logstash-lite 0.2.20101207114354 → 0.2.20101208111718

Sign up to get free protection for your applications and to get access to all the features.
@@ -0,0 +1,19 @@
1
+ ---
2
+ configname: nagios
3
+ # Example config that filters already-parsed logs (grok filter at least) for
4
+ # certain patterns and sends the results to Nagios.
5
+ inputs:
6
+ all:
7
+ - amqp:///topic/parsedlogs
8
+ filters:
9
+ - grep:
10
+ java:
11
+ - match:
12
+ JAVASTACKTRACEPART: .*
13
+ add_fields:
14
+ nagios_host: localhost
15
+ nagios_service: Java Exceptions
16
+ nagios_annotation: "Java exception"
17
+ outputs:
18
+ - stdout:///
19
+ - nagios:///var/lib/nagios3/rw/nagios.cmd
@@ -1,13 +1,13 @@
1
1
  # Example config that parses rawlogs with grok and puts them on another AMQP topic
2
2
  inputs:
3
+ all:
3
4
  - amqp://localhost/topic/rawlogs
4
5
  outputs:
5
- - amqp://localhost/topic/parsedlogs
6
6
  - stdout:///
7
7
  filters:
8
- grok:
8
+ - grok:
9
9
  linux-syslog: # for logs tagged 'linux-syslog'
10
- timestamp:
10
+ timestamp:
11
11
  key: date
12
12
  format: %b %e %H:%M:%S
13
13
  patterns:
@@ -1,5 +1,6 @@
1
1
  # Example config that reads parsed logs from AMQP and prints to stdout
2
2
  inputs:
3
+ all:
3
4
  - amqp://localhost/topic/parsedlogs
4
5
  #filters:
5
6
  #field:
@@ -15,5 +15,4 @@ inputs:
15
15
  unknown:
16
16
  - /b/randomdata
17
17
  outputs:
18
- #- amqp://localhost/topic/rawlogs
19
- - websocket://0.0.0.0:3232/
18
+ - amqp://localhost/topic/rawlogs
@@ -23,11 +23,6 @@ filters:
23
23
  apache-access: # for logs of type 'apache-error'
24
24
  patterns:
25
25
  - %{COMBINEDAPACHELOG}
26
- - grokdiscovery:
27
- linux-syslog:
28
- - message
29
- - DATA
30
- - GREEDYDATA
31
26
  - date:
32
27
  linux-syslog: # for logs of type 'linux-syslog'
33
28
  # Look for a field 'timestamp' with this format, parse and it for the timestamp
@@ -40,6 +40,7 @@ class LogStash::Filters::Date < LogStash::Filters::Base
40
40
  fieldvalue = event.fields[field]
41
41
  fieldvalue = [fieldvalue] if fieldvalue.is_a?(String)
42
42
  fieldvalue.each do |value|
43
+ next if value == ""
43
44
  begin
44
45
  case format
45
46
  when "ISO8601"
@@ -33,6 +33,7 @@ class LogStash::Filters::Grep < LogStash::Filters::Base
33
33
  config = @config[event.type]
34
34
  if not config
35
35
  @logger.debug("grep: skipping type #{event.type} from #{event.source}")
36
+ event.cancel
36
37
  return
37
38
  end
38
39
 
@@ -54,6 +55,7 @@ class LogStash::Filters::Grep < LogStash::Filters::Base
54
55
  next unless re.match(value)
55
56
  @logger.debug("grep matched on field #{field}")
56
57
  match_count += 1
58
+ break
57
