logstash-input-syslog 3.4.3 → 3.4.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +4 -0
  3. data/lib/logstash/inputs/syslog.rb +13 -19
  4. data/logstash-input-syslog.gemspec +1 -2
  5. data/spec/inputs/syslog_spec.rb +31 -32
  6. metadata +2 -16
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: dc9057a2c876b1bdb746a10c07fcc32b66d265aeb5658e1116fb0435bd29ea76
4
- data.tar.gz: f33e03b2bb5cdad71d2152c6d563db6c2a1d7175e7cb24d6f5b872d707dbfc42
3
+ metadata.gz: 50ec0d9128316dbe4a546b2a2437e2b412dc96fce564ace036dd5b0a724ccd71
4
+ data.tar.gz: 200037f6000b598cf2abb5e13804343c455cf3c8af4239b12ae94bb570b93e90
5
5
  SHA512:
6
- metadata.gz: 877bd6b44875b1b4318e08073d53caef55c90dbe636ab49a0e7c4e2af5d3c6f8a12527250e0988442aa12e884eee8902db89803cd0a517aa0506bb1127de4ea1
7
- data.tar.gz: 477cd68ad7aedb6125205b4c88d0ec2bdae3e5e58d82bc91c21317eef919f1047b7c9d4bbc2ccc7e381c447d1af2adda0ed8d69585544fd95d0a65884af91abb
6
+ metadata.gz: 799c2ca8d23eeb77d7c532fc5692db5c4a1e3c5a3e40c871b55892e3b9b332d2156dc1c205f67674eb2a196ad02a334fc19b6b05fc52ff18d0f36dfd209c6121
7
+ data.tar.gz: e802df38eed4687cf96da91b3bb0b1817cf30f7bef86583f532d35033c37702ffdf3b66f95e78cbf7ea408853caa154d69efa496391e4fc9ddaf18a05a8d489e
data/CHANGELOG.md CHANGED
@@ -1,3 +1,7 @@
1
+ ## 3.4.4
2
+ - Refactor: avoid global side-effect + cleanup [#62](https://github.com/logstash-plugins/logstash-input-syslog/pull/62)
3
+ * avoid setting `BasicSocket.do_not_reverse_lookup` as it has side effects for others
4
+
1
5
  ## 3.4.3
2
6
  - [DOC] Added expanded descriptions and requirements for facility_labels and severity_labels. [#52](https://github.com/logstash-plugins/logstash-input-syslog/pull/52)
3
7
 
data/lib/logstash/inputs/syslog.rb CHANGED
@@ -59,8 +59,7 @@ class LogStash::Inputs::Syslog < LogStash::Inputs::Base
59
59
 
60
60
  # Specify a time zone canonical ID to be used for date parsing.
61
61
  # The valid IDs are listed on the [Joda.org available time zones page](http://joda-time.sourceforge.net/timezones.html).
62
- # This is useful in case the time zone cannot be extracted from the value,
63
- # and is not the platform default.
62
+ # This is useful in case the time zone cannot be extracted from the value, and is not the platform default.
64
63
  # If this is not specified the platform default will be used.
65
64
  # Canonical ID is good as it takes care of daylight saving time for you
66
65
  # For example, `America/Los_Angeles` or `Europe/France` are valid IDs.
@@ -75,12 +74,6 @@ class LogStash::Inputs::Syslog < LogStash::Inputs::Base
75
74
  #
76
75
  config :locale, :validate => :string
77
76
 
78
- public
79
- def initialize(params)
80
- super
81
- BasicSocket.do_not_reverse_lookup = true
82
- end # def initialize
83
-
84
77
  public
85
78
  def register
86
79
  @metric_errors = metric.namespace(:errors)
@@ -146,6 +139,7 @@ class LogStash::Inputs::Syslog < LogStash::Inputs::Base
146
139
 
147
140
  @udp.close if @udp
148
141
  @udp = UDPSocket.new(Socket::AF_INET)
142
+ @udp.do_not_reverse_lookup = true
149
143
  @udp.bind(@host, @port)
150
144
 
