logstash-lite 0.2.20101118134500

data/lib/logstash/web/server.rb

@@ -0,0 +1,90 @@
+#!/usr/bin/env ruby
+##rackup -Ilib:../lib -s thin
+
+$:.unshift("%s/../lib" % File.dirname(__FILE__))
+$:.unshift(File.dirname(__FILE__))
+
+require "rubygems"
+require "json"
+require "eventmachine"
+require "rack"
+require "sinatra/async"
+require "lib/elasticsearch"
+require "logstash/namespace"
+
+class EventMachine::ConnectionError < RuntimeError; end
+
+class LogStash::Web::Server < Sinatra::Base
+  register Sinatra::Async
+  set :haml, :format => :html5
+  set :logging, true
+  set :public, "#{File.dirname(__FILE__)}/public"
+  set :views, "#{File.dirname(__FILE__)}/views"
+  elasticsearch = LogStash::Web::ElasticSearch.new
+
+  aget '/style.css' do
+    headers "Content-Type" => "text/css; charset=utf8"
+    body sass :style
+  end
+
+  aget '/' do
+    redirect "/search"
+  end # '/'
+
+  aget '/search' do
+    headers({"Content-Type" => "text/html" })
+    if params[:q] and params[:q] != ""
+      elasticsearch.search(params) do |@results|
+        @hits = (@results["hits"]["hits"] rescue [])
+        body haml :"search/results", :layout => !request.xhr?
+      end
+    else
+      @hits = []
+      body haml :"search/results", :layout => !request.xhr?
+    end
+  end
+
+  apost '/search/ajax' do
+    headers({"Content-Type" => "text/html" })
+    count = params["count"] = (params["count"] or 50).to_i
+    offset = params["offset"] = (params["offset"] or 0).to_i
+    elasticsearch.search(params) do |@results|
+      @hits = (@results["hits"]["hits"] rescue [])
+      @total = (@results["hits"]["total"] rescue 0)
+      @graphpoints = []
+      @results["facets"]["by_hour"]["entries"].each do |entry|
+        @graphpoints << [entry["key"], entry["count"]]
+      end
+
+      if count and offset
+        if @total > (count + offset)
+          @result_end = (count + offset)
+        else 
+          @result_end = @total
+        end
+        @result_start = offset
+      end
+
+      if count + offset < @total
+        next_params = params.clone
+        next_params["offset"] = [offset + count, @total - count].min
+        @next_href = "?" +  next_params.collect { |k,v| [URI.escape(k.to_s), URI.escape(v.to_s)].join("=") }.join("&")
+      end
+
+      if offset > 0
+        prev_params = params.clone
+        prev_params["offset"] = [offset - count, 0].max
+        @prev_href = "?" +  prev_params.collect { |k,v| [URI.escape(k.to_s), URI.escape(v.to_s)].join("=") }.join("&")
+      end
+
+      body haml :"search/ajax", :layout => !request.xhr?
+    end # elasticsearch.search
+  end # apost '/search/ajax'
+
+end # class LogStashWeb
+
+Rack::Handler::Thin.run(
+  Rack::CommonLogger.new( \
+    Rack::ShowExceptions.new( \
+      LogStash::Web::Server.new)),
+  :Port => 9292)

data/lib/logstash/web/views/header.haml

@@ -0,0 +1,8 @@
+.logo
+  logstash.
+.search
+  %form.search{ :action => "/search" }
+    %label{ :for => "q" } Query:
+    %input.query{ :id => "query", :type => "text", :name => "q", :value => params[:q],
+                  :size => 60 }
+    %input{ :id => "searchbutton", :type => "submit" }

data/lib/logstash/web/views/layout.haml

@@ -0,0 +1,21 @@
+!!! 5
+%html
+  %head
+    %title= @title || "logstash" 
+    %link{ :rel => "stylesheet", :href => "/style.css", :type => "text/css" }
+    %link{ :rel => "stylesheet", :href => "/css/smoothness/jquery-ui-1.8.5.custom.css", :type => "text/css" }
+    %script{ :src => "https://ajax.googleapis.com/ajax/libs/jquery/1.4.3/jquery.min.js", 
+             :type => "text/javascript" }
+%body
+  #header
+    =haml :header, :layout => false
+  #content
+    =yield
+  #footer
+
+  %script{ :src => "https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.5/jquery-ui.min.js", 
+           :type => "text/javascript" }
+  %script{ :src => "js/jquery.tmpl.min.js", :type => "text/javascript" }
+  %script{ :src => "js/jquery-hashchange-1.0.0.js", :type => "text/javascript" }
+  %script{ :src => "js/flot/jquery.flot.js", :type => "text/javascript" }
+  %script{ :src => "js/logstash.js", :type => "text/javascript" }

