logstash-input-log4j2-test1 0.1-java

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: 78b46d2cb759a516e96bbc6c7d57a1a71372ecc9
4
+ data.tar.gz: 76fc16cef89e2fdeace21dae425e141df57d970c
5
+ SHA512:
6
+ metadata.gz: 9e76ec7ba0b9d84376e09c9f963a903993e76efac8484f085e348c13fa66c159771f3113bd83403ba91579561d4caf87c28bb2370b66ad269e9171096ca0d419
7
+ data.tar.gz: cdfa6af9505c167dea6fc8a08d1156eb8daeed6d0adda36d69bcf1601f55d827a43af129eb1ff0d71c040d16ecbfbe5b5e8ebf5e6c8814db5b9650821bd80cf3
data/Gemfile ADDED
@@ -0,0 +1,3 @@
1
+ source 'https://rubygems.org'
2
+ gemspec
3
+ gem "logstash", :github => "elastic/logstash", :branch => "2.1"
data/README.md ADDED
@@ -0,0 +1,55 @@
1
+ # logstash-log4j2
2
+
3
+ Log4j2 plugin for logstash.
4
+
5
+ ## Supported Log4J2 versions:
6
+ Version: 2.1+
7
+
8
+ ## Get the plugin
9
+
10
+ ### Logstash 1.5+
11
+
12
+ Use the install method
13
+
14
+ ```$LS_HOME/bin/plugin install logstash-input-log4j2```
15
+
16
+ ### Logstash 1.4
17
+
18
+ Download the latest release at: https://github.com/jurmous/logstash-log4j2/releases and unzip it.
19
+
20
+ If you download the source you also need rake to run ```rake vendor``` to download the correct log4j2 jars.
21
+
22
+ To run the plugin you need to start logstash with the plugin path `./bin/logstash --pluginpath PATH_TO_PLUGIN -f YOUR_CONF.conf`
23
+
24
+ ## Setup log4j2
25
+ Set log4j2.xml in your project
26
+ ```xml
27
+ <?xml version="1.0" encoding="UTF-8"?>
28
+ <Configuration>
29
+ <Appenders>
30
+ <Socket name="A1" host="localHost" port="7000">
31
+ <SerializedLayout />
32
+ </Socket>
33
+ </Appenders>
34
+ <Loggers>
35
+ <Root level="debug">
36
+ <AppenderRef ref="A1"/>
37
+ </Root>
38
+ </Loggers>
39
+ </Configuration>
40
+ ```
41
+
42
+ ## Setup Logstash
43
+
44
+ ```
45
+ input {
46
+ log4j2 {
47
+ port => 7000
48
+ mode => "server"
49
+ }
50
+ }
51
+
52
+ output {
53
+ stdout { codec => rubydebug }
54
+ }
55
+ ```
@@ -0,0 +1,164 @@
1
+ # encoding: utf-8
2
+ require "logstash/inputs/base"
3
+ require "logstash/errors"
4
+ require "logstash/environment"
5
+ require "logstash/namespace"
6
+ require "logstash/util/socket_peer"
7
+ require "socket"
8
+ require "timeout"
9
+
10
+ # Read events over a TCP socket from a Log4j2 SocketAppender.
11
+ #
12
+ # Can either accept connections from clients or connect to a server,
13
+ # depending on `mode`. Depending on which `mode` is configured,
14
+ # you need a matching SocketAppender or a SocketHubAppender
15
+ # on the remote side.
16
+ class LogStash::Inputs::Log4j2 < LogStash::Inputs::Base
17
+
18
+ config_name "log4j2"
19
+ milestone 1
20
+
21
+ # When mode is `server`, the address to listen on.
22
+ # When mode is `client`, the address to connect to.
23
+ config :host, :validate => :string, :default => "0.0.0.0"
24
+
25
+ # When mode is `server`, the port to listen on.
26
+ # When mode is `client`, the port to connect to.
27
+ config :port, :validate => :number, :default => 4560
28
+
29
+ # Read timeout in seconds. If a particular TCP connection is
30
+ # idle for more than this timeout period, we will assume
31
+ # it is dead and close it.
32
+ # If you never want to timeout, use -1.
33
+ config :data_timeout, :validate => :number, :default => 5
34
+
35
+ # Mode to operate in. `server` listens for client connections,
36
+ # `client` connects to a server.
37
+ config :mode, :validate => ["server", "client"], :default => "server"
38
+
39
+ def initialize(*args)
40
+ super(*args)
41
+ end # def initialize
42
+
43
+ public
44
+ def register
45
+ require "java"
46
+ require "jruby/serialization"
47
+
48
+ begin
49
+ vendor_dir = ::File.expand_path("../../../vendor/", ::File.dirname(__FILE__))
50
+ require File.join(vendor_dir, "log4j-api-2.1.jar")
51
+ require File.join(vendor_dir, "log4j-core-2.1.jar")
52
+ require File.join(vendor_dir, "disruptor-3.3.0.jar")
53
+
54
+ Java::OrgApacheLoggingLog4jCoreImpl.const_get("Log4jLogEvent")
55
+ rescue
56
+ raise(LogStash::PluginLoadingError, "Log4j2 java library not loaded")
57
+ end
58
+
59
+ if server?
60
+ @logger.info("Starting Log4j2 input listener", :address => "#{@host}:#{@port}")
61
+ @server_socket = TCPServer.new(@host, @port)
62
+ end
63
+ @logger.info("Log4j input")
64
+ end # def register
65
+
66
+ private
67
+ def pretty_print_stack_trace(proxy)
68
+ indentation = "\n\t"
69
+ result = "#{proxy.getName}: #{proxy.getMessage.to_s}#{indentation}#{proxy.getExtendedStackTrace.to_a.join(indentation)}"
70
+ cause = proxy.getCauseProxy
71
+ while cause
72
+ result += "\nCaused by: #{cause.getName}: #{cause.getMessage.to_s}#{indentation}#{cause.getExtendedStackTrace.to_a.join(indentation)}"
73
+ cause = cause.getCauseProxy
74
+ end
75
+ result
76
+ end
77
+
78
+ private
79
+ def handle_socket(socket, output_queue)
80
+ begin
81
+ # JRubyObjectInputStream uses JRuby class path to find the class to de-serialize to
82
+ ois = JRubyObjectInputStream.new(java.io.BufferedInputStream.new(socket.to_inputstream))
83
+ loop do
84
+ # NOTE: log4j_obj is org.apache.logging.log4j.core.impl.Log4jLogEvent
85
+ log4j_obj = ois.readObject
86
+ event = LogStash::Event.new("message" => log4j_obj.getMessage.getFormattedMessage, LogStash::Event::TIMESTAMP => Time.at(log4j_obj.getTimeMillis/1000,log4j_obj.getTimeMillis%1000*1000).gmtime)
87
+ decorate(event)
88
+ event["host"] = socket.peer
89
+ event["marker"] = log4j_obj.getMarker.getName if log4j_obj.getMarker
90
+ event["path"] = log4j_obj.getLoggerName
91
+ event["priority"] = log4j_obj.getLevel.toString
92
+ event["logger_name"] = log4j_obj.getLoggerName
93
+ event["thread"] = log4j_obj.getThreadName
94
+ if log4j_obj.getSource()
95
+ event["class"] = log4j_obj.getSource().getClassName
96
+ event["file"] = log4j_obj.getSource().getFileName + ":" + log4j_obj.getSource().getLineNumber.to_s
97
+ event["method"] = log4j_obj.getSource().getMethodName
98
+ end
99
+ # Add the context properties to '@fields'
100
+ if log4j_obj.contextMap
101
+ log4j_obj.contextMap.keySet.each do |key|
102
+ event["cmap_"+key] = log4j_obj.contextMap.get(key)
103
+ end
104
+ end
105
+
106
+ proxy = log4j_obj.getThrownProxy
107
+ if proxy
108
+ event["stack_trace"] = pretty_print_stack_trace(proxy)
109
+ end
110
+
111
+ event["cstack"] = log4j_obj.getContextStack.to_a if log4j_obj.getContextStack
112
+ output_queue << event
113
+ end # loop do
114
+ rescue => e
115
+ @logger.debug(e)
116
+ @logger.debug("Closing connection", :client => socket.peer,
117
+ :exception => e)
118
+ rescue Timeout::Error
119
+ @logger.debug("Closing connection after read timeout",
120
+ :client => socket.peer)
121
+ end # begin
122
+ ensure
123
+ begin
124
+ socket.close
125
+ rescue IOError
126
+ pass
127
+ end # begin
128
+ end
129
+
130
+ private
131
+ def server?
132
+ @mode == "server"
133
+ end # def server?
134
+
135
+ private
136
+ def readline(socket)
137
+ line = socket.readline
138
+ end # def readline
139
+
140
+ public
141
+ def run(output_queue)
142
+ if server?
143
+ loop do
144
+ # Start a new thread for each connection.
145
+ Thread.start(@server_socket.accept) do |s|
146
+ # TODO(sissel): put this block in its own method.
147
+
148
+ # monkeypatch a 'peer' method onto the socket.
149
+ s.instance_eval { class << self; include ::LogStash::Util::SocketPeer end }
150
+ @logger.debug("Accepted connection", :client => s.peer,
151
+ :server => "#{@host}:#{@port}")
152
+ handle_socket(s, output_queue)
153
+ end # Thread.start
154
+ end # loop
155
+ else
156
+ loop do
157
+ client_socket = TCPSocket.new(@host, @port)
158
+ client_socket.instance_eval { class << self; include ::LogStash::Util::SocketPeer end }
159
+ @logger.debug("Opened connection", :client => "#{client_socket.peer}")
160
+ handle_socket(client_socket, output_queue)
161
+ end # loop
162
+ end
163
+ end # def run
164
+ end # class LogStash::Inputs::Log4j2
@@ -0,0 +1,29 @@
1
+ Gem::Specification.new do |s|
2
+ s.name = 'logstash-input-log4j2-test1'
3
+ s.version = '0.1'
4
+ s.licenses = ['Apache License (2.0)']
5
+ s.summary = "Read events over a TCP socket from a Log4j2 SocketAppender"
6
+ s.description = "This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program"
7
+ s.authors = ["Jurriaan Mous"]
8
+ s.email = 'jurmous@jurmo.us'
9
+ s.homepage = "https://github.com/jurmous/logstash-log4j2"
10
+ s.require_paths = ["lib"]
11
+
12
+ # Files
13
+ #s.files = `git ls-files`.split($\)+::Dir.glob('vendor/*')
14
+
15
+
16
+ s.files = Dir['lib/**/*','spec/**/*','vendor/**/*','*.gemspec','*.md','CONTRIBUTORS','Gemfile','LICENSE','NOTICE.TXT']
17
+
18
+ # Tests
19
+ s.test_files = s.files.grep(%r{^(test|spec|features)/})
20
+
21
+ # Special flag to let us know this is actually a logstash plugin
22
+ s.metadata = { "logstash_plugin" => "true", "logstash_group" => "input" }
23
+
24
+ s.platform = 'java'
25
+
26
+ s.add_runtime_dependency "logstash-core", ">= 2.0.0.beta2", "< 3.0.0"
27
+
28
+ s.add_development_dependency 'logstash-devutils'
29
+ end
metadata ADDED
@@ -0,0 +1,85 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: logstash-input-log4j2-test1
3
+ version: !ruby/object:Gem::Version
4
+ version: '0.1'
5
+ platform: java
6
+ authors:
7
+ - Jurriaan Mous
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2016-07-14 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: logstash-core
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ">="
18
+ - !ruby/object:Gem::Version
19
+ version: 2.0.0.beta2
20
+ - - "<"
21
+ - !ruby/object:Gem::Version
22
+ version: 3.0.0
23
+ type: :runtime
24
+ prerelease: false
25
+ version_requirements: !ruby/object:Gem::Requirement
26
+ requirements:
27
+ - - ">="
28
+ - !ruby/object:Gem::Version
29
+ version: 2.0.0.beta2
30
+ - - "<"
31
+ - !ruby/object:Gem::Version
32
+ version: 3.0.0
33
+ - !ruby/object:Gem::Dependency
34
+ name: logstash-devutils
35
+ requirement: !ruby/object:Gem::Requirement
36
+ requirements:
37
+ - - ">="
38
+ - !ruby/object:Gem::Version
39
+ version: '0'
40
+ type: :development
41
+ prerelease: false
42
+ version_requirements: !ruby/object:Gem::Requirement
43
+ requirements:
44
+ - - ">="
45
+ - !ruby/object:Gem::Version
46
+ version: '0'
47
+ description: This gem is a logstash plugin required to be installed on top of the
48
+ Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not
49
+ a stand-alone program
50
+ email: jurmous@jurmo.us
51
+ executables: []
52
+ extensions: []
53
+ extra_rdoc_files: []
54
+ files:
55
+ - Gemfile
56
+ - README.md
57
+ - lib/logstash/inputs/log4j2.rb
58
+ - logstash-input-log4j2.gemspec
59
+ homepage: https://github.com/jurmous/logstash-log4j2
60
+ licenses:
61
+ - Apache License (2.0)
62
+ metadata:
63
+ logstash_plugin: 'true'
64
+ logstash_group: input
65
+ post_install_message:
66
+ rdoc_options: []
67
+ require_paths:
68
+ - lib
69
+ required_ruby_version: !ruby/object:Gem::Requirement
70
+ requirements:
71
+ - - ">="
72
+ - !ruby/object:Gem::Version
73
+ version: '0'
74
+ required_rubygems_version: !ruby/object:Gem::Requirement
75
+ requirements:
76
+ - - ">="
77
+ - !ruby/object:Gem::Version
78
+ version: '0'
79
+ requirements: []
80
+ rubyforge_project:
81
+ rubygems_version: 2.2.2
82
+ signing_key:
83
+ specification_version: 4
84
+ summary: Read events over a TCP socket from a Log4j2 SocketAppender
85
+ test_files: []