logstash-input-syslog 3.4.3 → 3.4.4

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +4 -0
  3. data/lib/logstash/inputs/syslog.rb +13 -19
  4. data/logstash-input-syslog.gemspec +1 -2
  5. data/spec/inputs/syslog_spec.rb +31 -32
  6. metadata +2 -16
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: dc9057a2c876b1bdb746a10c07fcc32b66d265aeb5658e1116fb0435bd29ea76
4
- data.tar.gz: f33e03b2bb5cdad71d2152c6d563db6c2a1d7175e7cb24d6f5b872d707dbfc42
3
+ metadata.gz: 50ec0d9128316dbe4a546b2a2437e2b412dc96fce564ace036dd5b0a724ccd71
4
+ data.tar.gz: 200037f6000b598cf2abb5e13804343c455cf3c8af4239b12ae94bb570b93e90
5
5
  SHA512:
6
- metadata.gz: 877bd6b44875b1b4318e08073d53caef55c90dbe636ab49a0e7c4e2af5d3c6f8a12527250e0988442aa12e884eee8902db89803cd0a517aa0506bb1127de4ea1
7
- data.tar.gz: 477cd68ad7aedb6125205b4c88d0ec2bdae3e5e58d82bc91c21317eef919f1047b7c9d4bbc2ccc7e381c447d1af2adda0ed8d69585544fd95d0a65884af91abb
6
+ metadata.gz: 799c2ca8d23eeb77d7c532fc5692db5c4a1e3c5a3e40c871b55892e3b9b332d2156dc1c205f67674eb2a196ad02a334fc19b6b05fc52ff18d0f36dfd209c6121
7
+ data.tar.gz: e802df38eed4687cf96da91b3bb0b1817cf30f7bef86583f532d35033c37702ffdf3b66f95e78cbf7ea408853caa154d69efa496391e4fc9ddaf18a05a8d489e
data/CHANGELOG.md CHANGED
@@ -1,3 +1,7 @@
1
+ ## 3.4.4
2
+ - Refactor: avoid global side-effect + cleanup [#62](https://github.com/logstash-plugins/logstash-input-syslog/pull/62)
3
+ * avoid setting `BasicSocket.do_not_reverse_lookup` as it has side effects for others
4
+
1
5
  ## 3.4.3
2
6
  - [DOC] Added expanded descriptions and requirements for facility_labels and severity_labels. [#52](https://github.com/logstash-plugins/logstash-input-syslog/pull/52)
3
7
 
data/lib/logstash/inputs/syslog.rb CHANGED
@@ -59,8 +59,7 @@ class LogStash::Inputs::Syslog < LogStash::Inputs::Base
59
59
 
60
60
  # Specify a time zone canonical ID to be used for date parsing.
61
61
  # The valid IDs are listed on the [Joda.org available time zones page](http://joda-time.sourceforge.net/timezones.html).
62
- # This is useful in case the time zone cannot be extracted from the value,
63
- # and is not the platform default.
62
+ # This is useful in case the time zone cannot be extracted from the value, and is not the platform default.
64
63
  # If this is not specified the platform default will be used.
65
64
  # Canonical ID is good as it takes care of daylight saving time for you
66
65
  # For example, `America/Los_Angeles` or `Europe/France` are valid IDs.
@@ -75,12 +74,6 @@ class LogStash::Inputs::Syslog < LogStash::Inputs::Base
75
74
  #
76
75
  config :locale, :validate => :string
77
76
 
78
- public
79
- def initialize(params)
80
- super
81
- BasicSocket.do_not_reverse_lookup = true
82
- end # def initialize
83
-
84
77
  public
85
78
  def register
86
79
  @metric_errors = metric.namespace(:errors)
@@ -146,6 +139,7 @@ class LogStash::Inputs::Syslog < LogStash::Inputs::Base
146
139
 
147
140
  @udp.close if @udp
148
141
  @udp = UDPSocket.new(Socket::AF_INET)
142
+ @udp.do_not_reverse_lookup = true
149
143
  @udp.bind(@host, @port)
150
144
 
151
145
  while !stop?
@@ -165,6 +159,7 @@ class LogStash::Inputs::Syslog < LogStash::Inputs::Base
165
159
  def tcp_listener(output_queue)
166
160
  @logger.info("Starting syslog tcp listener", :address => "#{@host}:#{@port}")
167
161
  @tcp = TCPServer.new(@host, @port)
162
+ @tcp.do_not_reverse_lookup = true
168
163
 
169
164
  while !stop?
170
165
  socket = @tcp.accept
@@ -217,7 +212,7 @@ class LogStash::Inputs::Syslog < LogStash::Inputs::Base
217
212
  logger.info("connection error: #{ioerror.message}")
218
213
  ensure
219
214
  @tcp_sockets.delete(socket)
220
- socket.close rescue log_and_squash
215
+ socket.close rescue log_and_squash(:close_tcp_receiver_socket)
221
216
  end
222
217
 
223
218
  private
@@ -231,7 +226,7 @@ class LogStash::Inputs::Syslog < LogStash::Inputs::Base
231
226
  end
232
227
  rescue => e
233
228
  # swallow and log all decoding exceptions, these will never be socket related
234
- @logger.error("Error decoding data", :data => data.inspect, :exception => e, :backtrace => e.backtrace)
229
+ @logger.error("Error decoding data", :data => data.inspect, :exception => e.class, :message => e.message, :backtrace => e.backtrace)
235
230
  @metric_errors.increment(:decoding)
236
231
  end
237
232
 
@@ -244,16 +239,15 @@ class LogStash::Inputs::Syslog < LogStash::Inputs::Base
244
239
  private
245
240
  def close_udp
246
241
  if @udp
247
- @udp.close_read rescue log_and_squash
248
- @udp.close_write rescue log_and_squash
242
+ @udp.close_read rescue log_and_squash(:close_udp_read)
243
+ @udp.close_write rescue log_and_squash(:close_udp_write)
249
244
  end
250
245
  @udp = nil
251
246
  end
252
247
 
253
248
  private
254
249
 
255
- # Helper for inline rescues, which logs the squashed exception at "TRACE" level
256
- # and returns nil.
250
+ # Helper for inline rescues, which logs the exception at "DEBUG" level and returns nil.
257
251
  #
258
252
  # Instead of:
259
253
  # ~~~ ruby
@@ -261,19 +255,19 @@ class LogStash::Inputs::Syslog < LogStash::Inputs::Base
261
255
  # ~~~
262
256
  # Do:
263
257
  # ~~~ ruby
264
- #. foo rescue log_and_squash
258
+ #. foo rescue log_and_squash(:foo)
265
259
  # ~~~
266
- def log_and_squash
267
- $! && logger.trace("SQUASHED EXCEPTION: `#{$!.message}` at (`#{caller.first}`)")
260
+ def log_and_squash(label)
261
+ $! && logger.debug("#{label} failed:", :exception => $!.class, :message => $!.message)
268
262
  nil
269
263
  end
270
264
 
271
265
  def close_tcp
272
266
  # If we somehow have this left open, close it.
273
267
  @tcp_sockets.each do |socket|
274
- socket.close rescue log_and_squash
268
+ socket.close rescue log_and_squash(:close_tcp_socket)
275
269
  end
276
- @tcp.close if @tcp rescue log_and_squash
270
+ @tcp.close if @tcp rescue log_and_squash(:close_tcp)
277
271
  @tcp = nil
278
272
  end
279
273
 
data/logstash-input-syslog.gemspec CHANGED
@@ -1,7 +1,7 @@
1
1
  Gem::Specification.new do |s|
2
2
 
3
3
  s.name = 'logstash-input-syslog'
4
- s.version = '3.4.3'
4
+ s.version = '3.4.4'
5
5
  s.licenses = ['Apache License (2.0)']
6
6
  s.summary = "Reads syslog messages as events"
7
7
  s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
@@ -30,7 +30,6 @@ Gem::Specification.new do |s|
30
30
  s.add_runtime_dependency 'logstash-filter-date'
31
31
 
