logstash-input-http 3.1.0-java
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/CHANGELOG.md +60 -0
- data/DEVELOPER.md +1 -0
- data/Gemfile +11 -0
- data/LICENSE +13 -0
- data/NOTICE.TXT +5 -0
- data/README.md +98 -0
- data/VERSION +1 -0
- data/docs/index.asciidoc +309 -0
- data/lib/logstash-input-http_jars.rb +7 -0
- data/lib/logstash/inputs/http.rb +290 -0
- data/lib/logstash/inputs/http/message_handler.rb +62 -0
- data/lib/logstash/inputs/http/tls.rb +40 -0
- data/lib/logstash/util/http_compressed_requests.rb +39 -0
- data/lib/tasks/build.rake +16 -0
- data/logstash-input-http.gemspec +33 -0
- data/spec/inputs/http_spec.rb +277 -0
- data/vendor/jar-dependencies/io/netty/netty-all/4.1.18.Final/netty-all-4.1.18.Final.jar +0 -0
- data/vendor/jar-dependencies/io/netty/netty-tcnative-boringssl-static/2.0.7.Final/netty-tcnative-boringssl-static-2.0.7.Final.jar +0 -0
- data/vendor/jar-dependencies/org/apache/logging/log4j/log4j-api/2.6.2/log4j-api-2.6.2.jar +0 -0
- data/vendor/jar-dependencies/org/logstash/plugins/input/http/logstash-input-http/3.1.0/logstash-input-http-3.1.0.jar +0 -0
- metadata +173 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 445d3da2f390e8891b32e2090945f28677d6257018545983859c26665c21af84
|
4
|
+
data.tar.gz: 585afff812773b166fd44370764bd0837958218dd994335da024216faf2cd352
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: a9915f4e38147a0b97c2376b9fda49412b9c2aa995d2a6d5f4b5153a957b54baaa045375a0cbc8ef53d32cd3b1f97731729b73aee3b5cd34dbda4dfa468afc0d
|
7
|
+
data.tar.gz: cf4d9aa38eda357bf7bba97c6f696221eaf2d09f990eb36ff9e1857c26f6fb96118905fc0e4aff16ce583476af9e095d9a0121e15884b7d34449e1d99cb36c1e
|
data/CHANGELOG.md
ADDED
@@ -0,0 +1,60 @@
|
|
1
|
+
## 3.1.0
|
2
|
+
- Replace Puma web server with Netty
|
3
|
+
- Support crt/key certificates
|
4
|
+
- Deprecates jks support
|
5
|
+
|
6
|
+
## 3.0.10
|
7
|
+
- Docs: Set the default_codec doc attribute.
|
8
|
+
|
9
|
+
## 3.0.9
|
10
|
+
- Make sure default codec is also cloned for thread safety. https://github.com/logstash-plugins/logstash-input-http/pull/80
|
11
|
+
- Always flush codec after each request and codec decoding. https://github.com/logstash-plugins/logstash-input-http/pull/81
|
12
|
+
|
13
|
+
## 3.0.8
|
14
|
+
- In the event that all webserver threads are busy this plugin will now return a 429, busy, error.
|
15
|
+
|
16
|
+
## 3.0.7
|
17
|
+
- Update gemspec summary
|
18
|
+
|
19
|
+
## 3.0.6
|
20
|
+
- Fix some documentation issues
|
21
|
+
|
22
|
+
## 3.0.4
|
23
|
+
- Improve error logging to log more details, including stack trace, for true bugs.
|
24
|
+
This makes debugging broken codecs much easier.
|
25
|
+
## 3.0.3
|
26
|
+
- Relax constraint on logstash-core-plugin-api to >= 1.60 <= 2.99
|
27
|
+
## 3.0.2
|
28
|
+
- Use a new class as redefined Puma::Server class as we need to mock one method and only need it for this plugin, but not for all parts using puma in logstash.Fixes https://github.com/logstash-plugins/logstash-input-http/issues/51.
|
29
|
+
## 3.0.1
|
30
|
+
- Republish all the gems under jruby.
