logstash-input-log4j 3.0.5-java → 3.0.6-java
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +8 -1
- data/README.md +2 -97
- data/docs/index.asciidoc +171 -0
- data/logstash-input-log4j.gemspec +2 -2
- metadata +20 -19
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 43f948b617ba8cda3995dff3d1e87d79c64188b6
|
4
|
+
data.tar.gz: 31b43ba198a6bd8cc9133d9cf3af0d4c281274db
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 650c0b807694495bf23a5248fa19503decabc129c74875f49ada5e551827f297d176e4388edef244d2d9d500e2f3b97d629c8a36202cc537ce8bd64fe32d0716
|
7
|
+
data.tar.gz: d7607fa451c8bc6046038c5ffa99d075a2db065e71616358501b5b9c4275970ca55e1433152a3acdcfdd3b77dc48ee29251401cd2e141b005e6a82bdc2f79516
|
data/Gemfile
CHANGED
@@ -1,4 +1,11 @@
|
|
1
1
|
source 'https://rubygems.org'
|
2
2
|
|
3
|
-
# Specify your gem's dependencies in logstash-mass_effect.gemspec
|
4
3
|
gemspec
|
4
|
+
|
5
|
+
logstash_path = ENV["LOGSTASH_PATH"] || "../../logstash"
|
6
|
+
use_logstash_source = ENV["LOGSTASH_SOURCE"] && ENV["LOGSTASH_SOURCE"].to_s == "1"
|
7
|
+
|
8
|
+
if Dir.exist?(logstash_path) && use_logstash_source
|
9
|
+
gem 'logstash-core', :path => "#{logstash_path}/logstash-core"
|
10
|
+
gem 'logstash-core-plugin-api', :path => "#{logstash_path}/logstash-core-plugin-api"
|
11
|
+
end
|
data/README.md
CHANGED
@@ -1,98 +1,3 @@
|
|
1
|
-
#
|
1
|
+
# Deprecation Notice
|
2
2
|
|
3
|
-
[
|
4
|
-
|
5
|
-
This is a plugin for [Logstash](https://github.com/elastic/logstash) to allow it to receive events from the log4j Socket Appender. Note that it only works with log4j 1.x and not with version 2.
|
6
|
-
|
7
|
-
It is fully free and fully open source. The license is Apache 2.0, meaning you are pretty much free to use it however you want in whatever way.
|
8
|
-
|
9
|
-
## Documentation
|
10
|
-
|
11
|
-
Logstash provides infrastructure to automatically generate documentation for this plugin. We use the asciidoc format to write documentation so any comments in the source code will be first converted into asciidoc and then into html. All plugin documentation are placed under one [central location](http://www.elastic.co/guide/en/logstash/current/).
|
12
|
-
|
13
|
-
- For formatting code or config example, you can use the asciidoc `[source,ruby]` directive
|
14
|
-
- For more asciidoc formatting tips, see the excellent reference here https://github.com/elastic/docs#asciidoc-guide
|
15
|
-
|
16
|
-
## Need Help?
|
17
|
-
|
18
|
-
Need help? Try #logstash on freenode IRC or the https://discuss.elastic.co/c/logstash discussion forum.
|
19
|
-
|
20
|
-
## Developing
|
21
|
-
|
22
|
-
### 1. Plugin Developement and Testing
|
23
|
-
|
24
|
-
#### Code
|
25
|
-
- To get started, you'll need JRuby with the Bundler gem installed.
|
26
|
-
|
27
|
-
- Create a new plugin or clone and existing from the GitHub [logstash-plugins](https://github.com/logstash-plugins) organization. We also provide [example plugins](https://github.com/logstash-plugins?query=example).