59
  end
58
60
  end # match["match"].each
59
61
 
@@ -0,0 +1,33 @@
1
+ require "logstash/inputs/base"
2
+ require "em-jack"
3
+
4
+ class LogStash::Inputs::Beanstalk < LogStash::Inputs::Base
5
+ def initialize(url, type, config={}, &block)
6
+ super
7
+
8
+ if @url.path == "" or @url.path == "/"
9
+ raise "must specify a tube for beanstalk output"
10
+ end
11
+ end
12
+
13
+ def register
14
+ tube = @url.path[1..-1] # Skip leading '/'
15
+ port = @url.port || 11300
16
+ @beanstalk = EMJack::Connection.new(:host => @url.host,
17
+ :port => port,
18
+ :tube => tube)
19
+ @beanstalk.each_job do |job|
20
+ begin
21
+ event = LogStash::Event.from_json(job.body)
22
+ rescue => e
23
+ @logger.warn(["Trouble parsing beanstalk job",
24
+ {:error => e.message, :body => job.body,
25
+ :backtrace => e.backtrace}])
26
+ @beanstalk.bury(job, 0)
27
+ end
28
+
29
+ receive(event)
30
+ @beanstalk.delete(job)
31
+ end # @beanstalk.each_job
32
+ end # def register
33
+ end # class LogStash::Inputs::Beanstalk
@@ -0,0 +1,25 @@
1
+ require "logstash/outputs/base"
2
+ require "em-jack"
3
+
4
+ class LogStash::Outputs::Beanstalk < LogStash::Outputs::Base
5
+ def initialize(url, config={}, &block)
6
+ super
7
+
8
+ @ttr = @urlopts["ttr"] || 300;
9
+ if @url.path == "" or @url.path == "/"
10
+ raise "must specify a tube for beanstalk output"
11
+ end
12
+ end
13
+
14
+ def register
15
+ tube = @url.path[1..-1] # Skip leading '/'
16
+ port = @url.port || 11300
17
+ @beanstalk = EMJack::Connection.new(:host => @url.host,
18
+ :port => port,
19
+ :tube => tube)
20
+ end # def register
21
+
22
+ def receive(event)
23
+ @beanstalk.put(event.to_json, :ttr => @ttr)
24
+ end # def receive
25
+ end # class LogStash::Outputs::Beanstalk
@@ -0,0 +1,72 @@
1
+ require "logstash/outputs/base"
2
+
3
+ class LogStash::Outputs::Nagios < LogStash::Outputs::Base
4
+ NAGIOS_CRITICAL = 2
5
+ NAGIOS_WARN = 1
6
+
7
+ def initialize(url, config={}, &block)
8
+ super
9
+
10
+ if @url.path == "" or @url.path == "/"
11
+ @cmdfile = "/var/lib/nagios3/rw/nagios.cmd"
12
+ else
13
+ @cmdfile = @url.path
14
+ end
15
+ end
16
+
17
+ def register
18
+ # nothing to do
19
+ end # def register
20
+
21
+ def receive(event)
22
+ if !File.exists?(@cmdfile)
23
+ @logger.warn(["Skipping nagios output; command file is missing",
24
+ {"cmdfile" => @cmdfile, "missed_event" => event}])
25
+ return
26
+ end
27
+
28
+ # TODO(petef): if nagios_host/nagios_service both have more than one
29
+ # value, send multiple alerts. They will have to match up together by
30
+ # array indexes (host/service combos) and the arrays must be the same
31
+ # length.