data/lib/logstash/web/views/main/index.haml

@@ -0,0 +1,5 @@
+%form.search{ :action => "/search" }
+  %label{ :for => "q" }
+  %input.query{ :type => "text", :name => "q" }
+  %input{ :type => "submit" }
+

data/lib/logstash/web/views/search/ajax.haml

@@ -0,0 +1,32 @@
+#results
+  - if (params[:q].strip.length > 0 rescue false)
+    %h1
+      Search results for '#{params[:q]}'
+  - if @graphpoints
+    #visual
+    :javascript
+      $(function() {
+        var graphdata = #{@graphpoints.to_json};
+        window.logstash.plot(graphdata);
+      });
+  - if @total and @result_start and @result_end
+    %small
+      %strong
+        Results #{@result_start} - #{@result_end} of #{@total}
+      |
+      - if @prev_href
+        %a.pager{ :href => @prev_href } 
+          prev
+        - if @next_href
+          |
+      - if @next_href
+        %a.pager{ :href => @next_href }
+          next
+  %ul.results
+    - @hits.reverse.each do |hit|
+      %li.event{ :"data-full" => hit.to_json }&= hit["_source"]["@message"]
+    - if @hits.length == 0 
+      - if !params[:q]
+        No query given. How about <a href="?q=*" class="querychanger">this?</a>
+      - else
+        No results for query '#{params[:q]}' 

data/lib/logstash/web/views/search/results.haml

@@ -0,0 +1,17 @@
+- if @error
+  #error 
+    %strong A search error occurred:
+    =@error
+#ssquery{ :style => "display: none;", :"data-query" => params[:q] }
+#inspector{ :style => "display: none;" }
+  The following fields are known for the log you selected. Click on any link to
+  append it to your search. If you shift+click, the field will be added to the
+  search as an exclude rather than include.
+  %ul
+
+%i
+  You can click on any search result to see what kind of fields we know about
+  for that event. You can also click on the graph to zoom to that time period.
+  The query language is that of Lucene's string query (<a href="http://lucene.apache.org/java/2_4_0/queryparsersyntax.html">docs</a>).
+
+=haml :"search/ajax", :layout => false

data/lib/logstash/web/views/style.sass

@@ -0,0 +1,50 @@
+$lightgrey: #d8d8d8
+$darkgrey: #adadad
+body
+  margin: 0
+  padding: 0
+#header
+  border-top: 4px solid black
+  border-bottom: 1px solid black
+  background-color: lightgreen
+  padding-left: 1em
+
+  .search
+    display: inline
+  .logo
+    font-size: 130%
+    font-weight: bold
+    float: right
+    padding-right: 20px
+#content
+  margin-left: 2em
+  margin-right: 2em
+  margin-top: 1em
+#content ul.results
+  font-family: monospace
+#content li.event
+  padding-bottom: 3px
+  white-space: pre-wrap
+#content li.selected
+  background-color: #FCE69D !important
+#content li.event:nth-child(2n)
+  background-color: #E3F6CE
+#content li.event:nth-child(2n+1)
+  background-color: #F5FBEF
+#content li.event:hover
+  background-color: lightgreen
+#error
+  background-color: pink
+  border: 1px solid red
+  padding: 3px
+#error h1
+  font-size: 130%
+  padding: 0
+  margin: 0
+#inspector
+  font-size: 70%
+#results #visual
+  width: 850px
+  height: 200px
+#results h1
+  font-size: 100%

data/patterns/firewalls

@@ -0,0 +1,2 @@
+# NetScreen firewall logs
+NETSCREENSESSIONLOG %{SYSLOGDATE:date} %{IPORHOST:device} %{IPORHOST}: NetScreen device_id=%{WORD:device_id}%{DATA}: start_time=%{QUOTEDSTRING:start_time} duration=%{INT:duration} policy_id=%{INT:policy_id} service=%{DATA:service} proto=%{INT:proto} src zone=%{WORD:src_zone} dst zone=%{WORD:dst_zone} action=%{WORD:action} sent=%{INT:sent} rcvd=%{INT:rcvd} src=%{IPORHOST:src_ip} dst=%{IPORHOST:dst_ip} src_port=%{INT:src_port} dst_port=%{INT:dst_port} src-xlated ip=%{IPORHOST:src_xlated_ip} port=%{INT:src_xlated_port} dst-xlated ip=%{IPORHOST:dst_xlated_ip} port=%{INT:dst_xlated_port} session_id=%{INT:session_id} reason=%{GREEDYDATA:reason}

data/patterns/grok-patterns

@@ -0,0 +1,90 @@
+USERNAME [a-zA-Z0-9_-]+
+USER %{USERNAME}
+INT (?:[+-]?(?:[0-9]+))
+BASE10NUM (?<![0-9.+-])(?>[+-]?(?:(?:[0-9]+(?:\.[0-9]+)?)|(?:\.[0-9]+)))
+NUMBER (?:%{BASE10NUM})
+BASE16NUM (?<![0-9A-Fa-f])(?:[+-]?(?:0x)?(?:[0-9A-Fa-f]+))
+BASE16FLOAT \b(?<![0-9A-Fa-f.])(?:[+-]?(?:0x)?(?:(?:[0-9A-Fa-f]+(?:\.[0-9A-Fa-f]*)?)|(?:\.[0-9A-Fa-f]+)))\b
+
+POSINT \b(?:[0-9]+)\b
+WORD \b\w+\b
+NOTSPACE \S+
+DATA .*?
+GREEDYDATA .*
+QUOTEDSTRING (?:(?<!\\)(?:"(?:\\.|[^\\"])*"|(?:'(?:\\.|[^\\'])*')|(?:`(?:\\.|[^\\`])*`)))
+
+# Networking
+MAC (?:%{CISCOMAC}|%{WINDOWSMAC}|%{COMMONMAC})
+CISCOMAC (?:(?:[A-Fa-f0-9]{4}\.){2}[A-Fa-f0-9]{4})
+WINDOWSMAC (?:(?:[A-Fa-f0-9]{2}-){5}[A-Fa-f0-9]{2})
+COMMONMAC (?:(?:[A-Fa-f0-9]{2}:){5}[A-Fa-f0-9]{2})
+IP (?<![0-9])(?:(?:25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2})[.](?:25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2})[.](?:25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2})[.](?:25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2}))(?![0-9])
+HOSTNAME \b(?:[0-9A-Za-z][0-9A-Za-z-]{0,62})(?:\.(?:[0-9A-Za-z][0-9A-Za-z-]{0,62}))*(\.?|\b)
+HOST %{HOSTNAME}
+IPORHOST (?:%{HOSTNAME}|%{IP})
+HOSTPORT (?:%{IPORHOST=~/\./}:%{POSINT})
+
+# paths
+PATH (?:%{UNIXPATH}|%{WINPATH})
+UNIXPATH (?<![\w\\/])(?:/(?:[\w_%!$@:.,-]+|\\.)*)+
+#UNIXPATH (?<![\w\/])(?:/[^\/\s?*]*)+
+LINUXTTY (?:/dev/pts/%{POSINT})
+BSDTTY (?:/dev/tty[pq][a-z0-9])
+TTY (?:%{BSDTTY}|%{LINUXTTY})
+WINPATH (?:[A-Za-z]+:|\\)(?:\\[^\\?*]*)+
+URIPROTO [A-Za-z]+(\+[A-Za-z+]+)?
+URIHOST %{IPORHOST}(?::%{POSINT})?
+# uripath comes loosely from RFC1738, but mostly from what Firefox
+# doesn't turn into %XX