|
31
|
+
## 3.0.0
|
32
|
+
- Update the plugin to the version 2.0 of the plugin api, this change is required for Logstash 5.0 compatibility. See https://github.com/elastic/logstash/issues/5141
|
33
|
+
# 2.2.2
|
34
|
+
- Depend on logstash-core-plugin-api instead of logstash-core, removing the need to mass update plugins on major releases of logstash
|
35
|
+
# 2.2.1
|
36
|
+
- New dependency requirements for logstash-core for the 5.0 release
|
37
|
+
## 2.2.0
|
38
|
+
- Bump puma dependency to 2.16.0
|
39
|
+
|
40
|
+
## 2.1.1
|
41
|
+
- Support for custom response headers
|
42
|
+
|
43
|
+
## 2.1.0
|
44
|
+
- Support compressed and gziped requests (thanks dwapstra)
|
45
|
+
|
46
|
+
## 2.0.0
|
47
|
+
- Plugins were updated to follow the new shutdown semantic, this mainly allows Logstash to instruct input plugins to terminate gracefully,
|
48
|
+
instead of using Thread.raise on the plugins' threads. Ref: https://github.com/elastic/logstash/pull/3895
|
49
|
+
- Dependency on logstash-core update to 2.0
|
50
|
+
|
51
|
+
## 1.0.3 (September 2, 2015)
|
52
|
+
* Include remote host address to events (#25)
|
53
|
+
|
54
|
+
## 1.0.2 (July 28, 2015)
|
55
|
+
* Fix for missing base64 require which was crashing Logstash (#17)
|
56
|
+
|
57
|
+
## 1.0.0 (July 1, 2015)
|
58
|
+
|
59
|
+
* First version: New input to receive HTTP requests
|
60
|
+
* Added basic authentication and SSL support
|
data/DEVELOPER.md
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
# logstash-input-http
|
data/Gemfile
ADDED
@@ -0,0 +1,11 @@
|
|
1
|
+
source 'https://rubygems.org'
|
2
|
+
|
3
|
+
gemspec
|
4
|
+
|
5
|
+
logstash_path = ENV["LOGSTASH_PATH"] || "../../logstash"
|
6
|
+
use_logstash_source = ENV["LOGSTASH_SOURCE"] && ENV["LOGSTASH_SOURCE"].to_s == "1"
|
7
|
+
|
8
|
+
if Dir.exist?(logstash_path) && use_logstash_source
|
9
|
+
gem 'logstash-core', :path => "#{logstash_path}/logstash-core"
|
10
|
+
gem 'logstash-core-plugin-api', :path => "#{logstash_path}/logstash-core-plugin-api"
|
11
|
+
end
|
data/LICENSE
ADDED
@@ -0,0 +1,13 @@
|
|
1
|
+
Copyright (c) 2012-2018 Elasticsearch <http://www.elastic.co>
|
2
|
+
|
3
|
+
Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
+
you may not use this file except in compliance with the License.
|
5
|
+
You may obtain a copy of the License at
|
6
|
+
|
7
|
+
http://www.apache.org/licenses/LICENSE-2.0
|
8
|
+
|
9
|
+
Unless required by applicable law or agreed to in writing, software
|
10
|
+
distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
+
See the License for the specific language governing permissions and
|
13
|
+
limitations under the License.
|
data/NOTICE.TXT
ADDED
data/README.md
ADDED
@@ -0,0 +1,98 @@
|
|
1
|
+
# Logstash Plugin
|
2
|
+
|
3
|
+
[![Travis Build Status](https://travis-ci.org/logstash-plugins/logstash-input-http.svg)](https://travis-ci.org/logstash-plugins/logstash-input-http)
|
4
|
+
|
5
|
+
This is a plugin for [Logstash](https://github.com/elastic/logstash).
|
6
|
+
|
7
|
+
It is fully free and fully open source. The license is Apache 2.0, meaning you are pretty much free to use it however you want in whatever way.
|
8
|
+
|
9
|
+
## Documentation
|
10
|
+
|
11
|
+
Logstash provides infrastructure to automatically generate documentation for this plugin. We use the asciidoc format to write documentation so any comments in the source code will be first converted into asciidoc and then into html. All plugin documentation are placed under one [central location](http://www.elastic.co/guide/en/logstash/current/).
