logstash-input-log4j2-test1 0.1-java

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 78b46d2cb759a516e96bbc6c7d57a1a71372ecc9
+  data.tar.gz: 76fc16cef89e2fdeace21dae425e141df57d970c
+SHA512:
+  metadata.gz: 9e76ec7ba0b9d84376e09c9f963a903993e76efac8484f085e348c13fa66c159771f3113bd83403ba91579561d4caf87c28bb2370b66ad269e9171096ca0d419
+  data.tar.gz: cdfa6af9505c167dea6fc8a08d1156eb8daeed6d0adda36d69bcf1601f55d827a43af129eb1ff0d71c040d16ecbfbe5b5e8ebf5e6c8814db5b9650821bd80cf3

data/Gemfile

@@ -0,0 +1,3 @@
+source 'https://rubygems.org'
+gemspec
+gem "logstash", :github => "elastic/logstash", :branch => "2.1"

data/README.md

@@ -0,0 +1,55 @@
+# logstash-log4j2
+
+Log4j2 plugin for logstash.
+
+## Supported Log4J2 versions:
+Version: 2.1+
+
+## Get the plugin
+
+### Logstash 1.5+
+
+Use the install method
+
+```$LS_HOME/bin/plugin install logstash-input-log4j2```
+
+### Logstash 1.4
+
+Download the latest release at: https://github.com/jurmous/logstash-log4j2/releases and unzip it.
+
+If you download the source you also need rake to run ```rake vendor``` to download the correct log4j2 jars.
+
+To run the plugin you need to start logstash with the plugin path `./bin/logstash --pluginpath PATH_TO_PLUGIN -f YOUR_CONF.conf`
+
+## Setup log4j2
+Set log4j2.xml in your project
+```xml
+<?xml version="1.0" encoding="UTF-8"?>
+<Configuration>
+    <Appenders>
+        <Socket name="A1" host="localHost" port="7000">
+            <SerializedLayout />
+        </Socket>
+    </Appenders>
+    <Loggers>
+        <Root level="debug">
+            <AppenderRef ref="A1"/>
+        </Root>
+    </Loggers>
+</Configuration>
+```
+
+## Setup Logstash
+
+```
+input {
+  log4j2 {
+    port => 7000
+    mode => "server"
+  }
+}
+
+output {
+  stdout { codec => rubydebug }
+}
+```

data/lib/logstash/inputs/log4j2.rb

@@ -0,0 +1,164 @@
+# encoding: utf-8
+require "logstash/inputs/base"
+require "logstash/errors"
+require "logstash/environment"
+require "logstash/namespace"
+require "logstash/util/socket_peer"
+require "socket"
+require "timeout"
+
+# Read events over a TCP socket from a Log4j2 SocketAppender.
+#
+# Can either accept connections from clients or connect to a server,
+# depending on `mode`. Depending on which `mode` is configured,
+# you need a matching SocketAppender or a SocketHubAppender
+# on the remote side.
+class LogStash::Inputs::Log4j2 < LogStash::Inputs::Base
+
+  config_name "log4j2"
+  milestone 1
+
+  # When mode is `server`, the address to listen on.
+  # When mode is `client`, the address to connect to.
+  config :host, :validate => :string, :default => "0.0.0.0"
+
+  # When mode is `server`, the port to listen on.
+  # When mode is `client`, the port to connect to.
+  config :port, :validate => :number, :default => 4560
+
+  # Read timeout in seconds. If a particular TCP connection is
+  # idle for more than this timeout period, we will assume
+  # it is dead and close it.
+  # If you never want to timeout, use -1.
+  config :data_timeout, :validate => :number, :default => 5
+
+  # Mode to operate in. `server` listens for client connections,
+  # `client` connects to a server.
+  config :mode, :validate => ["server", "client"], :default => "server"
+
+  def initialize(*args)
+    super(*args)
+  end # def initialize
+
+  public
+  def register
+    require "java"
+    require "jruby/serialization"
+
+    begin
+      vendor_dir = ::File.expand_path("../../../vendor/", ::File.dirname(__FILE__))
+      require File.join(vendor_dir, "log4j-api-2.1.jar")
+      require File.join(vendor_dir, "log4j-core-2.1.jar")
+      require File.join(vendor_dir, "disruptor-3.3.0.jar")
+
+      Java::OrgApacheLoggingLog4jCoreImpl.const_get("Log4jLogEvent")
+    rescue
+       raise(LogStash::PluginLoadingError, "Log4j2 java library not loaded")
+    end
+
+    if server?
+      @logger.info("Starting Log4j2 input listener", :address => "#{@host}:#{@port}")
+      @server_socket = TCPServer.new(@host, @port)
+    end
+    @logger.info("Log4j input")
+  end # def register
+
+  private
+  def pretty_print_stack_trace(proxy)
+    indentation = "\n\t"
+    result = "#{proxy.getName}: #{proxy.getMessage.to_s}#{indentation}#{proxy.getExtendedStackTrace.to_a.join(indentation)}"
+    cause = proxy.getCauseProxy
+    while cause
+      result += "\nCaused by: #{cause.getName}: #{cause.getMessage.to_s}#{indentation}#{cause.getExtendedStackTrace.to_a.join(indentation)}"
+      cause = cause.getCauseProxy
+    end
+    result
+  end
+
+  private
+  def handle_socket(socket, output_queue)
+    begin
+      # JRubyObjectInputStream uses JRuby class path to find the class to de-serialize to
+      ois = JRubyObjectInputStream.new(java.io.BufferedInputStream.new(socket.to_inputstream))
+      loop do
+        # NOTE: log4j_obj is org.apache.logging.log4j.core.impl.Log4jLogEvent
+        log4j_obj = ois.readObject
+        event = LogStash::Event.new("message" => log4j_obj.getMessage.getFormattedMessage, LogStash::Event::TIMESTAMP => Time.at(log4j_obj.getTimeMillis/1000,log4j_obj.getTimeMillis%1000*1000).gmtime)
+        decorate(event)
+        event["host"] = socket.peer
+        event["marker"] = log4j_obj.getMarker.getName if log4j_obj.getMarker
+        event["path"] = log4j_obj.getLoggerName
+        event["priority"] = log4j_obj.getLevel.toString
+        event["logger_name"] = log4j_obj.getLoggerName
+        event["thread"] = log4j_obj.getThreadName
+        if log4j_obj.getSource()
+          event["class"] = log4j_obj.getSource().getClassName
+          event["file"] = log4j_obj.getSource().getFileName + ":" + log4j_obj.getSource().getLineNumber.to_s
+          event["method"] = log4j_obj.getSource().getMethodName
+        end
+        # Add the context properties to '@fields'
+        if log4j_obj.contextMap
+          log4j_obj.contextMap.keySet.each do |key|
+            event["cmap_"+key] = log4j_obj.contextMap.get(key)
+          end
+        end
+
+        proxy = log4j_obj.getThrownProxy
+        if proxy
+          event["stack_trace"] = pretty_print_stack_trace(proxy)
+        end
+
+        event["cstack"] = log4j_obj.getContextStack.to_a if log4j_obj.getContextStack
+        output_queue << event
+      end # loop do
+    rescue => e
+      @logger.debug(e)
+      @logger.debug("Closing connection", :client => socket.peer,
+                    :exception => e)
+    rescue Timeout::Error
+      @logger.debug("Closing connection after read timeout",
+                    :client => socket.peer)
+    end # begin
+  ensure
+    begin
+      socket.close
+    rescue IOError
+      pass
+    end # begin
+  end
+
+  private
+  def server?
+    @mode == "server"
+  end # def server?
+
+  private
+  def readline(socket)
+    line = socket.readline
+  end # def readline
+
+  public
+  def run(output_queue)
+    if server?
+      loop do
+        # Start a new thread for each connection.
+        Thread.start(@server_socket.accept) do |s|
+          # TODO(sissel): put this block in its own method.
+
+          # monkeypatch a 'peer' method onto the socket.
+          s.instance_eval { class << self; include ::LogStash::Util::SocketPeer end }
+          @logger.debug("Accepted connection", :client => s.peer,
+                        :server => "#{@host}:#{@port}")
+          handle_socket(s, output_queue)
+        end # Thread.start
+      end # loop
+    else
+      loop do
+        client_socket = TCPSocket.new(@host, @port)
+        client_socket.instance_eval { class << self; include ::LogStash::Util::SocketPeer end }
+        @logger.debug("Opened connection", :client => "#{client_socket.peer}")
+        handle_socket(client_socket, output_queue)
+      end # loop
+    end
+  end # def run
+end # class LogStash::Inputs::Log4j2

data/logstash-input-log4j2.gemspec

@@ -0,0 +1,29 @@
+Gem::Specification.new do |s|
+  s.name            = 'logstash-input-log4j2-test1'
+  s.version         = '0.1'
+  s.licenses        = ['Apache License (2.0)']
+  s.summary         = "Read events over a TCP socket from a Log4j2 SocketAppender"
+  s.description     = "This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program"
+  s.authors         = ["Jurriaan Mous"]
+  s.email           = 'jurmous@jurmo.us'
+  s.homepage        = "https://github.com/jurmous/logstash-log4j2"
+  s.require_paths = ["lib"]
+
+  # Files
+  #s.files = `git ls-files`.split($\)+::Dir.glob('vendor/*')
+
+
+  s.files = Dir['lib/**/*','spec/**/*','vendor/**/*','*.gemspec','*.md','CONTRIBUTORS','Gemfile','LICENSE','NOTICE.TXT']
+
+  # Tests
+  s.test_files = s.files.grep(%r{^(test|spec|features)/})
+
+  # Special flag to let us know this is actually a logstash plugin
+  s.metadata = { "logstash_plugin" => "true", "logstash_group" => "input" }
+
+  s.platform = 'java'
+
+  s.add_runtime_dependency "logstash-core", ">= 2.0.0.beta2", "< 3.0.0"
+
+  s.add_development_dependency 'logstash-devutils'
+end

metadata

@@ -0,0 +1,85 @@
+--- !ruby/object:Gem::Specification
+name: logstash-input-log4j2-test1
+version: !ruby/object:Gem::Version
+  version: '0.1'
+platform: java
+authors:
+- Jurriaan Mous
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2016-07-14 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: logstash-core
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.0.0.beta2
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 3.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.0.0.beta2
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 3.0.0
+- !ruby/object:Gem::Dependency
+  name: logstash-devutils
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: This gem is a logstash plugin required to be installed on top of the
+  Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not
+  a stand-alone program
+email: jurmous@jurmo.us
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- Gemfile
+- README.md
+- lib/logstash/inputs/log4j2.rb
+- logstash-input-log4j2.gemspec
+homepage: https://github.com/jurmous/logstash-log4j2
+licenses:
+- Apache License (2.0)
+metadata:
+  logstash_plugin: 'true'
+  logstash_group: input
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.2.2
+signing_key: 
+specification_version: 4
+summary: Read events over a TCP socket from a Log4j2 SocketAppender
+test_files: []