logstash-input-syslog 1.0.1 → 2.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +4 -4
- data/lib/logstash/inputs/syslog.rb +6 -10
- data/logstash-input-syslog.gemspec +4 -3
- data/spec/inputs/syslog_spec.rb +6 -3
- metadata +40 -28
- data/.gitignore +0 -4
- data/Rakefile +0 -7
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 25ebb8fe3b039607753095c6f9c0005d361fd721
|
|
4
|
+
data.tar.gz: 31be2eeb6c5200f02f1857c65bebd4350f8b8f68
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 883c898b32f1fdb1247c3efd7172d88cd13b572ea01c64a32313e79389c64889451d9d053e535572e04c83c30f3909fa80419f056fce487f82dbabd290f6d37c
|
|
7
|
+
data.tar.gz: 4ac18d0c69976e6026265ce0cf2ae50d6e8a6d03014fefbf59042fb486514c740dbf55166903a9b6457c0fdcb52293b5ec7cafad71175ca116af37d023f91c89
|
data/README.md
CHANGED
|
@@ -1,15 +1,15 @@
|
|
|
1
1
|
# Logstash Plugin
|
|
2
2
|
|
|
3
|
-
This is a plugin for [Logstash](https://github.com/
|
|
3
|
+
This is a plugin for [Logstash](https://github.com/elastic/logstash).
|
|
4
4
|
|
|
5
5
|
It is fully free and fully open source. The license is Apache 2.0, meaning you are pretty much free to use it however you want in whatever way.
|
|
6
6
|
|
|
7
7
|
## Documentation
|
|
8
8
|
|
|
9
|
-
Logstash provides infrastructure to automatically generate documentation for this plugin. We use the asciidoc format to write documentation so any comments in the source code will be first converted into asciidoc and then into html. All plugin documentation are placed under one [central location](http://www.
|
|
9
|
+
Logstash provides infrastructure to automatically generate documentation for this plugin. We use the asciidoc format to write documentation so any comments in the source code will be first converted into asciidoc and then into html. All plugin documentation are placed under one [central location](http://www.elastic.co/guide/en/logstash/current/).
|
|
10
10
|
|
|
11
11
|
- For formatting code or config example, you can use the asciidoc `[source,ruby]` directive
|
|
12
|
-
- For more asciidoc formatting tips, see the excellent reference here https://github.com/
|
|
12
|
+
- For more asciidoc formatting tips, see the excellent reference here https://github.com/elastic/docs#asciidoc-guide
|
|
13
13
|
|
|
14
14
|
## Need Help?
|
|
15
15
|
|
|
@@ -83,4 +83,4 @@ Programming is not a required skill. Whatever you've seen about open source and
|
|
|
83
83
|
|
|
84
84
|
It is more important to the community that you are able to contribute.
|
|
85
85
|
|
|
86
|
-
For more information about contributing, see the [CONTRIBUTING](https://github.com/
|
|
86
|
+
For more information about contributing, see the [CONTRIBUTING](https://github.com/elastic/logstash/blob/master/CONTRIBUTING.md) file.
|
|
@@ -6,6 +6,7 @@ require "logstash/filters/grok"
|
|
|
6
6
|
require "logstash/filters/date"
|
|
7
7
|
require "logstash/inputs/base"
|
|
8
8
|
require "logstash/namespace"
|
|
9
|
+
require "stud/interval"
|
|
9
10
|
|
|
10
11
|
# Read syslog messages as events over the network.
|
|
11
12
|
#
|
|
@@ -65,7 +66,6 @@ class LogStash::Inputs::Syslog < LogStash::Inputs::Base
|
|
|
65
66
|
public
|
|
66
67
|
def initialize(params)
|
|
67
68
|
super
|
|
68
|
-
@shutdown_requested = Concurrent::AtomicBoolean.new(false)
|
|
69
69
|
BasicSocket.do_not_reverse_lookup = true
|
|
70
70
|
end # def initialize
|
|
71
71
|
|
|
@@ -116,9 +116,9 @@ class LogStash::Inputs::Syslog < LogStash::Inputs::Base
|
|
|
116
116
|
def server(protocol, output_queue)
|
|
117
117
|
self.send("#{protocol}_listener", output_queue)
|
|
118
118
|
rescue => e
|
|
119
|
-
if
|
|
119
|
+
if !stop?
|
|
120
120
|
@logger.warn("syslog listener died", :protocol => protocol, :address => "#{@host}:#{@port}", :exception => e, :backtrace => e.backtrace)
|
|
121
|
-
|
|
121
|
+
Stud.stoppable_sleep(5) { stop? }
|
|
122
122
|
retry
|
|
123
123
|
end
|
|
124
124
|
end
|
|
@@ -134,7 +134,7 @@ class LogStash::Inputs::Syslog < LogStash::Inputs::Base
|
|
|
134
134
|
@udp = UDPSocket.new(Socket::AF_INET)
|
|
135
135
|
@udp.bind(@host, @port)
|
|
136
136
|
|
|
137
|
-
while
|
|
137
|
+
while !stop?
