logstash-filter-syslog_pri 2.0.4 → 3.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +2 -0
- data/Gemfile +3 -1
- data/LICENSE +1 -1
- data/README.md +12 -3
- data/lib/logstash/filters/syslog_pri.rb +10 -10
- data/logstash-filter-syslog_pri.gemspec +3 -3
- data/spec/filters/syslog_pri_spec.rb +11 -11
- metadata +18 -15
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 6803543d75939012ebc8333603e30436299d534c
|
|
4
|
+
data.tar.gz: 077b96d8871363b6209a86c9fee25cafcf3d3f1a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 8aa565e571f8d00f63772fa0c7a30dbe7c50b216d19eb9ec9215e1983fee7b0e82f786962c87d6e0a38b699aa11bd7654391552d44d3d81f6d82b72741f44f53
|
|
7
|
+
data.tar.gz: 1afa06158c213da582904f84aa6cc7709d73645762627c8b9fbbfe8672616e5239194e990e92a4b103f090ee0849ed5b5cea3bb8f542856db82c93239d370712
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
## 3.0.0
|
|
2
|
+
- Update the plugin to the version 2.0 of the plugin api, this change is required for Logstash 5.0 compatibility. See https://github.com/elastic/logstash/issues/5141
|
|
1
3
|
# 2.0.4
|
|
2
4
|
- Depend on logstash-core-plugin-api instead of logstash-core, removing the need to mass update plugins on major releases of logstash
|
|
3
5
|
# 2.0.3
|
data/Gemfile
CHANGED
data/LICENSE
CHANGED
data/README.md
CHANGED
|
@@ -1,7 +1,6 @@
|
|
|
1
1
|
# Logstash Plugin
|
|
2
2
|
|
|
3
|
-
[](http://build-eu-00.elastic.co/view/LS%20Plugins/view/LS%20Filters/job/logstash-plugin-filter-syslog_pri-unit/)
|
|
3
|
+
[](https://travis-ci.org/logstash-plugins/logstash-filter-syslog_pri)
|
|
5
4
|
|
|
6
5
|
This is a plugin for [Logstash](https://github.com/elastic/logstash).
|
|
7
6
|
|
|
@@ -56,7 +55,12 @@ gem "logstash-filter-awesome", :path => "/your/local/logstash-filter-awesome"
|
|
|
56
55
|
```
|
|
57
56
|
- Install plugin
|
|
58
57
|
```sh
|
|
58
|
+
# Logstash 2.3 and higher
|
|
59
|
+
bin/logstash-plugin install --no-verify
|
|
60
|
+
|
|
61
|
+
# Prior to Logstash 2.3
|
|
59
62
|
bin/plugin install --no-verify
|
|
63
|
+
|
|
60
64
|
```
|
|
61
65
|
- Run Logstash with your plugin
|
|
62
66
|
```sh
|
|
@@ -74,7 +78,12 @@ gem build logstash-filter-awesome.gemspec
|
|
|
74
78
|
```
|
|
75
79
|
- Install the plugin from the Logstash home
|
|
76
80
|
```sh
|
|
77
|
-
|
|
81
|
+
# Logstash 2.3 and higher
|
|
82
|
+
bin/logstash-plugin install --no-verify
|
|
83
|
+
|
|
84
|
+
# Prior to Logstash 2.3
|
|
85
|
+
bin/plugin install --no-verify
|
|
86
|
+
|
|
78
87
|
```
|
|
79
88
|
- Start Logstash and proceed to test the plugin
|
|
80
89
|
|
|
@@ -75,31 +75,31 @@ class LogStash::Filters::Syslog_pri < LogStash::Filters::Base
|
|
|
75
75
|
def parse_pri(event)
|
|
76
76
|
# Per RFC3164, priority = (facility * 8) + severity
|
|
77
77
|
# = (facility << 3) & (severity)
|
|
78
|
-
if event
|
|
79
|
-
if event
|
|
80
|
-
priority = event
|
|
78
|
+
if event.get(@syslog_pri_field_name)
|
|
79
|
+
if event.get(@syslog_pri_field_name).is_a?(Array)
|
|
80
|
+
priority = event.get(@syslog_pri_field_name).first.to_i
|
|
81
81
|
else
|
|
82
|
-
priority = event
|
|
82
|
+
priority = event.get(@syslog_pri_field_name).to_i
|
|
83
83
|
end
|
|
84
84
|
else
|
|
85
85
|
priority = 13 # default
|
|
86
86
|
end
|
|
87
87
|
severity = priority & 7 # 7 is 111 (3 bits)
|
|
88
88
|
facility = priority >> 3
|
|
89
|
-
event
|
|
90
|
-
event
|
|
89
|
+
event.set("syslog_severity_code", severity)
|
|
90
|
+
event.set("syslog_facility_code", facility)
|
|
91
91
|
|
|
92
92
|
# Add human-readable names after parsing severity and facility from PRI
|
