logstash-lite 0.2.20101207114354 → 0.2.20101208111718

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. data/etc/logstash-nagios.yaml +19 -0
  2. data/etc/logstash-parser.yaml +3 -3
  3. data/etc/logstash-reader.yaml +1 -0
  4. data/etc/logstash-shipper.yaml +1 -2
  5. data/etc/logstash-standalone.yaml +0 -5
  6. data/lib/logstash/filters/date.rb +1 -0
  7. data/lib/logstash/filters/grep.rb +2 -0
  8. data/lib/logstash/inputs/beanstalk.rb +33 -0
  9. data/lib/logstash/outputs/beanstalk.rb +25 -0
  10. data/lib/logstash/outputs/nagios.rb +72 -0
  11. metadata +14 -7
data/etc/logstash-nagios.yaml ADDED
@@ -0,0 +1,19 @@
1
+ ---
2
+ configname: nagios
3
+ # Example config that filters already-parsed logs (grok filter at least) for
4
+ # certain patterns and sends the results to Nagios.
5
+ inputs:
6
+ all:
7
+ - amqp:///topic/parsedlogs
8
+ filters:
9
+ - grep:
10
+ java:
11
+ - match:
12
+ JAVASTACKTRACEPART: .*
13
+ add_fields:
14
+ nagios_host: localhost
15
+ nagios_service: Java Exceptions
16
+ nagios_annotation: "Java exception"
17
+ outputs:
18
+ - stdout:///
19
+ - nagios:///var/lib/nagios3/rw/nagios.cmd
data/etc/logstash-parser.yaml CHANGED
@@ -1,13 +1,13 @@
1
1
  # Example config that parses rawlogs with grok and puts them on another AMQP topic
2
2
  inputs:
3
+ all:
3
4
  - amqp://localhost/topic/rawlogs
4
5
  outputs:
5
- - amqp://localhost/topic/parsedlogs
6
6
  - stdout:///
7
7
  filters:
8
- grok:
8
+ - grok:
9
9
  linux-syslog: # for logs tagged 'linux-syslog'
10
- timestamp:
10
+ timestamp:
11
11
  key: date
12
12
  format: %b %e %H:%M:%S
13
13
  patterns:
data/etc/logstash-reader.yaml CHANGED
@@ -1,5 +1,6 @@
1
1
  # Example config that reads parsed logs from AMQP and prints to stdout
2
2
  inputs:
3
+ all:
3
4
  - amqp://localhost/topic/parsedlogs
4
5
  #filters:
5
6
  #field:
data/etc/logstash-shipper.yaml CHANGED
@@ -15,5 +15,4 @@ inputs:
15
15
  unknown:
16
16
  - /b/randomdata
17
17
  outputs:
18
- #- amqp://localhost/topic/rawlogs
19
- - websocket://0.0.0.0:3232/
18
+ - amqp://localhost/topic/rawlogs
data/etc/logstash-standalone.yaml CHANGED
@@ -23,11 +23,6 @@ filters:
23
23
  apache-access: # for logs of type 'apache-error'
24
24
  patterns:
25
25
  - %{COMBINEDAPACHELOG}
26
- - grokdiscovery:
27
- linux-syslog:
28
- - message
29
- - DATA
30
- - GREEDYDATA
31
26
  - date:
32
27
  linux-syslog: # for logs of type 'linux-syslog'
33
28
  # Look for a field 'timestamp' with this format, parse and it for the timestamp
data/lib/logstash/filters/date.rb CHANGED
@@ -40,6 +40,7 @@ class LogStash::Filters::Date < LogStash::Filters::Base
40
40
  fieldvalue = event.fields[field]
41
41
  fieldvalue = [fieldvalue] if fieldvalue.is_a?(String)
42
42
  fieldvalue.each do |value|
43
+ next if value == ""
43
44
  begin
44
45
  case format
45
46
  when "ISO8601"
data/lib/logstash/filters/grep.rb CHANGED
@@ -33,6 +33,7 @@ class LogStash::Filters::Grep < LogStash::Filters::Base
33
33
  config = @config[event.type]
34
34
  if not config
35
35
  @logger.debug("grep: skipping type #{event.type} from #{event.source}")
36
+ event.cancel
36
37
  return
37
38
  end
38
39
 
@@ -54,6 +55,7 @@ class LogStash::Filters::Grep < LogStash::Filters::Base
54
55
  next unless re.match(value)
55
56
  @logger.debug("grep matched on field #{field}")
56
57
  match_count += 1
58
+ break
57
59
  end
58
60
  end # match["match"].each
59
61
 
data/lib/logstash/inputs/beanstalk.rb ADDED
@@ -0,0 +1,33 @@
1
+ require "logstash/inputs/base"
2
+ require "em-jack"
3
+
4
+ class LogStash::Inputs::Beanstalk < LogStash::Inputs::Base
5
+ def initialize(url, type, config={}, &block)
6
+ super
7
+
8
+ if @url.path == "" or @url.path == "/"
9
+ raise "must specify a tube for beanstalk output"
10
+ end
11
+ end
12
+
13
+ def register
14
+ tube = @url.path[1..-1] # Skip leading '/'
15
+ port = @url.port || 11300
16
+ @beanstalk = EMJack::Connection.new(:host => @url.host,
17
+ :port => port,
18
+ :tube => tube)
19
+ @beanstalk.each_job do |job|
20
+ begin
21
+ event = LogStash::Event.from_json(job.body)
22
+ rescue => e
23
+ @logger.warn(["Trouble parsing beanstalk job",
24
+ {:error => e.message, :body => job.body,
25
+ :backtrace => e.backtrace}])
26
+ @beanstalk.bury(job, 0)
27
+ end
28
+
29
+ receive(event)
30
+ @beanstalk.delete(job)
31
+ end # @beanstalk.each_job
32
+ end # def register
33
+ end # class LogStash::Inputs::Beanstalk
data/lib/logstash/outputs/beanstalk.rb ADDED
@@ -0,0 +1,25 @@
1
+ require "logstash/outputs/base"
2
+ require "em-jack"
3
+
4
+ class LogStash::Outputs::Beanstalk < LogStash::Outputs::Base
5
+ def initialize(url, config={}, &block)
6
+ super
7
+
8
+ @ttr = @urlopts["ttr"] || 300;
9
+ if @url.path == "" or @url.path == "/"
10
+ raise "must specify a tube for beanstalk output"
11
+ end
12
+ end
13
+
14
+ def register
15
+ tube = @url.path[1..-1] # Skip leading '/'
16
+ port = @url.port || 11300
17
+ @beanstalk = EMJack::Connection.new(:host => @url.host,
18
+ :port => port,
19
+ :tube => tube)
20
+ end # def register
21
+
22
+ def receive(event)
23
+ @beanstalk.put(event.to_json, :ttr => @ttr)
24
+ end # def receive
25
+ end # class LogStash::Outputs::Beanstalk
data/lib/logstash/outputs/nagios.rb ADDED
@@ -0,0 +1,72 @@
1
+ require "logstash/outputs/base"
2
+
3
+ class LogStash::Outputs::Nagios < LogStash::Outputs::Base
4
+ NAGIOS_CRITICAL = 2
5
+ NAGIOS_WARN = 1
6
+
7
+ def initialize(url, config={}, &block)
8
+ super
9
+
10
+ if @url.path == "" or @url.path == "/"
11
+ @cmdfile = "/var/lib/nagios3/rw/nagios.cmd"
12
+ else
13
+ @cmdfile = @url.path
14
+ end
15
+ end
16
+
17
+ def register
18
+ # nothing to do
19
+ end # def register
20
+
21
+ def receive(event)
22
+ if !File.exists?(@cmdfile)
23
+ @logger.warn(["Skipping nagios output; command file is missing",
24
+ {"cmdfile" => @cmdfile, "missed_event" => event}])
25
+ return
26
+ end
27
+
28
+ # TODO(petef): if nagios_host/nagios_service both have more than one
29
+ # value, send multiple alerts. They will have to match up together by
30
+ # array indexes (host/service combos) and the arrays must be the same
31
+ # length.