|
|
138
138
|
payload, client = @udp.recvfrom(9000)
|
|
139
139
|
decode(client[3], output_queue, payload)
|
|
140
140
|
end
|
|
@@ -151,12 +151,10 @@ class LogStash::Inputs::Syslog < LogStash::Inputs::Base
|
|
|
151
151
|
@logger.info("Starting syslog tcp listener", :address => "#{@host}:#{@port}")
|
|
152
152
|
@tcp = TCPServer.new(@host, @port)
|
|
153
153
|
|
|
154
|
-
|
|
154
|
+
while !stop?
|
|
155
155
|
socket = @tcp.accept
|
|
156
156
|
@tcp_sockets << socket
|
|
157
157
|
|
|
158
|
-
break if @shutdown_requested.true?
|
|
159
|
-
|
|
160
158
|
Thread.new(output_queue, socket) do |output_queue, socket|
|
|
161
159
|
tcp_receiver(output_queue, socket)
|
|
162
160
|
end
|
|
@@ -194,11 +192,9 @@ class LogStash::Inputs::Syslog < LogStash::Inputs::Base
|
|
|
194
192
|
end
|
|
195
193
|
|
|
196
194
|
public
|
|
197
|
-
def
|
|
198
|
-
@shutdown_requested.make_true
|
|
195
|
+
def stop
|
|
199
196
|
close_udp
|
|
200
197
|
close_tcp
|
|
201
|
-
finished
|
|
202
198
|
end
|
|
203
199
|
|
|
204
200
|
private
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
|
|
3
3
|
s.name = 'logstash-input-syslog'
|
|
4
|
-
s.version = '
|
|
4
|
+
s.version = '2.0.0'
|
|
5
5
|
s.licenses = ['Apache License (2.0)']
|
|
6
6
|
s.summary = "Read syslog messages as events over the network."
|
|
7
7
|
s.description = "This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program"
|
|
@@ -11,7 +11,7 @@ Gem::Specification.new do |s|
|
|
|
11
11
|
s.require_paths = ["lib"]
|
|
12
12
|
|
|
13
13
|
# Files
|
|
14
|
-
s.files =
|
|
14
|
+
s.files = Dir['lib/**/*','spec/**/*','vendor/**/*','*.gemspec','*.md','CONTRIBUTORS','Gemfile','LICENSE','NOTICE.TXT']
|
|
15
15
|
|
|
16
16
|
# Tests
|
|
17
17
|
s.test_files = s.files.grep(%r{^(test|spec|features)/})
|
|
@@ -20,10 +20,11 @@ Gem::Specification.new do |s|
|
|
|
20
20
|
s.metadata = { "logstash_plugin" => "true", "logstash_group" => "input" }
|
|
21
21
|
|
|
22
22
|
# Gem dependencies
|
|
23
|
-
s.add_runtime_dependency "logstash-core",
|
|
23
|
+
s.add_runtime_dependency "logstash-core", "~> 2.0.0.snapshot"
|
|
24
24
|
|
|
25
25
|
s.add_runtime_dependency 'concurrent-ruby'
|
|
26
26
|
s.add_runtime_dependency 'thread_safe'
|
|
27
|
+
s.add_runtime_dependency 'stud', '>= 0.0.22', '< 0.1.0'
|
|
27
28
|
|
|
28
29
|
s.add_runtime_dependency 'logstash-codec-plain'
|
|
29
30
|
s.add_runtime_dependency 'logstash-filter-grok'
|
data/spec/inputs/syslog_spec.rb
CHANGED
|
@@ -13,7 +13,7 @@ require "logstash/event"
|
|
|
13
13
|
require "stud/try"
|
|
14
14
|
require "socket"
|
|
15
15
|
|
|
16
|
-
describe
|
|
16
|
+
describe LogStash::Inputs::Syslog do
|
|
17
17
|
SYSLOG_LINE = "<164>Oct 26 15:19:25 1.2.3.4 %ASA-4-106023: Deny udp src DRAC:10.1.2.3/43434 dst outside:192.168.0.1/53 by access-group \"acl_drac\" [0x0, 0x0]"
|
|
18
18
|
|
|
19
19
|
it "should properly handle priority, severity and facilities" do
|
|
@@ -139,7 +139,7 @@ describe "inputs/syslog" do
|
|
|
139
139
|
input.syslog_relay(syslog_event)
|
|
140
140
|
insist { syslog_event["@timestamp"].to_iso8601 } == "#{Time.now.year}-10-26T20:19:25.000Z"
|
|
141
141
|
|
|
142
|
-
input.