|
12
|
+
|
13
|
+
- For formatting code or config example, you can use the asciidoc `[source,ruby]` directive
|
14
|
+
- For more asciidoc formatting tips, see the excellent reference here https://github.com/elastic/docs#asciidoc-guide
|
15
|
+
|
16
|
+
## Need Help?
|
17
|
+
|
18
|
+
Need help? Try #logstash on freenode IRC or the https://discuss.elastic.co/c/logstash discussion forum.
|
19
|
+
|
20
|
+
## Developing
|
21
|
+
|
22
|
+
### 1. Plugin Developement and Testing
|
23
|
+
|
24
|
+
#### Code
|
25
|
+
- To get started, you'll need JRuby with the Bundler gem installed.
|
26
|
+
|
27
|
+
- Create a new plugin or clone and existing from the GitHub [logstash-plugins](https://github.com/logstash-plugins) organization. We also provide [example plugins](https://github.com/logstash-plugins?query=example).
|
28
|
+
|
29
|
+
- Install dependencies
|
30
|
+
```sh
|
31
|
+
bundle install
|
32
|
+
```
|
33
|
+
|
34
|
+
#### Test
|
35
|
+
|
36
|
+
- Update your dependencies
|
37
|
+
|
38
|
+
```sh
|
39
|
+
bundle install
|
40
|
+
```
|
41
|
+
|
42
|
+
- Run tests
|
43
|
+
|
44
|
+
```sh
|
45
|
+
bundle exec rspec
|
46
|
+
```
|
47
|
+
|
48
|
+
### 2. Running your unpublished Plugin in Logstash
|
49
|
+
|
50
|
+
#### 2.1 Run in a local Logstash clone
|
51
|
+
|
52
|
+
- Edit Logstash `Gemfile` and add the local plugin path, for example:
|
53
|
+
```ruby
|
54
|
+
gem "logstash-filter-awesome", :path => "/your/local/logstash-filter-awesome"
|
55
|
+
```
|
56
|
+
- Install plugin
|
57
|
+
```sh
|
58
|
+
# Logstash 2.3 and higher
|
59
|
+
bin/logstash-plugin install --no-verify
|
60
|
+
|
61
|
+
# Prior to Logstash 2.3
|
62
|
+
bin/plugin install --no-verify
|
63
|
+
|
64
|
+
```
|
65
|
+
- Run Logstash with your plugin
|
66
|
+
```sh
|
67
|
+
bin/logstash -e 'filter {awesome {}}'
|
68
|
+
```
|
69
|
+
At this point any modifications to the plugin code will be applied to this local Logstash setup. After modifying the plugin, simply rerun Logstash.
|
70
|
+
|
71
|
+
#### 2.2 Run in an installed Logstash
|
72
|
+
|
73
|
+
You can use the same **2.1** method to run your plugin in an installed Logstash by editing its `Gemfile` and pointing the `:path` to your local plugin development directory or you can build the gem and install it using:
|
74
|
+
|
75
|
+
- Build your plugin gem
|
76
|
+
```sh
|
77
|
+
gem build logstash-filter-awesome.gemspec
|
78
|
+
```
|
79
|
+
- Install the plugin from the Logstash home
|
80
|
+
```sh
|
81
|
+
# Logstash 2.3 and higher
|
82
|
+
bin/logstash-plugin install --no-verify
|
83
|
+
|
84
|
+
# Prior to Logstash 2.3
|
85
|
+
bin/plugin install --no-verify
|
86
|
+
|
87
|
+
```
|
88
|
+
- Start Logstash and proceed to test the plugin
|
89
|
+
|
90
|
+
## Contributing
|
91
|
+
|
92
|
+
All contributions are welcome: ideas, patches, documentation, bug reports, complaints, and even something you drew up on a napkin.
|
93
|
+
|
94
|
+
Programming is not a required skill. Whatever you've seen about open source and maintainers or community members saying "send patches or die" - you will not see that here.
|
95
|
+
|
96
|
+
It is more important to the community that you are able to contribute.
|
97
|
+
|
98
|
+
For more information about contributing, see the [CONTRIBUTING](https://github.com/elastic/logstash/blob/master/CONTRIBUTING.md) file.
