logstash-input-syslog 3.7.0 → 3.7.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +3 -0
  3. data/lib/logstash/inputs/syslog.rb +9 -3
  4. data/logstash-input-syslog.gemspec +1 -1
  5. data/spec/inputs/syslog_spec.rb +1 -0
  6. metadata +12 -12
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 0c25de14662bbd82e873e09199f770ae115e73ab837d78300ad23d2f1a5f8617
4
- data.tar.gz: ce332bc77901424f297d992d43c08999fbc30cc69547af624ead0d3aef2486f7
3
+ metadata.gz: 630e8328b3161d33d8d34489893a654e8310aa871a827bceb3911454f149bd34
4
+ data.tar.gz: 8e7c5b275c4169a83a20cd0a2a41b4d3b746d9b4a7e5aedc6360f917cd9660cc
5
5
  SHA512:
6
- metadata.gz: 5a1cf93965af7f77e9f543d339567c0cba16e481d325c345fea9fcd945a85f032ab87ff4f135c4ebff82c44f14365e650e9e6fe08ef546efab42c8ba56cd273e
7
- data.tar.gz: b6c4d596cac63c5432717086040ba6fb03cb2f7ae17b813f7414facef60c33cd3f3ea3239e5933768e2ca03721e596744d3301126087bc224db1c8abb09e4d72
6
+ metadata.gz: 69270b0499c4768ec2bbacff35dd35aacdd8e24944ad24d873291c4e83ce780eecba5afeff97b10d360daaf14d0601c473f631b6af6f27a0b33d239c22ca93db
7
+ data.tar.gz: 361942102a239e8797c2364942659c31245ffcf5149203530d2e47834ff2d5b04c834bd2001aa07cfd363afe40918a5923b5da61b886d207aee251c70e0b57ff
data/CHANGELOG.md CHANGED
@@ -1,3 +1,6 @@
1
+ ## 3.7.1
2
+ - Fix issue where the priority field was not being set correctly when grok failed [#76](https://github.com/logstash-plugins/logstash-input-syslog/pull/78)
3
+
1
4
  ## 3.7.0
2
5
  - Changed the TCP reading mode to use the non-blocking method [#75](https://github.com/logstash-plugins/logstash-input-syslog/pull/75)
3
6
  It fixes the high CPU usage when TCP clients do not properly disconnect/send EOF.
data/lib/logstash/inputs/syslog.rb CHANGED
@@ -83,6 +83,8 @@ class LogStash::Inputs::Syslog < LogStash::Inputs::Base
83
83
  # assuming users would want that (they have specific use-case for LS as syslog server).
84
84
  config :service_type, :validate => :string, :default => 'system'
85
85
 
86
+ GROK_FAILURE_TAG = "_grokparsefailure_sysloginput"
87
+
86
88
  def initialize(*params)
87
89
  super
88
90
 
@@ -103,7 +105,7 @@ class LogStash::Inputs::Syslog < LogStash::Inputs::Base
103
105
  @grok_filter = LogStash::Filters::Grok.new(
104
106
  "overwrite" => @syslog_field,
105
107
  "match" => { @syslog_field => @grok_pattern },
106
- "tag_on_failure" => ["_grokparsefailure_sysloginput"],
108
+ "tag_on_failure" => [GROK_FAILURE_TAG],
107
109
  "ecs_compatibility" => ecs_compatibility # use ecs-compliant patterns
108
110
  )
109
111
 
@@ -341,10 +343,14 @@ class LogStash::Inputs::Syslog < LogStash::Inputs::Base
341
343
  def syslog_relay(event)
342
344
  @grok_filter_exec.(event)
343
345
 
344
- if event.get("tags").nil? || !event.get("tags").include?(@grok_filter.tag_on_failure)
346
+ if event.get("tags").nil? || !event.get("tags").include?(GROK_FAILURE_TAG)
345
347
  # Per RFC3164, priority = (facility * 8) + severity
346
348
  # = (facility << 3) & (severity)
347
- priority = event.get(@priority_key).to_i rescue 13
349
+ priority = if event.include?(@priority_key)
350
+ event.get(@priority_key).to_i rescue 13
351
+ else
352
+ 13
353
+ end
348
354
  set_priority event, priority
349
355
 
350
356
  @date_filter_exec.(event)
data/logstash-input-syslog.gemspec CHANGED
@@ -1,7 +1,7 @@
1
1
  Gem::Specification.new do |s|
2
2
 
