RubyGems - logstash-input-log4j2-test1 - Versions diffs - 0.1-java - Mend

logstash-input-log4j2-test1 0.1-java

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml +7 -0
data/Gemfile +3 -0
data/README.md +55 -0
data/lib/logstash/inputs/log4j2.rb +164 -0
data/logstash-input-log4j2.gemspec +29 -0
metadata +85 -0

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 78b46d2cb759a516e96bbc6c7d57a1a71372ecc9
+  data.tar.gz: 76fc16cef89e2fdeace21dae425e141df57d970c
+SHA512:
+  metadata.gz: 9e76ec7ba0b9d84376e09c9f963a903993e76efac8484f085e348c13fa66c159771f3113bd83403ba91579561d4caf87c28bb2370b66ad269e9171096ca0d419
+  data.tar.gz: cdfa6af9505c167dea6fc8a08d1156eb8daeed6d0adda36d69bcf1601f55d827a43af129eb1ff0d71c040d16ecbfbe5b5e8ebf5e6c8814db5b9650821bd80cf3

data/Gemfile ADDED Viewed

@@ -0,0 +1,3 @@
+source 'https://rubygems.org'
+gemspec
+gem "logstash", :github => "elastic/logstash", :branch => "2.1"

data/README.md ADDED Viewed

@@ -0,0 +1,55 @@
+# logstash-log4j2
+Log4j2 plugin for logstash.
+## Supported Log4J2 versions:
+Version: 2.1+
+## Get the plugin
+### Logstash 1.5+
+Use the install method
+```$LS_HOME/bin/plugin install logstash-input-log4j2```
+### Logstash 1.4
+Download the latest release at: https://github.com/jurmous/logstash-log4j2/releases and unzip it.
+If you download the source you also need rake to run ```rake vendor``` to download the correct log4j2 jars.
+To run the plugin you need to start logstash with the plugin path `./bin/logstash --pluginpath PATH_TO_PLUGIN -f YOUR_CONF.conf`
+## Setup log4j2
+Set log4j2.xml in your project
+```xml
+<?xml version="1.0" encoding="UTF-8"?>
+<Configuration>
+    <Appenders>
+        <Socket name="A1" host="localHost" port="7000">
+            <SerializedLayout />
+        </Socket>
+    </Appenders>
+    <Loggers>
+        <Root level="debug">
+            <AppenderRef ref="A1"/>
+        </Root>
+    </Loggers>
+</Configuration>
+```
+## Setup Logstash
+```
+input {
+  log4j2 {
+    port => 7000
+    mode => "server"
+  }
+}
+output {
+  stdout { codec => rubydebug }
+}
+```

