fluent-plugin-remote-syslog 1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: c8779785fa2d22e09a93e60c4d1aa5d47c758155
+  data.tar.gz: 14c7ca85158b96ef3e322acf589c627e0b3c73ee
+SHA512:
+  metadata.gz: 875236530f7c6c97b34959bd5c1c56b97643d30696c58cd377d0632619cbe9302a3fcbb992de1c2d829d9dd8f41b24fb26fbebd766aae91ca52e5a9464c4997d
+  data.tar.gz: a52bd2123e0ccb0ed7f8863e0835270a0772a89328c03034aaf2d1cd13f78d86dd93b8a864e5d2446c6398360d70882c9582b09d4a75e9e4400b999c9bc9a69b

data/.gitignore

@@ -0,0 +1 @@
+.idea

data/Gemfile

@@ -0,0 +1,3 @@
+source "http://rubygems.org"
+
+gemspec

data/README.md

@@ -0,0 +1,39 @@
+fluent-plugin-remote-syslog
+===========================
+
+fluentd plugin for streaming logs out to a remote syslog server or syslog SaaS service (like Papertrail)
+
+#Available Plugins:
+* out_syslog: registers itself as "syslog", and is the non-buffered implementation, communicating through UDP
+* out_syslog_buffered: registers itself as "syslog_buffered", and is the buffered implementation, communicating through TCP
+
+#Plugin Settings:
+Both plugins have the same configuration options:
+
+* remote_syslog: fqdn or ip of the remote syslog instance
+* port: the port, where the remote syslog instance is listening
+* hostname: hostname to be set for syslog messages
+* remove_tag_prefix: remove tag prefix for tag placeholder. 
+* tag_key: use the field specified in tag_key from record to set the syslog key
+* facility: Syslog log facility
+* severity: Syslog log severity
+* use_record: Use severity and facility from record if available
+* payload_key: Use the field specified in payload_key from record to set payload
+
+#Configuration example:
+```
+<match site.*>
+  type syslog_buffered
+  remote_syslog your.syslog.host
+  port 25
+  hostname ${hostname}
+  facility local0
+  severity debug
+</match>
+```
+
+
+Contributors:
+
+* Andrea Spoldi 
+* [deathowl](http://github.com/deathowl)

data/Rakefile

@@ -0,0 +1,11 @@
+#!/usr/bin/env rake
+require "bundler/gem_tasks"
+
+require 'rake/testtask'
+Rake::TestTask.new(:test) do |test|
+  test.libs << 'lib' << 'test'
+  test.pattern = 'test/**/test_*.rb'
+  test.verbose = true
+end
+
+task :default => :test

data/fluent-plugin-remote-syslog.gemspec

@@ -0,0 +1,23 @@
+# encoding: utf-8
+$:.push File.expand_path('../lib', __FILE__)
+
+Gem::Specification.new do |gem|
+  gem.name        = "fluent-plugin-remote-syslog"
+  gem.description = "Output plugin for streaming logs out to a remote syslog"
+  gem.homepage    = "https://github.com/docebo/fluent-plugin-remote-syslog"
+  gem.summary     = gem.description
+  gem.version     = "1.0"
+  gem.authors     = ["Andrea Spoldi"]
+  gem.email       = "devops@docebo.com"
+  gem.has_rdoc    = false
+  gem.license     = 'MIT'
+  gem.files       = `git ls-files`.split("\n")
+  gem.test_files  = `git ls-files -- {test,spec,features}/*`.split("\n")
+  gem.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  gem.require_paths = ['lib']
+
+  gem.add_dependency "fluentd", "~> 0.10.45"
+  gem.add_dependency "fluent-mixin-config-placeholders", "~> 0.2.0"
+  gem.add_dependency "syslog_protocol"
+  gem.add_development_dependency "rake", ">= 0.9.2"
+end

data/lib/fluentd/plugin/out_syslog.rb

@@ -0,0 +1,103 @@
+require 'fluent/mixin/config_placeholders'
+module Fluent
+
+  class SyslogOutput < Fluent::Output
+    # First, register the plugin. NAME is the name of this plugin
+    # and identifies the plugin in the configuration file.
+    Fluent::Plugin.register_output('syslog', self)
+
+    # This method is called before starting.
+
+    config_param :remote_syslog, :string, :default => nil
+    config_param :port, :integer, :default => 25
+    config_param :hostname, :string, :default => ""
+    config_param :remove_tag_prefix, :string, :default => nil
+    config_param :tag_key, :string, :default => nil
+    config_param :facility, :string, :default => 'user'
+    config_param :severity, :string, :default => 'debug'
+    config_param :use_record, :string, :default => nil
+    config_param :payload_key, :string, :default => 'message'
+
+
+    def initialize
+      super
+      require 'socket'
+      require 'syslog_protocol'
+    end
+
+    def configure(conf)
+      super
+      if not conf['remote_syslog']
+        raise Fluent::ConfigError.new("remote syslog required")
+      end
+      @socket = UDPSocket.new
+      @packet = SyslogProtocol::Packet.new
+      if remove_tag_prefix = conf['remove_tag_prefix']
+          @remove_tag_prefix = Regexp.new('^' + Regexp.escape(remove_tag_prefix))
+      end
+      @facilty = conf['facility']
+      @severity = conf['severity']
+      @use_record = conf['use_record']
+      @payload_key = conf['payload_key']
+      if not @payload_key
+        @payload_key = "message"
+      end
+    end
+
+
+    # This method is called when starting.
+    def start
+      super
+    end
+
+    # This method is called when shutting down.
+    def shutdown
+      super
+    end
+
+    # This method is called when an event reaches Fluentd.
+    # 'es' is a Fluent::EventStream object that includes multiple events.
+    # You can use 'es.each {|time,record| ... }' to retrieve events.
+    # 'chain' is an object that manages transactions. Call 'chain.next' at
+    # appropriate points and rollback if it raises an exception.
+    def emit(tag, es, chain)
+      tag = tag.sub(@remove_tag_prefix, '') if @remove_tag_prefix
+      chain.next
+      es.each {|time,record|
+        @packet.hostname = hostname
+        if @use_record
+          @packet.facility = record['facility'] || @facilty
+          @packet.severity = record['severity'] || @severity
+        else
+          @packet.facility = @facilty
+          @packet.severity = @severity
+        end
+        if record['time']
+          time = Time.parse(record['time'])
+        else
+          time = Time.now
+        end
+        @packet.time = time
+        @packet.tag      = if tag_key
+                              record[tag_key][0..31].gsub(/[\[\]]/,'') # tag is trimmed to 32 chars for syslog_protocol gem compatibility
+                           else
+                              tag[0..31] # tag is trimmed to 32 chars for syslog_protocol gem compatibility
+                           end
+        packet = @packet.dup
+        packet.content = record[@payload_key]
+        @socket.send(packet.assemble, 0, @remote_syslog, @port)
+    }
+    end
+  end
+  class Time < Time
+    def timezone(timezone = 'UTC')
+      old = ENV['TZ']
+      utc = self.dup.utc
+      ENV['TZ'] = timezone
+      output = utc.localtime
+      ENV['TZ'] = old
+      output
+    end
+  end
+
+end