+URIPATH (?:/[A-Za-z0-9$.+!*'(),~:#%_-]*)+
+#URIPARAM \?(?:[A-Za-z0-9]+(?:=(?:[^&]*))?(?:&(?:[A-Za-z0-9]+(?:=(?:[^&]*))?)?)*)?
+URIPARAM \?[A-Za-z0-9$.+!*'(),~#%&/=:;_-]*
+URIPATHPARAM %{URIPATH}(?:%{URIPARAM})?
+URI %{URIPROTO}://(?:%{USER}(?::[^@]*)?@)?(?:%{URIHOST})?(?:$|%{URIPATHPARAM})
+
+# Months: January, Feb, 3, 03, 12, December
+MONTH \b(?:Jan(?:uary)?|Feb(?:ruary)?|Mar(?:ch)?|Apr(?:il)?|May|Jun(?:e)?|Jul(?:y)?|Aug(?:ust)?|Sep(?:tember)?|Oct(?:ober)?|Nov(?:ember)?|Dec(?:ember)?)\b
+MONTHNUM (?:0?[1-9]|1[0-2])
+MONTHDAY (?:3[01]|[1-2]?[0-9]|0?[1-9])
+
+# Days: Monday, Tue, Thu, etc...
+DAY (?:Mon(?:day)?|Tue(?:sday)?|Wed(?:nesday)?|Thu(?:rsday)?|Fri(?:day)?|Sat(?:urday)?|Sun(?:day)?)
+
+# Years?
+YEAR [0-9]+
+# Time: HH:MM:SS
+#TIME \d{2}:\d{2}(?::\d{2}(?:\.\d+)?)?
+# I'm still on the fence about using grok to perform the time match,
+# since it's probably slower.
+# TIME %{POSINT<24}:%{POSINT<60}(?::%{POSINT<60}(?:\.%{POSINT})?)?
+HOUR (?:2[0123]|[01][0-9])
+MINUTE (?:[0-5][0-9])
+# '60' is a leap second in most time standards and thus is valid.
+SECOND (?:(?:[0-5][0-9]|60)(?:[.,][0-9]+)?)
+TIME (?!<[0-9])%{HOUR}:%{MINUTE}(?::%{SECOND})(?![0-9])
+# datestamp is YYYY/MM/DD-HH:MM:SS.UUUU (or something like it)
+DATE_US %{MONTHNUM}[/-]%{MONTHDAY}[/-]%{YEAR}
+DATE_EU %{YEAR}[/-]%{MONTHNUM}[/-]%{MONTHDAY}
+ISO8601_TIMEZONE (?:Z|[+-]%{HOUR}(?::?%{MINUTE}))
+ISO8601_SECOND (?:%{SECOND}|60)
+TIMESTAMP_ISO8601 %{YEAR}-%{MONTHNUM}-%{MONTHDAY}[T ]%{HOUR}:?%{MINUTE}(?::?%{SECOND})?%{ISO8601_TIMEZONE}?
+DATE %{DATE_US}|%{DATE_EU}
+DATESTAMP %{DATE}[- ]%{TIME}
+TZ (?:[PMCE][SD]T)
+DATESTAMP_RFC822 %{DAY} %{MONTH} %{MONTHDAY} %{YEAR} %{TIME} %{TZ}
+DATESTAMP_OTHER %{DAY} %{MONTH} %{MONTHDAY} %{TIME} (?:%{TZ} )?%{YEAR}
+
+# Syslog Dates: Month Day HH:MM:SS
+SYSLOGTIMESTAMP %{MONTH} +%{MONTHDAY} %{TIME}
+PROG (?:[\w._/-]+)
+SYSLOGPROG %{PROG:program}(?:\[%{POSINT:pid}\])?
+SYSLOGHOST %{IPORHOST}
+SYSLOGFACILITY <%{POSINT:facility}.%{POSINT:priority}>
+HTTPDATE %{MONTHDAY}/%{MONTH}/%{YEAR}:%{TIME} %{INT:ZONE}
+
+# Shortcuts
+QS %{QUOTEDSTRING}
+
+# Log formats
+SYSLOGBASE %{SYSLOGTIMESTAMP:timestamp} (?:%{SYSLOGFACILITY} )?%{SYSLOGHOST:logsource} %{SYSLOGPROG}:
+COMBINEDAPACHELOG %{IPORHOST:clientip} %{USER:ident} %{USER:auth} \[%{HTTPDATE:timestamp}\] "%{WORD:verb} %{URIPATHPARAM:request} HTTP/%{NUMBER:httpversion}" %{NUMBER:response} (?:%{NUMBER:bytes}|-) "(?:%{URI:referrer}|-)" %{QS:agent}

