RubyGems - logstash-lib - Versions diffs - 1.3.2 - Mend

logstash-lib 1.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (419) hide show

data/.gitignore +24 -0
data/.tailor +8 -0
data/.travis.yml +12 -0
data/CHANGELOG +1185 -0
data/CONTRIBUTING.md +61 -0
data/CONTRIBUTORS +79 -0
data/LICENSE +14 -0
data/Makefile +460 -0
data/README.md +120 -0
data/STYLE.md +96 -0
data/bin/logstash +37 -0
data/bin/logstash-test +4 -0
data/bin/logstash-web +4 -0
data/bin/logstash.lib.sh +78 -0
data/bot/check_pull_changelog.rb +89 -0
data/docs/configuration.md +260 -0
data/docs/docgen.rb +242 -0
data/docs/extending/example-add-a-new-filter.md +121 -0
data/docs/extending/index.md +91 -0
data/docs/flags.md +43 -0
data/docs/generate_index.rb +28 -0
data/docs/index.html.erb +56 -0
data/docs/learn.md +46 -0
data/docs/life-of-an-event.md +109 -0
data/docs/logging-tool-comparisons.md +60 -0
data/docs/plugin-doc.html.erb +91 -0
data/docs/plugin-milestones.md +41 -0
data/docs/plugin-synopsis.html.erb +24 -0
data/docs/release-engineering.md +46 -0
data/docs/release-test-results.md +14 -0
data/docs/repositories.md +35 -0
data/docs/tutorials/10-minute-walkthrough/apache-elasticsearch.conf +35 -0
data/docs/tutorials/10-minute-walkthrough/apache-parse.conf +33 -0
data/docs/tutorials/10-minute-walkthrough/apache_log.1 +1 -0
data/docs/tutorials/10-minute-walkthrough/apache_log.2.bz2 +0 -0
data/docs/tutorials/10-minute-walkthrough/hello-search.conf +25 -0
data/docs/tutorials/10-minute-walkthrough/hello.conf +16 -0
data/docs/tutorials/10-minute-walkthrough/index.md +124 -0
data/docs/tutorials/10-minute-walkthrough/step-5-output.txt +17 -0
data/docs/tutorials/getting-started-centralized-overview-diagram.png +0 -0
data/docs/tutorials/getting-started-centralized-overview-diagram.xml +1 -0
data/docs/tutorials/getting-started-centralized.md +217 -0
data/docs/tutorials/getting-started-simple.md +200 -0
data/docs/tutorials/just-enough-rabbitmq-for-logstash.md +201 -0
data/docs/tutorials/media/frontend-response-codes.png +0 -0
data/docs/tutorials/metrics-from-logs.md +84 -0
data/docs/tutorials/zeromq.md +118 -0
data/extract_services.rb +29 -0
data/gembag.rb +64 -0
data/lib/logstash-event.rb +2 -0
data/lib/logstash.rb +4 -0
data/lib/logstash/JRUBY-6970-openssl.rb +22 -0
data/lib/logstash/JRUBY-6970.rb +102 -0
data/lib/logstash/agent.rb +305 -0
data/lib/logstash/certs/cacert.pem +3895 -0
data/lib/logstash/codecs/base.rb +49 -0
data/lib/logstash/codecs/compress_spooler.rb +50 -0
data/lib/logstash/codecs/dots.rb +18 -0
data/lib/logstash/codecs/edn.rb +28 -0
data/lib/logstash/codecs/edn_lines.rb +36 -0
data/lib/logstash/codecs/fluent.rb +55 -0
data/lib/logstash/codecs/graphite.rb +114 -0
data/lib/logstash/codecs/json.rb +41 -0
data/lib/logstash/codecs/json_lines.rb +52 -0
data/lib/logstash/codecs/json_spooler.rb +22 -0
data/lib/logstash/codecs/line.rb +58 -0
data/lib/logstash/codecs/msgpack.rb +43 -0
data/lib/logstash/codecs/multiline.rb +189 -0
data/lib/logstash/codecs/netflow.rb +342 -0
data/lib/logstash/codecs/netflow/util.rb +212 -0
data/lib/logstash/codecs/noop.rb +19 -0
data/lib/logstash/codecs/oldlogstashjson.rb +56 -0
data/lib/logstash/codecs/plain.rb +48 -0
data/lib/logstash/codecs/rubydebug.rb +22 -0
data/lib/logstash/codecs/spool.rb +38 -0
data/lib/logstash/config/Makefile +4 -0
data/lib/logstash/config/config_ast.rb +380 -0
data/lib/logstash/config/file.rb +39 -0
data/lib/logstash/config/grammar.rb +3504 -0
data/lib/logstash/config/grammar.treetop +241 -0
data/lib/logstash/config/mixin.rb +464 -0
data/lib/logstash/config/registry.rb +13 -0
data/lib/logstash/config/test.conf +18 -0
data/lib/logstash/errors.rb +10 -0
data/lib/logstash/event.rb +262 -0
data/lib/logstash/filters/advisor.rb +178 -0
data/lib/logstash/filters/alter.rb +173 -0
data/lib/logstash/filters/anonymize.rb +93 -0
data/lib/logstash/filters/base.rb +190 -0
data/lib/logstash/filters/checksum.rb +50 -0
data/lib/logstash/filters/cidr.rb +76 -0
data/lib/logstash/filters/cipher.rb +145 -0
data/lib/logstash/filters/clone.rb +35 -0
data/lib/logstash/filters/collate.rb +114 -0
data/lib/logstash/filters/csv.rb +94 -0
