fluent-plugin-sumologic-cloud-syslog 0.1.2

data/lib/sumologic_cloud_syslog/protocol.rb

@@ -0,0 +1,138 @@
+# Copyright 2016 Acquia, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require 'date'
+
+require_relative 'facility'
+require_relative 'severity'
+
+# Syslog protocol https://tools.ietf.org/html/rfc5424
+module SumologicCloudSyslog
+  # RFC defined nil value
+  NIL_VALUE = '-'
+
+  # All headers by specification wrapped in single object
+  class Header
+    attr_accessor :facility, :severity, :version, :timestamp, :hostname, :app_name, :procid, :msgid
+
+    FACILITIES = {}
+    SEVERITIES = {}
+
+    Facility.setup_constants FACILITIES
+    Severity.setup_constants SEVERITIES
+
+    def initialize
+      @timestamp = Time.now
+      @severity = 'INFO'
+      @facility = 'LOCAL0'
+      @version = 1
+      @hostname = SumologicCloudSyslog::NIL_VALUE
+      @app_name = SumologicCloudSyslog::NIL_VALUE
+      @procid = SumologicCloudSyslog::NIL_VALUE
+      @msgid = SumologicCloudSyslog::NIL_VALUE
+    end
+
+    def timestamp=(val)
+      raise ArgumentError.new("Must provide Time object value instead: #{val.inspect}") unless val.is_a?(Time)
+      @timestamp = val
+    end
+
+    def facility=(val)
+      raise ArgumentError.new("Invalid facility value: #{val.inspect}") unless FACILITIES.key?(val)
+      @facility = val
+    end
+
+    def severity=(val)
+      raise ArgumentError.new("Invalid severity value: #{val.inspect}") unless SEVERITIES.key?(val)
+      @severity = val
+    end
+
+    # Priority value is calculated by first multiplying the Facility
+    # number by 8 and then adding the numerical value of the Severity.
+    def pri
+      FACILITIES[facility] * 8 + SEVERITIES[severity]
+    end
+
+    def assemble
+      [
+        "<#{pri}>#{version}",
+        timestamp.to_datetime.rfc3339,
+        hostname,
+        app_name,
+        procid,
+        msgid
+      ].join(' ')
+    end
+
+    def to_s
+      assemble
+    end
+  end
+
+  # Structured data field
+  class StructuredData
+    attr_accessor :id, :data
+
+    def initialize(id)
+      @id = id
+      @data = {}
+    end
+
+    # Format data structured data to
+    # [id k="v" ...]
+    def assemble
+      parts = [id]
+      data.each do |k, v|
+        # Characters ", ] and \ must be escaped to prevent any parsing errors
+        v = v.gsub(/(\"|\]|\\)/) { |match| '\\' + match }
+        parts << "#{k}=\"#{v}\""
+      end
+      "[#{parts.join(' ')}]"
+    end
+
+    def to_s
+      assemble
+    end
+  end
+
+  # Message represents full message that can be sent to syslog
+  class Message
+    attr_accessor :header, :structured_data, :msg
+
+    def initialize
+      @msg = ''
+      @structured_data = []
+      @header = Header.new
+    end
+
+    def assemble
+      # Start with header
+      out = [header.to_s]
+      # Add all structured data
+      if structured_data.length > 0
+        out << structured_data.map(&:to_s).join('')
+      else
+        out << SumologicCloudSyslog::NIL_VALUE
+      end
+      # Add message
+      out << msg if msg.length > 0
+      # Message must end with new line delimiter
+      out.join(' ') + "\n"
+    end
+
+    def to_s
+      assemble
+    end
+  end
+end

data/lib/sumologic_cloud_syslog/severity.rb

@@ -0,0 +1,30 @@
+# Copyright 2016 Acquia, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require_relative 'lookup_from_const'
+
+module SumologicCloudSyslog
+  module Severity
+    extend LookupFromConst
+    EMERG  = PANIC   = 0
+    ALERT            = 1
+    CRIT             = 2
+    ERR    = ERROR   = 3
+    WARN   = WARNING = 4
+    NOTICE           = 5
+    INFO             = 6
+    DEBUG            = 7
+    NONE             = 10
+  end
+end