32
+
33
+ host = event.fields["nagios_host"]
34
+ if !host
35
+ @logger.warn(["Skipping nagios output; nagios_host field is missing",
36
+ {"missed_event" => event}])
37
+ return
38
+ end
39
+
40
+ service = event.fields["nagios_service"]
41
+ if !service
42
+ @logger.warn(["Skipping nagios output; nagios_service field is missing",
43
+ {"missed_event" => event}])
44
+ return
45
+ end
46
+
47
+ annotation = event.fields["nagios_annotation"]
48
+ level = NAGIOS_CRITICAL
49
+ if event.fields["nagios_level"] and event.fields["nagios_level"][0].downcase == "warn"
50
+ level = NAGIOS_WARN
51
+ end
52
+
53
+ cmd = "[#{Time.now.to_i}] PROCESS_SERVICE_CHECK_RESULT;#{host[0]};#{service[0]};#{level};"
54
+ if annotation
55
+ cmd += "#{annotation[0]}: "
56
+ end
57
+ cmd += "#{event.source}: "
58
+ # In the multi-line case, escape the newlines for the nagios command file
59
+ cmd += event.message.gsub("\n", "\\n")
60
+
61
+ @logger.debug({"cmdfile" => @cmdfile, "nagios_command" => cmd})
62
+ begin
63
+ File.open(@cmdfile, "a") do |f|
64
+ f.puts cmd
65
+ end
66
+ rescue
67
+ @logger.warn(["Skipping nagios output; error writing to command file",
68
+ {"error" => $!, "cmdfile" => @cmdfile,
69
+ "missed_event" => event}])
70
+ end
71
+ end # def event
72
+ end # class LogStash::Outputs::Nagios
metadata CHANGED
@@ -1,21 +1,22 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: logstash-lite
3
3
  version: !ruby/object:Gem::Version
4
- hash: 40202414228723
4
+ hash: 40202416223451
5
5
  prerelease: false
6
6
  segments:
7
7
  - 0
8
8
  - 2
9
- - 20101207114354
10
- version: 0.2.20101207114354
9
+ - 20101208111718
10
+ version: 0.2.20101208111718
11
11
  platform: ruby
12
12
  authors:
13
13
  - Jordan Sissel
14
+ - Pete Fritchman
14
15
  autorequire:
15
16
  bindir: bin
16
17
  cert_chain: []
17
18
 
18
- date: 2010-12-07 00:00:00 -08:00
19
+ date: 2010-12-08 00:00:00 -08:00
19
20
  default_executable:
20
21
  dependencies:
21
22
  - !ruby/object:Gem::Dependency
@@ -75,7 +76,9 @@ dependencies:
75
76
  type: :runtime
76
77
  version_requirements: *id004
77
78
  description: scalable log and event management (search, archive, pipeline)
78
- email: jls@semicomplete.com
79
+ email:
80
+ - jls@semicomplete.com
81
+ - petef@databits.net
79
82
  executables:
80
83
  - logstash
81
84
  - logstash-web
@@ -95,16 +98,19 @@ files:
95
98
  - lib/logstash/inputs/base.rb
96
99
  - lib/logstash/inputs/amqp.rb
97
100
  - lib/logstash/inputs/stomp.rb
101
+ - lib/logstash/inputs/beanstalk.rb
98
102
  - lib/logstash/inputs/tcp.rb
99
103
  - lib/logstash/outputs/gelf.rb
100
104
  - lib/logstash/outputs/elasticsearch.rb
101
105
  - lib/logstash/outputs/internal.rb
102
106
  - lib/logstash/outputs/mongodb.rb
107
+ - lib/logstash/outputs/nagios.rb
103
108
  - lib/logstash/outputs/stdout.rb
104
109
  - lib/logstash/outputs/websocket.rb
105
110
  - lib/logstash/outputs/base.rb
106
111
  - lib/logstash/outputs/amqp.rb
107
112
  - lib/logstash/outputs/stomp.rb
113
+ - lib/logstash/outputs/beanstalk.rb
108
114
  - lib/logstash/outputs/tcp.rb
109
115
  - lib/logstash/namespace.rb
110
116
  - lib/logstash/time.rb
@@ -211,6 +217,7 @@ files:
211
217
  - examples/sample-agent-in-ruby.rb
212
218
  - etc/tograylog.yaml
213
219
  - etc/logstash-elasticsearch-rabbitmq-river.yaml
220
+ - etc/logstash-nagios.yaml
214
221
  - etc/logstash-reader.yaml
215
222
  - etc/logstash-stomp-input.yaml
216
223
  - etc/logstash-parser.yaml
@@ -237,8 +244,8 @@ files:
237
244
  - bin/logstash-test
238
245
  has_rdoc: true
239
246
  homepage: http://code.google.com/p/logstash/
240
- licenses: []
241
-
247
+ licenses:
248
+ - Apache License (2.0)
242
249
  post_install_message:
243
250
  rdoc_options: []
244
251