32
+
33
+ host = event.fields["nagios_host"]
34
+ if !host
35
+ @logger.warn(["Skipping nagios output; nagios_host field is missing",
36
+ {"missed_event" => event}])
37
+ return
38
+ end
39
+
40
+ service = event.fields["nagios_service"]
41
+ if !service
42
+ @logger.warn(["Skipping nagios output; nagios_service field is missing",
43
+ {"missed_event" => event}])
44
+ return
45
+ end
46
+
47
+ annotation = event.fields["nagios_annotation"]
48
+ level = NAGIOS_CRITICAL
49
+ if event.fields["nagios_level"] and event.fields["nagios_level"][0].downcase == "warn"
50
+ level = NAGIOS_WARN
51
+ end
52
+
53
+ cmd = "[#{Time.now.to_i}] PROCESS_SERVICE_CHECK_RESULT;#{host[0]};#{service[0]};#{level};"
54
+ if annotation
55
+ cmd += "#{annotation[0]}: "
56
+ end
57
+ cmd += "#{event.source}: "
58
+ # In the multi-line case, escape the newlines for the nagios command file
59
+ cmd += event.message.gsub("\n", "\\n")
60
+
61
+ @logger.debug({"cmdfile" => @cmdfile, "nagios_command" => cmd})
62
+ begin
63
+ File.open(@cmdfile, "a") do |f|
64
+ f.puts cmd
65
+ end
66
+ rescue
67
+ @logger.warn(["Skipping nagios output; error writing to command file",
68
+ {"error" => $!, "cmdfile" => @cmdfile,
69
+ "missed_event" => event}])
70
+ end
71
+ end # def event
72
+ end # class LogStash::Outputs::Nagios
metadata CHANGED
@@ -1,21 +1,22 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: logstash-lite
3
3
  version: !ruby/object:Gem::Version
4
- hash: 40202414228723
4
+ hash: 40202416223451
5
5
  prerelease: false
6
6
  segments:
7
7
  - 0
8
8
  - 2
9
- - 20101207114354
10
- version: 0.2.20101207114354
9
+ - 20101208111718
10
+ version: 0.2.20101208111718
11
11
  platform: ruby
12
12
  authors:
13
13
  - Jordan Sissel
14
+ - Pete Fritchman
14
15
  autorequire:
15
16
  bindir: bin
16
17
  cert_chain: []
17
18
 
18
- date: 2010-12-07 00:00:00 -08:00
19
+ date: 2010-12-08 00:00:00 -08:00
19
20
  default_executable:
20
21
  dependencies:
21
22
  - !ruby/object:Gem::Dependency
@@ -75,7 +76,9 @@ dependencies:
75
76
  type: :runtime
76
77
  version_requirements: *id004
77
78
  description: scalable log and event management (search, archive, pipeline)
78
- email: jls@semicomplete.com
79
+ email:
80
+ - jls@semicomplete.com
81
+ - petef@databits.net
79
82
  executables:
80
83
  - logstash
81
84
  - logstash-web
@@ -95,16 +98,19 @@ files:
95
98
  - lib/logstash/inputs/base.rb
96
99
  - lib/logstash/inputs/amqp.rb
97
100
  - lib/logstash/inputs/stomp.rb
101
+ - lib/logstash/inputs/beanstalk.rb
98
102
  - lib/logstash/inputs/tcp.rb
99
103
  - lib/logstash/outputs/gelf.rb
100
104
  - lib/logstash/outputs/elasticsearch.rb
101
105
  - lib/logstash/outputs/internal.rb
102
106
  - lib/logstash/outputs/mongodb.rb
107
+ - lib/logstash/outputs/nagios.rb
103
108
  - lib/logstash/outputs/stdout.rb
104
109
  - lib/logstash/outputs/websocket.rb
105
110
  - lib/logstash/outputs/base.rb
106
111
  - lib/logstash/outputs/amqp.rb
107
112
  - lib/logstash/outputs/stomp.rb
113
+ - lib/logstash/outputs/beanstalk.rb
108
114
  - lib/logstash/outputs/tcp.rb
109
115
  - lib/logstash/namespace.rb
110
116
  - lib/logstash/time.rb
@@ -211,6 +217,7 @@ files:
211
217
  - examples/sample-agent-in-ruby.rb
212
218
  - etc/tograylog.yaml
213
219
  - etc/logstash-elasticsearch-rabbitmq-river.yaml
220
+ - etc/logstash-nagios.yaml
214
221
  - etc/logstash-reader.yaml
215
222
  - etc/logstash-stomp-input.yaml
216
223
  - etc/logstash-parser.yaml
@@ -237,8 +244,8 @@ files:
237
244
  - bin/logstash-test
238
245
  has_rdoc: true
239
246
  homepage: http://code.google.com/p/logstash/
240
- licenses: []
241
-
247
+ licenses:
248
+ - Apache License (2.0)
242
249
  post_install_message:
243
250
  rdoc_options: []
244
251