|
data/VERSION
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
3.1.0
|
data/docs/index.asciidoc
ADDED
@@ -0,0 +1,309 @@
|
|
1
|
+
:plugin: http
|
2
|
+
:type: input
|
3
|
+
:default_codec: plain
|
4
|
+
|
5
|
+
///////////////////////////////////////////
|
6
|
+
START - GENERATED VARIABLES, DO NOT EDIT!
|
7
|
+
///////////////////////////////////////////
|
8
|
+
:version: %VERSION%
|
9
|
+
:release_date: %RELEASE_DATE%
|
10
|
+
:changelog_url: %CHANGELOG_URL%
|
11
|
+
:include_path: ../../../../logstash/docs/include
|
12
|
+
///////////////////////////////////////////
|
13
|
+
END - GENERATED VARIABLES, DO NOT EDIT!
|
14
|
+
///////////////////////////////////////////
|
15
|
+
|
16
|
+
[id="plugins-{type}s-{plugin}"]
|
17
|
+
|
18
|
+
=== Http input plugin
|
19
|
+
|
20
|
+
include::{include_path}/plugin_header.asciidoc[]
|
21
|
+
|
22
|
+
==== Description
|
23
|
+
|
24
|
+
Using this input you can receive single or multiline events over http(s).
|
25
|
+
Applications can send an HTTP request to the endpoint started by this input and
|
26
|
+
Logstash will convert it into an event for subsequent processing. Users
|
27
|
+
can pass plain text, JSON, or any formatted data and use a corresponding codec with this
|
28
|
+
input. For Content-Type `application/json` the `json` codec is used, but for all other
|
29
|
+
data formats, `plain` codec is used.
|
30
|
+
|
31
|
+
This input can also be used to receive webhook requests to integrate with other services
|
32
|
+
and applications. By taking advantage of the vast plugin ecosystem available in Logstash
|
33
|
+
you can trigger actionable events right from your application.
|
34
|
+
|
35
|
+
==== Blocking Behavior
|
36
|
+
|
37
|
+
The HTTP protocol doesn't deal well with long running requests. This plugin will either return
|
38
|
+
a 429 (busy) error when Logstash is backlogged, or it will time out the request.
|
39
|
+
|
40
|
+
If a 429 error is encountered clients should sleep, backing off exponentially with some random
|
41
|
+
jitter, then retry their request.
|
42
|
+
|
43
|
+
This plugin will block if the Logstash queue is blocked and there are available HTTP input threads.
|
44
|
+
This will cause most HTTP clients to time out. Sent events will still be processed in this case. This
|
45
|
+
behavior is not optimal and will be changed in a future release. In the future, this plugin will always
|
46
|
+
return a 429 if the queue is busy, and will not time out in the event of a busy queue.
|
47
|
+
|
48
|
+
==== Security
|
49
|
+
This plugin supports standard HTTP basic authentication headers to identify the requester.
|
50
|
+
You can pass in a username, password combination while sending data to this input
|
51
|
+
|
52
|
+
You can also setup SSL and send data securely over https, with multiple options such as
|
53
|
+
validating the client's certificate.
|
54
|
+
|
55
|
+
|
56
|
+
[id="plugins-{type}s-{plugin}-options"]
|
57
|
+
==== Http Input Configuration Options
|
58
|
+
|
59
|
+
This plugin supports the following configuration options plus the <<plugins-{type}s-{plugin}-common-options>> described later.