|
28
|
-
|
29
|
-
- Install dependencies
|
30
|
-
```sh
|
31
|
-
bundle install
|
32
|
-
```
|
33
|
-
|
34
|
-
#### Test
|
35
|
-
|
36
|
-
- Update your dependencies
|
37
|
-
|
38
|
-
```sh
|
39
|
-
bundle install
|
40
|
-
```
|
41
|
-
|
42
|
-
- Run tests
|
43
|
-
|
44
|
-
```sh
|
45
|
-
bundle exec rspec
|
46
|
-
```
|
47
|
-
|
48
|
-
### 2. Running your unpublished Plugin in Logstash
|
49
|
-
|
50
|
-
#### 2.1 Run in a local Logstash clone
|
51
|
-
|
52
|
-
- Edit Logstash `Gemfile` and add the local plugin path, for example:
|
53
|
-
```ruby
|
54
|
-
gem "logstash-filter-awesome", :path => "/your/local/logstash-filter-awesome"
|
55
|
-
```
|
56
|
-
- Install plugin
|
57
|
-
```sh
|
58
|
-
# Logstash 2.3 and higher
|
59
|
-
bin/logstash-plugin install --no-verify
|
60
|
-
|
61
|
-
# Prior to Logstash 2.3
|
62
|
-
bin/plugin install --no-verify
|
63
|
-
|
64
|
-
```
|
65
|
-
- Run Logstash with your plugin
|
66
|
-
```sh
|
67
|
-
bin/logstash -e 'filter {awesome {}}'
|
68
|
-
```
|
69
|
-
At this point any modifications to the plugin code will be applied to this local Logstash setup. After modifying the plugin, simply rerun Logstash.
|
70
|
-
|
71
|
-
#### 2.2 Run in an installed Logstash
|
72
|
-
|
73
|
-
You can use the same **2.1** method to run your plugin in an installed Logstash by editing its `Gemfile` and pointing the `:path` to your local plugin development directory or you can build the gem and install it using:
|
74
|
-
|
75
|
-
- Build your plugin gem
|
76
|
-
```sh
|
77
|
-
gem build logstash-filter-awesome.gemspec
|
78
|
-
```
|
79
|
-
- Install the plugin from the Logstash home
|
80
|
-
```sh
|
81
|
-
# Logstash 2.3 and higher
|
82
|
-
bin/logstash-plugin install --no-verify
|
83
|
-
|
84
|
-
# Prior to Logstash 2.3
|
85
|
-
bin/plugin install --no-verify
|
86
|
-
|
87
|
-
```
|
88
|
-
- Start Logstash and proceed to test the plugin
|
89
|
-
|
90
|
-
## Contributing
|
91
|
-
|
92
|
-
All contributions are welcome: ideas, patches, documentation, bug reports, complaints, and even something you drew up on a napkin.
|
93
|
-
|
94
|
-
Programming is not a required skill. Whatever you've seen about open source and maintainers or community members saying "send patches or die" - you will not see that here.
|
95
|
-
|
96
|
-
It is more important to the community that you are able to contribute.
|
97
|
-
|
98
|
-
For more information about contributing, see the [CONTRIBUTING](https://github.com/elastic/logstash/blob/master/CONTRIBUTING.md) file.
|
3
|
+
This input has been deprecated for security reasons. Details about the security issue and migration steps can be found in this [blog post](https://www.elastic.co/blog/log4j-input-logstash) and in the [documentation](https://www.elastic.co/guide/en/logstash/current/plugins-inputs-log4j.html#_deprecation_notice).
|
data/docs/index.asciidoc
ADDED
@@ -0,0 +1,171 @@
|
|
1
|
+
:plugin: log4j
|
2
|
+
:type: input
|
3
|
+
|
4
|
+
///////////////////////////////////////////
|
5
|
+
START - GENERATED VARIABLES, DO NOT EDIT!
|
6
|
+
///////////////////////////////////////////
|
7
|
+
:version: %VERSION%
|
8
|
+
:release_date: %RELEASE_DATE%
|
9
|
+
:changelog_url: %CHANGELOG_URL%
|
10
|
+
:include_path: ../../../../logstash/docs/include
|
11
|
+
///////////////////////////////////////////
|
12
|
+
END - GENERATED VARIABLES, DO NOT EDIT!
|
13
|
+
///////////////////////////////////////////
|
14
|
+
|
15
|
+
[id="plugins-{type}-{plugin}"]
|
16
|
+
|
17
|
+
=== Log4j input plugin
|
18
|
+
|
19
|
+
include::{include_path}/plugin_header.asciidoc[]
|
20
|
+
|
21
|
+
==== Description
|
22
|
+
|
23
|
+
==== Deprecation Notice
|
24
|
+
|
25
|
+
NOTE: This plugin is deprecated. It is recommended that you use filebeat to collect logs from log4j.
|
26
|
+
|
27
|
+
The following section is a guide for how to migrate from SocketAppender to use filebeat.
|
28
|
+
|
29
|
+
To migrate away from log4j SocketAppender to using filebeat, you will need to make 3 changes:
|
30
|
+
|
31
|
+
1) Configure your log4j.properties (in your app) to write to a local file.