data/lib/logstash/filters/date.rb +244 -0
data/lib/logstash/filters/dns.rb +201 -0
data/lib/logstash/filters/drop.rb +32 -0
data/lib/logstash/filters/elapsed.rb +256 -0
data/lib/logstash/filters/elasticsearch.rb +73 -0
data/lib/logstash/filters/environment.rb +27 -0
data/lib/logstash/filters/extractnumbers.rb +84 -0
data/lib/logstash/filters/gelfify.rb +52 -0
data/lib/logstash/filters/geoip.rb +145 -0
data/lib/logstash/filters/grep.rb +153 -0
data/lib/logstash/filters/grok.rb +425 -0
data/lib/logstash/filters/grokdiscovery.rb +75 -0
data/lib/logstash/filters/i18n.rb +51 -0
data/lib/logstash/filters/json.rb +90 -0
data/lib/logstash/filters/json_encode.rb +52 -0
data/lib/logstash/filters/kv.rb +232 -0
data/lib/logstash/filters/metaevent.rb +68 -0
data/lib/logstash/filters/metrics.rb +237 -0
data/lib/logstash/filters/multiline.rb +241 -0
data/lib/logstash/filters/mutate.rb +399 -0
data/lib/logstash/filters/noop.rb +21 -0
data/lib/logstash/filters/prune.rb +149 -0
data/lib/logstash/filters/punct.rb +32 -0
data/lib/logstash/filters/railsparallelrequest.rb +86 -0
data/lib/logstash/filters/range.rb +142 -0
data/lib/logstash/filters/ruby.rb +42 -0
data/lib/logstash/filters/sleep.rb +111 -0
data/lib/logstash/filters/split.rb +64 -0
data/lib/logstash/filters/sumnumbers.rb +73 -0
data/lib/logstash/filters/syslog_pri.rb +107 -0
data/lib/logstash/filters/translate.rb +121 -0
data/lib/logstash/filters/unique.rb +29 -0
data/lib/logstash/filters/urldecode.rb +57 -0
data/lib/logstash/filters/useragent.rb +112 -0
data/lib/logstash/filters/uuid.rb +58 -0
data/lib/logstash/filters/xml.rb +139 -0
data/lib/logstash/filters/zeromq.rb +123 -0
data/lib/logstash/filterworker.rb +122 -0
data/lib/logstash/inputs/base.rb +125 -0
data/lib/logstash/inputs/collectd.rb +306 -0
data/lib/logstash/inputs/drupal_dblog.rb +323 -0
data/lib/logstash/inputs/drupal_dblog/jdbcconnection.rb +66 -0
data/lib/logstash/inputs/elasticsearch.rb +140 -0
data/lib/logstash/inputs/eventlog.rb +129 -0
data/lib/logstash/inputs/eventlog/racob_fix.rb +44 -0
data/lib/logstash/inputs/exec.rb +69 -0
data/lib/logstash/inputs/file.rb +146 -0
data/lib/logstash/inputs/ganglia.rb +127 -0
data/lib/logstash/inputs/ganglia/gmondpacket.rb +146 -0
data/lib/logstash/inputs/ganglia/xdr.rb +327 -0
data/lib/logstash/inputs/gelf.rb +138 -0
data/lib/logstash/inputs/gemfire.rb +222 -0
data/lib/logstash/inputs/generator.rb +97 -0
data/lib/logstash/inputs/graphite.rb +41 -0
data/lib/logstash/inputs/heroku.rb +51 -0
data/lib/logstash/inputs/imap.rb +136 -0
data/lib/logstash/inputs/irc.rb +84 -0
data/lib/logstash/inputs/log4j.rb +136 -0
data/lib/logstash/inputs/lumberjack.rb +53 -0
data/lib/logstash/inputs/pipe.rb +57 -0
data/lib/logstash/inputs/rabbitmq.rb +126 -0
data/lib/logstash/inputs/rabbitmq/bunny.rb +118 -0
data/lib/logstash/inputs/rabbitmq/hot_bunnies.rb +1 -0
data/lib/logstash/inputs/rabbitmq/march_hare.rb +129 -0
data/lib/logstash/inputs/redis.rb +263 -0
data/lib/logstash/inputs/relp.rb +106 -0
data/lib/logstash/inputs/s3.rb +279 -0
data/lib/logstash/inputs/snmptrap.rb +87 -0
data/lib/logstash/inputs/sqlite.rb +185 -0
data/lib/logstash/inputs/sqs.rb +172 -0
data/lib/logstash/inputs/stdin.rb +46 -0
data/lib/logstash/inputs/stomp.rb +84 -0
data/lib/logstash/inputs/syslog.rb +237 -0
data/lib/logstash/inputs/tcp.rb +231 -0
data/lib/logstash/inputs/threadable.rb +18 -0
data/lib/logstash/inputs/twitter.rb +82 -0
data/lib/logstash/inputs/udp.rb +81 -0
data/lib/logstash/inputs/unix.rb +163 -0
data/lib/logstash/inputs/varnishlog.rb +48 -0
data/lib/logstash/inputs/websocket.rb +50 -0
data/lib/logstash/inputs/wmi.rb +72 -0
data/lib/logstash/inputs/xmpp.rb +81 -0
data/lib/logstash/inputs/zenoss.rb +143 -0
data/lib/logstash/inputs/zeromq.rb +165 -0
data/lib/logstash/kibana.rb +113 -0
data/lib/logstash/loadlibs.rb +9 -0
data/lib/logstash/logging.rb +89 -0
data/lib/logstash/monkeypatches-for-bugs.rb +2 -0
data/lib/logstash/monkeypatches-for-debugging.rb +47 -0
data/lib/logstash/monkeypatches-for-performance.rb +66 -0
data/lib/logstash/multiqueue.rb +53 -0
data/lib/logstash/namespace.rb +16 -0
data/lib/logstash/outputs/base.rb +120 -0
data/lib/logstash/outputs/boundary.rb +116 -0
data/lib/logstash/outputs/circonus.rb +78 -0
data/lib/logstash/outputs/cloudwatch.rb +351 -0
data/lib/logstash/outputs/csv.rb +55 -0
data/lib/logstash/outputs/datadog.rb +93 -0
data/lib/logstash/outputs/datadog_metrics.rb +123 -0
data/lib/logstash/outputs/elasticsearch.rb +332 -0
data/lib/logstash/outputs/elasticsearch/elasticsearch-template.json +44 -0
data/lib/logstash/outputs/elasticsearch_http.rb +256 -0
data/lib/logstash/outputs/elasticsearch_river.rb +214 -0
data/lib/logstash/outputs/email.rb +299 -0
data/lib/logstash/outputs/exec.rb +40 -0
data/lib/logstash/outputs/file.rb +180 -0
data/lib/logstash/outputs/ganglia.rb +75 -0
data/lib/logstash/outputs/gelf.rb +208 -0
data/lib/logstash/outputs/gemfire.rb +103 -0
data/lib/logstash/outputs/google_bigquery.rb +570 -0
data/lib/logstash/outputs/google_cloud_storage.rb +431 -0
data/lib/logstash/outputs/graphite.rb +143 -0
data/lib/logstash/outputs/graphtastic.rb +185 -0
data/lib/logstash/outputs/hipchat.rb +80 -0
data/lib/logstash/outputs/http.rb +142 -0
data/lib/logstash/outputs/irc.rb +80 -0
data/lib/logstash/outputs/jira.rb +109 -0
data/lib/logstash/outputs/juggernaut.rb +105 -0
data/lib/logstash/outputs/librato.rb +146 -0
data/lib/logstash/outputs/loggly.rb +93 -0
data/lib/logstash/outputs/lumberjack.rb +51 -0
data/lib/logstash/outputs/metriccatcher.rb +103 -0
data/lib/logstash/outputs/mongodb.rb +81 -0
data/lib/logstash/outputs/nagios.rb +119 -0
data/lib/logstash/outputs/nagios_nsca.rb +123 -0
data/lib/logstash/outputs/null.rb +18 -0
data/lib/logstash/outputs/opentsdb.rb +101 -0
data/lib/logstash/outputs/pagerduty.rb +79 -0
data/lib/logstash/outputs/pipe.rb +132 -0
data/lib/logstash/outputs/rabbitmq.rb +96 -0
data/lib/logstash/outputs/rabbitmq/bunny.rb +135 -0
data/lib/logstash/outputs/rabbitmq/hot_bunnies.rb +1 -0
data/lib/logstash/outputs/rabbitmq/march_hare.rb +143 -0
data/lib/logstash/outputs/redis.rb +245 -0
data/lib/logstash/outputs/riak.rb +152 -0
data/lib/logstash/outputs/riemann.rb +109 -0
data/lib/logstash/outputs/s3.rb +356 -0
data/lib/logstash/outputs/sns.rb +124 -0
data/lib/logstash/outputs/solr_http.rb +78 -0
data/lib/logstash/outputs/sqs.rb +141 -0
data/lib/logstash/outputs/statsd.rb +116 -0
data/lib/logstash/outputs/stdout.rb +53 -0
data/lib/logstash/outputs/stomp.rb +67 -0
data/lib/logstash/outputs/syslog.rb +145 -0
data/lib/logstash/outputs/tcp.rb +145 -0
data/lib/logstash/outputs/udp.rb +38 -0
data/lib/logstash/outputs/websocket.rb +46 -0
data/lib/logstash/outputs/websocket/app.rb +29 -0
data/lib/logstash/outputs/websocket/pubsub.rb +45 -0
data/lib/logstash/outputs/xmpp.rb +78 -0
data/lib/logstash/outputs/zabbix.rb +108 -0
data/lib/logstash/outputs/zeromq.rb +125 -0
data/lib/logstash/pipeline.rb +286 -0
data/lib/logstash/plugin.rb +150 -0
data/lib/logstash/plugin_mixins/aws_config.rb +93 -0
data/lib/logstash/program.rb +15 -0
data/lib/logstash/runner.rb +238 -0
data/lib/logstash/sized_queue.rb +8 -0
data/lib/logstash/test.rb +183 -0
data/lib/logstash/threadwatchdog.rb +37 -0
data/lib/logstash/time_addon.rb +33 -0
data/lib/logstash/util.rb +106 -0
data/lib/logstash/util/buftok.rb +139 -0
data/lib/logstash/util/charset.rb +39 -0
data/lib/logstash/util/fieldreference.rb +50 -0
data/lib/logstash/util/password.rb +25 -0
data/lib/logstash/util/prctl.rb +11 -0
data/lib/logstash/util/relp.rb +326 -0
data/lib/logstash/util/require-helper.rb +18 -0
data/lib/logstash/util/socket_peer.rb +7 -0
data/lib/logstash/util/zenoss.rb +566 -0
data/lib/logstash/util/zeromq.rb +47 -0
data/lib/logstash/version.rb +6 -0
data/locales/en.yml +170 -0
data/logstash-event.gemspec +29 -0
data/logstash.gemspec +128 -0
data/patterns/firewalls +60 -0
data/patterns/grok-patterns +91 -0
data/patterns/haproxy +37 -0
data/patterns/java +3 -0
data/patterns/linux-syslog +14 -0
data/patterns/mcollective +1 -0
data/patterns/mcollective-patterns +4 -0
data/patterns/nagios +108 -0
data/patterns/postgresql +3 -0
data/patterns/redis +3 -0
data/patterns/ruby +2 -0
data/pkg/build.sh +135 -0
data/pkg/centos/after-install.sh +1 -0
data/pkg/centos/before-install.sh +10 -0
data/pkg/centos/before-remove.sh +11 -0
data/pkg/centos/sysconfig +15 -0
data/pkg/debian/after-install.sh +5 -0
data/pkg/debian/before-install.sh +13 -0
data/pkg/debian/before-remove.sh +13 -0
data/pkg/debian/build.sh +34 -0
data/pkg/debian/debian/README +6 -0
data/pkg/debian/debian/changelog +17 -0
data/pkg/debian/debian/compat +1 -0
data/pkg/debian/debian/control +16 -0
data/pkg/debian/debian/copyright +27 -0
data/pkg/debian/debian/dirs +19 -0
data/pkg/debian/debian/docs +0 -0
data/pkg/debian/debian/logstash.default +39 -0
data/pkg/debian/debian/logstash.init +201 -0
data/pkg/debian/debian/logstash.install +1 -0
data/pkg/debian/debian/logstash.logrotate +9 -0
data/pkg/debian/debian/logstash.postinst +68 -0
data/pkg/debian/debian/logstash.postrm +23 -0
data/pkg/debian/debian/manpage.1.ex +59 -0
data/pkg/debian/debian/preinst.ex +37 -0
data/pkg/debian/debian/prerm.ex +40 -0
data/pkg/debian/debian/release.conf +5 -0
data/pkg/debian/debian/rules +80 -0
data/pkg/debian/debian/watch.ex +22 -0
data/pkg/logrotate.conf +8 -0
data/pkg/logstash-web.default +41 -0
data/pkg/logstash-web.sysv.debian +201 -0
data/pkg/logstash-web.upstart.ubuntu +18 -0
data/pkg/logstash.default +45 -0
data/pkg/logstash.sysv.debian +202 -0
data/pkg/logstash.sysv.redhat +158 -0
data/pkg/logstash.upstart.ubuntu +20 -0
data/pkg/rpm/SOURCES/logstash.conf +26 -0
data/pkg/rpm/SOURCES/logstash.init +80 -0
data/pkg/rpm/SOURCES/logstash.logrotate +8 -0
data/pkg/rpm/SOURCES/logstash.sysconfig +3 -0
data/pkg/rpm/SOURCES/logstash.wrapper +105 -0
data/pkg/rpm/SPECS/logstash.spec +180 -0
data/pkg/rpm/readme.md +4 -0
data/pkg/ubuntu/after-install.sh +7 -0
data/pkg/ubuntu/before-install.sh +12 -0
data/pkg/ubuntu/before-remove.sh +13 -0
data/pull_release_note.rb +25 -0
data/require-analyze.rb +22 -0
data/spec/README.md +14 -0
data/spec/codecs/edn.rb +40 -0
data/spec/codecs/edn_lines.rb +53 -0
data/spec/codecs/graphite.rb +96 -0
data/spec/codecs/json.rb +57 -0
data/spec/codecs/json_lines.rb +51 -0
data/spec/codecs/json_spooler.rb +43 -0
data/spec/codecs/msgpack.rb +39 -0
data/spec/codecs/multiline.rb +60 -0
data/spec/codecs/oldlogstashjson.rb +55 -0
data/spec/codecs/plain.rb +35 -0
data/spec/codecs/spool.rb +35 -0
data/spec/conditionals/test.rb +323 -0
data/spec/config.rb +31 -0
data/spec/event.rb +165 -0
data/spec/examples/fail2ban.rb +28 -0
data/spec/examples/graphite-input.rb +41 -0
data/spec/examples/mysql-slow-query.rb +70 -0
data/spec/examples/parse-apache-logs.rb +66 -0
data/spec/examples/parse-haproxy-logs.rb +115 -0
data/spec/examples/syslog.rb +48 -0
data/spec/filters/alter.rb +96 -0
data/spec/filters/anonymize.rb +189 -0
data/spec/filters/checksum.rb +41 -0
data/spec/filters/clone.rb +67 -0
data/spec/filters/collate.rb +122 -0
data/spec/filters/csv.rb +174 -0
data/spec/filters/date.rb +285 -0
data/spec/filters/date_performance.rb +31 -0
data/spec/filters/dns.rb +159 -0
data/spec/filters/drop.rb +19 -0
data/spec/filters/elapsed.rb +294 -0
data/spec/filters/environment.rb +43 -0
data/spec/filters/geoip.rb +62 -0
data/spec/filters/grep.rb +342 -0
data/spec/filters/grok.rb +473 -0
data/spec/filters/grok/timeout2.rb +56 -0
data/spec/filters/grok/timeouts.rb +39 -0
data/spec/filters/i18n.rb +25 -0
data/spec/filters/json.rb +72 -0
data/spec/filters/json_encode.rb +37 -0
data/spec/filters/kv.rb +403 -0
data/spec/filters/metrics.rb +212 -0
data/spec/filters/multiline.rb +119 -0
data/spec/filters/mutate.rb +180 -0
data/spec/filters/noop.rb +221 -0
data/spec/filters/prune.rb +441 -0
data/spec/filters/punct.rb +18 -0
data/spec/filters/railsparallelrequest.rb +112 -0
data/spec/filters/range.rb +169 -0
data/spec/filters/split.rb +58 -0
data/spec/filters/translate.rb +70 -0
data/spec/filters/unique.rb +25 -0
data/spec/filters/useragent.rb +42 -0
data/spec/filters/xml.rb +157 -0
data/spec/inputs/file.rb +107 -0
data/spec/inputs/gelf.rb +52 -0
data/spec/inputs/generator.rb +30 -0
data/spec/inputs/imap.rb +60 -0
data/spec/inputs/redis.rb +63 -0
data/spec/inputs/relp.rb +70 -0
data/spec/inputs/tcp.rb +101 -0
data/spec/jar.rb +21 -0
data/spec/outputs/csv.rb +266 -0
data/spec/outputs/elasticsearch.rb +161 -0
data/spec/outputs/elasticsearch_http.rb +240 -0
data/spec/outputs/email.rb +173 -0
data/spec/outputs/file.rb +82 -0
data/spec/outputs/graphite.rb +236 -0
data/spec/outputs/redis.rb +127 -0
data/spec/speed.rb +20 -0
data/spec/sqlite-test.rb +81 -0
data/spec/support/LOGSTASH-733.rb +21 -0
data/spec/support/LOGSTASH-820.rb +25 -0
data/spec/support/akamai-grok.rb +26 -0
data/spec/support/date-http.rb +17 -0
data/spec/support/postwait1.rb +26 -0
data/spec/support/pull375.rb +21 -0
data/spec/test_utils.rb +125 -0
data/spec/util/fieldeval_spec.rb +44 -0
data/test/jenkins/config.xml.erb +74 -0
data/test/jenkins/create-jobs.rb +23 -0
data/test/jenkins/generatorjob.config.xml +66 -0
data/tools/Gemfile +14 -0
data/tools/Gemfile.jruby-1.9.lock +322 -0
data/tools/Gemfile.rbx-2.1.lock +516 -0
data/tools/Gemfile.ruby-1.9.1.lock +310 -0
data/tools/Gemfile.ruby-2.0.0.lock +310 -0
metadata +629 -0

data/lib/logstash/inputs/collectd.rb ADDED

@@ -0,0 +1,306 @@
+# encoding utf-8
+require "date"
+require "logstash/inputs/base"
+require "logstash/namespace"
+require "socket"
+require "tempfile"
+require "time"
+# Read events from the connectd binary protocol over the network via udp.
+# See https://collectd.org/wiki/index.php/Binary_protocol
+#
+# Configuration in your Logstash configuration file can be as simple as:
+#     input {
+#       collectd {}
+#     }
+#
+# A sample collectd.conf to send to Logstash might be:
+#
+#     Hostname    "host.example.com"
+#     LoadPlugin interface
+#     LoadPlugin load
+#     LoadPlugin memory
+#     LoadPlugin network
+#     <Plugin interface>
+#         Interface "eth0"
+#         IgnoreSelected false
+#     </Plugin>
+#     <Plugin network>
+#         <Server "10.0.0.1" "25826">
+#         </Server>
+#     </Plugin>
+#
+# Be sure to replace "10.0.0.1" with the IP of your Logstash instance.
+#
+#
+class LogStash::Inputs::Collectd < LogStash::Inputs::Base
+  config_name "collectd"
+  milestone 1
+  # File path(s) to collectd types.db to use.
+  # The last matching pattern wins if you have identical pattern names in multiple files.
+  # If no types.db is provided the included types.db will be used (currently 5.4.0).
+  config :typesdb, :validate => :array
+  # The address to listen on.  Defaults to all available addresses.
+  config :host, :validate => :string, :default => "0.0.0.0"
+  # The port to listen on.  Defaults to the collectd expected port of 25826.
+  config :port, :validate => :number, :default => 25826
+  # Prune interval records.  Defaults to true.
+  config :prune_intervals, :validate => :boolean, :default => true
+  # Buffer size. 1452 is the collectd default for v5+
+  config :buffer_size, :validate => :number, :default => 1452
+  public
+  def initialize(params)
+    super
+    BasicSocket.do_not_reverse_lookup = true
+    @idbyte = 0
+    @length = 0
+    @prev_typenum = 0
+    @header = []; @body = []
+    @timestamp = Time.now().utc
+    @collectd = {}
+    @types = {}
+  end # def initialize
+  public
+  def register
+    @udp = nil
+    if @typesdb.nil?
+      if __FILE__ =~ /^file:\/.+!.+/
+        begin
+          # Running from a jar, assume types.db is at the root.
+          jar_path = [__FILE__.split("!").first, "/types.db"].join("!")
+          @typesdb = [jar_path]
+        rescue => ex
+          raise "Failed to cache, due to: #{ex}\n#{ex.backtrace}"
+        end
+      else
+        if File.exists?("types.db")
+          @typesdb = ["types.db"]
+        elsif File.exists?("vendor/collectd/types.db")
+          @typesdb = ["vendor/collectd/types.db"]
+        else
+          raise "You must specify 'typesdb => ...' in your collectd input"
+        end
+      end
+    end
+    @logger.info("Using internal types.db", :typesdb => @typesdb.to_s)
+  end # def register
+  public
+  def run(output_queue)
+    begin
+      # get types
+      get_types(@typesdb)
+      # collectd server
+      collectd_listener(output_queue)
+    rescue LogStash::ShutdownSignal
+      # do nothing, shutdown was requested.
+    rescue => e
+      @logger.warn("Collectd listener died", :exception => e, :backtrace => e.backtrace)
+      sleep(5)
+      retry
+    end # begin
+  end # def run
+  public
+  def get_types(paths)
+    # Get the typesdb
+    paths.each do |path|
+      @logger.info("Getting Collectd typesdb info", :typesdb => path.to_s)
+      File.open(path, 'r').each_line do |line|
+        typename, *line = line.strip.split
+        next if typename.nil? || if typename[0,1] != '#' # Don't process commented or blank lines
+          v = line.collect { |l| l.strip.split(":")[0] }
+          @types[typename] = v
+        end
+      end
+    end
+  @logger.debug("Collectd Types", :types => @types.to_s)
+  end # def get_types
+  public
+  def type_map(id)
+    case id
+      when 0;   return "host"
+      when 1,8; return "@timestamp"
+      when 2;   return "plugin"
+      when 3;   return "plugin_instance"
+      when 4;   return "collectd_type"
+      when 5;   return "type_instance"
+      when 6;   return "values"
+      when 9;   return "interval"
+      when 100; return "message"
+      when 101; return "severity"
+    end
+  end # def type_map
+  public
+  def vt_map(id)
+    case id
+      when 0; return "COUNTER"
+      when 1; return "GAUGE"
+      when 2; return "DERIVE"
+      when 3; return "ABSOLUTE"
+      else;   return 'UNKNOWN'
+    end
+  end
+  public
+  def get_values(id, body)
+    retval = ''
+    case id
+      when 0,2,3,4,5,100 #=> String types
+        retval = body.pack("C*")
+        retval = retval[0..-2]
+      when 1 # Time
+        # Time here, in bit-shifted format.  Parse bytes into UTC.
+        byte1, byte2 = body.pack("C*").unpack("NN")
+        retval = Time.at(( ((byte1 << 32) + byte2))).utc
+      when 7,101 #=> Numeric types
+        retval = body.slice!(0..7).pack("C*").unpack("E")[0]
+      when 8 # Time, Hi-Res
+        # Time here, in bit-shifted format.  Parse bytes into UTC.
+        byte1, byte2 = body.pack("C*").unpack("NN")
+        retval = Time.at(( ((byte1 << 32) + byte2) * (2**-30) )).utc
+      when 9 # Interval, Hi-Res
+        byte1, byte2 = body.pack("C*").unpack("NN")
+        retval = (((byte1 << 32) + byte2) * (2**-30)).to_i
+      when 6 # Values
+        val_bytes = body.slice!(0..1)
+        val_count = val_bytes.pack("C*").unpack("n")
+        if body.length % 9 == 0 # Should be 9 fields
+          count = 0
+          retval = []
+          types = body.slice!(0..((body.length/9)-1))
+          while body.length > 0
+            vtype = vt_map(types[count])
+            case types[count]
+              when 0, 3; v = body.slice!(0..7).pack("C*").unpack("Q>")[0]
+              when 1;    v = body.slice!(0..7).pack("C*").unpack("E")[0]
+              when 2;    v = body.slice!(0..7).pack("C*").unpack("q>")[0]
+              else;      v = 0
+            end
+            retval << v
+            count += 1
+          end
+        else
+          @logger.error("Incorrect number of data fields for collectd record", :body => body.to_s)
+        end
+    end
+    # Populate some state variables based on their type...
+    case id
+      when 2
+        if @plugin != retval      # Zero-out @plugin_instance when @plugin changes
+          @plugin_instance = ''
+          @collectd.delete('plugin_instance')
+        end
+        @plugin = retval
+      when 0;   @cdhost = retval
+      when 3;   @plugin_instance = retval
+      when 4;   @cdtype = retval
+      when 5;   @type_instance = retval
+      when 1,8; @timestamp = retval
+    end
+    return retval
+  end # def get_values
+  private
+  def generate_event(data, output_queue)
+    # Prune these *specific* keys if they exist and are empty.
+    # This is better than looping over all keys every time.
+    data.delete('type_instance') if data['type_instance'] == ""
+    data.delete('plugin_instance') if data['plugin_instance'] == ""
+    # As crazy as it sounds, this is where we actually send our events to the queue!
+    event = LogStash::Event.new
+    data.each {|k, v| event[k] = data[k]}
+    decorate(event)
+    output_queue << event
+  end # def generate_event
+  private
+  def collectd_listener(output_queue)
+    @logger.info("Starting Collectd listener", :address => "#{@host}:#{@port}")
+    if @udp && ! @udp.closed?
+      @udp.close
+    end
+    @udp = UDPSocket.new(Socket::AF_INET)
+    @udp.bind(@host, @port)
+    loop do
+      payload, client = @udp.recvfrom(@buffer_size)
+      payload.each_byte do |byte|
+        # According to the documentation for the binary protocol
+        # it takes 4 bytes to define the header:
+        # The first 2 bytes are the type number,
+        # the second 2 bytes are the length of the message.
+        # So, until we have looped 4 times (@idbyte is our counter)
+        # append the byte to the @header
+        if @idbyte < 4
+          @header << byte
+        # Now that we have looped exactly 4 times...
+        elsif @idbyte == 4
+          @typenum = (@header[0] << 1) + @header[1] # @typenum gets the first 2 bytes
+          @length  = (@header[2] << 1) + @header[3] # @length gets the second 2 bytes
+          @body << byte                             # @body begins with the current byte
+        # And if we've looped more than 4, up until the length of the message (now defined)
+        elsif @idbyte > 4 && @idbyte < @length
+          @body << byte                             # append the current byte to @body
+        end
+        # So long as we have @length and we've reached it, it's time to parse
+        if @length > 0 && @idbyte == @length-1
+          field = type_map(@typenum)              # Get the field name based on type
+          if @typenum < @prev_typenum             # We've started over, generate an event
+            if @prune_intervals
+              generate_event(@collectd, output_queue) unless @prev_typenum == 7 or @prev_typenum == 9
+            else
+              generate_event(@collectd, output_queue)
+            end
+            @collectd.clear                     # Empty @collectd
+            @collectd['host'] = @cdhost         # Reset these from state
+            @collectd['collectd_type'] = @cdtype
+            @collectd['plugin'] = @plugin
+            @collectd['plugin_instance'] = @plugin_instance
+            @collectd['@timestamp'] = @timestamp
+          end
+          # Here is where we actually fill @collectd
+          values = get_values(@typenum, @body)
+          if values.kind_of?(Array)
+            if values.length > 1                  # Only do this iteration on multi-value arrays
+              values.each_with_index {|value, x| @collectd[@types[@collectd['collectd_type']][x]] = values[x]}
+            else                                  # Otherwise it's a single value
+              @collectd['value'] = values[0]      # So name it 'value' accordingly
+            end
+          elsif field != nil                      # Not an array, make sure it's non-empty
+            @collectd[field] = values             # Append values to @collectd under key field
+          end
+          @prev_typenum = @typenum
+          # All bytes in the collectd event have now been processed.  Reset counters, header & body.
+          @idbyte = 0; @length = 0; @header.clear; @body.clear;
+        else # Increment the byte positional counter
+          @idbyte += 1
+        end # End of if @length > 0 && @idbyte == @length-1
+      end   # End of payload.each_byte do |byte| loop
+    end     # End of loop do, payload, client = @udp.recvfrom(@buffer_size)
+  ensure
+    if @udp
+      @udp.close_read rescue nil
+      @udp.close_write rescue nil
+    end
+  end # def collectd_listener
+  public
+  def teardown
+    @udp.close if @udp && !@udp.closed?
+  end
+end # class LogStash::Inputs::Collectd

data/lib/logstash/inputs/drupal_dblog.rb ADDED

@@ -0,0 +1,323 @@
+# encoding: utf-8
+require "date"
+require "logstash/inputs/base"
+require "logstash/namespace"
+# Retrieve watchdog log events from a Drupal installation with DBLog enabled.
+# The events are pulled out directly from the database.
+# The original events are not deleted, and on every consecutive run only new
+# events are pulled.
+#
+# The last watchdog event id that was processed is stored in the Drupal
+# variable table with the name "logstash_last_wid". Delete this variable or
+# set it to 0 if you want to re-import all events.
+#
+# More info on DBLog: http://drupal.org/documentation/modules/dblog
+#
+class LogStash::Inputs::DrupalDblog < LogStash::Inputs::Base
+  config_name "drupal_dblog"
+  milestone 1
+  default :codec, "plain"
+  # Specify all drupal databases that you whish to import from.
+  # This can be as many as you whish.
+  # The format is a hash, with a unique site name as the key, and a databse
+  # url as the value.
+  #
+  # Example:
+  # [
+  #   "site1", "mysql://user1:password@host1.com/databasename",
+  #   "other_site", "mysql://user2:password@otherhost.com/databasename",
+  #   ...
+  # ]
+  config :databases, :validate => :hash
+  # By default, the event only contains the current user id as a field.
+  # If you whish to add the username as an additional field, set this to true.
+  config :add_usernames, :validate => :boolean, :default => false
+  # Time between checks in minutes.
+  config :interval, :validate => :number, :default => 10
+  # The amount of log messages that should be fetched with each query.
+  # Bulk fetching is done to prevent querying huge data sets when lots of
+  # messages are in the database.
+  config :bulksize, :validate => :number, :default => 5000
+  # Label this input with a type.
+  # Types are used mainly for filter activation.
+  #
+  #
+  # If you create an input with type "foobar", then only filters
+  # which also have type "foobar" will act on them.
+  #
+  # The type is also stored as part of the event itself, so you
+  # can also use the type to search for in the web interface.
+  config :type, :validate => :string, :default => 'watchdog'
+  public
+  def register
+    require "php_serialize"
+    if RUBY_PLATFORM == 'java'
+      require "logstash/inputs/drupal_dblog/jdbcconnection"
+    else
+      require "mysql2"
+    end
+  end # def register
+  public
+  def config_init(params)
+    super
+    dbs = {}
+    valid = true
+    @databases.each do |name, rawUri|
+      uri = URI(rawUri)
+      dbs[name] = {
+        "site" => name,
+        "scheme" => uri.scheme,
+        "host" => uri.host,
+        "user" => uri.user,
+        "password" => uri.password,
+        "database" => uri.path.sub('/', ''),
+        "port" => uri.port.to_i
+      }
+      if not (
+        uri.scheme and not uri.scheme.empty?\
+        and uri.host and not uri.host.empty?\
+        and uri.user and not uri.user.empty?\
+        and uri.password\
+        and uri.path and not uri.path.sub('/', '').empty?
+      )
+        @logger.error("Drupal DBLog: Invalid database URI for #{name} : #{rawUri}")
+        valid = false
+      end
+      if not uri.scheme == 'mysql'
+        @logger.error("Drupal DBLog: Only mysql databases are supported.")
+        valid = false
+      end
+    end
+    if not valid
+      @logger.error("Config validation failed.")
+      exit 1
+    end
+    @databases = dbs
+  end #def config_init
+  public
+  def run(output_queue)
+    @logger.info("Initializing drupal_dblog")
+    loop do
+      @logger.debug("Drupal DBLog: Starting to fetch new watchdog entries")
+      start = Time.now.to_i
+      @databases.each do |name, db|
+        @logger.debug("Drupal DBLog: Checking database #{name}")
+        check_database(output_queue, db)
+        @logger.info("Drupal DBLog: Retrieved all new watchdog messages from #{name}")
+      end
+      timeTaken = Time.now.to_i - start
+      @logger.info("Drupal DBLog: Fetched all new watchdog entries in #{timeTaken} seconds")
+      # If fetching of all databases took less time than the interval,
+      # sleep a bit.
+      sleepTime = @interval * 60 - timeTaken
+      if sleepTime > 0
+        @logger.debug("Drupal DBLog: Sleeping for #{sleepTime} seconds")
+        sleep(sleepTime)
+      end
+    end # loop
+  end # def run
+  private
+  def initialize_client(db)
+    if db["scheme"] == 'mysql'
+      if not db["port"] > 0
+        db["port"] = 3306
+      end
+      if RUBY_PLATFORM == 'java'
+        @client = LogStash::DrupalDblogJavaMysqlConnection.new(
+            db["host"],
+            db["user"],
+            db["password"],
+            db["database"],
+            db["port"]
+        )
+      else
+        @client = Mysql2::Client.new(
+            :host => db["host"],
+            :port => db["port"],
+            :username => db["user"],
+            :password => db["password"],
+            :database => db["database"]
+        )
+      end
+    end
+  end #def get_client
+  private
+  def check_database(output_queue, db)
+    begin
+      # connect to the MySQL server
+      initialize_client(db)
+    rescue Exception => e
+      @logger.error("Could not connect to database: " + e.message)
+      return
+    end #begin
+    begin
+      @sitename = db["site"]
+      @usermap = @add_usernames ? get_usermap : nil
+      # Retrieve last pulled watchdog entry id
+      initialLastWid = get_last_wid
+      lastWid = nil
+      if initialLastWid == false
+        lastWid = 0
+        set_last_wid(0, true)
+      else
+        lastWid = initialLastWid
+      end
+      # Fetch new entries, and create the event
+      while true
+        results = get_db_rows(lastWid)
+        if results.length() < 1
+          break
+        end
+        @logger.debug("Fetched " + results.length().to_s + " database rows")
+        results.each do |row|
+          event = build_event(row)
+          if event
+            decorate(event)
+            output_queue << event
+            lastWid = row['wid'].to_s
+          end
+        end
+        set_last_wid(lastWid, false)
+      end
+    rescue Exception => e
+      @logger.error("Error while fetching messages: ", :error => e.message)
+    end # begin
+    # Close connection
+    @client.close
+  end # def check_database
+  def get_db_rows(lastWid)
+    query = 'SELECT * from watchdog WHERE wid > ' + lastWid.to_s + " ORDER BY wid asc LIMIT " + @bulksize.to_s
+    return @client.query(query)
+  end # def get_db_rows
+  private
+  def update_sitename
+    if @sitename == ""
+      result = @client.query('SELECT value FROM variable WHERE name="site_name"')
+      if result.first()
+        @sitename = PHP.unserialize(result.first()['value'])
+      end
+    end
+  end # def update_sitename
+  private
+  def get_last_wid
+    result = @client.query('SELECT value FROM variable WHERE name="logstash_last_wid"')
+    lastWid = false
+    if result.count() > 0
+      tmp = result.first()["value"].gsub("i:", "").gsub(";", "")
+      lastWid = tmp.to_i.to_s == tmp ? tmp : "0"
+    end
+    return lastWid
+  end # def get_last_wid
+  private
+  def set_last_wid(wid, insert)
+    wid = PHP.serialize(wid.to_i)
+    # Update last import wid variable
+    if insert
+      # Does not exist yet, so insert
+      @client.query('INSERT INTO variable (name, value) VALUES("logstash_last_wid", "' + wid + '")')
+    else
+      @client.query('UPDATE variable SET value="' + wid + '" WHERE name="logstash_last_wid"')
+    end
+  end # def set_last_wid
+  private
+  def get_usermap
+    map = {}
+    @client.query("SELECT uid, name FROM users").each do |row|
+      map[row["uid"]] = row["name"]
+    end
+    map[0] = "guest"
+    return map
+  end # def get_usermap
+  private
+  def build_event(row)
+    # Convert unix timestamp
+    timestamp = Time.at(row["timestamp"]).to_datetime.iso8601
+    msg = row["message"]
+    vars = {}
+    # Unserialize the variables, and construct the message
+    if row['variables'] != 'N;'
+      vars = PHP.unserialize(row["variables"])
+      if vars.is_a?(Hash)
+        vars.each_pair do |k, v|
+          if msg.scan(k).length() > 0
+            msg = msg.gsub(k.to_s, v.to_s)
+          else
+            # If not inside the message, add var as an additional field
+            row["variable_" + k] = v
+          end
+        end
+      end
+    end
+    row.delete("message")
+    row.delete("variables")
+    row.delete("timestamp")
+    row["severity"] = row["severity"].to_i
+    if @add_usernames and @usermap.has_key?(row["uid"])
+      row["user"] = @usermap[row["uid"]]
+    end
+    entry = {
+      "@timestamp" => timestamp,
+      "tags" => [],
+      "type" => "watchdog",
+      "site" => @sitename,
+      "message" => msg
+    }.merge(row)
+    return LogStash::Event.new(entry)
+  end # def build_event
+end # class LogStash::Inputs::DrupalDblog