32
32
  s.add_development_dependency 'logstash-devutils'
33
- s.add_development_dependency 'insist'
34
33
  s.add_development_dependency 'logstash-codec-cef'
35
34
  end
36
35
 
data/spec/inputs/syslog_spec.rb CHANGED
@@ -1,6 +1,5 @@
1
1
  # encoding: utf-8
2
2
  require "logstash/devutils/rspec/spec_helper"
3
- require "insist"
4
3
  require "logstash/devutils/rspec/shared_examples"
5
4
 
6
5
  # running the grok code outside a logstash package means
@@ -55,11 +54,11 @@ describe LogStash::Inputs::Syslog do
55
54
  event_count.times.collect { queue.pop }
56
55
  end
57
56
 
58
- insist { events.length } == event_count
57
+ expect( events.length ).to eql event_count
59
58
  events.each do |event|
60
- insist { event.get("priority") } == 164
61
- insist { event.get("severity") } == 4
62
- insist { event.get("facility") } == 20
59
+ expect( event.get("priority") ).to eql 164
60
+ expect( event.get("severity") ).to eql 4
61
+ expect( event.get("facility") ).to eql 20
63
62
  end
64
63
  end
65
64
 
@@ -89,12 +88,12 @@ describe LogStash::Inputs::Syslog do
89
88
  event_count.times.collect { queue.pop }
90
89
  end
91
90
 
92
- insist { events.length } == event_count
91
+ expect( events.length ).to eql event_count
93
92
  events.each do |event|
94
- insist { event.get("priority") } == 164
95
- insist { event.get("severity") } == 4
96
- insist { event.get("facility") } == 20
97
- insist { event.get("host") } == "1.2.3.4"
93
+ expect( event.get("priority") ).to eql 164
94
+ expect( event.get("severity") ).to eql 4
95
+ expect( event.get("facility") ).to eql 20
96
+ expect( event.get("host") ).to eql "1.2.3.4"
98
97
  end
99
98
  end
100
99
 
@@ -121,9 +120,9 @@ describe LogStash::Inputs::Syslog do
121
120
  event_count.times.collect { queue.pop }
122
121
  end
123
122
 
124
- insist { events.length } == event_count
123
+ expect( events.length ).to eql event_count
125
124
  event_count.times do |i|
126
- insist { events[i].get("tags") } == ["_grokparsefailure_sysloginput"]
125
+ expect( events[i].get("tags") ).to eql ["_grokparsefailure_sysloginput"]
127
126
  end
128
127
  end
129
128
 
@@ -152,9 +151,9 @@ describe LogStash::Inputs::Syslog do
152
151
  event_count.times.collect { queue.pop }
153
152
  end
154
153
 
155
- insist { events.length } == event_count
154
+ expect( events.length ).to eql event_count
156
155
  events.each do |event|
157
- insist { event.get("@timestamp").to_iso8601 } == "#{Time.now.year}-10-26T15:19:25.000Z"
156
+ expect( event.get("@timestamp").to_iso8601 ).to eql "#{Time.now.year}-10-26T15:19:25.000Z"
158
157
  end
159
158
  end
160
159
 
@@ -179,7 +178,7 @@ describe LogStash::Inputs::Syslog do
179
178
  end
180
179
 
181
180
  # chances platform timezone is not UTC so ignore the hours
182
- insist { event.get("@timestamp").to_iso8601 } =~ /#{Time.now.year}-10-26T\d\d:19:25.000Z/
181
+ expect( event.get("@timestamp").to_iso8601 ).to match /#{Time.now.year}-10-26T\d\d:19:25.000Z/
183
182
  end
184
183
 
185
184
  it "should support non UTC timezone" do
@@ -190,7 +189,7 @@ describe LogStash::Inputs::Syslog do
190
189
 
191
190
  syslog_event = LogStash::Event.new({ "message" => "<164>Oct 26 15:19:25 1.2.3.4 %ASA-4-106023: Deny udp src DRAC:10.1.2.3/43434" })
192
191
  input.syslog_relay(syslog_event)
193
- insist { syslog_event.get("@timestamp").to_iso8601 } == "#{Time.now.year}-10-26T20:19:25.000Z"
192
+ expect( syslog_event.get("@timestamp").to_iso8601 ).to eql "#{Time.now.year}-10-26T20:19:25.000Z"
194
193
 