|
32
|
+
2) Install and configure filebeat to collect those logs and ship them to Logstash
|
33
|
+
3) Configure Logstash to use the beats input.
|
34
|
+
|
35
|
+
.Configuring log4j for writing to local files
|
36
|
+
|
37
|
+
In your log4j.properties file, remove SocketAppender and replace it with RollingFileAppender.
|
38
|
+
|
39
|
+
For example, you can use the following log4j.properties configuration to write daily log files.
|
40
|
+
|
41
|
+
# Your app's log4j.properties (log4j 1.2 only)
|
42
|
+
log4j.rootLogger=daily
|
43
|
+
log4j.appender.daily=org.apache.log4j.rolling.RollingFileAppender
|
44
|
+
log4j.appender.daily.RollingPolicy=org.apache.log4j.rolling.TimeBasedRollingPolicy
|
45
|
+
log4j.appender.daily.RollingPolicy.FileNamePattern=/var/log/your-app/app.%d.log
|
46
|
+
log4j.appender.daily.layout = org.apache.log4j.PatternLayout
|
47
|
+
log4j.appender.daily.layout.ConversionPattern=%d{YYYY-MM-dd HH:mm:ss,SSSZ} %p %c{1}:%L - %m%n
|
48
|
+
|
49
|
+
Configuring log4j.properties in more detail is outside the scope of this migration guide.
|
50
|
+
|
51
|
+
.Configuring filebeat
|
52
|
+
|
53
|
+
Next,
|
54
|
+
https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-installation.html[install
|
55
|
+
filebeat]. Based on the above log4j.properties, we can use this filebeat
|
56
|
+
configuration:
|
57
|
+
|
58
|
+
# filebeat.yml
|
59
|
+
filebeat:
|
60
|
+
prospectors:
|
61
|
+
-
|
62
|
+
paths:
|
63
|
+
- /var/log/your-app/app.*.log
|
64
|
+
input_type: log
|
65
|
+
output:
|
66
|
+
logstash:
|
67
|
+
hosts: ["your-logstash-host:5000"]
|
68
|
+
|
69
|
+
For more details on configuring filebeat, see
|
70
|
+
https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-configuration.html[the filebeat configuration guide].
|
71
|
+
|
72
|
+
.Configuring Logstash to receive from filebeat
|
73
|
+
|
74
|
+
Finally, configure Logstash with a beats input:
|
75
|
+
|
76
|
+
# logstash configuration
|
77
|
+
input {
|
78
|
+
beats {
|
79
|
+
port => 5000
|
80
|
+
}
|
81
|
+
}
|
82
|
+
|
83
|
+
It is strongly recommended that you also enable TLS in filebeat and logstash
|
84
|
+
beats input for protection and safety of your log data..
|
85
|
+
|
86
|
+
For more details on configuring the beats input, see
|
87
|
+
https://www.elastic.co/guide/en/logstash/current/plugins-inputs-beats.html[the logstash beats input documentation].
|
88
|
+
|
89
|
+
'''
|
90
|
+
|
91
|
+
Read events over a TCP socket from a Log4j SocketAppender. This plugin works only with log4j version 1.x.
|
92
|
+
|
93
|
+
Can either accept connections from clients or connect to a server,
|
94
|
+
depending on `mode`. Depending on which `mode` is configured,
|
95
|
+
you need a matching SocketAppender or a SocketHubAppender
|
96
|
+
on the remote side.
|
97
|
+
|
98
|
+
One event is created per received log4j LoggingEvent with the following schema:
|
99
|
+
|
100
|
+
* `timestamp` => the number of milliseconds elapsed from 1/1/1970 until logging event was created.
|
101
|
+
* `path` => the name of the logger
|
102
|
+
* `priority` => the level of this event
|
103
|
+
* `logger_name` => the name of the logger
|
104
|
+
* `thread` => the thread name making the logging request
|
105
|
+
* `class` => the fully qualified class name of the caller making the logging request.
|
106
|
+
* `file` => the source file name and line number of the caller making the logging request in a colon-separated format "fileName:lineNumber".
|
107
|
+
* `method` => the method name of the caller making the logging request.
|
108
|
+
* `NDC` => the NDC string
|
109
|
+
* `stack_trace` => the multi-line stack-trace
|
110
|
+
|
111
|
+
Also if the original log4j LoggingEvent contains MDC hash entries, they will be merged in the event as fields.