|
|
142
|
+
input.close
|
|
143
143
|
end
|
|
144
144
|
|
|
145
145
|
it "should add unique tag when grok parsing fails" do
|
|
@@ -157,7 +157,10 @@ describe "inputs/syslog" do
|
|
|
157
157
|
insist { syslog_event["severity"] } == 4
|
|
158
158
|
insist { syslog_event["tags"] } == nil
|
|
159
159
|
|
|
160
|
-
input.
|
|
160
|
+
input.close
|
|
161
161
|
end
|
|
162
162
|
|
|
163
|
+
it_behaves_like 'an interruptible input plugin' do
|
|
164
|
+
let(:config) { { "port" => 5511 } }
|
|
165
|
+
end
|
|
163
166
|
end
|
metadata
CHANGED
|
@@ -1,133 +1,145 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: logstash-input-syslog
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 2.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Elastic
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-
|
|
11
|
+
date: 2015-09-23 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
|
+
requirement: !ruby/object:Gem::Requirement
|
|
15
|
+
requirements:
|
|
16
|
+
- - ~>
|
|
17
|
+
- !ruby/object:Gem::Version
|
|
18
|
+
version: 2.0.0.snapshot
|
|
14
19
|
name: logstash-core
|
|
20
|
+
prerelease: false
|
|
21
|
+
type: :runtime
|
|
15
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
16
23
|
requirements:
|
|
17
|
-
- -
|
|
24
|
+
- - ~>
|
|
18
25
|
- !ruby/object:Gem::Version
|
|
19
|
-
version:
|
|
20
|
-
|
|
21
|
-
- !ruby/object:Gem::Version
|
|
22
|
-
version: 2.0.0
|
|
26
|
+
version: 2.0.0.snapshot
|
|
27
|
+
- !ruby/object:Gem::Dependency
|
|
23
28
|
requirement: !ruby/object:Gem::Requirement
|
|
24
29
|
requirements:
|
|
25
30
|
- - '>='
|
|
26
31
|
- !ruby/object:Gem::Version
|
|
27
|
-
version:
|
|
28
|
-
|
|
29
|
-
- !ruby/object:Gem::Version
|
|
30
|
-
version: 2.0.0
|
|
32
|
+
version: '0'
|
|
33
|
+
name: concurrent-ruby
|
|
31
34
|
prerelease: false
|
|
32
35
|
type: :runtime
|
|
33
|
-
- !ruby/object:Gem::Dependency
|
|
34
|
-
name: concurrent-ruby
|
|
35
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
36
37
|
requirements:
|
|
37
38
|
- - '>='
|
|
38
39
|
- !ruby/object:Gem::Version
|
|
39
40
|
version: '0'
|
|
41
|
+
- !ruby/object:Gem::Dependency
|
|
40
42
|
requirement: !ruby/object:Gem::Requirement
|
|
41
43
|
requirements:
|
|
42
44
|
- - '>='
|
|
43
45
|
- !ruby/object:Gem::Version
|
|
44
46
|
version: '0'
|
|
47
|
+
name: thread_safe
|
|
45
48
|
prerelease: false
|
|
46
49
|
type: :runtime
|
|
47
|
-
- !ruby/object:Gem::Dependency
|
|
48
|
-
name: thread_safe
|
|
49
50
|
version_requirements: !ruby/object:Gem::Requirement
|
|
50
51
|
requirements:
|
|
51
52
|
- - '>='
|
|
52
53
|
- !ruby/object:Gem::Version
|
|
53
54
|
version: '0'
|
|
55
|
+
- !ruby/object:Gem::Dependency
|
|
54
56
|
requirement: !ruby/object:Gem::Requirement
|
|
55
57
|
requirements:
|
|
56
58
|
- - '>='
|
|
57
59
|
- !ruby/object:Gem::Version
|
|
58
|
-
version:
|
|
60
|
+
version: 0.0.22
|
|
61
|
+
- - <
|
|
62
|
+
- !ruby/object:Gem::Version
|
|
63
|
+
version: 0.1.0
|
|
64
|
+
name: stud
|
|
59
65
|
prerelease: false
|
|
60
66
|
type: :runtime
|
|
61
|
-
- !ruby/object:Gem::Dependency
|
|
62
|
-
name: logstash-codec-plain
|
|
63
67
|
version_requirements: !ruby/object:Gem::Requirement
|
|
64
68
|
requirements:
|
|
65
69
|
- - '>='
|
|
66
70
|
- !ruby/object:Gem::Version
|
|
67
|
-
version:
|
|
71
|
+