|
60
|
+
|
61
|
+
[cols="<,<,<",options="header",]
|
62
|
+
|=======================================================================
|
63
|
+
|Setting |Input type|Required
|
64
|
+
| <<plugins-{type}s-{plugin}-additional_codecs>> |<<hash,hash>>|No
|
65
|
+
| <<plugins-{type}s-{plugin}-cipher_suites>> |<<array,array>>|No
|
66
|
+
| <<plugins-{type}s-{plugin}-host>> |<<string,string>>|No
|
67
|
+
| <<plugins-{type}s-{plugin}-keystore>> |<<path,path>>|No
|
68
|
+
| <<plugins-{type}s-{plugin}-keystore_password>> |<<password,password>>|No
|
69
|
+
| <<plugins-{type}s-{plugin}-password>> |<<password,password>>|No
|
70
|
+
| <<plugins-{type}s-{plugin}-port>> |<<number,number>>|No
|
71
|
+
| <<plugins-{type}s-{plugin}-max_pending_requests>> |<<number,number>>|No
|
72
|
+
| <<plugins-{type}s-{plugin}-response_headers>> |<<hash,hash>>|No
|
73
|
+
| <<plugins-{type}s-{plugin}-ssl>> |<<boolean,boolean>>|No
|
74
|
+
| <<plugins-{type}s-{plugin}-ssl_certificate>> |a valid filesystem path|No
|
75
|
+
| <<plugins-{type}s-{plugin}-ssl_certificate_authorities>> |<<array,array>>|No
|
76
|
+
| <<plugins-{type}s-{plugin}-ssl_handshake_timeout>> |<<number,number>>|No
|
77
|
+
| <<plugins-{type}s-{plugin}-ssl_key>> |a valid filesystem path|No
|
78
|
+
| <<plugins-{type}s-{plugin}-ssl_key_passphrase>> |<<password,password>>|No
|
79
|
+
| <<plugins-{type}s-{plugin}-ssl_verify_mode>> |<<string,string>>, one of `["none", "peer", "force_peer"]`|No
|
80
|
+
| <<plugins-{type}s-{plugin}-threads>> |<<number,number>>|No
|
81
|
+
| <<plugins-{type}s-{plugin}-tls_max_version>> |<<number,number>>|No
|
82
|
+
| <<plugins-{type}s-{plugin}-tls_min_version>> |<<number,number>>|No
|
83
|
+
| <<plugins-{type}s-{plugin}-user>> |<<string,string>>|No
|
84
|
+
| <<plugins-{type}s-{plugin}-verify_mode>> |<<string,string>>, one of `["none", "peer", "force_peer"]`|No
|
85
|
+
|=======================================================================
|
86
|
+
|
87
|
+
Also see <<plugins-{type}s-{plugin}-common-options>> for a list of options supported by all
|
88
|
+
input plugins.
|
89
|
+
|
90
|
+
|
91
|
+
|
92
|
+
[id="plugins-{type}s-{plugin}-additional_codecs"]
|
93
|
+
===== `additional_codecs`
|
94
|
+
|
95
|
+
* Value type is <<hash,hash>>
|
96
|
+
* Default value is `{"application/json"=>"json"}`
|
97
|
+
|
98
|
+
Apply specific codecs for specific content types.
|
99
|
+
The default codec will be applied only after this list is checked
|
100
|
+
and no codec for the request's content-type is found
|
101
|
+
|
102
|
+
[id="plugins-{type}s-{plugin}-cipher_suites"]
|
103
|
+
===== `cipher_suites`
|
104
|
+
|
105
|
+
* Value type is <<array,array>>
|
106
|
+
* Default value is `java.lang.String[TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256]@459cfcca`
|
107
|
+
|
108
|
+
The list of ciphers suite to use, listed by priorities.
|
109
|
+
|
110
|
+
[id="plugins-{type}s-{plugin}-host"]
|
111
|
+
===== `host`
|
112
|
+
|
113
|
+
* Value type is <<string,string>>
|
114
|
+
* Default value is `"0.0.0.0"`
|
115
|
+
|
116
|
+
The host or ip to bind
|
117
|
+
|
118
|
+
[id="plugins-{type}s-{plugin}-keystore"]
|
119
|
+
===== `keystore`
|
120
|
+
|
121
|
+
* Value type is <<path,path>>
|
122
|
+
* There is no default value for this setting.
|
123
|
+
* This option is deprecated
|
124
|
+
|
125
|
+
The JKS keystore to validate the client's certificates
|
126
|
+
|
127
|
+
Note: This option is deprecated and it will be removed in the next major version of Logstash.
|
128
|
+
Use `ssl_certificate` and `ssl_key` instead.
|
129
|
+
|
130
|
+
[id="plugins-{type}s-{plugin}-keystore_password"]
|
131
|
+
===== `keystore_password`
|
132
|
+
|
133
|
+
* Value type is <<password,password>>
|
134
|
+
* There is no default value for this setting.
|
135
|
+
* This option is deprecated
|
136
|
+
|
137
|
+
Set the truststore password
|
138
|
+
|
139
|
+
Note: This option is deprecated and it will be removed in the next major version of Logstash.