|
93
93
|
if @use_labels
|
|
94
|
-
facility_number = event
|
|
95
|
-
severity_number = event
|
|
94
|
+
facility_number = event.get("syslog_facility_code")
|
|
95
|
+
severity_number = event.get("syslog_severity_code")
|
|
96
96
|
|
|
97
97
|
if @facility_labels[facility_number]
|
|
98
|
-
event
|
|
98
|
+
event.set("syslog_facility", @facility_labels[facility_number])
|
|
99
99
|
end
|
|
100
100
|
|
|
101
101
|
if @severity_labels[severity_number]
|
|
102
|
-
event
|
|
102
|
+
event.set("syslog_severity", @severity_labels[severity_number])
|
|
103
103
|
end
|
|
104
104
|
end
|
|
105
105
|
end # def parse_pri
|
|
@@ -1,10 +1,10 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
|
|
3
3
|
s.name = 'logstash-filter-syslog_pri'
|
|
4
|
-
s.version = '
|
|
4
|
+
s.version = '3.0.0'
|
|
5
5
|
s.licenses = ['Apache License (2.0)']
|
|
6
6
|
s.summary = "Filter plugin for logstash to parse the PRI field from the front of a Syslog (RFC3164) message"
|
|
7
|
-
s.description = "This gem is a
|
|
7
|
+
s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
|
|
8
8
|
s.authors = ["Elastic"]
|
|
9
9
|
s.email = 'info@elastic.co'
|
|
10
10
|
s.homepage = "http://www.elastic.co/guide/en/logstash/current/index.html"
|
|
@@ -20,7 +20,7 @@ Gem::Specification.new do |s|
|
|
|
20
20
|
s.metadata = { "logstash_plugin" => "true", "logstash_group" => "filter" }
|
|
21
21
|
|
|
22
22
|
# Gem dependencies
|
|
23
|
-
s.add_runtime_dependency "logstash-core-plugin-api", "~>
|
|
23
|
+
s.add_runtime_dependency "logstash-core-plugin-api", "~> 2.0"
|
|
24
24
|
s.add_development_dependency 'logstash-devutils'
|
|
25
25
|
|
|
26
26
|
end
|
|
@@ -27,17 +27,17 @@ describe LogStash::Filters::Syslog_pri do
|
|
|
27
27
|
|
|
28
28
|
it "default syslog_facility is user-level" do
|
|
29
29
|
subject.filter(event)
|
|
30
|
-
expect(event
|
|
30
|
+
expect(event.get("syslog_facility")).to eq("user-level")
|
|
31
31
|
end
|
|
32
32
|
|
|
33
33
|
it "default syslog severity is notice" do
|
|
34
34
|
subject.filter(event)
|
|
35
|
-
expect(event
|
|
35
|
+
expect(event.get("syslog_severity")).to eq("notice")
|
|
36
36
|
end
|
|
37
37
|
|
|
38
38
|
it "default severity to be 5, out of priority default 13" do
|
|
39
39
|
subject.filter(event)
|
|
40
|
-
expect(event
|
|
40
|
+
expect(event.get("syslog_severity_code")).to eq(5)
|
|
41
41
|
end
|
|
42
42
|
|
|
43
43
|
end
|
|
@@ -56,12 +56,12 @@ describe LogStash::Filters::Syslog_pri do
|
|
|
56
56
|
|
|
57
57
|
it "syslog severity is critical" do
|
|
58
58
|
subject.filter(event)
|
|
59
|
-
expect(event
|
|
59
|
+
expect(event.get("syslog_severity")).to eq("critical")
|
|
60
60
|
end
|
|
61
61
|
|
|
62
62
|
it "default syslog_facility is user-level" do
|
|
63
63
|
subject.filter(event)
|
|
64
|
-
expect(event
|
|
64
|
+
expect(event.get("syslog_facility")).to eq("security/authorization")
|
|
65
65
|
end
|
|
66
66
|
|
|
67
67
|
end
|
|
@@ -71,12 +71,12 @@ describe LogStash::Filters::Syslog_pri do
|
|
|
71
71
|
|
|
72
72
|
it "syslog severity is notice" do
|
|
73
73
|
subject.filter(event)
|
|
74
|
-
expect(event
|
|
74
|
+
expect(event.get("syslog_severity")).to eq("notice")
|
|
75
75
|
end
|
|
76
76
|
|
|
77
77
|
it "default syslog_facility is user-level" do
|
|
78
78
|
subject.filter(event)
|
|
79
|
-
expect(event
|
|
79
|
+
expect(event.get("syslog_facility")).to eq("local4")
|
|
80
80
|
end
|
|
81
81
|
end
|
|
82
82
|
|
|
@@ -85,12 +85,12 @@ describe LogStash::Filters::Syslog_pri do
|
|
|
85
85
|
|
|
86
86
|
it "syslog severity is notice" do
|
|
87
87
|