151
145
  while !stop?
@@ -165,6 +159,7 @@ class LogStash::Inputs::Syslog < LogStash::Inputs::Base
165
159
  def tcp_listener(output_queue)
166
160
  @logger.info("Starting syslog tcp listener", :address => "#{@host}:#{@port}")
167
161
  @tcp = TCPServer.new(@host, @port)
162
+ @tcp.do_not_reverse_lookup = true
168
163
 
169
164
  while !stop?
170
165
  socket = @tcp.accept
@@ -217,7 +212,7 @@ class LogStash::Inputs::Syslog < LogStash::Inputs::Base
217
212
  logger.info("connection error: #{ioerror.message}")
218
213
  ensure
219
214
  @tcp_sockets.delete(socket)
220
- socket.close rescue log_and_squash
215
+ socket.close rescue log_and_squash(:close_tcp_receiver_socket)
221
216
  end
222
217
 
223
218
  private
@@ -231,7 +226,7 @@ class LogStash::Inputs::Syslog < LogStash::Inputs::Base
231
226
  end
232
227
  rescue => e
233
228
  # swallow and log all decoding exceptions, these will never be socket related
234
- @logger.error("Error decoding data", :data => data.inspect, :exception => e, :backtrace => e.backtrace)
229
+ @logger.error("Error decoding data", :data => data.inspect, :exception => e.class, :message => e.message, :backtrace => e.backtrace)
235
230
  @metric_errors.increment(:decoding)
236
231
  end
237
232
 
@@ -244,16 +239,15 @@ class LogStash::Inputs::Syslog < LogStash::Inputs::Base
244
239
  private
245
240
  def close_udp
246
241
  if @udp
247
- @udp.close_read rescue log_and_squash
248
- @udp.close_write rescue log_and_squash
242
+ @udp.close_read rescue log_and_squash(:close_udp_read)
243
+ @udp.close_write rescue log_and_squash(:close_udp_write)
249
244
  end
250
245
  @udp = nil
251
246
  end
252
247
 
253
248
  private
254
249
 
255
- # Helper for inline rescues, which logs the squashed exception at "TRACE" level
256
- # and returns nil.
250
+ # Helper for inline rescues, which logs the exception at "DEBUG" level and returns nil.
257
251
  #
258
252
  # Instead of:
259
253
  # ~~~ ruby
@@ -261,19 +255,19 @@ class LogStash::Inputs::Syslog < LogStash::Inputs::Base
261
255
  # ~~~
262
256
  # Do:
263
257
  # ~~~ ruby
264
- #. foo rescue log_and_squash
258
+ #. foo rescue log_and_squash(:foo)
265
259
  # ~~~
266
- def log_and_squash
267
- $! && logger.trace("SQUASHED EXCEPTION: `#{$!.message}` at (`#{caller.first}`)")
260
+ def log_and_squash(label)
261
+ $! && logger.debug("#{label} failed:", :exception => $!.class, :message => $!.message)
268
262
  nil
269
263
  end
270
264
 
271
265
  def close_tcp
272
266
  # If we somehow have this left open, close it.
273
267
  @tcp_sockets.each do |socket|
274
- socket.close rescue log_and_squash
268
+ socket.close rescue log_and_squash(:close_tcp_socket)
275
269
  end
276
- @tcp.close if @tcp rescue log_and_squash
270
+ @tcp.close if @tcp rescue log_and_squash(:close_tcp)
277
271
  @tcp = nil
278
272
  end
279
273
 
data/logstash-input-syslog.gemspec CHANGED
@@ -1,7 +1,7 @@
1
1
  Gem::Specification.new do |s|
2
2
 
3
3
  s.name = 'logstash-input-syslog'
4
- s.version = '3.4.3'
4
+ s.version = '3.4.4'
5
5
  s.licenses = ['Apache License (2.0)']
6
6
  s.summary = "Reads syslog messages as events"
7
7
  s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
@@ -30,7 +30,6 @@ Gem::Specification.new do |s|
30
30
  s.add_runtime_dependency 'logstash-filter-date'
31
31
 