|
140
|
+
Use `ssl_certificate` and `ssl_key` instead.
|
141
|
+
|
142
|
+
[id="plugins-{type}s-{plugin}-password"]
|
143
|
+
===== `password`
|
144
|
+
|
145
|
+
* Value type is <<password,password>>
|
146
|
+
* There is no default value for this setting.
|
147
|
+
|
148
|
+
Password for basic authorization
|
149
|
+
|
150
|
+
[id="plugins-{type}s-{plugin}-port"]
|
151
|
+
===== `port`
|
152
|
+
|
153
|
+
* Value type is <<number,number>>
|
154
|
+
* Default value is `8080`
|
155
|
+
|
156
|
+
The TCP port to bind to
|
157
|
+
|
158
|
+
[id="plugins-{type}s-{plugin}-max_content_length"]
|
159
|
+
===== `max_content_length`
|
160
|
+
|
161
|
+
* Value type is <<number,number>>
|
162
|
+
* Default value is 104857600
|
163
|
+
|
164
|
+
The max content of an HTTP request in bytes. It defaults to 100mb.
|
165
|
+
|
166
|
+
[id="plugins-{type}s-{plugin}-max_pending_requests"]
|
167
|
+
===== `max_pending_requests`
|
168
|
+
|
169
|
+
* Value type is <<number,number>>
|
170
|
+
* Default value is 200
|
171
|
+
|
172
|
+
Maximum number of incoming requests to store in a temporary queue before being processed by worker threads.
|
173
|
+
If a request arrives and the queue is full a 429 response will be returned immediately.
|
174
|
+
This queue exists to deal with micro bursts of events and to improve overall throughput,
|
175
|
+
so it should be changed very carefully as it can lead to memory pressure and impact performance.
|
176
|
+
If you need to deal both periodic or unforeseen spikes in incoming requests consider enabling the
|
177
|
+
Persistent Queue for the logstash pipeline.
|
178
|
+
|
179
|
+
[id="plugins-{type}s-{plugin}-response_headers"]
|
180
|
+
===== `response_headers`
|
181
|
+
|
182
|
+
* Value type is <<hash,hash>>
|
183
|
+
* Default value is `{"Content-Type"=>"text/plain"}`
|
184
|
+
|
185
|
+
specify a custom set of response headers
|
186
|
+
|
187
|
+
[id="plugins-{type}s-{plugin}-ssl"]
|
188
|
+
===== `ssl`
|
189
|
+
|
190
|
+
* Value type is <<boolean,boolean>>
|
191
|
+
* Default value is `false`
|
192
|
+
|
193
|
+
Events are by default sent in plain text. You can
|
194
|
+
enable encryption by setting `ssl` to true and configuring
|
195
|
+
the `ssl_certificate` and `ssl_key` options.
|
196
|
+
|
197
|
+
[id="plugins-{type}s-{plugin}-ssl_certificate"]
|
198
|
+
===== `ssl_certificate`
|
199
|
+
|
200
|
+
* Value type is <<path,path>>
|
201
|
+
* There is no default value for this setting.
|
202
|
+
|
203
|
+
SSL certificate to use.
|
204
|
+
|
205
|
+
[id="plugins-{type}s-{plugin}-ssl_certificate_authorities"]
|
206
|
+
===== `ssl_certificate_authorities`
|
207
|
+
|
208
|
+
* Value type is <<array,array>>
|
209
|
+
* Default value is `[]`
|
210
|
+
|
211
|
+
Validate client certificates against these authorities.
|
212
|
+
You can define multiple files or paths. All the certificates will
|
213
|
+
be read and added to the trust store. You need to configure the `ssl_verify_mode`
|
214
|
+
to `peer` or `force_peer` to enable the verification.
|
215
|
+
|
216
|
+
|
217
|
+
[id="plugins-{type}s-{plugin}-ssl_handshake_timeout"]
|
218
|
+
===== `ssl_handshake_timeout`
|
219
|
+
|
220
|
+
* Value type is <<number,number>>
|
221
|
+
* Default value is `10000`
|
222
|
+
|
223
|
+
Time in milliseconds for an incomplete ssl handshake to timeout
|
224
|
+
|
225
|
+
[id="plugins-{type}s-{plugin}-ssl_key"]
|
226
|
+
===== `ssl_key`
|
227
|
+
|
228
|
+
* Value type is <<path,path>>
|
229
|
+
* There is no default value for this setting.