195
194
  input.close
196
195
  end
@@ -202,13 +201,13 @@ describe LogStash::Inputs::Syslog do
202
201
  # event which is not syslog should have a new tag
203
202
  event = LogStash::Event.new({ "message" => "hello world, this is not syslog RFC3164" })
204
203
  input.syslog_relay(event)
205
- insist { event.get("tags") } == ["_grokparsefailure_sysloginput"]
204
+ expect( event.get("tags") ).to eql ["_grokparsefailure_sysloginput"]
206
205
 
207
206
  syslog_event = LogStash::Event.new({ "message" => "<164>Oct 26 15:19:25 1.2.3.4 %ASA-4-106023: Deny udp src DRAC:10.1.2.3/43434" })
208
207
  input.syslog_relay(syslog_event)
209
- insist { syslog_event.get("priority") } == 164
210
- insist { syslog_event.get("severity") } == 4
211
- insist { syslog_event.get("tags") } == nil
208
+ expect( syslog_event.get("priority") ).to eql 164
209
+ expect( syslog_event.get("severity") ).to eql 4
210
+ expect( syslog_event.get("tags") ).to be nil
212
211
 
213
212
  input.close
214
213
  end
@@ -245,13 +244,13 @@ describe LogStash::Inputs::Syslog do
245
244
  event_count.times.collect { queue.pop }
246
245
  end
247
246
 
248
- insist { events.length } == event_count
247
+ expect( events.length ).to eql event_count
249
248
  events.each do |event|
250
- insist { event.get("priority") } == 164
251
- insist { event.get("severity") } == 4
252
- insist { event.get("facility") } == 20
253
- insist { event.get("message") } == "#{message_field}\n"
254
- insist { event.get("timestamp") } == timestamp
249
+ expect( event.get("priority") ).to eql 164
250
+ expect( event.get("severity") ).to eql 4
251
+ expect( event.get("facility") ).to eql 20
252
+ expect( event.get("message") ).to eql "#{message_field}\n"
253
+ expect( event.get("timestamp") ).to eql timestamp
255
254
  end
256
255
  end
257
256
 
@@ -284,13 +283,13 @@ describe LogStash::Inputs::Syslog do
284
283
  event_count.times.collect { queue.pop }
285
284
  end
286
285
 
287
- insist { events.length } == event_count
286
+ expect( events.length ).to eql event_count
288
287
  events.each do |event|
289
- insist { event.get("priority") } == 134
290
- insist { event.get("severity") } == 6
291
- insist { event.get("facility") } == 16
292
- insist { event.get("message") } == message_field
293
- insist { event.get("timestamp") } == timestamp
288
+ expect( event.get("priority") ).to eql 134
289
+ expect( event.get("severity") ).to eql 6
290
+ expect( event.get("facility") ).to eql 16
291
+ expect( event.get("message") ).to eql message_field
292
+ expect( event.get("timestamp") ).to eql timestamp
294
293
  end
295
294
  end
296
295
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: logstash-input-syslog
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.4.3
4
+ version: 3.4.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Elastic
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-05-19 00:00:00.000000000 Z
11
+ date: 2020-07-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  requirement: !ruby/object:Gem::Requirement
@@ -120,20 +120,6 @@ dependencies:
120
120
  - - ">="
121
121
  - !ruby/object:Gem::Version
122
122
  version: '0'
123
- - !ruby/object:Gem::Dependency
124
- requirement: !ruby/object:Gem::Requirement
125
- requirements:
126
- - - ">="
127
- - !ruby/object:Gem::Version
128
- version: '0'
129
- name: insist
130
- prerelease: false
131
- type: :development
132
- version_requirements: !ruby/object:Gem::Requirement
133
- requirements:
134
- - - ">="
135
- - !ruby/object:Gem::Version
136
- version: '0'
137
123
  - !ruby/object:Gem::Dependency
138
124
  requirement: !ruby/object:Gem::Requirement
139
125
  requirements: