RELIC_API_KEY` environment variable. If both are specified, the configuration property will take precedence.
+
+To specify a license key, either set the `license_key` property in the configuration, or set the `NEW_RELIC_LICENSE_KEY` environment variable. If both are specified, the configuration property will take precedence.
 
 ### Optional plugin configuration
 
 | Property | Description | Default value |
 |---|---|---|
-| base_uri | New Relic ingestion endpoint | 'https://log-api.newrelic.com/log/v1' |
+| base_uri | New Relic ingestion endpoint | `https://log-api.newrelic.com/log/v1` |
 
 ### EU plugin configuration
 
-If you are running this plugin in the eu set the `base_uri` to `http://log-api.eu.newrelic.com/log/v1`.
+If you are running this plugin in the eu set the `base_uri` to `https://log-api.eu.newrelic.com/log/v1`.
 
 ### Fields
 
@@ -53,6 +61,7 @@ Add one of the following blocks to your Fluentd config file (with your specific
 #### Using Insights Inserts Key
 
 Example using Insights Insert key:
+
 ```rb
 <match **>
   @type newrelic
@@ -64,7 +73,9 @@ Getting your New Relic Insights Insert key:
 `https://insights.newrelic.com/accounts/<ACCOUNT_ID>/manage/api_keys`
 
 #### Using License Key
+
 Example using License key:
+
 ```rb
 <match **>
   @type newrelic
@@ -75,6 +86,18 @@ Example using License key:
 Getting your New Relic license key:
 `https://rpm.newrelic.com/accounts/<ACCOUNT_ID>`
 
+**A note about vulnerabilities**
+
+As noted in our [security policy](../../security/policy), New Relic is committed to the privacy and security of our customers and their data. We believe that providing coordinated disclosure by security researchers and engaging with the security community are important means to achieve our security goals.
+
+If you believe you have found a security vulnerability in this project or any of New Relic's products or websites, we welcome and greatly appreciate you reporting it to New Relic through [HackerOne](https://hackerone.com/newrelic).
+
+If you would like to contribute to this project, review [these guidelines](https://opensource.newrelic.com/code-of-conduct/).
+
+## License
+newrelic-fluentd-output is licensed under the [Apache 2.0](http://apache.org/licenses/LICENSE-2.0.txt) License.
+
+
 ## Copyright
 
 * Copyright(c) 2019 - New Relic

data/Rakefile

@@ -1,2 +1,19 @@
-require "bundler/gem_tasks"
+require "bundler"
+Bundler::GemHelper.install_tasks
+
+require "rake/testtask"
+require 'ci/reporter/rake/test_unit'
+
+Rake::TestTask.new(:test) do |t|
+  t.libs.push("lib", "test")
+  t.test_files = FileList["test/**/*_test.rb"]
+  t.verbose = true
+  t.warning = true
+end
+
+namespace :ci do
+  task :all => ['ci:setup:testunit', 'test']
+end
+
+task default: ["ci:all"]
 

data/examples/Dockerfile

@@ -0,0 +1,5 @@
+FROM fluent/fluentd:v1.9.1-1.0
+
+USER root
+
+RUN fluent-gem install fluent-plugin-newrelic

