gelfd 0.0.1

data/.gitignore

@@ -0,0 +1,4 @@
+*.gem
+.bundle
+Gemfile.lock
+pkg/*

data/Gemfile

@@ -0,0 +1,4 @@
+source "http://rubygems.org"
+
+# Specify your gem's dependencies in gelfd.gemspec
+gemspec

data/README.md

@@ -0,0 +1,6 @@
+# gelfd
+gelfd is a standalone implementation of GELF (Graylog2 Extended Log Format).
+This is used by the graylog2 server as an extended format for handling log messages.
+
+## Rationale
+This was originally concieved as a way to provide a graylog2-compatible input for logstash.

data/Rakefile

@@ -0,0 +1 @@
+require "bundler/gem_tasks"

data/bin/gelfd

@@ -0,0 +1,19 @@
+#!/usr/bin/env ruby
+$:.unshift(File.expand_path(File.join(File.dirname(__FILE__), "..", "lib")))
+require 'socket'
+require 'gelfd'
+
+server = UDPSocket.new
+puts "Starting up"
+server.bind(nil, 11211)
+trap("INT") { puts "Shutting down"; exit }
+
+loop do
+  data, addr = server.recvfrom(8192)
+  begin
+    res = Gelfd::Parser.parse(data)
+  rescue Exception => e
+    puts e.message
+  end
+  puts res unless res.nil?
+end

data/gelfd.gemspec

@@ -0,0 +1,24 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+require "gelfd/version"
+
+Gem::Specification.new do |s|
+  s.name        = "gelfd"
+  s.version     = Gelfd::VERSION
+  s.authors     = ["John E. Vincent"]
+  s.email       = ["lusis.org+github.com@gmail.com"]
+  s.homepage    = ""
+  s.summary     = %q{Pure ruby gelf server and decoding library}
+  s.description = %q{Standalone implementation of the Graylog Extended Log Format}
+
+  s.rubyforge_project = "gelfd"
+
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.require_paths = ["lib"]
+
+  # specify any dependencies here; for example:
+  # s.add_development_dependency "rspec"
+  # s.add_runtime_dependency "rest-client"
+end

data/lib/gelfd.rb

@@ -0,0 +1,16 @@
+require "gelfd/version"
+
+module Gelfd
+  CHUNKED_MAGIC = [0x1e,0x0f].pack('C*').freeze
+  ZLIB_MAGIC = [0x78,0x9c].pack('C*').freeze
+  GZIP_MAGIC = [0x1f,0x8b].pack('C*').freeze
+  HEADER_LENGTH = 12
+  DATA_LENGTH = 8192 - HEADER_LENGTH
+  MAX_CHUNKS = 128
+end
+
+require File.join(File.dirname(__FILE__), 'gelfd', 'exceptions')
+require File.join(File.dirname(__FILE__), 'gelfd', 'zlib_parser')
+require File.join(File.dirname(__FILE__), 'gelfd', 'gzip_parser')
+require File.join(File.dirname(__FILE__), 'gelfd', 'chunked_parser')
+require File.join(File.dirname(__FILE__), 'gelfd', 'parser')

data/lib/gelfd/chunked_parser.rb

@@ -0,0 +1,46 @@
+module Gelfd
+  class ChunkedParser
+    @@chunk_map = Hash.new {|hash,key| hash[key] = {:total_chunks => 0, :chunks => {} } }
+
+    attr_accessor :message_id, :max_chunks, :decoded_data, :chunks, :seen
+
+    def self.parse(data)
+      msg_id = self.parse_chunk(data)
+      if @@chunk_map[msg_id][:chunks].size == @@chunk_map[msg_id][:total_chunks]
+        assemble_chunks(msg_id)
+      end
+    end
+
+    def self.assemble_chunks(msg_id)
+      buff = ''
+      chunks = @@chunk_map[msg_id][:chunks]
+      chunks.keys.sort.each do |k|
+        buff += chunks[k]
+      end
+      begin
+        # TODO
+        # This has a chance for an DoS
+        # you can send a chunked message as a chunked message
+        t = Parser.parse(buff.clone)
+        t
+      rescue Exception => e
+        "Exception: #{e.message}"
+      end
+    end
+
+    private
+    def self.parse_chunk(data)
+      header = data[0..1]
+      raise NotChunkedDataError, "This doesn't look like a Chunked GELF message!" if header != CHUNKED_MAGIC
+      begin
+        msg_id = data[2..9].unpack('C*').join
+        seq_number, total_number = data[10].ord, data[11].ord
+        zlib_chunk = data[12..-1]
+        raise TooManyChunksError, "#{total_number} greater than #{MAX_CHUNKS}" if total_number > MAX_CHUNKS
+        @@chunk_map[msg_id][:total_chunks] = total_number.to_i
+        @@chunk_map[msg_id][:chunks].merge!({seq_number.to_i => zlib_chunk})
+        msg_id
+      end
+    end
+  end
+end

data/lib/gelfd/exceptions.rb

@@ -0,0 +1,8 @@
+module Gelfd
+  class NotChunkedDataError < StandardError; end
+  class DuplicateChunkError < StandardError; end
+  class TooManyChunksError < StandardError; end
+  class UnknownHeaderError < StandardError; end
+  class DecodeError < StandardError; end
+  class NotYetImplementedError < StandardError; end
+end

data/lib/gelfd/gzip_parser.rb

@@ -0,0 +1,9 @@
+module Gelfd
+  class GzipParser
+
+    def self.parse(data)
+      raise NotYetImplementedError, "GZip decoding is not yet implemented"
+    end
+
+  end
+end

data/lib/gelfd/parser.rb

@@ -0,0 +1,21 @@
+module Gelfd
+  class Parser
+
+    def self.parse(data)
+      header = data[0..1]
+      case header
+      when ZLIB_MAGIC
+        ZlibParser.parse(data)
+      when CHUNKED_MAGIC
+        ChunkedParser.parse(data)
+      when GZIP_MAGIC
+        GzipParser.parse(data)
+      else
+        raise UnknownHeaderError, "Could not find parser for header: #{header.unpack('C*').to_s}"
+      end
+    end
+
+  end
+end
+
+

data/lib/gelfd/version.rb

@@ -0,0 +1,3 @@
+module Gelfd
+  VERSION = "0.0.1"
+end

data/lib/gelfd/zlib_parser.rb

@@ -0,0 +1,15 @@
+require 'zlib'
+module Gelfd
+  class ZlibParser
+
+    def self.parse(data)
+      begin
+        t = Zlib::Inflate.inflate(data)
+        t
+      rescue Exception => e
+        raise DecodeError, "Failed to decode data: #{e}"
+      end
+    end
+
+  end
+end

metadata

@@ -0,0 +1,68 @@
+--- !ruby/object:Gem::Specification 
+name: gelfd
+version: !ruby/object:Gem::Version 
+  prerelease: 
+  version: 0.0.1
+platform: ruby
+authors: 
+- John E. Vincent
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2011-09-09 00:00:00 Z
+dependencies: []
+
+description: Standalone implementation of the Graylog Extended Log Format
+email: 
+- lusis.org+github.com@gmail.com
+executables: 
+- gelfd
+extensions: []
+
+extra_rdoc_files: []
+
+files: 
+- .gitignore
+- Gemfile
+- README.md
+- Rakefile
+- bin/gelfd
+- gelfd.gemspec
+- lib/gelfd.rb
+- lib/gelfd/chunked_parser.rb
+- lib/gelfd/exceptions.rb
+- lib/gelfd/gzip_parser.rb
+- lib/gelfd/parser.rb
+- lib/gelfd/version.rb
+- lib/gelfd/zlib_parser.rb
+- test/fixtures/unchunked.zl
+homepage: ""
+licenses: []
+
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+requirements: []
+
+rubyforge_project: gelfd
+rubygems_version: 1.8.6
+signing_key: 
+specification_version: 3
+summary: Pure ruby gelf server and decoding library
+test_files: []
+