3
3
  s.name = 'logstash-input-syslog'
4
- s.version = '3.7.0'
4
+ s.version = '3.7.1'
5
5
  s.licenses = ['Apache License (2.0)']
6
6
  s.summary = "Reads syslog messages as events"
7
7
  s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
data/spec/inputs/syslog_spec.rb CHANGED
@@ -145,6 +145,7 @@ describe LogStash::Inputs::Syslog do
145
145
  event = LogStash::Event.new({ "message" => "hello world, this is not syslog RFC3164" })
146
146
  input.syslog_relay(event)
147
147
  expect( event.get("tags") ).to eql ["_grokparsefailure_sysloginput"]
148
+ expect( event.get(priority_key) ).to eql 13
148
149
 
149
150
  syslog_event = LogStash::Event.new({ "message" => "<164>Oct 26 15:19:25 1.2.3.4 %ASA-4-106023: Deny udp src DRAC:10.1.2.3/43434" })
150
151
  input.syslog_relay(syslog_event)
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: logstash-input-syslog
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.7.0
4
+ version: 3.7.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Elastic
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-10-17 00:00:00.000000000 Z
11
+ date: 2025-03-04 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  requirement: !ruby/object:Gem::Requirement
@@ -20,8 +20,8 @@ dependencies:
20
20
  - !ruby/object:Gem::Version
21
21
  version: '2.99'
22
22
  name: logstash-core-plugin-api
23
- prerelease: false
24
23
  type: :runtime
24
+ prerelease: false
25
25
  version_requirements: !ruby/object:Gem::Requirement
26
26
  requirements:
27
27
  - - ">="
@@ -37,8 +37,8 @@ dependencies:
37
37
  - !ruby/object:Gem::Version
38
38
  version: '1.2'
39
39
  name: logstash-mixin-ecs_compatibility_support
40
- prerelease: false
41
40
  type: :runtime
41
+ prerelease: false
42
42
  version_requirements: !ruby/object:Gem::Requirement
43
43
  requirements:
44
44
  - - "~>"
@@ -51,8 +51,8 @@ dependencies:
51
51
  - !ruby/object:Gem::Version
52
52
  version: '0'
53
53
  name: concurrent-ruby
54
- prerelease: false
55
54
  type: :runtime
55
+ prerelease: false
56
56
  version_requirements: !ruby/object:Gem::Requirement
57
57
  requirements:
58
58
  - - ">="
@@ -68,8 +68,8 @@ dependencies:
68
68
  - !ruby/object:Gem::Version
69
69
  version: 0.1.0
70
70
  name: stud
71
- prerelease: false
72
71
  type: :runtime
72
+ prerelease: false
73
73
  version_requirements: !ruby/object:Gem::Requirement
74
74
  requirements:
75
75
  - - ">="
@@ -85,8 +85,8 @@ dependencies:
85
85
  - !ruby/object:Gem::Version
86
86
  version: '0'
87
87
  name: logstash-codec-plain
88
- prerelease: false
89
88
  type: :runtime
89
+ prerelease: false
90
90
  version_requirements: !ruby/object:Gem::Requirement
91
91
  requirements:
92
92
  - - ">="
@@ -99,8 +99,8 @@ dependencies:
99
99
  - !ruby/object:Gem::Version
100
100
  version: 4.4.1
101
101
  name: logstash-filter-grok
102
- prerelease: false
103
102
  type: :runtime
103
+ prerelease: false
104
104
  version_requirements: !ruby/object:Gem::Requirement
105
105
  requirements:
106
106
  - - ">="
@@ -113,8 +113,8 @@ dependencies:
113
113
  - !ruby/object:Gem::Version
114
114
  version: '0'
115
115
  name: logstash-filter-date
116
- prerelease: false
117
116
  type: :runtime
117
+ prerelease: false
118
118
  version_requirements: !ruby/object:Gem::Requirement
119
119
  requirements:
120
120
  - - ">="
@@ -127,8 +127,8 @@ dependencies:
127
127
  - !ruby/object:Gem::Version
128
128
  version: '2.3'
129
129
  name: logstash-devutils
130
- prerelease: false
131
130
  type: :development
131
+ prerelease: false
132
132
  version_requirements: !ruby/object:Gem::Requirement
133
133
  requirements:
134
134
  - - "~>"
@@ -141,8 +141,8 @@ dependencies:
141
141
  - !ruby/object:Gem::Version
142
142
  version: '0'
143
143
  name: logstash-codec-cef
144
- prerelease: false
145
144
  type: :development
145
+ prerelease: false
146
146
  version_requirements: !ruby/object:Gem::Requirement
147
147
  requirements:
148
148
  - - ">="
@@ -187,7 +187,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
187
187
  - !ruby/object:Gem::Version
188
188
  version: '0'
189
189
  requirements: []
190
- rubygems_version: 3.2.33
190
+ rubygems_version: 3.3.26
191
191
  signing_key:
192
192
  specification_version: 4
193
193
  summary: Reads syslog messages as events