data/examples/Windows-IIS.conf

@@ -0,0 +1,85 @@
+####
+## New Relic Logs - Basic Windows Event + IIS config v1.5
+## Built in FluentD v1.7.4
+## by AI of NR 2/4/2020
+##
+## Don't forget to add your NR license key to the <match> statement at the bottom of this file.
+##
+
+## Windows Event Log Input
+<source>
+  @type windows_eventlog
+  @id windows_eventlog
+  tag winevt.raw
+  channels application,system,security
+  <storage>
+    @type local
+    persistent true
+    path c:/opt/td-agent/winevt.pos
+  </storage>
+</source>
+
+#
+# Windows IIS log parsing.  This config uses the standard W3C format and the standard location for IIS logs.
+# It expects the log timestamp to be UTC.
+# Change the path below if you store your logs elsewhere.
+#
+<source>
+  @type tail
+  tag iislog.raw
+  path c:/inetpub/logs/logfiles/*/*
+  pos_file c:/opt/td-agent/iislog.pos
+  <parse>
+    @type regexp
+    expression /(?<time>\d{4}-\d{2}-\d{2} [\d:]+) (?<message>.+)/
+    time_format %Y-%m-%d %H:%M:%S
+	utc true
+  </parse>
+</source>
+
+<filter iislog.raw>
+  @type parser
+  key_name message
+  remove_key_name_field false
+  reserve_data true
+  reserve_time true
+  <parse>
+    @type csv
+    delimiter ' '
+    keys hostname,req_method,req_uri,cs-uri-query,s_port,cs-username,c_ip,req_ua,req_referer,http_code,sc-substatus,sc-win32-status,time-taken
+    null_value_pattern -
+    null_empty_string true
+  </parse>
+</filter>
+
+#
+# For a slightly nicer experience, add Service Name (s-sitename) to your log output, comment out the filter above and use this one instead.
+#
+#<filter iislog.raw>
+#  @type parser
+#  key_name message
+#  remove_key_name_field false
+#  reserve_data true
+#  reserve_time true
+#  <parse>
+#    @type csv
+#    delimiter ' '
+#    keys service_name,hostname,req_method,req_uri,cs-uri-query,s_port,cs-username,c_ip,req_ua,req_referer,http_code,sc-substatus,sc-win32-status,time-taken
+#    null_value_pattern -
+#    null_empty_string true
+#  </parse>
+#</filter>
+
+<filter winevt.raw>
+  @type record_transformer
+  <record>
+    message ${record["description"]}
+	  hostname ${record["computer_name"]}
+  </record>
+</filter>
+
+# New Relic output
+<match **>
+  @type newrelic
+  api_key <YOUR INSERT KEY>
+</match>

data/examples/copy_output.conf

@@ -0,0 +1,43 @@
+#Tail and parse Apache access logs
+
+<source>
+   @type tail
+   @id input_tail_apache
+   tag apache_access
+   path /var/log/apache2/access.log
+   pos_file /var/log/apache2/access.pos
+   path_key filename
+   <parse>
+   @type apache2
+   </parse>
+ </source>
+ 
+ #Add hostname and tag fields to all events ("records") with a Fluentd tag of apache_access
+ 
+ <filter apache_access>
+  @type record_transformer
+  <record>
+    hostname "#{Socket.gethostname}"
+    tag ${tag}
+  </record>
+</filter>
+
+#Output (https://docs.fluentd.org/output/copy) events to both New Relic and a local file.
+
+<match **>
+  @type copy
+  <store>
+  @type newrelic
+  api_key <YOUR INSERT KEY>
+  </store>
+  <store>
+  @type file
+  path /var/log/apacheout.log
+  <buffer>
+    #Buffer settings are for testing and not recommended for use in a production environment.
+    timekey 10s
+    timekey_use_utc true
+    timekey_wait 15s
+  </buffer>
+  </store>
+</match>

data/examples/custom_field.conf

@@ -0,0 +1,32 @@
+#Tail and parse Docker log files
+
+<source>
+  @type tail
+  path /var/lib/docker/containers/*/*-json.log
+  pos_file /var/log/docker-log.pos
+  read_from_head true
+  tag containers
+  <parse>
+    @type json
+    time_format %Y-%m-%dT%H:%M:%S.%NZ
+    keep_time_key true
+    time_key time
+  </parse>
+</source>
+
+<filter containers>
+  @type record_transformer
+  enable_ruby true
+  <record>
+    #Add hostname and tag fields to all records
+    fluentd_host "#{Socket.gethostname}"
+    tag ${tag}
+  </record>
+</filter>
+
+# Forward events to New Relic
+
+<match containers>
+  @type newrelic
+  api_key <YOUR INSERT KEY>
+  </match>

data/examples/file_input.conf

@@ -0,0 +1,29 @@
+#Tail arbitrary text/log file
+
+<source>
+  @type tail
+  <parse>
+    @type none
+  </parse>
+  path /var/log/backend-app*.log
+  pos_file /var/log/backend.application.pos
+  path_key filename # Add watched file path to path_key field for every event/record.
+  tag backend.application
+</source>
+
+ #Add hostname and tag fields to all events ("records") with a Fluentd tag of backend.application
+ 
+ <filter backend.application>
+  @type record_transformer
+  <record>
+    hostname "#{Socket.gethostname}"
+    tag ${tag}
+  </record>
+</filter>
+
+#Write events to New Relic
+
+<match backend.application>
+  @type newrelic
+  api_key <YOUR INSERT KEY>
+</match>

data/examples/filter_logs.conf

@@ -0,0 +1,52 @@
+#Tail and parse arbitrary text/log file
+
+<source>
+  @type tail
+  <parse> #Parse timestamp, everything else to be stored in message field
+    @type regexp
+    expression /^\[(?<logtime>[^\]]*)\] (?<message>.*)$/
+    time_key logtime
+    time_format %Y-%m-%d %H:%M:%S %z
+  </parse>
+  path /var/log/backend-app*.log
+  pos_file /var/log/backend.application.pos
+  path_key filename # Add watched file path to path_key field for every event/record.
+  tag backend.application
+</source>
+
+#Add hostname and service_name fields to all events ("records") with a Fluentd tag of backend.application
+ 
+<filter backend.application>
+  @type record_transformer
+  <record>
+    hostname "#{Socket.gethostname}"
+    service_name ${tag}
+  </record>
+</filter>
+
+# For all events with a tag of backend.application:
+# Keep ONLY events where service_name field contains a value matching /backend.application/ AND where message field contains a value matching /Cannot connect to/
+# Discard any events where value of hostname field matches /staging/
+
+<filter backend.application>
+  @type grep
+  <regexp>
+    key service_name
+    pattern /backend.application/
+  </regexp>
+   <regexp>
+    key message
+    pattern /Cannot connect to/
+  </regexp>
+  <exclude>
+    key hostname
+    pattern /staging/
+  </exclude>
+</filter>
+
+#Write events with backend.application tag to New Relic
+
+<match backend.application>
+  @type newrelic
+  api_key <YOUR INSERT KEY>
+</match>

data/examples/grok_parser.conf

@@ -0,0 +1,43 @@
+#Tail arbitrary log file and parse using grok pattern
+#Install the required plugin: fluent-gem install fluent-plugin-grok-parser
+
+<source>
+  @type tail
+  <parse>
+    @type grok
+    <grok>
+      pattern %{SYSLOGTIMESTAMP:timestamp} %{LOGLEVEL:loglevel}: %{GREEDYDATA:message}
+    </grok>
+  </parse>
+  path /var/log/customapp.log
+  pos_file /var/log/customapp.pos
+  path_key filename
+  tag custom.application
+</source>
+
+# Drop events with custom.application tag where loglevel field contains "debug" or "info" (case-insensitive match)
+
+<filter custom.application>
+  @type grep
+  <exclude>
+    key loglevel
+    pattern /debug|info/i
+  </exclude>
+</filter>
+
+#Add hostname and tag fields to all events ("records") with a Fluentd tag of custom.application
+ 
+ <filter custom.application>
+  @type record_transformer
+  <record>
+    hostname "#{Socket.gethostname}"
+    tag ${tag}
+  </record>
+</filter>
+
+#Write custom.application events to New Relic
+
+<match custom.application>
+  @type newrelic
+  api_key <YOUR INSERT KEY>
+</match>

data/examples/minimal_complete_config.conf

@@ -0,0 +1,27 @@
+#Tail arbitrary text/log file
+
+<source>
+  @type tail
+  <parse>
+    @type none
+  </parse>
+  path /home/logs/*
+  path_key file
+  tag sample.tag
+</source>
+
+#Add service_name field to all events ("records") with a Fluentd tag of sample.tag
+
+<filter sample.tag>
+  @type record_transformer
+  <record>
+    service_name ${tag}
+  </record>
+</filter>
+
+#Write sample.tag events to New Relic
+
+<match sample.tag>
+  @type newrelic
+  api_key <YOUR INSERT KEY>
+</match>

data/examples/multiline_log_parse.conf

@@ -0,0 +1,11 @@
+ <filter backend.application>
+    @type parser
+    <parse>
+      @type multiline_grok
+      grok_failure_key grokfailure
+      multiline_start_regex ^abc
+      <grok>
+        pattern %{GREEDYDATA:message}
+      </grok>
+    </parse>
+  </filter>

data/examples/parse_nginx.conf

@@ -0,0 +1,17 @@
+#Tail and parse NGINX log file
+
+<source>
+  @type tail
+  <parse>
+    @type nginx
+  </parse>
+  path /path/to/access.log
+  tag nginx.access
+</source>
+
+#Write events with tag matching nginx.* to New Relic
+
+<match nginx.*>
+  @type newrelic
+  api_key <YOUR INSERT KEY>
+</match>

data/examples/readme.md

@@ -0,0 +1,71 @@
+# Fluentd -> New Relic Examples
+
+## Creating a Docker Image
+
+Using [Fluentd](https://www.fluentd.org/) as an image makes it simple to deploy a quick input logging solution for functions such as [Syslogs](https://docs.fluentd.org/input/syslog), [HTTP](https://docs.fluentd.org/input/http), custom [UDP](https://docs.fluentd.org/input/udp) and [TCP](https://docs.fluentd.org/input/tcp) use cases, [SNMP](https://github.com/iij/fluent-plugin-snmp), along with many other functions. The [Fluentd](https://www.fluentd.org/) team has put together a great [set of documents](https://docs.fluentd.org/container-deployment) to help you get their basic configuration setup. After that, you will want to get your logs flowing into [New Relic Logs](https://docs.newrelic.com/docs/logs/new-relic-logs/get-started/introduction-new-relic-logs) to create alerts and monitor your systems.
+
+If you are able to use the Fluentd image directly, it is really simple build on that image and add the New Relic Fluentd Output Plugin. The below set of steps assumes you have some basic understanding of building a Docker image.
+
+### Docker Image: Steps
+
+#### 1. Create a `Dockerfile`
+
+It doesn't take much to get the New Relic Output Plugin into a docker image. Here is a good example from Docker on how best to create an image, [LINK](https://docs.docker.com/develop/develop-images/dockerfile_best-practices/).
+
+We have an [example Docker file](Dockerfile) in this folder which can be used to get moving quickly.
+
+#### 2. Build the Image
+
+The build process is simple and will register a newly created image in your local Docker repository. If you want to use this image for multiple machines, you will need to publish the image to a location you can access.
+
+```bash
+# Run this command in the same directory as the Docker file or point to its location
+docker build --tag nr-fluent:latest nri-fluentd .
+
+# Run this command to verify the image was created
+docker image ls
+
+REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
+nr-fluent           latest              70c388b63afc        1 minute ago        44.9MB
+```
+
+#### 3. Run the Docker Image
+
+The next steps assume that you have already created a `fluentd.conf` file with is ready to being monitoring. If you haven't, you must do so before you continue.
+
+In the following example can be used if you are going to run a syslog server on the image.
+
+```bash
+# Notice that the syntax for exposing the UDP port is a bit different
+# In testing, it appeared that trying to map the UDP port to from a different one configured in the Fluentd config file didn't work as expected
+docker run -d --name "syslog" -p 0.0.0.0:5140:5140/udp -p 0.0.0.0:5142:5142/udp -v /etc/fluentd:/fluentd/etc -e FLUENTD_CONF=fluentd.conf nr-fluent:latest
+```
+
+## Configuring a Syslog Server with Fluentd and New Relic Logs
+
+In the below example, we are going to create a `fluentd.conf` which will enable a syslog server. It is a good idea to determine if your syslog server is going
+to connect to this service using UDP or TCP. By default, most syslog servers will likely use UDP. In the below example, I am setting up two syslog listeners for
+Ubiquiti [Edgemax router](https://help.ubnt.com/hc/en-us/articles/204975904-EdgeRouter-Remote-Syslog-Server-for-System-Logs) and the [Unifi Security Gateway and Access points](https://community.ui.com/questions/syslog-server-and-unifi-logs/bbde4318-e73f-4efe-b1b9-ae11319cc1d9).
+
+### Fluentd.Conf: Steps
+
+#### 1. Create a `fluentd.conf` file in a known directory on the host machine
+
+Below, I have chosen `/etc/fluentd/` as my directory.
+
+```bash
+# Make the directory
+sudo mkdir /etc/fluentd
+
+# Edit the file
+sudo nano /etc/fluentd/fluentd.conf
+```
+
+#### 2. Add the contents from the [`syslog/fluentd.conf`](syslog/fluentd.config)
+
+You can find the contents of the [`syslog/fluentd.conf`](syslog/fluentd.config) in the sub folder `syslog`. These contents should provide a quick start to getting started. In the provided
+example, the syslog details are coming from the above mentioned devices. You may need to tweak the configuration according to the server sending the syslog traffic.
+
+#### 3. Check New Relic for New Logs
+
+That is all it should take to get a new stream of logs coming from those devices.

data/examples/syslog/fluentd.config

@@ -0,0 +1,47 @@
+# UNIFI
+<source>
+  @type syslog
+  port 5140
+  bind 0.0.0.0
+  tag unifi
+</source>
+
+<filter unifi.**>
+  @type record_transformer
+  renew_record true
+  enable_ruby true
+  <record>
+    timestamp ${time.to_f}
+    hostname ${record["host"][/(^.*?),/, 1]}
+    service ${tag_prefix[1]}
+    log_level ${tag_suffix[2]}
+    message ${record.to_json}
+  </record>
+</filter>
+
+# EDGE MAX
+<source>
+  @type syslog
+  port 5142
+  bind 0.0.0.0
+  tag edge-max
+</source>
+
+<filter edge-max.**>
+  @type record_transformer
+  renew_record true
+  enable_ruby true
+  <record>
+    timestamp ${time.to_f}
+    hostname ${record["host"]}
+    service ${tag_prefix[1]}
+    log_level ${tag_suffix[2]}
+    message ${record.to_json}
+  </record>
+</filter>
+
+# Send data
+<match **>
+  @type newrelic
+  api_key <CHANGE TO YOUR LICENSE KEY HERE>
+</match>

data/examples/syslog_input.conf

@@ -0,0 +1,5 @@
+<source>
+  @type syslog
+  port 5140
+  tag syslog.messages
+</source>

data/lib/fluent/plugin/out_newrelic.rb

@@ -33,6 +33,7 @@ module Fluent
       config_param :license_key, :string, :default => nil
 
       DEFAULT_BUFFER_TYPE = 'memory'.freeze
+      MAX_PAYLOAD_SIZE = 1000000 # bytes
 
       config_section :buffer do
         config_set_default :@type, DEFAULT_BUFFER_TYPE
@@ -49,17 +50,19 @@ module Fluent
 
       def configure(conf)
         super
+
+        @api_key ||= ENV["NEW_RELIC_API_KEY"]
+        @license_key ||= ENV["NEW_RELIC_LICENSE_KEY"]
         if @api_key.nil? && @license_key.nil?
-          raise Fluent::ConfigError.new("'api_key' or `license_key` parameter is required") 
+          raise Fluent::ConfigError.new("'api_key' or 'license_key' parameter is required")
         end
 
         # create initial sockets hash and socket based on config param
         @end_point = URI.parse(@base_uri)
         auth = {
           @api_key.nil? ? 'X-License-Key' : 'X-Insert-Key' =>
-          @api_key.nil? ? @license_key : @api_key 
+          @api_key.nil? ? @license_key : @api_key
         }
-        puts auth
         @header = {
             'X-Event-Source' => 'logs',
             'Content-Encoding' => 'gzip'
@@ -68,6 +71,9 @@ module Fluent
       end
 
       def package_record(record, timestamp)
+        if defined? timestamp.nsec
+          timestamp = timestamp * 1000 + timestamp.nsec / 1_000_000
+        end
         packaged = {
           'timestamp' => timestamp,
           # non-intrinsic attributes get put into 'attributes'
@@ -87,39 +93,23 @@ module Fluent
           packaged['message'] = record['log']
           packaged['attributes'].delete('log')
         end
-        
+
         packaged
       end
 
       def write(chunk)
-        payload = {
-          'common' => {
-            'attributes' => {
-              'plugin' => {
-                'type' => 'fluentd',
-                'version' => NewrelicFluentdOutput::VERSION,
-              }
-            }
-          },
-          'logs' => []
-        }
+        logs = []
         chunk.msgpack_each do |ts, record|
           next unless record.is_a? Hash
           next if record.empty?
-          payload['logs'].push(package_record(record, ts))
+          logs.push(package_record(record, ts))
         end
-        io = StringIO.new
-        gzip = Zlib::GzipWriter.new(io)
 
-        # Fluentd can run with a version of Ruby (2.1.0) whose to_json method doesn't support non-ASCII characters.
-        # So we use Yajl, which can handle all Unicode characters. Apparently this library is what Fluentd uses
-        # internally, so it is installed by default with td-agent.
-        # See https://github.com/fluent/fluentd/issues/215
-        gzip << Yajl.dump([payload])
-        gzip.close
-        send_payload(io.string)
+
+        payloads = get_compressed_payloads(logs)
+        payloads.each { |payload| send_payload(payload) }
       end
-      
+
       def handle_response(response)
         if !(200 <= response.code.to_i && response.code.to_i < 300)
           log.error("Response was " + response.code + " " + response.body)
@@ -130,12 +120,63 @@ module Fluent
         http = Net::HTTP.new(@end_point.host, 443)
         http.use_ssl = true
         http.verify_mode = OpenSSL::SSL::VERIFY_PEER
-        puts @header
         request = Net::HTTP::Post.new(@end_point.request_uri, @header)
         request.body = payload
         handle_response(http.request(request))
       end
 
+      private
+
+      def get_compressed_payloads(logs)
+        return [] if logs.length == 0
+
+        payload = create_payload(logs)
+        compressed_payload = compress(payload)
+
+        if compressed_payload.bytesize <= MAX_PAYLOAD_SIZE
+          return [compressed_payload]
+        end
+
+        compressed_payload = nil # Free for GC
+
+        if logs.length > 1 # we can split
+          # let's split logs array by half, and try to create payloads again
+          midpoint = logs.length / 2
+          first_half = get_compressed_payloads(logs.slice(0, midpoint))
+          second_half = get_compressed_payloads(logs.slice(midpoint, logs.length))
+          return first_half + second_half
+        else
+          log.error("Can't compress record below required maximum packet size and it will be discarded. Record: #{logs[0]}")
+          return []
+        end
+      end
+
+      def create_payload(logs)
+        {
+          'common' => {
+            'attributes' => {
+              'plugin' => {
+                'type' => 'fluentd',
+                'version' => NewrelicFluentdOutput::VERSION,
+              }
+            }
+          },
+          'logs' => logs
+        }
+      end
+
+      def compress(payload)
+        io = StringIO.new
+        gzip = Zlib::GzipWriter.new(io)
+
+        # Fluentd can run with a version of Ruby (2.1.0) whose to_json method doesn't support non-ASCII characters.
+        # So we use Yajl, which can handle all Unicode characters. Apparently this library is what Fluentd uses
+        # internally, so it is installed by default with td-agent.
+        # See https://github.com/fluent/fluentd/issues/215
+        gzip << Yajl.dump([payload])
+        gzip.close
+        io.string
+      end
     end
   end
 end

data/lib/newrelic-fluentd-output/version.rb

@@ -1,3 +1,3 @@
 module NewrelicFluentdOutput
-  VERSION = "1.1.4"
+  VERSION = "1.2.0"
 end

data/merge-to-master-pipeline.yml

@@ -0,0 +1,57 @@
+# Run any time a commit is merged to the 'master' branch
+trigger:
+  - master
+
+# There is a separate pipeline for PRs (it does not do deploys)
+pr: none
+
+pool:
+  vmImage: 'ubuntu-latest'
+
+steps:
+  - task: DownloadSecureFile@1
+    name: "rubyGemsCredentials"
+    inputs:
+      secureFile: 'credentials'
+
+  - task: UseRubyVersion@0
+    inputs:
+      versionSpec: '>= 2.5'
+
+  - script: |
+      gem install bundler
+      bundle update
+      bundle install --retry=3 --jobs=4
+    displayName: 'bundle install'
+
+  - task: Bash@3
+    displayName: 'Run tests'
+    inputs:
+      targetType: 'inline'
+      script: |
+        bundle exec rake
+
+  - task: PublishTestResults@2
+    inputs:
+      testResultsFormat: 'JUnit'
+      testResultsFiles: '**/TEST-*.xml'
+      mergeTestResults: true
+      failTaskOnFailedTests: true
+      testRunTitle: 'Publish tests'
+
+  - task: Bash@3
+    displayName: 'Build gem'
+    inputs:
+      targetType: 'inline'
+      script: |
+        gem build newrelic-fluentd-output.gemspec
+
+  - task: Bash@3
+    displayName: 'Publish gem to RubyGems'
+    inputs:
+      targetType: 'inline'
+      script: |
+        eval "$(rbenv init -)"
+        mv $(rubyGemsCredentials.secureFilePath) ~/.gem/credentials
+        sudo chmod 600 ~/.gem/credentials
+        gem push fluent-plugin-newrelic-*.gem

data/newrelic-fluentd-output.gemspec

@@ -23,4 +23,5 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "rake"
   spec.add_development_dependency "test-unit"
   spec.add_development_dependency "webmock"
+  spec.add_development_dependency "rspec_junit_formatter"
 end