data/patterns/haproxy

@@ -0,0 +1,5 @@
+HAPROXYDATE %{MONTHDAY}/%{MONTH}/%{YEAR}:%{TIME}.%{INT:milliseconds}
+HAPROXYTERMINATIONSTATE [CAPRIcs-][RQCHDLT-][NIDV-][NIPRD-]
+
+# parse an haproxy 'httplog' line
+HAPROXYHTTP %{SYSLOGDATE:date} %{IPORHOST:server} %{SYSLOGPROG}: %{IP:clientip}:%{INT:clientport} \[%{HAPROXYDATE:haproxydate}\] %{NOTSPACE:proxyname} %{NOTSPACE}/%{IPORHOST:backend} %{INT:time_request}/%{INT:time_queue}/%{INT:time_backend_connect}/%{INT:time_backend_response}/%{INT:time_duration} %{INT:response} %{INT:bytes} - - %{HAPROXYTERMINATIONSTATE:terminationstate} %{INT:actconn}/%{INT:feconn}/%{INT:beconn}/%{INT:srvconn} %{INT:srv_queue}/%{INT:backend_queue} "%{WORD:verb} %{URIPATHPARAM:request} HTTP/%{NUMBER:version}"

data/patterns/linux-syslog

@@ -0,0 +1,7 @@
+SYSLOGBASE2 (?:%{SYSLOGTIMESTAMP:timestamp}|%{TIMESTAMP_ISO8601:timestamp8601}) (?:%{SYSLOGFACILITY} )?%{SYSLOGHOST:logsource} %{SYSLOGPROG}:
+SYSLOGPAMSESSION %{SYSLOGBASE} (?=%{GREEDYDATA:message})%{WORD:pam_module}\(%{DATA:pam_caller}\): session %{WORD:pam_session_state} for user %{USERNAME:username}(?: by %{GREEDYDATA:pam_by})?
+
+CRON_ACTION [A-Z ]+
+CRONLOG %{SYSLOGBASE} \(%{USER:user}\) %{CRON_ACTION:action} \(%{DATA:message}\)
+
+SYSLOGLINE %{SYSLOGBASE2} %{GREEDYDATA:message}

data/patterns/nagios

@@ -0,0 +1,7 @@
+NAGIOSTIME \[%{NUMBER:epochtime}\]
+
+NAGIOS_SERVICE_ALERT SERVICE ALERT: %{IPORHOST:hostname};%{DATA:checkname};%{DATA:state};%{DATA:statelevel};%{NUMBER:attempt};%{GREEDYDATA:message}
+NAGIOS_SERVICE_FLAPPING_ALERT SERVICE FLAPPING ALERT: %{IPORHOST:hostname};%{DATA:checkname};%{DATA:state};%{GREEDYDATA:message}
+NAGIOS_SERVICE_NOTIFICATION SERVICE NOTIFICATION: %{DATA:notifyname};%{IPORHOST:hostname};%{DATA:checkname};%{DATA:state};%{DATA:contact};%{GREEDYDATA:message}
+
+NAGIOSLOGLINE %{NAGIOSTIME} (?:%{NAGIOS_SERVICE_ALERT}|%{NAGIOS_SERVICE_FLAPPING_ALERT}|%{NAGIOS_SERVICE_NOTIFICATION})

data/patterns/ruby

@@ -0,0 +1,2 @@
+RUBY_LOGLEVEL (?:DEBUG|FATAL|ERROR|WARN|INFO)
+RUBY_LOGGER [DFEWI], \[%{TIMESTAMP_ISO8601} #{POSINT:pid}\] *%{RUBY_LOGLEVEL} -- %{DATA:progname}: %{DATA:message}

metadata

@@ -0,0 +1,228 @@
+--- !ruby/object:Gem::Specification 
+name: logstash-lite
+version: !ruby/object:Gem::Version 
+  hash: 40202236269023
+  prerelease: false
+  segments: 
+  - 0
+  - 2
+  - 20101118134500
+  version: 0.2.20101118134500
+platform: ruby
+authors: 
+- Jordan Sissel
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2010-11-18 00:00:00 -08:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: eventmachine-tail
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  type: :runtime
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: json
+  prerelease: false
+  requirement: &id002 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  type: :runtime
+  version_requirements: *id002
+description: scalable log and event management (search, archive, pipeline)
+email: jls@semicomplete.com
+executables: 
+- logstash
+- logstash-web
+extensions: []
+
+extra_rdoc_files: []
+
+files: 
+- lib/logstash.rb
+- lib/logstash/agent.rb
+- lib/logstash/inputs.rb
+- lib/logstash/inputs/syslog.rb
+- lib/logstash/inputs/file.rb
+- lib/logstash/inputs/base.rb
+- lib/logstash/inputs/amqp.rb
+- lib/logstash/inputs/tcp.rb
+- lib/logstash/outputs/gelf.rb
+- lib/logstash/outputs/elasticsearch.rb
+- lib/logstash/outputs/mongodb.rb
+- lib/logstash/outputs/stdout.rb
+- lib/logstash/outputs/websocket.rb
+- lib/logstash/outputs/base.rb
+- lib/logstash/outputs/amqp.rb
+- lib/logstash/namespace.rb
+- lib/logstash/time.rb
+- lib/logstash/filters.rb
+- lib/logstash/outputs.rb
+- lib/logstash/filters/grokdiscovery.rb
+- lib/logstash/filters/grok.rb
+- lib/logstash/filters/base.rb
+- lib/logstash/filters/field.rb
+- lib/logstash/filters/date.rb
+- lib/logstash/logging.rb
+- lib/logstash/event.rb
+- lib/logstash/web/lib/elasticsearch.rb
+- lib/logstash/web/public/css/smoothness/jquery-ui-1.8.5.custom.css
+- lib/logstash/web/public/css/smoothness/images/ui-icons_2e83ff_256x240.png
+- lib/logstash/web/public/css/smoothness/images/ui-icons_cd0a0a_256x240.png
+- lib/logstash/web/public/css/smoothness/images/ui-icons_222222_256x240.png
+- lib/logstash/web/public/css/smoothness/images/ui-bg_highlight-soft_75_cccccc_1x100.png
+- lib/logstash/web/public/css/smoothness/images/ui-bg_glass_75_e6e6e6_1x400.png
+- lib/logstash/web/public/css/smoothness/images/ui-bg_glass_65_ffffff_1x400.png
+- lib/logstash/web/public/css/smoothness/images/ui-bg_flat_0_aaaaaa_40x100.png
+- lib/logstash/web/public/css/smoothness/images/ui-icons_454545_256x240.png
+- lib/logstash/web/public/css/smoothness/images/ui-icons_888888_256x240.png
+- lib/logstash/web/public/css/smoothness/images/ui-bg_glass_75_dadada_1x400.png
+- lib/logstash/web/public/css/smoothness/images/ui-bg_glass_55_fbf9ee_1x400.png
+- lib/logstash/web/public/css/smoothness/images/ui-bg_flat_75_ffffff_40x100.png
+- lib/logstash/web/public/css/smoothness/images/ui-bg_glass_95_fef1ec_1x400.png
+- lib/logstash/web/public/js/jquery.livequery.js
+- lib/logstash/web/public/js/logstash.js
+- lib/logstash/web/public/js/jquery-hashchange-1.0.0.js
+- lib/logstash/web/public/js/jquery.tmpl.min.js
+- lib/logstash/web/public/js/flot/README.txt
+- lib/logstash/web/public/js/flot/examples/tracking.html
+- lib/logstash/web/public/js/flot/examples/layout.css
+- lib/logstash/web/public/js/flot/examples/data-eu-gdp-growth-1.json
+- lib/logstash/web/public/js/flot/examples/data-japan-gdp-growth.json
+- lib/logstash/web/public/js/flot/examples/data-eu-gdp-growth-2.json
+- lib/logstash/web/public/js/flot/examples/setting-options.html
+- lib/logstash/web/public/js/flot/examples/data-eu-gdp-growth.json
+- lib/logstash/web/public/js/flot/examples/data-usa-gdp-growth.json
+- lib/logstash/web/public/js/flot/examples/stacking.html
+- lib/logstash/web/public/js/flot/examples/navigate.html
+- lib/logstash/web/public/js/flot/examples/data-eu-gdp-growth-4.json