|
112
|
+
|
113
|
+
[id="plugins-{type}s-{plugin}-options"]
|
114
|
+
==== Log4j Input Configuration Options
|
115
|
+
|
116
|
+
This plugin supports the following configuration options plus the <<plugins-{type}s-{plugin}-common-options>> described later.
|
117
|
+
|
118
|
+
[cols="<,<,<",options="header",]
|
119
|
+
|=======================================================================
|
120
|
+
|Setting |Input type|Required
|
121
|
+
| <<plugins-{type}s-{plugin}-host>> |<<string,string>>|No
|
122
|
+
| <<plugins-{type}s-{plugin}-mode>> |<<string,string>>, one of `["server", "client"]`|No
|
123
|
+
| <<plugins-{type}s-{plugin}-port>> |<<number,number>>|No
|
124
|
+
| <<plugins-{type}s-{plugin}-proxy_protocol>> |<<boolean,boolean>>|No
|
125
|
+
|=======================================================================
|
126
|
+
|
127
|
+
Also see <<plugins-{type}s-{plugin}-common-options>> for a list of options supported by all
|
128
|
+
input plugins.
|
129
|
+
|
130
|
+
|
131
|
+
|
132
|
+
[id="plugins-{type}s-{plugin}-host"]
|
133
|
+
===== `host`
|
134
|
+
|
135
|
+
* Value type is <<string,string>>
|
136
|
+
* Default value is `"0.0.0.0"`
|
137
|
+
|
138
|
+
When mode is `server`, the address to listen on.
|
139
|
+
When mode is `client`, the address to connect to.
|
140
|
+
|
141
|
+
[id="plugins-{type}s-{plugin}-mode"]
|
142
|
+
===== `mode`
|
143
|
+
|
144
|
+
* Value can be any of: `server`, `client`
|
145
|
+
* Default value is `"server"`
|
146
|
+
|
147
|
+
Mode to operate in. `server` listens for client connections,
|
148
|
+
`client` connects to a server.
|
149
|
+
|
150
|
+
[id="plugins-{type}s-{plugin}-port"]
|
151
|
+
===== `port`
|
152
|
+
|
153
|
+
* Value type is <<number,number>>
|
154
|
+
* Default value is `4560`
|
155
|
+
|
156
|
+
When mode is `server`, the port to listen on.
|
157
|
+
When mode is `client`, the port to connect to.
|
158
|
+
|
159
|
+
[id="plugins-{type}s-{plugin}-proxy_protocol"]
|
160
|
+
===== `proxy_protocol`
|
161
|
+
|
162
|
+
* Value type is <<boolean,boolean>>
|
163
|
+
* Default value is `false`
|
164
|
+
|
165
|
+
Proxy protocol support, only v1 is supported at this time
|
166
|
+
http://www.haproxy.org/download/1.5/doc/proxy-protocol.txt
|
167
|
+
|
168
|
+
|
169
|
+
|
170
|
+
[id="plugins-{type}s-{plugin}-common-options"]
|
171
|
+
include::{include_path}/{type}.asciidoc[]
|
@@ -1,7 +1,7 @@
|
|
1
1
|
Gem::Specification.new do |s|
|
2
2
|
|
3
3
|
s.name = 'logstash-input-log4j'
|
4
|
-
s.version = '3.0.
|
4
|
+
s.version = '3.0.6'
|
5
5
|
s.licenses = ['Apache License (2.0)']
|
6
6
|
s.summary = "Read events over a TCP socket from a Log4j SocketAppender"
|
7
7
|
s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
|
@@ -11,7 +11,7 @@ Gem::Specification.new do |s|
|
|
11
11
|
s.require_paths = ["lib"]
|
12
12
|
|
13
13
|
# Files
|
14
|
-
s.files = Dir[
|
14
|
+
s.files = Dir["lib/**/*","spec/**/*","*.gemspec","*.md","CONTRIBUTORS","Gemfile","LICENSE","NOTICE.TXT", "vendor/jar-dependencies/**/*.jar", "vendor/jar-dependencies/**/*.rb", "VERSION", "docs/**/*"]
|
15
15
|
|
16
16
|
# Tests
|
17
17
|
s.test_files = s.files.grep(%r{^(test|spec|features)/})
|
metadata
CHANGED
@@ -1,39 +1,30 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: logstash-input-log4j
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.0.
|
4
|
+
version: 3.0.6
|
5
5
|
platform: java
|
6
6
|
authors:
|
7
7
|
- Elastic
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-
|
11
|
+
date: 2017-06-23 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
|
-
name: logstash-codec-plain
|
15
|
-
version_requirements: !ruby/object:Gem::Requirement
|
16
|
-
requirements:
|
17
|
-
- - ">="
|
18
|
-
- !ruby/object:Gem::Version
|
19
|
-
version: '0'
|
20
14
|
requirement: !ruby/object:Gem::Requirement
|
21
15
|
requirements:
|
22
16
|
- - ">="
|
23
17
|
- !ruby/object:Gem::Version
|
24
18
|
version: '0'
|
19
|
+
name: logstash-codec-plain
|
25
20
|
prerelease: false
|
26
21
|
type: :runtime
|
27
|
-
- !ruby/object:Gem::Dependency
|
28
|
-
name: logstash-core-plugin-api
|
29
22
|
version_requirements: !ruby/object:Gem::Requirement
|
30
23
|
requirements:
|
31
24
|
- - ">="
|
32
25
|
- !ruby/object:Gem::Version
|
33
|
-
version: '
|
34
|
-
|
35
|
-
- !ruby/object:Gem::Version
|
36
|
-
version: '2.99'
|
26
|
+
version: '0'
|
27
|
+
- !ruby/object:Gem::Dependency
|
37
28
|
requirement: !ruby/object:Gem::Requirement
|
38
29
|
requirements:
|
39
30
|
- - ">="
|
@@ -42,36 +33,45 @@ dependencies:
|
|
42
33
|
- - "<="
|
43
34
|
- !ruby/object:Gem::Version
|
44
35
|
version: '2.99'
|
36
|
+
name: logstash-core-plugin-api
|
45
37
|
prerelease: false
|
46
38
|
type: :runtime
|
47
|
-
- !ruby/object:Gem::Dependency
|
48
|
-
name: logstash-devutils
|
49
39
|
version_requirements: !ruby/object:Gem::Requirement
|
50
40
|
requirements:
|
51
41
|
- - ">="
|
52
42
|
- !ruby/object:Gem::Version
|
53
|
-
version: '
|
43
|
+
version: '1.60'
|
44
|
+
- - "<="
|
45
|
+
- !ruby/object:Gem::Version
|
46
|
+
version: '2.99'
|
47
|
+
- !ruby/object:Gem::Dependency
|
54
48
|
requirement: !ruby/object:Gem::Requirement
|
55
49
|
requirements:
|
56
50
|
- - ">="
|
57
51
|
- !ruby/object:Gem::Version
|
58
52
|
version: '0'
|
53
|
+
name: logstash-devutils
|
59
54
|
prerelease: false
|
60
55
|
type: :development
|
61
|
-
- !ruby/object:Gem::Dependency
|
62
|
-
name: flores
|
63
56
|
version_requirements: !ruby/object:Gem::Requirement
|
64
57
|
requirements:
|
65
58
|
- - ">="
|
66
59
|
- !ruby/object:Gem::Version
|
67
60
|
version: '0'
|
61
|
+
- !ruby/object:Gem::Dependency
|
68
62
|
requirement: !ruby/object:Gem::Requirement
|
69
63
|
requirements:
|
70
64
|
- - ">="
|
71
65
|
- !ruby/object:Gem::Version
|
72
66
|
version: '0'
|
67
|
+
name: flores
|
73
68
|
prerelease: false
|
74
69
|
type: :development
|
70
|
+
version_requirements: !ruby/object:Gem::Requirement
|
71
|
+
requirements:
|
72
|
+
- - ">="
|
73
|
+
- !ruby/object:Gem::Version
|
74
|
+
version: '0'
|
75
75
|
description: This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program
|
76
76
|
email: info@elastic.co
|
77
77
|
executables: []
|
@@ -84,6 +84,7 @@ files:
|
|
84
84
|
- LICENSE
|
85
85
|
- NOTICE.TXT
|
86
86
|
- README.md
|
87
|
+
- docs/index.asciidoc
|
87
88
|
- lib/logstash-input-log4j_jars.rb
|
88
89
|
- lib/logstash/inputs/log4j.rb
|
89
90
|
- logstash-input-log4j.gemspec
|