version: 0.0.22
|
|
72
|
+
- - <
|
|
73
|
+
- !ruby/object:Gem::Version
|
|
74
|
+
version: 0.1.0
|
|
75
|
+
- !ruby/object:Gem::Dependency
|
|
68
76
|
requirement: !ruby/object:Gem::Requirement
|
|
69
77
|
requirements:
|
|
70
78
|
- - '>='
|
|
71
79
|
- !ruby/object:Gem::Version
|
|
72
80
|
version: '0'
|
|
81
|
+
name: logstash-codec-plain
|
|
73
82
|
prerelease: false
|
|
74
83
|
type: :runtime
|
|
75
|
-
- !ruby/object:Gem::Dependency
|
|
76
|
-
name: logstash-filter-grok
|
|
77
84
|
version_requirements: !ruby/object:Gem::Requirement
|
|
78
85
|
requirements:
|
|
79
86
|
- - '>='
|
|
80
87
|
- !ruby/object:Gem::Version
|
|
81
88
|
version: '0'
|
|
89
|
+
- !ruby/object:Gem::Dependency
|
|
82
90
|
requirement: !ruby/object:Gem::Requirement
|
|
83
91
|
requirements:
|
|
84
92
|
- - '>='
|
|
85
93
|
- !ruby/object:Gem::Version
|
|
86
94
|
version: '0'
|
|
95
|
+
name: logstash-filter-grok
|
|
87
96
|
prerelease: false
|
|
88
97
|
type: :runtime
|
|
89
|
-
- !ruby/object:Gem::Dependency
|
|
90
|
-
name: logstash-filter-date
|
|
91
98
|
version_requirements: !ruby/object:Gem::Requirement
|
|
92
99
|
requirements:
|
|
93
100
|
- - '>='
|
|
94
101
|
- !ruby/object:Gem::Version
|
|
95
102
|
version: '0'
|
|
103
|
+
- !ruby/object:Gem::Dependency
|
|
96
104
|
requirement: !ruby/object:Gem::Requirement
|
|
97
105
|
requirements:
|
|
98
106
|
- - '>='
|
|
99
107
|
- !ruby/object:Gem::Version
|
|
100
108
|
version: '0'
|
|
109
|
+
name: logstash-filter-date
|
|
101
110
|
prerelease: false
|
|
102
111
|
type: :runtime
|
|
103
|
-
- !ruby/object:Gem::Dependency
|
|
104
|
-
name: logstash-devutils
|
|
105
112
|
version_requirements: !ruby/object:Gem::Requirement
|
|
106
113
|
requirements:
|
|
107
114
|
- - '>='
|
|
108
115
|
- !ruby/object:Gem::Version
|
|
109
116
|
version: '0'
|
|
117
|
+
- !ruby/object:Gem::Dependency
|
|
110
118
|
requirement: !ruby/object:Gem::Requirement
|
|
111
119
|
requirements:
|
|
112
120
|
- - '>='
|
|
113
121
|
- !ruby/object:Gem::Version
|
|
114
122
|
version: '0'
|
|
123
|
+
name: logstash-devutils
|
|
115
124
|
prerelease: false
|
|
116
125
|
type: :development
|
|
126
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
127
|
+
requirements:
|
|
128
|
+
- - '>='
|
|
129
|
+
- !ruby/object:Gem::Version
|
|
130
|
+
version: '0'
|
|
117
131
|
description: This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program
|
|
118
132
|
email: info@elastic.co
|
|
119
133
|
executables: []
|
|
120
134
|
extensions: []
|
|
121
135
|
extra_rdoc_files: []
|
|
122
136
|
files:
|
|
123
|
-
- .gitignore
|
|
124
137
|
- CHANGELOG.md
|
|
125
138
|
- CONTRIBUTORS
|
|
126
139
|
- Gemfile
|
|
127
140
|
- LICENSE
|
|
128
141
|
- NOTICE.TXT
|
|
129
142
|
- README.md
|
|
130
|
-
- Rakefile
|
|
131
143
|
- lib/logstash/inputs/syslog.rb
|
|
132
144
|
- logstash-input-syslog.gemspec
|
|
133
145
|
- spec/inputs/syslog_spec.rb
|
|
@@ -153,7 +165,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
153
165
|
version: '0'
|
|
154
166
|
requirements: []
|
|
155
167
|
rubyforge_project:
|
|
156
|
-
rubygems_version: 2.
|
|
168
|
+
rubygems_version: 2.4.8
|
|
157
169
|
signing_key:
|
|
158
170
|
specification_version: 4
|
|
159
171
|
summary: Read syslog messages as events over the network.
|
data/.gitignore
DELETED