32
32
  s.add_development_dependency 'logstash-devutils'
33
- s.add_development_dependency 'insist'
34
33
  s.add_development_dependency 'logstash-codec-cef'
35
34
  end
36
35
 
data/spec/inputs/syslog_spec.rb CHANGED
@@ -1,6 +1,5 @@
1
1
  # encoding: utf-8
2
2
  require "logstash/devutils/rspec/spec_helper"
3
- require "insist"
4
3
  require "logstash/devutils/rspec/shared_examples"
5
4
 
6
5
  # running the grok code outside a logstash package means
@@ -55,11 +54,11 @@ describe LogStash::Inputs::Syslog do
55
54
  event_count.times.collect { queue.pop }
56
55
  end
57
56
 
58
- insist { events.length } == event_count
57
+ expect( events.length ).to eql event_count
59
58
  events.each do |event|
60
- insist { event.get("priority") } == 164
61
- insist { event.get("severity") } == 4
62
- insist { event.get("facility") } == 20
59
+ expect( event.get("priority") ).to eql 164
60
+ expect( event.get("severity") ).to eql 4
61
+ expect( event.get("facility") ).to eql 20
63
62
  end
64
63
  end
65
64
 
@@ -89,12 +88,12 @@ describe LogStash::Inputs::Syslog do
89
88
  event_count.times.collect { queue.pop }
90
89
  end
91
90
 
92
- insist { events.length } == event_count
91
+ expect( events.length ).to eql event_count
93
92
  events.each do |event|
94
- insist { event.get("priority") } == 164
95
- insist { event.get("severity") } == 4
96
- insist { event.get("facility") } == 20
97
- insist { event.get("host") } == "1.2.3.4"
93
+ expect( event.get("priority") ).to eql 164
94
+ expect( event.get("severity") ).to eql 4
95
+ expect( event.get("facility") ).to eql 20
96
+ expect( event.get("host") ).to eql "1.2.3.4"
98
97
  end
99
98
  end
100
99
 
@@ -121,9 +120,9 @@ describe LogStash::Inputs::Syslog do
121
120
  event_count.times.collect { queue.pop }
122
121
  end
123
122
 
124
- insist { events.length } == event_count
123
+ expect( events.length ).to eql event_count
125
124
  event_count.times do |i|
126
- insist { events[i].get("tags") } == ["_grokparsefailure_sysloginput"]
125
+ expect( events[i].get("tags") ).to eql ["_grokparsefailure_sysloginput"]
127
126
  end
128
127
  end
129
128
 
@@ -152,9 +151,9 @@ describe LogStash::Inputs::Syslog do
152
151
  event_count.times.collect { queue.pop }
153
152
  end
154
153
 
155
- insist { events.length } == event_count
154
+ expect( events.length ).to eql event_count
156
155
  events.each do |event|
157
- insist { event.get("@timestamp").to_iso8601 } == "#{Time.now.year}-10-26T15:19:25.000Z"
156
+ expect( event.get("@timestamp").to_iso8601 ).to eql "#{Time.now.year}-10-26T15:19:25.000Z"
158
157
  end
159
158
  end
160
159
 
@@ -179,7 +178,7 @@ describe LogStash::Inputs::Syslog do
179
178
  end
180
179
 
181
180
  # chances platform timezone is not UTC so ignore the hours
182
- insist { event.get("@timestamp").to_iso8601 } =~ /#{Time.now.year}-10-26T\d\d:19:25.000Z/
181
+ expect( event.get("@timestamp").to_iso8601 ).to match /#{Time.now.year}-10-26T\d\d:19:25.000Z/
183
182
  end
184
183
 
185
184
  it "should support non UTC timezone" do
@@ -190,7 +189,7 @@ describe LogStash::Inputs::Syslog do
190
189
 
191
190
  syslog_event = LogStash::Event.new({ "message" => "<164>Oct 26 15:19:25 1.2.3.4 %ASA-4-106023: Deny udp src DRAC:10.1.2.3/43434" })
192
191
  input.syslog_relay(syslog_event)
193
- insist { syslog_event.get("@timestamp").to_iso8601 } == "#{Time.now.year}-10-26T20:19:25.000Z"
192
+ expect( syslog_event.get("@timestamp").to_iso8601 ).to eql "#{Time.now.year}-10-26T20:19:25.000Z"
194
193
 