data/lib/sumologic_cloud_syslog/ssl_transport.rb

@@ -0,0 +1,53 @@
+# Copyright 2016 Acquia, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require 'socket'
+require 'openssl'
+
+module SumologicCloudSyslog
+  # Supports SSL connection to remote host
+  class SSLTransport
+    attr_accessor :socket
+
+    attr_reader :host, :port, :cert, :key, :ssl_version
+
+    def initialize(host, port, cert: nil, key: nil, ssl_version: :TLSv1_2)
+      @host = host
+      @port = port
+      @cert = cert
+      @key = key
+      @ssl_version = ssl_version
+      connect
+    end
+
+    def connect
+      tcp = TCPSocket.new(host, port)
+
+      ctx = OpenSSL::SSL::SSLContext.new
+      ctx.set_params(verify_mode: OpenSSL::SSL::VERIFY_PEER)
+      ctx.ssl_version = ssl_version
+
+      ctx.cert = OpenSSL::X509::Certificate.new(File.open(cert)) if cert
+      ctx.key = OpenSSL::PKey::RSA.new(File.open(key)) if key
+
+      @socket = OpenSSL::SSL::SSLSocket.new(tcp, ctx)
+      @socket.connect
+    end
+
+    # Forward any methods directly to SSLSocket
+    def method_missing(method_sym, *arguments, &block)
+      @socket.send(method_sym, *arguments, &block)
+    end
+  end
+end

data/lib/sumologic_cloud_syslog/version.rb

@@ -0,0 +1,17 @@
+# Copyright 2016 Acquia, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+module SumologicCloudSyslog
+  VERSION = '0.1.2'
+end

data/test/fluent/test_out_sumologic_cloud_syslog.rb

@@ -0,0 +1,138 @@
+# Copyright 2016 Acquia, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require 'helper'
+require 'date'
+require 'minitest/mock'
+require 'fluent/plugin/out_sumologic_cloud_syslog'
+
+class SumologicCloudSyslogOutput < Test::Unit::TestCase
+  def setup
+    Fluent::Test.setup
+    @driver = nil
+  end
+
+  def driver(tag='test', conf='')
+    @driver ||= Fluent::Test::OutputTestDriver.new(Fluent::SumologicCloudSyslogOutput, tag).configure(conf)
+  end
+
+  def sample_record
+    {
+      "app_name" => "app",
+      "hostname" => "host",
+      "procid" => $$,
+      "msgid" => 1000,
+      "message" => "MESSAGE",
+      "severity" => "PANIC",
+    }
+  end
+
+  def mock_logger
+    io = StringIO.new
+    io.set_encoding('utf-8')
+    logger = ::SumologicCloudSyslog::Logger.new(io, "TOKEN")
+  end
+
+  def test_configure
+    config = %{
+      host   syslog.collection.us1.sumologic.com
+      port   6514
+      cert
+      key
+      token  1234567890
+    }
+    instance = driver('test', config).instance
+
+    assert_equal 'syslog.collection.us1.sumologic.com', instance.host
+    assert_equal '6514', instance.port
+    assert_equal '', instance.cert
+    assert_equal '', instance.key
+    assert_equal '1234567890', instance.token
+  end
+
+  def test_default_emit
+    config = %{
+      host   syslog.collection.us1.sumologic.com
+      port   6514
+      cert
+      key
+      token  1234567890
+    }
+    instance = driver('test', config).instance
+
+    time = Time.now
+    record = sample_record
+    logger = mock_logger
+
+    instance.stub(:new_logger, logger) do
+      chain = Minitest::Mock.new
+      chain.expect(:next, nil)
+      instance.emit('test', {time.to_i => record}, chain)
+    end
+
+    formatted_time = time.dup.utc.strftime("%Y-%m-%dT%H:%M:%SZ")
+    assert_equal logger.transport.string, "<134>1 #{time.to_datetime.rfc3339} - - - - [TOKEN] #{formatted_time}\ttest\t#{record.to_json.to_s}\n\n"
+  end
+
+  def test_message_headers_mapping
+    config = %{
+      host   syslog.collection.us1.sumologic.com
+      port   6514
+      cert
+      key
+      token  1234567890
+      hostname_key hostname
+      procid_key procid
+      app_name_key app_name
+      msgid_key msgid
+    }
+    instance = driver('test', config).instance
+
+    time = Time.now
+    record = sample_record
+    logger = mock_logger
+
+    instance.stub(:new_logger, logger) do
+      chain = Minitest::Mock.new
+      chain.expect(:next, nil)
+      instance.emit('test', {time.to_i => record}, chain)
+    end
+
+    assert_true logger.transport.string.start_with?("<134>1 #{time.to_datetime.rfc3339} host app #{$$} 1000 [TOKEN]")
+  end
+
+  def test_message_severity_mapping
+    config = %{
+      host   syslog.collection.us1.sumologic.com
+      port   6514
+      cert
+      key
+      token  1234567890
+      severity_key severity
+    }
+    instance = driver('test', config).instance
+
+    time = Time.now
+    record = sample_record
+    logger = mock_logger
+
+    instance.stub(:new_logger, logger) do
+      chain = Minitest::Mock.new
+      chain.expect(:next, nil)
+      instance.emit('test', {time.to_i => record}, chain)
+    end
+
+    assert_true logger.transport.string.start_with?("<128>1")
+  end
+end

