logstash-input-syslog 3.1.1 → 3.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +3 -0
- data/lib/logstash/inputs/syslog.rb +19 -0
- data/logstash-input-syslog.gemspec +1 -1
- data/spec/inputs/syslog_spec.rb +34 -0
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2fe0893137a0245978babee198d6058ac7c42fbd
|
|
4
|
+
data.tar.gz: 941c695bfa50167e2669153fd9ff333ff56d1b46
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2e7d1259985f95876b4b1f7abf60b45a301c5dd0279cd33c26c847a96033a58f203099160a6317312d8cf66140fd0b9179c5ae359f5f334cf7f5e46dc9d98fb1
|
|
7
|
+
data.tar.gz: 9aed2bba11e0962fc36d30d19a6a44654bcb1dd26194e1f990d98a51c19224c46f0f6954a13af655bf2542fbe1132657ca3da36063187fba8f00dfd8144ac7d7
|
data/CHANGELOG.md
CHANGED
|
@@ -36,6 +36,10 @@ class LogStash::Inputs::Syslog < LogStash::Inputs::Base
|
|
|
36
36
|
# ports) may require root to use.
|
|
37
37
|
config :port, :validate => :number, :default => 514
|
|
38
38
|
|
|
39
|
+
# Proxy protocol support, only v1 is supported at this time
|
|
40
|
+
# http://www.haproxy.org/download/1.5/doc/proxy-protocol.txt
|
|
41
|
+
config :proxy_protocol, :validate => :boolean, :default => false
|
|
42
|
+
|
|
39
43
|
# Use label parsing for severity and facility levels.
|
|
40
44
|
config :use_labels, :validate => :boolean, :default => true
|
|
41
45
|
|
|
@@ -171,11 +175,26 @@ class LogStash::Inputs::Syslog < LogStash::Inputs::Base
|
|
|
171
175
|
# tcp server thread and all tcp connections will be closed and the listener restarted.
|
|
172
176
|
def tcp_receiver(output_queue, socket)
|
|
173
177
|
ip, port = socket.peeraddr[3], socket.peeraddr[1]
|
|
178
|
+
first_read = true
|
|
174
179
|
@logger.info("new connection", :client => "#{ip}:#{port}")
|
|
175
180
|
LogStash::Util::set_thread_name("input|syslog|tcp|#{ip}:#{port}}")
|
|
176
181
|
|
|
177
182
|
socket.each do |line|
|
|
178
183
|
metric.increment(:messages_received)
|
|
184
|
+
if @proxy_protocol && first_read
|
|
185
|
+
first_read = false
|
|
186
|
+
pp_info = line.split(/\s/)
|
|
187
|
+
# PROXY proto clientip proxyip clientport proxyport
|
|
188
|
+
if pp_info[0] != "PROXY"
|
|
189
|
+
@logger.error("invalid proxy protocol header label", :hdr => line)
|
|
190
|
+
raise IOError
|
|
191
|
+
else
|
|
192
|
+
# would be nice to log the proxy host and port data as well, but minimizing changes
|
|
193
|
+
ip = pp_info[2]
|
|
194
|
+
port = pp_info[3]
|
|
195
|
+
next
|
|
196
|
+
end
|
|
197
|
+
end
|
|
179
198
|
decode(ip, output_queue, line)
|
|
180
199
|
end
|
|
181
200
|
rescue Errno::ECONNRESET
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
|
|
3
3
|
s.name = 'logstash-input-syslog'
|
|
4
|
-
s.version = '3.
|
|
4
|
+
s.version = '3.2.0'
|
|
5
5
|
s.licenses = ['Apache License (2.0)']
|
|
6
6
|
s.summary = "Read syslog messages as events over the network."
|
|
7
7
|
s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
|
data/spec/inputs/syslog_spec.rb
CHANGED
|
@@ -59,6 +59,40 @@ describe LogStash::Inputs::Syslog do
|
|
|
59
59
|
end
|
|
60
60
|
end
|
|
61
61
|
|
|
62
|
+
it "should properly PROXY protocol v1" do
|
|
63
|
+
port = 5511
|
|
64
|
+
event_count = 10
|
|
65
|
+
conf = <<-CONFIG
|
|
66
|
+
input {
|
|
67
|
+
syslog {
|
|
68
|
+
type => "blah"
|
|
69
|
+
port => #{port}
|
|
70
|
+
proxy_protocol => true
|
|
71
|
+
}
|
|
72
|
+
}
|
|
73
|
+
CONFIG
|
|
74
|
+
|
|
75
|
+
events = input(conf) do |pipeline, queue|
|
|
76
|
+
socket = Stud.try(5.times) { TCPSocket.new("127.0.0.1", port) }
|
|
77
|
+
socket.puts("PROXY TCP4 1.2.3.4 5.6.7.8 1234 5678\r");
|
|
78
|
+
socket.flush
|
|
79
|
+
event_count.times do |i|
|
|
80
|
+
socket.puts(SYSLOG_LINE)
|
|
81
|
+
end
|
|
82
|
+
socket.close
|
|
83
|
+
|
|
84
|
+
event_count.times.collect { queue.pop }
|
|
85
|
+
end
|
|
86
|
+
|
|
87
|
+
insist { events.length } == event_count
|
|
88
|
+
events.each do |event|
|
|
89
|
+
insist { event.get("priority") } == 164
|
|
90
|
+
insist { event.get("severity") } == 4
|
|
91
|
+
insist { event.get("facility") } == 20
|
|
92
|
+
insist { event.get("host") } == "1.2.3.4"
|
|
93
|
+
end
|
|
94
|
+
end
|
|
95
|
+
|
|
62
96
|
it "should add unique tag when grok parsing fails with live syslog input" do
|
|
63
97
|
port = 5511
|
|
64
98
|
event_count = 10
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: logstash-input-syslog
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.
|
|
4
|
+
version: 3.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Elastic
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2016-
|
|
11
|
+
date: 2016-11-21 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|