data/pr-pipeline.yml

@@ -0,0 +1,33 @@
+pr:
+  branches:
+    include:
+      - '*'
+
+pool:
+  vmImage: 'ubuntu-latest'
+
+steps:
+  - task: UseRubyVersion@0
+    inputs:
+      versionSpec: '>= 2.5'
+
+  - script: |
+      gem install bundler
+      bundle update
+      bundle install --retry=3 --jobs=4
+    displayName: 'bundle install'
+
+  - task: Bash@3
+    displayName: 'Run tests'
+    inputs:
+      targetType: 'inline'
+      script: |
+        bundle exec rake
+
+  - task: PublishTestResults@2
+    inputs:
+      testResultsFormat: 'JUnit'
+      testResultsFiles: '**/TEST-*.xml'
+      mergeTestResults: true
+      failTaskOnFailedTests: true
+      testRunTitle: 'Publish tests'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: fluent-plugin-newrelic
 version: !ruby/object:Gem::Version
-  version: 1.1.4
+  version: 1.2.0
 platform: ruby
 authors:
 - New Relic Logging Team
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2019-09-30 00:00:00.000000000 Z
+date: 2021-05-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: fluentd
@@ -80,6 +80,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec_junit_formatter
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: 
 email:
 - logging-team@newrelic.com
@@ -88,18 +102,34 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".dockerignore"
+- ".github/workflows/merge-to-master.yml"
+- ".github/workflows/pr.yml"
+- ".github/workflows/repolinter.yml"
 - ".gitignore"
-- ".rspec"
 - DEVELOPER.md
 - Dockerfile
 - Gemfile
 - LICENSE
 - README.md
 - Rakefile
-- grandcentral.yml
+- examples/Dockerfile
+- examples/Windows-IIS.conf
+- examples/copy_output.conf
+- examples/custom_field.conf
+- examples/file_input.conf
+- examples/filter_logs.conf
+- examples/grok_parser.conf
+- examples/minimal_complete_config.conf
+- examples/multiline_log_parse.conf
+- examples/parse_nginx.conf
+- examples/readme.md
+- examples/syslog/fluentd.config
+- examples/syslog_input.conf
 - lib/fluent/plugin/out_newrelic.rb
 - lib/newrelic-fluentd-output/version.rb
+- merge-to-master-pipeline.yml
 - newrelic-fluentd-output.gemspec
+- pr-pipeline.yml
 homepage: https://github.com/newrelic/newrelic-fluentd-output
 licenses:
 - Apache-2.0
@@ -119,7 +149,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.1
+rubygems_version: 3.1.4
 signing_key: 
 specification_version: 4
 summary: Sends FluentD events to New Relic

data/.rspec

@@ -1,2 +0,0 @@
---format documentation
---color

data/grandcentral.yml

@@ -1,29 +0,0 @@
-slack_channel: logging-notifications
-deploy_mechanism: none
-test_suites:
-- command: |
-    mkdir -p ~/.gem
-    curl -u $ARTIFACTORY_USERNAME:$ARTIFACTORY_PASSWORD https://artifacts.datanerd.us/api/gems/newrelic-gems-local/api/v1/api_key.yaml -o ~/.gem/credentials
-    chmod 0600 ~/.gem/credentials
-    bundle install && bundle exec rspec
-  environment:
-    dockerfile: Dockerfile
-  name: Unit Tests
-build:
-  environment:
-    dockerfile: Dockerfile
-    secret_env_vars:
-    - name: ARTIFACTORY_USERNAME
-      shared_path: artifactory
-    - name: ARTIFACTORY_PASSWORD
-      shared_path: artifactory
-  publish:
-    command: |
-      mkdir -p ~/.gem
-      curl -u $ARTIFACTORY_USERNAME:$ARTIFACTORY_PASSWORD https://artifacts.datanerd.us/api/gems/newrelic-gems-local/api/v1/api_key.yaml -o ~/.gem/credentials
-      chmod 0600 ~/.gem/credentials
-      bundle install
-      gem release --host https://artifacts.datanerd.us/api/gems/newrelic-gems-local
-  read_version:
-    command: cat ./lib/newrelic-fluentd-output/version.rb | grep VERSION | awk '{
-      gsub("\"", "", $3); print $3 }'