|
230
|
+
|
231
|
+
SSL key to use.
|
232
|
+
NOTE: This key need to be in the PKCS8 format, you can convert it with https://www.openssl.org/docs/man1.1.0/apps/pkcs8.html[OpenSSL]
|
233
|
+
for more information.
|
234
|
+
|
235
|
+
[id="plugins-{type}s-{plugin}-ssl_key_passphrase"]
|
236
|
+
===== `ssl_key_passphrase`
|
237
|
+
|
238
|
+
* Value type is <<password,password>>
|
239
|
+
* There is no default value for this setting.
|
240
|
+
|
241
|
+
SSL key passphrase to use.
|
242
|
+
|
243
|
+
[id="plugins-{type}s-{plugin}-ssl_verify_mode"]
|
244
|
+
===== `ssl_verify_mode`
|
245
|
+
|
246
|
+
* Value can be any of: `none`, `peer`, `force_peer`
|
247
|
+
* Default value is `"none"`
|
248
|
+
|
249
|
+
By default the server doesn't do any client verification.
|
250
|
+
|
251
|
+
`peer` will make the server ask the client to provide a certificate.
|
252
|
+
If the client provides a certificate, it will be validated.
|
253
|
+
|
254
|
+
`force_peer` will make the server ask the client to provide a certificate.
|
255
|
+
If the client doesn't provide a certificate, the connection will be closed.
|
256
|
+
|
257
|
+
This option needs to be used with `ssl_certificate_authorities` and a defined list of CAs.
|
258
|
+
|
259
|
+
[id="plugins-{type}s-{plugin}-threads"]
|
260
|
+
===== `threads`
|
261
|
+
|
262
|
+
* Value type is <<number,number>>
|
263
|
+
* Default value is number of processors
|
264
|
+
|
265
|
+
Number of threads to use for both accepting connections and handling requests
|
266
|
+
|
267
|
+
[id="plugins-{type}s-{plugin}-tls_max_version"]
|
268
|
+
===== `tls_max_version`
|
269
|
+
|
270
|
+
* Value type is <<number,number>>
|
271
|
+
* Default value is `1.2`
|
272
|
+
|
273
|
+
The maximum TLS version allowed for the encrypted connections. The value must be the one of the following:
|
274
|
+
1.0 for TLS 1.0, 1.1 for TLS 1.1, 1.2 for TLS 1.2
|
275
|
+
|
276
|
+
[id="plugins-{type}s-{plugin}-tls_min_version"]
|
277
|
+
===== `tls_min_version`
|
278
|
+
|
279
|
+
* Value type is <<number,number>>
|
280
|
+
* Default value is `1`
|
281
|
+
|
282
|
+
The minimum TLS version allowed for the encrypted connections. The value must be one of the following:
|
283
|
+
1.0 for TLS 1.0, 1.1 for TLS 1.1, 1.2 for TLS 1.2
|
284
|
+
|
285
|
+
[id="plugins-{type}s-{plugin}-user"]
|
286
|
+
===== `user`
|
287
|
+
|
288
|
+
* Value type is <<string,string>>
|
289
|
+
* There is no default value for this setting.
|
290
|
+
|
291
|
+
Username for basic authorization
|
292
|
+
|
293
|
+
[id="plugins-{type}s-{plugin}-verify_mode"]
|
294
|
+
===== `verify_mode`
|
295
|
+
|
296
|
+
* Value can be any of: `none`, `peer`, `force_peer`
|
297
|
+
* Default value is `"none"`
|
298
|
+
* This option is deprecated
|
299
|
+
|
300
|
+
Set the client certificate verification method. Valid methods: none, peer, force_peer
|
301
|
+
|
302
|
+
Note: This option is deprecated and it will be removed in the next major version of Logstash.
|
303
|
+
Use `ssl_verify_mode` instead.
|
304
|
+
|
305
|
+
|
306
|
+
[id="plugins-{type}s-{plugin}-common-options"]
|
307
|
+
include::{include_path}/{type}.asciidoc[]
|
308
|
+
|
309
|
+
:default_codec!:
|