subject.filter(event)
|
|
88
|
-
expect(event
|
|
88
|
+
expect(event.get("syslog_severity")).to eq("debug")
|
|
89
89
|
end
|
|
90
90
|
|
|
91
91
|
it "default syslog_facility is user-level" do
|
|
92
92
|
subject.filter(event)
|
|
93
|
-
expect(event
|
|
93
|
+
expect(event.get("syslog_facility")).to eq("local7")
|
|
94
94
|
end
|
|
95
95
|
end
|
|
96
96
|
|
|
@@ -99,12 +99,12 @@ describe LogStash::Filters::Syslog_pri do
|
|
|
99
99
|
|
|
100
100
|
it "syslog severity is notice" do
|
|
101
101
|
subject.filter(event)
|
|
102
|
-
expect(event
|
|
102
|
+
expect(event.get("syslog_severity")).to eq("alert")
|
|
103
103
|
end
|
|
104
104
|
|
|
105
105
|
it "default syslog_facility is user-level" do
|
|
106
106
|
subject.filter(event)
|
|
107
|
-
expect(event
|
|
107
|
+
expect(event.get("syslog_facility")).to eq("local1")
|
|
108
108
|
end
|
|
109
109
|
end
|
|
110
110
|
|
metadata
CHANGED
|
@@ -1,44 +1,46 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: logstash-filter-syslog_pri
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 3.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Elastic
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2016-
|
|
11
|
+
date: 2016-05-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
|
+
name: logstash-core-plugin-api
|
|
14
15
|
requirement: !ruby/object:Gem::Requirement
|
|
15
16
|
requirements:
|
|
16
17
|
- - "~>"
|
|
17
18
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: '
|
|
19
|
-
name: logstash-core-plugin-api
|
|
20
|
-
prerelease: false
|
|
19
|
+
version: '2.0'
|
|
21
20
|
type: :runtime
|
|
21
|
+
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - "~>"
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: '
|
|
26
|
+
version: '2.0'
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
|
+
name: logstash-devutils
|
|
28
29
|
requirement: !ruby/object:Gem::Requirement
|
|
29
30
|
requirements:
|
|
30
31
|
- - ">="
|
|
31
32
|
- !ruby/object:Gem::Version
|
|
32
33
|
version: '0'
|
|
33
|
-
name: logstash-devutils
|
|
34
|
-
prerelease: false
|
|
35
34
|
type: :development
|
|
35
|
+
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
38
|
- - ">="
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
40
|
version: '0'
|
|
41
|
-
description: This gem is a
|
|
41
|
+
description: This gem is a Logstash plugin required to be installed on top of the
|
|
42
|
+
Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This
|
|
43
|
+
gem is not a stand-alone program
|
|
42
44
|
email: info@elastic.co
|
|
43
45
|
executables: []
|
|
44
46
|
extensions: []
|
|
@@ -60,7 +62,7 @@ licenses:
|
|
|
60
62
|
metadata:
|
|
61
63
|
logstash_plugin: 'true'
|
|
62
64
|
logstash_group: filter
|
|
63
|
-
post_install_message:
|
|
65
|
+
post_install_message:
|
|
64
66
|
rdoc_options: []
|
|
65
67
|
require_paths:
|
|
66
68
|
- lib
|
|
@@ -75,11 +77,12 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
75
77
|
- !ruby/object:Gem::Version
|
|
76
78
|
version: '0'
|
|
77
79
|
requirements: []
|
|
78
|
-
rubyforge_project:
|
|
79
|
-
rubygems_version: 2.
|
|
80
|
-
signing_key:
|
|
80
|
+
rubyforge_project:
|
|
81
|
+
rubygems_version: 2.5.1
|
|
82
|
+
signing_key:
|
|
81
83
|
specification_version: 4
|
|
82
|
-
summary: Filter plugin for logstash to parse the PRI field from the front of a Syslog
|
|
84
|
+
summary: Filter plugin for logstash to parse the PRI field from the front of a Syslog
|
|
85
|
+
(RFC3164) message
|
|
83
86
|
test_files:
|
|
84
87
|
- spec/filters/syslog_pri_spec.rb
|
|
85
88
|
- spec/spec_helper.rb
|