data/lib/logstash/inputs/log4j2.rb ADDED Viewed

@@ -0,0 +1,164 @@
+# encoding: utf-8
+require "logstash/inputs/base"
+require "logstash/errors"
+require "logstash/environment"
+require "logstash/namespace"
+require "logstash/util/socket_peer"
+require "socket"
+require "timeout"
+# Read events over a TCP socket from a Log4j2 SocketAppender.
+#
+# Can either accept connections from clients or connect to a server,
+# depending on `mode`. Depending on which `mode` is configured,
+# you need a matching SocketAppender or a SocketHubAppender
+# on the remote side.
+class LogStash::Inputs::Log4j2 < LogStash::Inputs::Base
+  config_name "log4j2"
+  milestone 1
+  # When mode is `server`, the address to listen on.
+  # When mode is `client`, the address to connect to.
+  config :host, :validate => :string, :default => "0.0.0.0"
+  # When mode is `server`, the port to listen on.
+  # When mode is `client`, the port to connect to.
+  config :port, :validate => :number, :default => 4560
+  # Read timeout in seconds. If a particular TCP connection is
+  # idle for more than this timeout period, we will assume
+  # it is dead and close it.
+  # If you never want to timeout, use -1.
+  config :data_timeout, :validate => :number, :default => 5
+  # Mode to operate in. `server` listens for client connections,
+  # `client` connects to a server.
+  config :mode, :validate => ["server", "client"], :default => "server"
+  def initialize(*args)
+    super(*args)
+  end # def initialize
+  public
+  def register
+    require "java"
+    require "jruby/serialization"
+    begin
+      vendor_dir = ::File.expand_path("../../../vendor/", ::File.dirname(__FILE__))
+      require File.join(vendor_dir, "log4j-api-2.1.jar")
+      require File.join(vendor_dir, "log4j-core-2.1.jar")
+      require File.join(vendor_dir, "disruptor-3.3.0.jar")
+      Java::OrgApacheLoggingLog4jCoreImpl.const_get("Log4jLogEvent")
+    rescue
+       raise(LogStash::PluginLoadingError, "Log4j2 java library not loaded")
+    end
+    if server?
+      @logger.info("Starting Log4j2 input listener", :address => "#{@host}:#{@port}")
+      @server_socket = TCPServer.new(@host, @port)
+    end
+    @logger.info("Log4j input")
+  end # def register
+  private
+  def pretty_print_stack_trace(proxy)
+    indentation = "\n\t"
+    result = "#{proxy.getName}: #{proxy.getMessage.to_s}#{indentation}#{proxy.getExtendedStackTrace.to_a.join(indentation)}"
+    cause = proxy.getCauseProxy
+    while cause
+      result += "\nCaused by: #{cause.getName}: #{cause.getMessage.to_s}#{indentation}#{cause.getExtendedStackTrace.to_a.join(indentation)}"
+      cause = cause.getCauseProxy
+    end
+    result
+  end
+  private
+  def handle_socket(socket, output_queue)
+    begin
+      # JRubyObjectInputStream uses JRuby class path to find the class to de-serialize to
+      ois = JRubyObjectInputStream.new(java.io.BufferedInputStream.new(socket.to_inputstream))
+      loop do
+        # NOTE: log4j_obj is org.apache.logging.log4j.core.impl.Log4jLogEvent
+        log4j_obj = ois.readObject
+        event = LogStash::Event.new("message" => log4j_obj.getMessage.getFormattedMessage, LogStash::Event::TIMESTAMP => Time.at(log4j_obj.getTimeMillis/1000,log4j_obj.getTimeMillis%1000*1000).gmtime)
+        decorate(event)
+        event["host"] = socket.peer
+        event["marker"] = log4j_obj.getMarker.getName if log4j_obj.getMarker
+        event["path"] = log4j_obj.getLoggerName
+        event["priority"] = log4j_obj.getLevel.toString
+        event["logger_name"] = log4j_obj.getLoggerName
+        event["thread"] = log4j_obj.getThreadName
+        if log4j_obj.getSource()
+          event["class"] = log4j_obj.getSource().getClassName
+          event["file"] = log4j_obj.getSource().getFileName + ":" + log4j_obj.getSource().getLineNumber.to_s
+          event["method"] = log4j_obj.getSource().getMethodName
+        end
+        # Add the context properties to '@fields'
+        if log4j_obj.contextMap
+          log4j_obj.contextMap.keySet.each do |key|
+            event["cmap_"+key] = log4j_obj.contextMap.get(key)
+          end
+        end
+        proxy = log4j_obj.getThrownProxy
+        if proxy
+          event["stack_trace"] = pretty_print_stack_trace(proxy)
+        end
+        event["cstack"] = log4j_obj.getContextStack.to_a if log4j_obj.getContextStack
+        output_queue << event
+      end # loop do
+    rescue => e
+      @logger.debug(e)
+      @logger.debug("Closing connection", :client => socket.peer,
+                    :exception => e)
+    rescue Timeout::Error
+      @logger.debug("Closing connection after read timeout",
+                    :client => socket.peer)
+    end # begin
+  ensure
+    begin
+      socket.close
+    rescue IOError
+      pass
+    end # begin
+  end
+  private
+  def server?
+    @mode == "server"
+  end # def server?
+  private
+  def readline(socket)
+    line = socket.readline
+  end # def readline
+  public
+  def run(output_queue)
+    if server?
+      loop do
+        # Start a new thread for each connection.
+        Thread.start(@server_socket.accept) do |s|
+          # TODO(sissel): put this block in its own method.
+          # monkeypatch a 'peer' method onto the socket.
+          s.instance_eval { class << self; include ::LogStash::Util::SocketPeer end }
+          @logger.debug("Accepted connection", :client => s.peer,
+                        :server => "#{@host}:#{@port}")
+          handle_socket(s, output_queue)
+        end # Thread.start
+      end # loop
+    else
+      loop do
+        client_socket = TCPSocket.new(@host, @port)
+        client_socket.instance_eval { class << self; include ::LogStash::Util::SocketPeer end }
+        @logger.debug("Opened connection", :client => "#{client_socket.peer}")
+        handle_socket(client_socket, output_queue)
+      end # loop
+    end
+  end # def run
+end # class LogStash::Inputs::Log4j2

data/logstash-input-log4j2.gemspec ADDED Viewed

@@ -0,0 +1,29 @@
+Gem::Specification.new do |s|
+  s.name            = 'logstash-input-log4j2-test1'
+  s.version         = '0.1'
+  s.licenses        = ['Apache License (2.0)']
+  s.summary         = "Read events over a TCP socket from a Log4j2 SocketAppender"
+  s.description     = "This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program"
+  s.authors         = ["Jurriaan Mous"]
+  s.email           = 'jurmous@jurmo.us'
+  s.homepage        = "https://github.com/jurmous/logstash-log4j2"
+  s.require_paths = ["lib"]
+  # Files
+  #s.files = `git ls-files`.split($\)+::Dir.glob('vendor/*')
+  s.files = Dir['lib/**/*','spec/**/*','vendor/**/*','*.gemspec','*.md','CONTRIBUTORS','Gemfile','LICENSE','NOTICE.TXT']
+  # Tests
+  s.test_files = s.files.grep(%r{^(test|spec|features)/})
+  # Special flag to let us know this is actually a logstash plugin
+  s.metadata = { "logstash_plugin" => "true", "logstash_group" => "input" }
+  s.platform = 'java'
+  s.add_runtime_dependency "logstash-core", ">= 2.0.0.beta2", "< 3.0.0"
+  s.add_development_dependency 'logstash-devutils'
+end

metadata ADDED Viewed

@@ -0,0 +1,85 @@
+--- !ruby/object:Gem::Specification
+name: logstash-input-log4j2-test1
+version: !ruby/object:Gem::Version
+  version: '0.1'
+platform: java
+authors:
+- Jurriaan Mous
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2016-07-14 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: logstash-core
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.0.0.beta2
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 3.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.0.0.beta2
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 3.0.0
+- !ruby/object:Gem::Dependency
+  name: logstash-devutils
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: This gem is a logstash plugin required to be installed on top of the
+  Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not
+  a stand-alone program
+email: jurmous@jurmo.us
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- Gemfile
+- README.md
+- lib/logstash/inputs/log4j2.rb
+- logstash-input-log4j2.gemspec
+homepage: https://github.com/jurmous/logstash-log4j2
+licenses:
+- Apache License (2.0)
+metadata:
+  logstash_plugin: 'true'
+  logstash_group: input
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project:
+rubygems_version: 2.2.2
+signing_key:
+specification_version: 4
+summary: Read events over a TCP socket from a Log4j2 SocketAppender
+test_files: []