+- lib/logstash/web/public/js/flot/examples/graph-types.html
+- lib/logstash/web/public/js/flot/examples/dual-axis.html
+- lib/logstash/web/public/js/flot/examples/data-eu-gdp-growth-5.json
+- lib/logstash/web/public/js/flot/examples/arrow-down.gif
+- lib/logstash/web/public/js/flot/examples/annotating.html
+- lib/logstash/web/public/js/flot/examples/zooming.html
+- lib/logstash/web/public/js/flot/examples/selection.html
+- lib/logstash/web/public/js/flot/examples/basic.html
+- lib/logstash/web/public/js/flot/examples/data-eu-gdp-growth-3.json
+- lib/logstash/web/public/js/flot/examples/arrow-right.gif
+- lib/logstash/web/public/js/flot/examples/turning-series.html
+- lib/logstash/web/public/js/flot/examples/visitors.html
+- lib/logstash/web/public/js/flot/examples/image.html
+- lib/logstash/web/public/js/flot/examples/arrow-up.gif
+- lib/logstash/web/public/js/flot/examples/hs-2004-27-a-large_web.jpg
+- lib/logstash/web/public/js/flot/examples/thresholding.html
+- lib/logstash/web/public/js/flot/examples/time.html
+- lib/logstash/web/public/js/flot/examples/interacting.html
+- lib/logstash/web/public/js/flot/examples/index.html
+- lib/logstash/web/public/js/flot/examples/arrow-left.gif
+- lib/logstash/web/public/js/flot/examples/ajax.html
+- lib/logstash/web/public/js/flot/jquery.flot.threshold.js
+- lib/logstash/web/public/js/flot/jquery.flot.selection.js
+- lib/logstash/web/public/js/flot/Makefile
+- lib/logstash/web/public/js/flot/FAQ.txt
+- lib/logstash/web/public/js/flot/jquery.flot.crosshair.min.js
+- lib/logstash/web/public/js/flot/jquery.flot.selection.min.js
+- lib/logstash/web/public/js/flot/jquery.colorhelpers.js
+- lib/logstash/web/public/js/flot/jquery.colorhelpers.min.js
+- lib/logstash/web/public/js/flot/NEWS.txt
+- lib/logstash/web/public/js/flot/jquery.js
+- lib/logstash/web/public/js/flot/jquery.flot.threshold.min.js
+- lib/logstash/web/public/js/flot/excanvas.min.js
+- lib/logstash/web/public/js/flot/API.txt
+- lib/logstash/web/public/js/flot/jquery.flot.stack.min.js
+- lib/logstash/web/public/js/flot/jquery.flot.image.min.js
+- lib/logstash/web/public/js/flot/jquery.flot.min.js
+- lib/logstash/web/public/js/flot/jquery.flot.crosshair.js
+- lib/logstash/web/public/js/flot/jquery.flot.js
+- lib/logstash/web/public/js/flot/jquery.flot.image.js
+- lib/logstash/web/public/js/flot/jquery.flot.stack.js
+- lib/logstash/web/public/js/flot/excanvas.js
+- lib/logstash/web/public/js/flot/LICENSE.txt
+- lib/logstash/web/public/js/flot/jquery.flot.navigate.min.js
+- lib/logstash/web/public/js/flot/jquery.flot.navigate.js
+- lib/logstash/web/public/js/flot/jquery.min.js
+- lib/logstash/web/public/js/flot/PLUGINS.txt
+- lib/logstash/web/server.rb
+- lib/logstash/web/views/style.sass
+- lib/logstash/web/views/main/index.haml
+- lib/logstash/web/views/layout.haml
+- lib/logstash/web/views/search/ajax.haml
+- lib/logstash/web/views/search/results.haml
+- lib/logstash/web/views/header.haml
+- examples/test.rb
+- etc/tograylog.yaml
+- etc/logstash-elasticsearch-rabbitmq-river.yaml
+- etc/logstash-reader.yaml
+- etc/logstash-parser.yaml
+- etc/logstash-mongodb-storage.yaml
+- etc/logstash-standalone.yaml
+- etc/redhat/logstash.sysconfig
+- etc/redhat/logstash-agent.sysconfig
+- etc/redhat/logstash.spec
+- etc/redhat/logstash
+- etc/redhat/logstash-agent
+- etc/prod.yaml
+- etc/logstash-shipper.yaml
+- patterns/linux-syslog
+- patterns/haproxy
+- patterns/grok-patterns
+- patterns/ruby
+- patterns/firewalls
+- patterns/nagios
+- bin/logstash
+- bin/logstash-web
+has_rdoc: true
+homepage: http://code.google.com/p/logstash/
+licenses: []
+
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.3.7
+signing_key: 
+specification_version: 3
+summary: logstash - log and event management (lite install, no dependencies)
+test_files: []
+