data/lib/fluentd/plugin/out_syslog_buffered.rb

@@ -0,0 +1,146 @@
+require 'fluent/mixin/config_placeholders'
+module Fluent
+  class SyslogBufferedOutput < Fluent::BufferedOutput
+    # First, register the plugin. NAME is the name of this plugin
+    # and identifies the plugin in the configuration file.
+    Fluent::Plugin.register_output('syslog_buffered', self)
+
+    # This method is called before starting.
+
+    config_param :remote_syslog, :string, :default => ""
+    config_param :port, :integer, :default => 25
+    config_param :hostname, :string, :default => ""
+    config_param :remove_tag_prefix, :string, :default => nil
+    config_param :tag_key, :string, :default => nil
+    config_param :facility, :string, :default => 'user'
+    config_param :severity, :string, :default => 'debug'
+    config_param :use_record, :string, :default => nil
+    config_param :payload_key, :string, :default => 'message'
+
+
+    def initialize
+      super
+      require 'socket'
+      require 'syslog_protocol'
+      require 'timeout'
+    end
+
+    def configure(conf)
+      super
+      if not conf['remote_syslog']
+        raise Fluent::ConfigError.new("remote syslog required")
+      end
+        @socket = create_tcp_socket(conf['remote_syslog'], conf['port'])
+      @packet = SyslogProtocol::Packet.new
+      if remove_tag_prefix = conf['remove_tag_prefix']
+        @remove_tag_prefix = Regexp.new('^' + Regexp.escape(remove_tag_prefix))
+      end
+      @facilty = conf['facility']
+      @severity = conf['severity']
+      @use_record = conf['use_record']
+      @payload_key = conf['payload_key']
+      if not @payload_key
+        @payload_key = "message"
+      end
+    end
+
+    def format(tag, time, record)
+      [tag, time, record].to_msgpack
+    end
+
+    def create_tcp_socket(host, port)
+      begin
+        Timeout.timeout(10) do
+          begin
+            socket = TCPSocket.new(host, port)
+          rescue Errno::ENETUNREACH
+            retry
+          end
+        end
+        socket = TCPSocket.new(host, port)
+        secs = Integer(1)
+        usecs = Integer((1 - secs) * 1_000_000)
+        optval = [secs, usecs].pack("l_2")
+        socket.setsockopt Socket::SOL_SOCKET, Socket::SO_SNDTIMEO, optval
+      rescue SocketError, Errno::ECONNREFUSED, Errno::ECONNRESET, Errno::EPIPE, Timeout::Error, OpenSSL::SSL::SSLError, Timeout::Error => e
+        log.warn "out:syslog: failed to open tcp socket  #{@remote_syslog}:#{@port} :#{e}"
+        socket = nil
+      end
+      socket
+    end
+
+    # This method is called when starting.
+    def start
+      super
+    end
+
+    # This method is called when shutting down.
+    def shutdown
+      super
+    end
+
+
+    def write(chunk)
+      chunk.msgpack_each {|(tag,time,record)|
+            send_to_syslog(tag, time, record)
+          }
+    end
+
+    def send_to_syslog(tag, time, record)
+      tag = tag.sub(@remove_tag_prefix, '') if @remove_tag_prefix
+      @packet.hostname = hostname
+      if @use_record
+        @packet.facility = record['facility'] || @facilty
+        @packet.severity = record['severity'] || @severity
+      else
+        @packet.facility = @facilty
+        @packet.severity = @severity
+      end
+      if record['time']
+        time = Time.parse(record['time'])
+      else
+        time = Time.now
+      end
+      @packet.time = time
+      @packet.tag      = if tag_key
+                           record[tag_key][0..31].gsub(/[\[\]]/,'') # tag is trimmed to 32 chars for syslog_protocol gem compatibility
+                         else
+                           tag[0..31] # tag is trimmed to 32 chars for syslog_protocol gem compatibility
+                         end
+      packet = @packet.dup
+      packet.content = record[@payload_key]
+      begin
+        if not @socket
+          @socket = create_tcp_socket(@remote_syslog, @port)
+        end
+        if @socket
+          begin
+            @socket.write packet.assemble + "\n"
+            @socket.flush
+          rescue SocketError, Errno::ECONNREFUSED, Errno::ECONNRESET, Errno::EPIPE, Timeout::Error, OpenSSL::SSL::SSLError => e
+            log.warn "out:syslog: connection error by #{@remote_syslog}:#{@port} :#{e}"
+            @socket = nil
+            raise #{e}
+          end
+        else
+          log.warn "out:syslog: Socket connection couldn't be reestablished"
+          raise #{e}
+        end
+      end
+    end
+
+
+  end
+
+  class Time
+    def timezone(timezone = 'UTC')
+      old = ENV['TZ']
+      utc = self.dup.utc
+      ENV['TZ'] = timezone
+      output = utc.localtime
+      ENV['TZ'] = old
+      output
+    end
+  end
+end
+

data/test/helper.rb

@@ -0,0 +1,30 @@
+require 'rubygems'
+require 'bundler'
+begin
+  Bundler.setup(:default, :development)
+rescue Bundler::BundlerError => e
+  $stderr.puts e.message
+  $stderr.puts "Run `bundle install` to install missing gems"
+  exit e.status_code
+end
+require 'test/unit'
+
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+$LOAD_PATH.unshift(File.dirname(__FILE__))
+require 'fluent/test'
+unless ENV.has_key?('VERBOSE')
+  nulllogger = Object.new
+  nulllogger.instance_eval {|obj|
+    def method_missing(method, *args)
+      # pass
+    end
+  }
+  $log = nulllogger
+end
+
+require 'fluentd/plugin/out_syslog'
+require 'fluentd/plugin/out_syslog_buffered'
+
+
+class Test::Unit::TestCase
+end

data/test/plugin/test_out_syslog.rb

@@ -0,0 +1,138 @@
+require 'helper'
+
+class SyslogOutputTest < Test::Unit::TestCase
+  def setup
+    Fluent::Test.setup
+  end
+
+  CONFIG = %[
+    remote_syslog 127.0.0.1
+    port    25
+    hostname      testhost
+    remove_tag_prefix        test
+    severity  debug
+    facility user
+    payload_key message
+  ]
+
+  def create_driver(conf=CONFIG,tag='test')
+    Fluent::Test::OutputTestDriver.new(Fluent::SyslogOutput, tag).configure(conf)
+  end
+
+  def test_configure
+    assert_raise(Fluent::ConfigError) {
+      d = create_driver('')
+    }
+    assert_raise(Fluent::ConfigError) {
+      d = create_driver %[
+      hostname      testhost
+      remove_tag_prefix        test
+      ]
+    }
+    assert_nothing_raised {
+      d = create_driver %[
+        remote_syslog 127.0.0.1
+      ]
+    }
+    assert_nothing_raised {
+      d = create_driver %[
+        remote_syslog 127.0.0.1
+        port    639
+      ]
+    }
+    assert_nothing_raised {
+      d = create_driver %[
+        remote_syslog 127.0.0.1
+        port    25
+        hostname      deathstar
+      ]
+    }
+    assert_nothing_raised {
+      d = create_driver %[
+       remote_syslog 127.0.0.1
+        port    25
+        hostname      testhost
+        remove_tag_prefix        test123
+      ]
+    }
+    assert_nothing_raised {
+      d = create_driver %[
+        remote_syslog 127.0.0.1
+        port    25
+        hostname      testhost
+        remove_tag_prefix        test
+        tag_key   tagtag
+        severity  debug
+      ]
+    }
+    assert_nothing_raised {
+      d = create_driver %[
+        remote_syslog 127.0.0.1
+        port    25
+        hostname      testhost
+        remove_tag_prefix        test
+        tag_key   tagtag
+        severity  debug
+        facility user
+      ]
+    }
+    assert_nothing_raised {
+      d = create_driver %[
+        remote_syslog 127.0.0.1
+        port    25
+        hostname      testhost
+        remove_tag_prefix        test
+        tag_key   tagtag
+        severity  debug
+        facility user
+        payload_key message
+      ]
+    }
+    d = create_driver %[
+        remote_syslog 127.0.0.1
+        port    25
+        hostname      testhost
+        remove_tag_prefix        test
+        tag_key   tagtag
+        severity  debug
+        facility user
+        payload_key message
+    ]
+    assert_equal 25, d.instance.port
+    assert_equal "127.0.0.1", d.instance.remote_syslog
+    assert_equal "testhost", d.instance.hostname
+    assert_equal Regexp.new('^' + Regexp.escape("test")), d.instance.remove_tag_prefix
+    assert_equal "tagtag", d.instance.tag_key
+    assert_equal "debug", d.instance.severity
+    assert_equal "user", d.instance.facility
+    assert_equal "message", d.instance.payload_key
+
+  end
+  def test_emit
+    d1 = create_driver(CONFIG, 'test.in')
+    d1.run do
+      d1.emit({'message' => 'asd asd'})
+      d1.emit({'message' => 'dsa xasd'})
+      d1.emit({'message' => 'ddd ddddd'})
+      d1.emit({'message' => '7sssss8 ssssdasd'})
+      d1.emit({'message' => 'aaassddffg asdasdasfasf'})
+    end
+    assert_equal 0, d1.emits.size
+
+  end
+
+  def test_emit_with_time_and_without_time
+    d1 = create_driver(CONFIG, 'test.in')
+    d1.run do
+      d1.emit({'message' => 'asd asd', 'time' => '2007-01-31 12:22:26'})
+      d1.emit({'message' => 'dsa xasd'})
+      d1.emit({'message' => 'ddd ddddd', 'time' => '2007-03-01 12:22:26'})
+      d1.emit({'message' => '7sssss8 ssssdasd', 'time' => '2011-03-01 12:22:26'})
+      d1.emit({'message' => 'aaassddffg asdasdasfasf', 'time' => '2016-03-01 12:22:26'})
+    end
+    assert_equal 0, d1.emits.size
+
+  end
+
+
+end

metadata

@@ -0,0 +1,110 @@
+--- !ruby/object:Gem::Specification
+name: fluent-plugin-remote-syslog
+version: !ruby/object:Gem::Version
+  version: '1.0'
+platform: ruby
+authors:
+- Andrea Spoldi
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2017-07-06 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: fluentd
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.10.45
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.10.45
+- !ruby/object:Gem::Dependency
+  name: fluent-mixin-config-placeholders
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.2.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.2.0
+- !ruby/object:Gem::Dependency
+  name: syslog_protocol
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.9.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.9.2
+description: Output plugin for streaming logs out to a remote syslog
+email: devops@docebo.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- Gemfile
+- README.md
+- Rakefile
+- fluent-plugin-remote-syslog.gemspec
+- lib/fluentd/plugin/out_syslog.rb
+- lib/fluentd/plugin/out_syslog_buffered.rb
+- test/helper.rb
+- test/plugin/test_out_syslog.rb
+homepage: https://github.com/docebo/fluent-plugin-remote-syslog
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.5.1
+signing_key: 
+specification_version: 4
+summary: Output plugin for streaming logs out to a remote syslog
+test_files:
+- test/helper.rb
+- test/plugin/test_out_syslog.rb