195
194
  input.close
196
195
  end
@@ -202,13 +201,13 @@ describe LogStash::Inputs::Syslog do
202
201
  # event which is not syslog should have a new tag
203
202
  event = LogStash::Event.new({ "message" => "hello world, this is not syslog RFC3164" })
204
203
  input.syslog_relay(event)
205
- insist { event.get("tags") } == ["_grokparsefailure_sysloginput"]
204
+ expect( event.get("tags") ).to eql ["_grokparsefailure_sysloginput"]
206
205
 
207
206
  syslog_event = LogStash::Event.new({ "message" => "<164>Oct 26 15:19:25 1.2.3.4 %ASA-4-106023: Deny udp src DRAC:10.1.2.3/43434" })
208
207
  input.syslog_relay(syslog_event)
209
- insist { syslog_event.get("priority") } == 164
210
- insist { syslog_event.get("severity") } == 4
211
- insist { syslog_event.get("tags") } == nil
208
+ expect( syslog_event.get("priority") ).to eql 164
209
+ expect( syslog_event.get("severity") ).to eql 4
210
+ expect( syslog_event.get("tags") ).to be nil
212
211
 
213
212
  input.close
214
213
  end
@@ -245,13 +244,13 @@ describe LogStash::Inputs::Syslog do
245
244
  event_count.times.collect { queue.pop }
246
245
  end
247
246
 
248
- insist { events.length } == event_count
247
+ expect( events.length ).to eql event_count
249
248
  events.each do |event|
250
- insist { event.get("priority") } == 164
251
- insist { event.get("severity") } == 4
252
- insist { event.get("facility") } == 20
253
- insist { event.get("message") } == "#{message_field}\n"
254
- insist { event.get("timestamp") } == timestamp
249
+ expect( event.get("priority") ).to eql 164
250
+ expect( event.get("severity") ).to eql 4
251
+ expect( event.get("facility") ).to eql 20
252
+ expect( event.get("message") ).to eql "#{message_field}\n"
253
+ expect( event.get("timestamp") ).to eql timestamp
255
254
  end
256
255
  end
257
256
 
@@ -284,13 +283,13 @@ describe LogStash::Inputs::Syslog do
284
283
  event_count.times.collect { queue.pop }
285
284
  end
286
285
 
287
- insist { events.length } == event_count
286
+ expect( events.length ).to eql event_count
288
287
  events.each do |event|
289
- insist { event.get("priority") } == 134
290
- insist { event.get("severity") } == 6
291
- insist { event.get("facility") } == 16
292
- insist { event.get("message") } == message_field
293
- insist { event.get("timestamp") } == timestamp
288
+ expect( event.get("priority") ).to eql 134
289
+ expect( event.get("severity") ).to eql 6
290
+ expect( event.get("facility") ).to eql 16
291
+ expect( event.get("message") ).to eql message_field
292
+ expect( event.get("timestamp") ).to eql timestamp
294
293
  end
295
294
  end
296
295
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: logstash-input-syslog
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.4.3
4
+ version: 3.4.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Elastic
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-05-19 00:00:00.000000000 Z
11
+ date: 2020-07-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  requirement: !ruby/object:Gem::Requirement
@@ -120,20 +120,6 @@ dependencies:
120
120
  - - ">="
121
121
  - !ruby/object:Gem::Version
122
122
  version: '0'
123
- - !ruby/object:Gem::Dependency
124
- requirement: !ruby/object:Gem::Requirement
125
- requirements:
126
- - - ">="
127
- - !ruby/object:Gem::Version
128
- version: '0'
129
- name: insist
130
- prerelease: false
131
- type: :development
132
- version_requirements: !ruby/object:Gem::Requirement
133
- requirements:
134
- - - ">="
135
- - !ruby/object:Gem::Version
136
- version: '0'
137
123
  - !ruby/object:Gem::Dependency
138
124
  requirement: !ruby/object:Gem::Requirement
139
125
  requirements: