RubyGems - logstash-lib - Versions diffs - 1.3.2 - Mend

logstash-lib 1.3.2

Files changed (419) hide show

data/.gitignore +24 -0
data/.tailor +8 -0
data/.travis.yml +12 -0
data/CHANGELOG +1185 -0
data/CONTRIBUTING.md +61 -0
data/CONTRIBUTORS +79 -0
data/LICENSE +14 -0
data/Makefile +460 -0
data/README.md +120 -0
data/STYLE.md +96 -0
data/bin/logstash +37 -0
data/bin/logstash-test +4 -0
data/bin/logstash-web +4 -0
data/bin/logstash.lib.sh +78 -0
data/bot/check_pull_changelog.rb +89 -0
data/docs/configuration.md +260 -0
data/docs/docgen.rb +242 -0
data/docs/extending/example-add-a-new-filter.md +121 -0
data/docs/extending/index.md +91 -0
data/docs/flags.md +43 -0
data/docs/generate_index.rb +28 -0
data/docs/index.html.erb +56 -0
data/docs/learn.md +46 -0
data/docs/life-of-an-event.md +109 -0
data/docs/logging-tool-comparisons.md +60 -0
data/docs/plugin-doc.html.erb +91 -0
data/docs/plugin-milestones.md +41 -0
data/docs/plugin-synopsis.html.erb +24 -0
data/docs/release-engineering.md +46 -0
data/docs/release-test-results.md +14 -0
data/docs/repositories.md +35 -0
data/docs/tutorials/10-minute-walkthrough/apache-elasticsearch.conf +35 -0
data/docs/tutorials/10-minute-walkthrough/apache-parse.conf +33 -0
data/docs/tutorials/10-minute-walkthrough/apache_log.1 +1 -0
data/docs/tutorials/10-minute-walkthrough/apache_log.2.bz2 +0 -0
data/docs/tutorials/10-minute-walkthrough/hello-search.conf +25 -0
data/docs/tutorials/10-minute-walkthrough/hello.conf +16 -0
data/docs/tutorials/10-minute-walkthrough/index.md +124 -0
data/docs/tutorials/10-minute-walkthrough/step-5-output.txt +17 -0
data/docs/tutorials/getting-started-centralized-overview-diagram.png +0 -0
data/docs/tutorials/getting-started-centralized-overview-diagram.xml +1 -0
data/docs/tutorials/getting-started-centralized.md +217 -0
data/docs/tutorials/getting-started-simple.md +200 -0
data/docs/tutorials/just-enough-rabbitmq-for-logstash.md +201 -0
data/docs/tutorials/media/frontend-response-codes.png +0 -0
data/docs/tutorials/metrics-from-logs.md +84 -0
data/docs/tutorials/zeromq.md +118 -0
data/extract_services.rb +29 -0
data/gembag.rb +64 -0
data/lib/logstash-event.rb +2 -0
data/lib/logstash.rb +4 -0
data/lib/logstash/JRUBY-6970-openssl.rb +22 -0
data/lib/logstash/JRUBY-6970.rb +102 -0
data/lib/logstash/agent.rb +305 -0
data/lib/logstash/certs/cacert.pem +3895 -0
data/lib/logstash/codecs/base.rb +49 -0
data/lib/logstash/codecs/compress_spooler.rb +50 -0
data/lib/logstash/codecs/dots.rb +18 -0
data/lib/logstash/codecs/edn.rb +28 -0
data/lib/logstash/codecs/edn_lines.rb +36 -0
data/lib/logstash/codecs/fluent.rb +55 -0
data/lib/logstash/codecs/graphite.rb +114 -0
data/lib/logstash/codecs/json.rb +41 -0
data/lib/logstash/codecs/json_lines.rb +52 -0
data/lib/logstash/codecs/json_spooler.rb +22 -0
data/lib/logstash/codecs/line.rb +58 -0
data/lib/logstash/codecs/msgpack.rb +43 -0
data/lib/logstash/codecs/multiline.rb +189 -0
data/lib/logstash/codecs/netflow.rb +342 -0
data/lib/logstash/codecs/netflow/util.rb +212 -0
data/lib/logstash/codecs/noop.rb +19 -0
data/lib/logstash/codecs/oldlogstashjson.rb +56 -0
data/lib/logstash/codecs/plain.rb +48 -0
data/lib/logstash/codecs/rubydebug.rb +22 -0
data/lib/logstash/codecs/spool.rb +38 -0
data/lib/logstash/config/Makefile +4 -0
data/lib/logstash/config/config_ast.rb +380 -0
data/lib/logstash/config/file.rb +39 -0
data/lib/logstash/config/grammar.rb +3504 -0
data/lib/logstash/config/grammar.treetop +241 -0
data/lib/logstash/config/mixin.rb +464 -0
data/lib/logstash/config/registry.rb +13 -0
data/lib/logstash/config/test.conf +18 -0
data/lib/logstash/errors.rb +10 -0
data/lib/logstash/event.rb +262 -0
data/lib/logstash/filters/advisor.rb +178 -0
data/lib/logstash/filters/alter.rb +173 -0
data/lib/logstash/filters/anonymize.rb +93 -0
data/lib/logstash/filters/base.rb +190 -0
data/lib/logstash/filters/checksum.rb +50 -0
data/lib/logstash/filters/cidr.rb +76 -0
data/lib/logstash/filters/cipher.rb +145 -0
data/lib/logstash/filters/clone.rb +35 -0
data/lib/logstash/filters/collate.rb +114 -0
data/lib/logstash/filters/csv.rb +94 -0
data/lib/logstash/filters/date.rb +244 -0
data/lib/logstash/filters/dns.rb +201 -0
data/lib/logstash/filters/drop.rb +32 -0
data/lib/logstash/filters/elapsed.rb +256 -0
data/lib/logstash/filters/elasticsearch.rb +73 -0
data/lib/logstash/filters/environment.rb +27 -0
data/lib/logstash/filters/extractnumbers.rb +84 -0
data/lib/logstash/filters/gelfify.rb +52 -0
data/lib/logstash/filters/geoip.rb +145 -0
data/lib/logstash/filters/grep.rb +153 -0
data/lib/logstash/filters/grok.rb +425 -0
data/lib/logstash/filters/grokdiscovery.rb +75 -0
data/lib/logstash/filters/i18n.rb +51 -0
data/lib/logstash/filters/json.rb +90 -0
data/lib/logstash/filters/json_encode.rb +52 -0
data/lib/logstash/filters/kv.rb +232 -0
data/lib/logstash/filters/metaevent.rb +68 -0
data/lib/logstash/filters/metrics.rb +237 -0
data/lib/logstash/filters/multiline.rb +241 -0
data/lib/logstash/filters/mutate.rb +399 -0
data/lib/logstash/filters/noop.rb +21 -0
data/lib/logstash/filters/prune.rb +149 -0
data/lib/logstash/filters/punct.rb +32 -0
data/lib/logstash/filters/railsparallelrequest.rb +86 -0
data/lib/logstash/filters/range.rb +142 -0
data/lib/logstash/filters/ruby.rb +42 -0
data/lib/logstash/filters/sleep.rb +111 -0
data/lib/logstash/filters/split.rb +64 -0
data/lib/logstash/filters/sumnumbers.rb +73 -0
data/lib/logstash/filters/syslog_pri.rb +107 -0
data/lib/logstash/filters/translate.rb +121 -0
data/lib/logstash/filters/unique.rb +29 -0
data/lib/logstash/filters/urldecode.rb +57 -0
data/lib/logstash/filters/useragent.rb +112 -0
data/lib/logstash/filters/uuid.rb +58 -0
data/lib/logstash/filters/xml.rb +139 -0
data/lib/logstash/filters/zeromq.rb +123 -0
data/lib/logstash/filterworker.rb +122 -0
data/lib/logstash/inputs/base.rb +125 -0
data/lib/logstash/inputs/collectd.rb +306 -0
data/lib/logstash/inputs/drupal_dblog.rb +323 -0
data/lib/logstash/inputs/drupal_dblog/jdbcconnection.rb +66 -0
data/lib/logstash/inputs/elasticsearch.rb +140 -0
data/lib/logstash/inputs/eventlog.rb +129 -0
data/lib/logstash/inputs/eventlog/racob_fix.rb +44 -0
data/lib/logstash/inputs/exec.rb +69 -0
data/lib/logstash/inputs/file.rb +146 -0
data/lib/logstash/inputs/ganglia.rb +127 -0
data/lib/logstash/inputs/ganglia/gmondpacket.rb +146 -0
data/lib/logstash/inputs/ganglia/xdr.rb +327 -0
data/lib/logstash/inputs/gelf.rb +138 -0
data/lib/logstash/inputs/gemfire.rb +222 -0
data/lib/logstash/inputs/generator.rb +97 -0
data/lib/logstash/inputs/graphite.rb +41 -0
data/lib/logstash/inputs/heroku.rb +51 -0
data/lib/logstash/inputs/imap.rb +136 -0
data/lib/logstash/inputs/irc.rb +84 -0
data/lib/logstash/inputs/log4j.rb +136 -0
data/lib/logstash/inputs/lumberjack.rb +53 -0
data/lib/logstash/inputs/pipe.rb +57 -0
data/lib/logstash/inputs/rabbitmq.rb +126 -0
data/lib/logstash/inputs/rabbitmq/bunny.rb +118 -0
data/lib/logstash/inputs/rabbitmq/hot_bunnies.rb +1 -0
data/lib/logstash/inputs/rabbitmq/march_hare.rb +129 -0
data/lib/logstash/inputs/redis.rb +263 -0
data/lib/logstash/inputs/relp.rb +106 -0
data/lib/logstash/inputs/s3.rb +279 -0
data/lib/logstash/inputs/snmptrap.rb +87 -0
data/lib/logstash/inputs/sqlite.rb +185 -0
data/lib/logstash/inputs/sqs.rb +172 -0
data/lib/logstash/inputs/stdin.rb +46 -0
data/lib/logstash/inputs/stomp.rb +84 -0
data/lib/logstash/inputs/syslog.rb +237 -0
data/lib/logstash/inputs/tcp.rb +231 -0
data/lib/logstash/inputs/threadable.rb +18 -0
data/lib/logstash/inputs/twitter.rb +82 -0
data/lib/logstash/inputs/udp.rb +81 -0
data/lib/logstash/inputs/unix.rb +163 -0
data/lib/logstash/inputs/varnishlog.rb +48 -0
data/lib/logstash/inputs/websocket.rb +50 -0
data/lib/logstash/inputs/wmi.rb +72 -0
data/lib/logstash/inputs/xmpp.rb +81 -0
data/lib/logstash/inputs/zenoss.rb +143 -0
data/lib/logstash/inputs/zeromq.rb +165 -0
data/lib/logstash/kibana.rb +113 -0
data/lib/logstash/loadlibs.rb +9 -0
data/lib/logstash/logging.rb +89 -0
data/lib/logstash/monkeypatches-for-bugs.rb +2 -0
data/lib/logstash/monkeypatches-for-debugging.rb +47 -0
data/lib/logstash/monkeypatches-for-performance.rb +66 -0
data/lib/logstash/multiqueue.rb +53 -0
data/lib/logstash/namespace.rb +16 -0
data/lib/logstash/outputs/base.rb +120 -0
data/lib/logstash/outputs/boundary.rb +116 -0
data/lib/logstash/outputs/circonus.rb +78 -0
data/lib/logstash/outputs/cloudwatch.rb +351 -0
data/lib/logstash/outputs/csv.rb +55 -0
data/lib/logstash/outputs/datadog.rb +93 -0
data/lib/logstash/outputs/datadog_metrics.rb +123 -0
data/lib/logstash/outputs/elasticsearch.rb +332 -0
data/lib/logstash/outputs/elasticsearch/elasticsearch-template.json +44 -0
data/lib/logstash/outputs/elasticsearch_http.rb +256 -0
data/lib/logstash/outputs/elasticsearch_river.rb +214 -0
data/lib/logstash/outputs/email.rb +299 -0
data/lib/logstash/outputs/exec.rb +40 -0
data/lib/logstash/outputs/file.rb +180 -0
data/lib/logstash/outputs/ganglia.rb +75 -0
data/lib/logstash/outputs/gelf.rb +208 -0
data/lib/logstash/outputs/gemfire.rb +103 -0
data/lib/logstash/outputs/google_bigquery.rb +570 -0
data/lib/logstash/outputs/google_cloud_storage.rb +431 -0
data/lib/logstash/outputs/graphite.rb +143 -0
data/lib/logstash/outputs/graphtastic.rb +185 -0
data/lib/logstash/outputs/hipchat.rb +80 -0
data/lib/logstash/outputs/http.rb +142 -0
data/lib/logstash/outputs/irc.rb +80 -0
data/lib/logstash/outputs/jira.rb +109 -0
data/lib/logstash/outputs/juggernaut.rb +105 -0
data/lib/logstash/outputs/librato.rb +146 -0
data/lib/logstash/outputs/loggly.rb +93 -0
data/lib/logstash/outputs/lumberjack.rb +51 -0
data/lib/logstash/outputs/metriccatcher.rb +103 -0
data/lib/logstash/outputs/mongodb.rb +81 -0
data/lib/logstash/outputs/nagios.rb +119 -0
data/lib/logstash/outputs/nagios_nsca.rb +123 -0
data/lib/logstash/outputs/null.rb +18 -0
data/lib/logstash/outputs/opentsdb.rb +101 -0
data/lib/logstash/outputs/pagerduty.rb +79 -0
data/lib/logstash/outputs/pipe.rb +132 -0
data/lib/logstash/outputs/rabbitmq.rb +96 -0
data/lib/logstash/outputs/rabbitmq/bunny.rb +135 -0
data/lib/logstash/outputs/rabbitmq/hot_bunnies.rb +1 -0
data/lib/logstash/outputs/rabbitmq/march_hare.rb +143 -0
data/lib/logstash/outputs/redis.rb +245 -0
data/lib/logstash/outputs/riak.rb +152 -0
data/lib/logstash/outputs/riemann.rb +109 -0
data/lib/logstash/outputs/s3.rb +356 -0
data/lib/logstash/outputs/sns.rb +124 -0
data/lib/logstash/outputs/solr_http.rb +78 -0
data/lib/logstash/outputs/sqs.rb +141 -0
data/lib/logstash/outputs/statsd.rb +116 -0
data/lib/logstash/outputs/stdout.rb +53 -0
data/lib/logstash/outputs/stomp.rb +67 -0
data/lib/logstash/outputs/syslog.rb +145 -0
data/lib/logstash/outputs/tcp.rb +145 -0
data/lib/logstash/outputs/udp.rb +38 -0
data/lib/logstash/outputs/websocket.rb +46 -0
data/lib/logstash/outputs/websocket/app.rb +29 -0
data/lib/logstash/outputs/websocket/pubsub.rb +45 -0
data/lib/logstash/outputs/xmpp.rb +78 -0
data/lib/logstash/outputs/zabbix.rb +108 -0
data/lib/logstash/outputs/zeromq.rb +125 -0
data/lib/logstash/pipeline.rb +286 -0
data/lib/logstash/plugin.rb +150 -0
data/lib/logstash/plugin_mixins/aws_config.rb +93 -0
data/lib/logstash/program.rb +15 -0
data/lib/logstash/runner.rb +238 -0
data/lib/logstash/sized_queue.rb +8 -0
data/lib/logstash/test.rb +183 -0
data/lib/logstash/threadwatchdog.rb +37 -0
data/lib/logstash/time_addon.rb +33 -0
data/lib/logstash/util.rb +106 -0
data/lib/logstash/util/buftok.rb +139 -0
data/lib/logstash/util/charset.rb +39 -0
data/lib/logstash/util/fieldreference.rb +50 -0
data/lib/logstash/util/password.rb +25 -0
data/lib/logstash/util/prctl.rb +11 -0
data/lib/logstash/util/relp.rb +326 -0
data/lib/logstash/util/require-helper.rb +18 -0
data/lib/logstash/util/socket_peer.rb +7 -0
data/lib/logstash/util/zenoss.rb +566 -0
data/lib/logstash/util/zeromq.rb +47 -0
data/lib/logstash/version.rb +6 -0
data/locales/en.yml +170 -0
data/logstash-event.gemspec +29 -0
data/logstash.gemspec +128 -0
data/patterns/firewalls +60 -0
data/patterns/grok-patterns +91 -0
data/patterns/haproxy +37 -0
data/patterns/java +3 -0
data/patterns/linux-syslog +14 -0
data/patterns/mcollective +1 -0
data/patterns/mcollective-patterns +4 -0
data/patterns/nagios +108 -0
data/patterns/postgresql +3 -0
data/patterns/redis +3 -0
data/patterns/ruby +2 -0
data/pkg/build.sh +135 -0
data/pkg/centos/after-install.sh +1 -0
data/pkg/centos/before-install.sh +10 -0
data/pkg/centos/before-remove.sh +11 -0
data/pkg/centos/sysconfig +15 -0
data/pkg/debian/after-install.sh +5 -0
data/pkg/debian/before-install.sh +13 -0
data/pkg/debian/before-remove.sh +13 -0
data/pkg/debian/build.sh +34 -0
data/pkg/debian/debian/README +6 -0
data/pkg/debian/debian/changelog +17 -0
data/pkg/debian/debian/compat +1 -0
data/pkg/debian/debian/control +16 -0
data/pkg/debian/debian/copyright +27 -0
data/pkg/debian/debian/dirs +19 -0
data/pkg/debian/debian/docs +0 -0
data/pkg/debian/debian/logstash.default +39 -0
data/pkg/debian/debian/logstash.init +201 -0
data/pkg/debian/debian/logstash.install +1 -0
data/pkg/debian/debian/logstash.logrotate +9 -0
data/pkg/debian/debian/logstash.postinst +68 -0
data/pkg/debian/debian/logstash.postrm +23 -0
data/pkg/debian/debian/manpage.1.ex +59 -0
data/pkg/debian/debian/preinst.ex +37 -0
data/pkg/debian/debian/prerm.ex +40 -0
data/pkg/debian/debian/release.conf +5 -0
data/pkg/debian/debian/rules +80 -0
data/pkg/debian/debian/watch.ex +22 -0
data/pkg/logrotate.conf +8 -0
data/pkg/logstash-web.default +41 -0
data/pkg/logstash-web.sysv.debian +201 -0
data/pkg/logstash-web.upstart.ubuntu +18 -0
data/pkg/logstash.default +45 -0
data/pkg/logstash.sysv.debian +202 -0
data/pkg/logstash.sysv.redhat +158 -0
data/pkg/logstash.upstart.ubuntu +20 -0
data/pkg/rpm/SOURCES/logstash.conf +26 -0
data/pkg/rpm/SOURCES/logstash.init +80 -0
data/pkg/rpm/SOURCES/logstash.logrotate +8 -0
data/pkg/rpm/SOURCES/logstash.sysconfig +3 -0
data/pkg/rpm/SOURCES/logstash.wrapper +105 -0
data/pkg/rpm/SPECS/logstash.spec +180 -0
data/pkg/rpm/readme.md +4 -0
data/pkg/ubuntu/after-install.sh +7 -0
data/pkg/ubuntu/before-install.sh +12 -0
data/pkg/ubuntu/before-remove.sh +13 -0
data/pull_release_note.rb +25 -0
data/require-analyze.rb +22 -0
data/spec/README.md +14 -0
data/spec/codecs/edn.rb +40 -0
data/spec/codecs/edn_lines.rb +53 -0
data/spec/codecs/graphite.rb +96 -0
data/spec/codecs/json.rb +57 -0
data/spec/codecs/json_lines.rb +51 -0
data/spec/codecs/json_spooler.rb +43 -0
data/spec/codecs/msgpack.rb +39 -0
data/spec/codecs/multiline.rb +60 -0
data/spec/codecs/oldlogstashjson.rb +55 -0
data/spec/codecs/plain.rb +35 -0
data/spec/codecs/spool.rb +35 -0
data/spec/conditionals/test.rb +323 -0
data/spec/config.rb +31 -0
data/spec/event.rb +165 -0
data/spec/examples/fail2ban.rb +28 -0
data/spec/examples/graphite-input.rb +41 -0
data/spec/examples/mysql-slow-query.rb +70 -0
data/spec/examples/parse-apache-logs.rb +66 -0
data/spec/examples/parse-haproxy-logs.rb +115 -0
data/spec/examples/syslog.rb +48 -0
data/spec/filters/alter.rb +96 -0
data/spec/filters/anonymize.rb +189 -0
data/spec/filters/checksum.rb +41 -0
data/spec/filters/clone.rb +67 -0
data/spec/filters/collate.rb +122 -0
data/spec/filters/csv.rb +174 -0
data/spec/filters/date.rb +285 -0
data/spec/filters/date_performance.rb +31 -0
data/spec/filters/dns.rb +159 -0
data/spec/filters/drop.rb +19 -0
data/spec/filters/elapsed.rb +294 -0
data/spec/filters/environment.rb +43 -0
data/spec/filters/geoip.rb +62 -0
data/spec/filters/grep.rb +342 -0
data/spec/filters/grok.rb +473 -0
data/spec/filters/grok/timeout2.rb +56 -0
data/spec/filters/grok/timeouts.rb +39 -0
data/spec/filters/i18n.rb +25 -0
data/spec/filters/json.rb +72 -0
data/spec/filters/json_encode.rb +37 -0
data/spec/filters/kv.rb +403 -0
data/spec/filters/metrics.rb +212 -0
data/spec/filters/multiline.rb +119 -0
data/spec/filters/mutate.rb +180 -0
data/spec/filters/noop.rb +221 -0
data/spec/filters/prune.rb +441 -0
data/spec/filters/punct.rb +18 -0
data/spec/filters/railsparallelrequest.rb +112 -0
data/spec/filters/range.rb +169 -0
data/spec/filters/split.rb +58 -0
data/spec/filters/translate.rb +70 -0
data/spec/filters/unique.rb +25 -0
data/spec/filters/useragent.rb +42 -0
data/spec/filters/xml.rb +157 -0
data/spec/inputs/file.rb +107 -0
data/spec/inputs/gelf.rb +52 -0
data/spec/inputs/generator.rb +30 -0
data/spec/inputs/imap.rb +60 -0
data/spec/inputs/redis.rb +63 -0
data/spec/inputs/relp.rb +70 -0
data/spec/inputs/tcp.rb +101 -0
data/spec/jar.rb +21 -0
data/spec/outputs/csv.rb +266 -0
data/spec/outputs/elasticsearch.rb +161 -0
data/spec/outputs/elasticsearch_http.rb +240 -0
data/spec/outputs/email.rb +173 -0
data/spec/outputs/file.rb +82 -0
data/spec/outputs/graphite.rb +236 -0
data/spec/outputs/redis.rb +127 -0
data/spec/speed.rb +20 -0
data/spec/sqlite-test.rb +81 -0
data/spec/support/LOGSTASH-733.rb +21 -0
data/spec/support/LOGSTASH-820.rb +25 -0
data/spec/support/akamai-grok.rb +26 -0
data/spec/support/date-http.rb +17 -0
data/spec/support/postwait1.rb +26 -0
data/spec/support/pull375.rb +21 -0
data/spec/test_utils.rb +125 -0
data/spec/util/fieldeval_spec.rb +44 -0
data/test/jenkins/config.xml.erb +74 -0
data/test/jenkins/create-jobs.rb +23 -0
data/test/jenkins/generatorjob.config.xml +66 -0
data/tools/Gemfile +14 -0
data/tools/Gemfile.jruby-1.9.lock +322 -0
data/tools/Gemfile.rbx-2.1.lock +516 -0
data/tools/Gemfile.ruby-1.9.1.lock +310 -0
data/tools/Gemfile.ruby-2.0.0.lock +310 -0
metadata +629 -0

data/lib/logstash/inputs/collectd.rb ADDED

@@ -0,0 +1,306 @@
+# encoding utf-8
+require "date"
+require "logstash/inputs/base"
+require "logstash/namespace"
+require "socket"
+require "tempfile"
+require "time"
+# Read events from the connectd binary protocol over the network via udp.
+# See https://collectd.org/wiki/index.php/Binary_protocol
+#
+# Configuration in your Logstash configuration file can be as simple as:
+#     input {
+#       collectd {}
+#     }
+#
+# A sample collectd.conf to send to Logstash might be:
+#
+#     Hostname    "host.example.com"
+#     LoadPlugin interface
+#     LoadPlugin load
+#     LoadPlugin memory
+#     LoadPlugin network
+#     <Plugin interface>
+#         Interface "eth0"
+#         IgnoreSelected false
+#     </Plugin>
+#     <Plugin network>
+#         <Server "10.0.0.1" "25826">
+#         </Server>
+#     </Plugin>
+#
+# Be sure to replace "10.0.0.1" with the IP of your Logstash instance.
+#
+#
+class LogStash::Inputs::Collectd < LogStash::Inputs::Base
+  config_name "collectd"
+  milestone 1
+  # File path(s) to collectd types.db to use.
+  # The last matching pattern wins if you have identical pattern names in multiple files.
+  # If no types.db is provided the included types.db will be used (currently 5.4.0).
+  config :typesdb, :validate => :array
+  # The address to listen on.  Defaults to all available addresses.
+  config :host, :validate => :string, :default => "0.0.0.0"
+  # The port to listen on.  Defaults to the collectd expected port of 25826.
+  config :port, :validate => :number, :default => 25826
+  # Prune interval records.  Defaults to true.
+  config :prune_intervals, :validate => :boolean, :default => true
+  # Buffer size. 1452 is the collectd default for v5+
+  config :buffer_size, :validate => :number, :default => 1452
+  public
+  def initialize(params)
+    super
+    BasicSocket.do_not_reverse_lookup = true
+    @idbyte = 0
+    @length = 0
+    @prev_typenum = 0
+    @header = []; @body = []
+    @timestamp = Time.now().utc
+    @collectd = {}
+    @types = {}
+  end # def initialize
+  public
+  def register
+    @udp = nil
+    if @typesdb.nil?
+      if __FILE__ =~ /^file:\/.+!.+/
+        begin
+          # Running from a jar, assume types.db is at the root.
+          jar_path = [__FILE__.split("!").first, "/types.db"].join("!")
+          @typesdb = [jar_path]
+        rescue => ex
+          raise "Failed to cache, due to: #{ex}\n#{ex.backtrace}"
+        end
+      else
+        if File.exists?("types.db")
+          @typesdb = ["types.db"]
+        elsif File.exists?("vendor/collectd/types.db")
+          @typesdb = ["vendor/collectd/types.db"]
+        else
+          raise "You must specify 'typesdb => ...' in your collectd input"
+        end
+      end
+    end
+    @logger.info("Using internal types.db", :typesdb => @typesdb.to_s)
+  end # def register
+  public
+  def run(output_queue)
+    begin
+      # get types
+      get_types(@typesdb)
+      # collectd server
+      collectd_listener(output_queue)
+    rescue LogStash::ShutdownSignal
+      # do nothing, shutdown was requested.
+    rescue => e
+      @logger.warn("Collectd listener died", :exception => e, :backtrace => e.backtrace)
+      sleep(5)
+      retry
+    end # begin
+  end # def run
+  public
+  def get_types(paths)
+    # Get the typesdb
+    paths.each do |path|
+      @logger.info("Getting Collectd typesdb info", :typesdb => path.to_s)
+      File.open(path, 'r').each_line do |line|
+        typename, *line = line.strip.split
+        next if typename.nil? || if typename[0,1] != '#' # Don't process commented or blank lines
+          v = line.collect { |l| l.strip.split(":")[0] }
+          @types[typename] = v
+        end
+      end
+    end
+  @logger.debug("Collectd Types", :types => @types.to_s)
+  end # def get_types
+  public
+  def type_map(id)
+    case id
+      when 0;   return "host"
+      when 1,8; return "@timestamp"
+      when 2;   return "plugin"
+      when 3;   return "plugin_instance"
+      when 4;   return "collectd_type"
+      when 5;   return "type_instance"
+      when 6;   return "values"
+      when 9;   return "interval"
+      when 100; return "message"
+      when 101; return "severity"
+    end
+  end # def type_map
+  public
+  def vt_map(id)
+    case id
+      when 0; return "COUNTER"
+      when 1; return "GAUGE"
+      when 2; return "DERIVE"
+      when 3; return "ABSOLUTE"
+      else;   return 'UNKNOWN'
+    end
+  end
+  public
+  def get_values(id, body)
+    retval = ''
+    case id
+      when 0,2,3,4,5,100 #=> String types
+        retval = body.pack("C*")
+        retval = retval[0..-2]
+      when 1 # Time
+        # Time here, in bit-shifted format.  Parse bytes into UTC.
+        byte1, byte2 = body.pack("C*").unpack("NN")
+        retval = Time.at(( ((byte1 << 32) + byte2))).utc
+      when 7,101 #=> Numeric types
+        retval = body.slice!(0..7).pack("C*").unpack("E")[0]
+      when 8 # Time, Hi-Res
+        # Time here, in bit-shifted format.  Parse bytes into UTC.
+        byte1, byte2 = body.pack("C*").unpack("NN")
+        retval = Time.at(( ((byte1 << 32) + byte2) * (2**-30) )).utc
+      when 9 # Interval, Hi-Res
+        byte1, byte2 = body.pack("C*").unpack("NN")
+        retval = (((byte1 << 32) + byte2) * (2**-30)).to_i
+      when 6 # Values
+        val_bytes = body.slice!(0..1)
+        val_count = val_bytes.pack("C*").unpack("n")
+        if body.length % 9 == 0 # Should be 9 fields
+          count = 0
+          retval = []
+          types = body.slice!(0..((body.length/9)-1))
+          while body.length > 0
+            vtype = vt_map(types[count])
+            case types[count]
+              when 0, 3; v = body.slice!(0..7).pack("C*").unpack("Q>")[0]
+              when 1;    v = body.slice!(0..7).pack("C*").unpack("E")[0]
+              when 2;    v = body.slice!(0..7).pack("C*").unpack("q>")[0]
+              else;      v = 0
+            end
+            retval << v
+            count += 1
+          end
+        else
+          @logger.error("Incorrect number of data fields for collectd record", :body => body.to_s)
+        end
+    end
+    # Populate some state variables based on their type...
+    case id
+      when 2
+        if @plugin != retval      # Zero-out @plugin_instance when @plugin changes
+          @plugin_instance = ''
+          @collectd.delete('plugin_instance')
+        end
+        @plugin = retval
+      when 0;   @cdhost = retval
+      when 3;   @plugin_instance = retval
+      when 4;   @cdtype = retval
+      when 5;   @type_instance = retval
+      when 1,8; @timestamp = retval
+    end
+    return retval
+  end # def get_values
+  private
+  def generate_event(data, output_queue)
+    # Prune these *specific* keys if they exist and are empty.
+    # This is better than looping over all keys every time.
+    data.delete('type_instance') if data['type_instance'] == ""
+    data.delete('plugin_instance') if data['plugin_instance'] == ""
+    # As crazy as it sounds, this is where we actually send our events to the queue!
+    event = LogStash::Event.new
+    data.each {|k, v| event[k] = data[k]}
+    decorate(event)
+    output_queue << event
+  end # def generate_event
+  private
+  def collectd_listener(output_queue)
+    @logger.info("Starting Collectd listener", :address => "#{@host}:#{@port}")
+    if @udp && ! @udp.closed?
+      @udp.close
+    end
+    @udp = UDPSocket.new(Socket::AF_INET)
+    @udp.bind(@host, @port)
+    loop do
+      payload, client = @udp.recvfrom(@buffer_size)
+      payload.each_byte do |byte|
+        # According to the documentation for the binary protocol
+        # it takes 4 bytes to define the header:
+        # The first 2 bytes are the type number,
+        # the second 2 bytes are the length of the message.
+        # So, until we have looped 4 times (@idbyte is our counter)
+        # append the byte to the @header
+        if @idbyte < 4
+          @header << byte
+        # Now that we have looped exactly 4 times...
+        elsif @idbyte == 4
+          @typenum = (@header[0] << 1) + @header[1] # @typenum gets the first 2 bytes
+          @length  = (@header[2] << 1) + @header[3] # @length gets the second 2 bytes
+          @body << byte                             # @body begins with the current byte
+        # And if we've looped more than 4, up until the length of the message (now defined)
+        elsif @idbyte > 4 && @idbyte < @length
+          @body << byte                             # append the current byte to @body
+        end
+        # So long as we have @length and we've reached it, it's time to parse
+        if @length > 0 && @idbyte == @length-1
+          field = type_map(@typenum)              # Get the field name based on type
+          if @typenum < @prev_typenum             # We've started over, generate an event
+            if @prune_intervals
+              generate_event(@collectd, output_queue) unless @prev_typenum == 7 or @prev_typenum == 9
+            else
+              generate_event(@collectd, output_queue)
+            end
+            @collectd.clear                     # Empty @collectd
+            @collectd['host'] = @cdhost         # Reset these from state
+            @collectd['collectd_type'] = @cdtype
+            @collectd['plugin'] = @plugin
+            @collectd['plugin_instance'] = @plugin_instance
+            @collectd['@timestamp'] = @timestamp
+          end
+          # Here is where we actually fill @collectd
+          values = get_values(@typenum, @body)
+          if values.kind_of?(Array)
+            if values.length > 1                  # Only do this iteration on multi-value arrays
+              values.each_with_index {|value, x| @collectd[@types[@collectd['collectd_type']][x]] = values[x]}
+            else                                  # Otherwise it's a single value
+              @collectd['value'] = values[0]      # So name it 'value' accordingly
+            end
+          elsif field != nil                      # Not an array, make sure it's non-empty
+            @collectd[field] = values             # Append values to @collectd under key field
+          end
+          @prev_typenum = @typenum
+          # All bytes in the collectd event have now been processed.  Reset counters, header & body.
+          @idbyte = 0; @length = 0; @header.clear; @body.clear;
+        else # Increment the byte positional counter
+          @idbyte += 1
+        end # End of if @length > 0 && @idbyte == @length-1
+      end   # End of payload.each_byte do |byte| loop
+    end     # End of loop do, payload, client = @udp.recvfrom(@buffer_size)
+  ensure
+    if @udp
+      @udp.close_read rescue nil
+      @udp.close_write rescue nil
+    end
+  end # def collectd_listener
+  public
+  def teardown
+    @udp.close if @udp && !@udp.closed?
+  end
+end # class LogStash::Inputs::Collectd

data/lib/logstash/inputs/drupal_dblog.rb ADDED

@@ -0,0 +1,323 @@
+# encoding: utf-8
+require "date"
+require "logstash/inputs/base"
+require "logstash/namespace"
+# Retrieve watchdog log events from a Drupal installation with DBLog enabled.
+# The events are pulled out directly from the database.
+# The original events are not deleted, and on every consecutive run only new
+# events are pulled.
+#
+# The last watchdog event id that was processed is stored in the Drupal
+# variable table with the name "logstash_last_wid". Delete this variable or
+# set it to 0 if you want to re-import all events.
+#
+# More info on DBLog: http://drupal.org/documentation/modules/dblog
+#
+class LogStash::Inputs::DrupalDblog < LogStash::Inputs::Base
+  config_name "drupal_dblog"
+  milestone 1
+  default :codec, "plain"
+  # Specify all drupal databases that you whish to import from.
+  # This can be as many as you whish.
+  # The format is a hash, with a unique site name as the key, and a databse
+  # url as the value.
+  #
+  # Example:
+  # [
+  #   "site1", "mysql://user1:password@host1.com/databasename",
+  #   "other_site", "mysql://user2:password@otherhost.com/databasename",
+  #   ...
+  # ]
+  config :databases, :validate => :hash
+  # By default, the event only contains the current user id as a field.
+  # If you whish to add the username as an additional field, set this to true.
+  config :add_usernames, :validate => :boolean, :default => false
+  # Time between checks in minutes.
+  config :interval, :validate => :number, :default => 10
+  # The amount of log messages that should be fetched with each query.
+  # Bulk fetching is done to prevent querying huge data sets when lots of
+  # messages are in the database.
+  config :bulksize, :validate => :number, :default => 5000
+  # Label this input with a type.
+  # Types are used mainly for filter activation.
+  #
+  #
+  # If you create an input with type "foobar", then only filters
+  # which also have type "foobar" will act on them.
+  #
+  # The type is also stored as part of the event itself, so you
+  # can also use the type to search for in the web interface.
+  config :type, :validate => :string, :default => 'watchdog'
+  public
+  def register
+    require "php_serialize"
+    if RUBY_PLATFORM == 'java'
+      require "logstash/inputs/drupal_dblog/jdbcconnection"
+    else
+      require "mysql2"
+    end
+  end # def register
+  public
+  def config_init(params)
+    super
+    dbs = {}
+    valid = true
+    @databases.each do |name, rawUri|
+      uri = URI(rawUri)
+      dbs[name] = {
+        "site" => name,
+        "scheme" => uri.scheme,
+        "host" => uri.host,
+        "user" => uri.user,
+        "password" => uri.password,
+        "database" => uri.path.sub('/', ''),
+        "port" => uri.port.to_i
+      }
+      if not (
+        uri.scheme and not uri.scheme.empty?\
+        and uri.host and not uri.host.empty?\
+        and uri.user and not uri.user.empty?\
+        and uri.password\
+        and uri.path and not uri.path.sub('/', '').empty?
+      )
+        @logger.error("Drupal DBLog: Invalid database URI for #{name} : #{rawUri}")
+        valid = false
+      end
+      if not uri.scheme == 'mysql'
+        @logger.error("Drupal DBLog: Only mysql databases are supported.")
+        valid = false
+      end
+    end
+    if not valid
+      @logger.error("Config validation failed.")
+      exit 1
+    end
+    @databases = dbs
+  end #def config_init
+  public
+  def run(output_queue)
+    @logger.info("Initializing drupal_dblog")
+    loop do
+      @logger.debug("Drupal DBLog: Starting to fetch new watchdog entries")
+      start = Time.now.to_i
+      @databases.each do |name, db|
+        @logger.debug("Drupal DBLog: Checking database #{name}")
+        check_database(output_queue, db)
+        @logger.info("Drupal DBLog: Retrieved all new watchdog messages from #{name}")
+      end
+      timeTaken = Time.now.to_i - start
+      @logger.info("Drupal DBLog: Fetched all new watchdog entries in #{timeTaken} seconds")
+      # If fetching of all databases took less time than the interval,
+      # sleep a bit.
+      sleepTime = @interval * 60 - timeTaken
+      if sleepTime > 0
+        @logger.debug("Drupal DBLog: Sleeping for #{sleepTime} seconds")
+        sleep(sleepTime)
+      end
+    end # loop
+  end # def run
+  private
+  def initialize_client(db)
+    if db["scheme"] == 'mysql'
+      if not db["port"] > 0
+        db["port"] = 3306
+      end
+      if RUBY_PLATFORM == 'java'
+        @client = LogStash::DrupalDblogJavaMysqlConnection.new(
+            db["host"],
+            db["user"],
+            db["password"],
+            db["database"],
+            db["port"]
+        )
+      else
+        @client = Mysql2::Client.new(
+            :host => db["host"],
+            :port => db["port"],
+            :username => db["user"],
+            :password => db["password"],
+            :database => db["database"]
+        )
+      end
+    end
+  end #def get_client
+  private
+  def check_database(output_queue, db)
+    begin
+      # connect to the MySQL server
+      initialize_client(db)
+    rescue Exception => e
+      @logger.error("Could not connect to database: " + e.message)
+      return
+    end #begin
+    begin
+      @sitename = db["site"]
+      @usermap = @add_usernames ? get_usermap : nil
+      # Retrieve last pulled watchdog entry id
+      initialLastWid = get_last_wid
+      lastWid = nil
+      if initialLastWid == false
+        lastWid = 0
+        set_last_wid(0, true)
+      else
+        lastWid = initialLastWid
+      end
+      # Fetch new entries, and create the event
+      while true
+        results = get_db_rows(lastWid)
+        if results.length() < 1
+          break
+        end
+        @logger.debug("Fetched " + results.length().to_s + " database rows")
+        results.each do |row|
+          event = build_event(row)
+          if event
+            decorate(event)
+            output_queue << event
+            lastWid = row['wid'].to_s
+          end
+        end
+        set_last_wid(lastWid, false)
+      end
+    rescue Exception => e
+      @logger.error("Error while fetching messages: ", :error => e.message)
+    end # begin
+    # Close connection
+    @client.close
+  end # def check_database
+  def get_db_rows(lastWid)
+    query = 'SELECT * from watchdog WHERE wid > ' + lastWid.to_s + " ORDER BY wid asc LIMIT " + @bulksize.to_s
+    return @client.query(query)
+  end # def get_db_rows
+  private
+  def update_sitename
+    if @sitename == ""
+      result = @client.query('SELECT value FROM variable WHERE name="site_name"')
+      if result.first()
+        @sitename = PHP.unserialize(result.first()['value'])
+      end
+    end
+  end # def update_sitename
+  private
+  def get_last_wid
+    result = @client.query('SELECT value FROM variable WHERE name="logstash_last_wid"')
+    lastWid = false
+    if result.count() > 0
+      tmp = result.first()["value"].gsub("i:", "").gsub(";", "")
+      lastWid = tmp.to_i.to_s == tmp ? tmp : "0"
+    end
+    return lastWid
+  end # def get_last_wid
+  private
+  def set_last_wid(wid, insert)
+    wid = PHP.serialize(wid.to_i)
+    # Update last import wid variable
+    if insert
+      # Does not exist yet, so insert
+      @client.query('INSERT INTO variable (name, value) VALUES("logstash_last_wid", "' + wid + '")')
+    else
+      @client.query('UPDATE variable SET value="' + wid + '" WHERE name="logstash_last_wid"')
+    end
+  end # def set_last_wid
+  private
+  def get_usermap
+    map = {}
+    @client.query("SELECT uid, name FROM users").each do |row|
+      map[row["uid"]] = row["name"]
+    end
+    map[0] = "guest"
+    return map
+  end # def get_usermap
+  private
+  def build_event(row)
+    # Convert unix timestamp
+    timestamp = Time.at(row["timestamp"]).to_datetime.iso8601
+    msg = row["message"]
+    vars = {}
+    # Unserialize the variables, and construct the message
+    if row['variables'] != 'N;'
+      vars = PHP.unserialize(row["variables"])
+      if vars.is_a?(Hash)
+        vars.each_pair do |k, v|
+          if msg.scan(k).length() > 0
+            msg = msg.gsub(k.to_s, v.to_s)
+          else
+            # If not inside the message, add var as an additional field
+            row["variable_" + k] = v
+          end
+        end
+      end
+    end
+    row.delete("message")
+    row.delete("variables")
+    row.delete("timestamp")
+    row["severity"] = row["severity"].to_i
+    if @add_usernames and @usermap.has_key?(row["uid"])
+      row["user"] = @usermap[row["uid"]]
+    end
+    entry = {
+      "@timestamp" => timestamp,
+      "tags" => [],
+      "type" => "watchdog",
+      "site" => @sitename,
+      "message" => msg
+    }.merge(row)
+    return LogStash::Event.new(entry)
+  end # def build_event
+end # class LogStash::Inputs::DrupalDblog