data/test/helper.rb

@@ -0,0 +1,33 @@
+# Copyright 2016 Acquia, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require 'coveralls'
+require 'simplecov'
+
+SimpleCov.start
+
+Coveralls.wear! if ENV['TRAVIS']
+
+# Fluentd sets default encoding to ASCII-8BIT, but coverall can load git data which can contain UTF-8 characters
+at_exit do
+  Encoding.default_internal = 'UTF-8' if defined?(Encoding) && Encoding.respond_to?(:default_internal)
+  Encoding.default_external = 'UTF-8' if defined?(Encoding) && Encoding.respond_to?(:default_external)
+end
+
+require 'test/unit'
+require 'fluent/test'
+require 'minitest/pride'
+
+require 'webmock/test_unit'
+WebMock.disable_net_connect!

data/test/sumologic_cloud_syslog/test_logger.rb

@@ -0,0 +1,47 @@
+# Copyright 2016 Acquia, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require 'helper'
+require 'date'
+require 'sumologic_cloud_syslog/logger'
+
+class Logger < Test::Unit::TestCase
+  def test_logger_defaults
+    io = StringIO.new
+    l = SumologicCloudSyslog::Logger.new(io, "TOKEN")
+    time = Time.now
+    l.log(:WARN, "MESSAGE", time: time)
+    assert_equal io.string, "<132>1 #{time.to_datetime.rfc3339} - - - - [TOKEN] MESSAGE\n"
+  end
+
+  def test_logger_default_headers
+    io = StringIO.new
+    l = SumologicCloudSyslog::Logger.new(io, "TOKEN")
+    l.hostname("hostname")
+    l.app_name("appname")
+    l.procid($$)
+    l.facility("SYSLOG")
+    time = Time.now
+    l.log(:WARN, "MESSAGE", time: time)
+    assert_equal io.string, "<44>1 #{time.to_datetime.rfc3339} hostname appname #{$$} - [TOKEN] MESSAGE\n"
+  end
+
+  def test_logger_closed
+    io = StringIO.new
+    l = SumologicCloudSyslog::Logger.new(io, "TOKEN")
+    assert_false l.closed?
+    l.close
+    assert_true l.closed?
+  end
+end