logstash-output-gelf 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -0,0 +1,15 @@
1
+ ---
2
+ !binary "U0hBMQ==":
3
+ metadata.gz: !binary |-
4
+ NzM4ZThmM2ExMGUxY2IwYzUxM2JjZjk1MDkyZDNjMjA0MTY3ZmY5NA==
5
+ data.tar.gz: !binary |-
6
+ MWY4NTRlN2IwMTE0NjQ5N2Y4ZjUwMWY1ZmI5ZTk4MmEwM2M0Yzc1OQ==
7
+ SHA512:
8
+ metadata.gz: !binary |-
9
+ MzNkMjhlZDNmNzY4Zjc2NjUxOTVlMWM4NmU0YmRlZWM4MTIxYmY3YjVjNDZh
10
+ NjkwZDA5NTBiYTViODg0NzY2MjRlY2M3MWEzN2ZiNjNmYzAwMmViOTUzOWQ3
11
+ ZDAzYjkzMjUxZjNlNmRkYWJjYjAyNjU4MzBjZTJmZTA3MWVlMmU=
12
+ data.tar.gz: !binary |-
13
+ MDFhYTYxN2VjMjVjZWMxNjZhN2FkN2NjYmZkY2NmNTM0MzIyMjQ4NTBlNDgx
14
+ NmRmMzQ1ZjEyMjEzMzZiNTY0YWY1NjQyMzBlNTZhYzhiMjJlMDZhOWFjYTQ0
15
+ NDcwMjU5MWJhYzMxOTg2YmE5ODNhMmY5NWNhMTY4MjM2MTU1MDY=
@@ -0,0 +1,4 @@
1
+ *.gem
2
+ Gemfile.lock
3
+ .bundle
4
+ vendor
data/Gemfile ADDED
@@ -0,0 +1,4 @@
1
+ source 'http://rubygems.org'
2
+ gem 'rake'
3
+ gem 'gem_publisher'
4
+ gem 'archive-tar-minitar'
data/LICENSE ADDED
@@ -0,0 +1,13 @@
1
+ Copyright (c) 2012-2014 Elasticsearch <http://www.elasticsearch.org>
2
+
3
+ Licensed under the Apache License, Version 2.0 (the "License");
4
+ you may not use this file except in compliance with the License.
5
+ You may obtain a copy of the License at
6
+
7
+ http://www.apache.org/licenses/LICENSE-2.0
8
+
9
+ Unless required by applicable law or agreed to in writing, software
10
+ distributed under the License is distributed on an "AS IS" BASIS,
11
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
+ See the License for the specific language governing permissions and
13
+ limitations under the License.
@@ -0,0 +1,6 @@
1
+ @files=[]
2
+
3
+ task :default do
4
+ system("rake -T")
5
+ end
6
+
@@ -0,0 +1,211 @@
1
+ # encoding: utf-8
2
+ require "logstash/namespace"
3
+ require "logstash/outputs/base"
4
+
5
+ # This output generates messages in GELF format. This is most useful if you
6
+ # want to use Logstash to output events to Graylog2.
7
+ #
8
+ # More information at <http://graylog2.org/gelf#specs>
9
+ class LogStash::Outputs::Gelf < LogStash::Outputs::Base
10
+
11
+ config_name "gelf"
12
+ milestone 2
13
+
14
+ # Graylog2 server IP address or hostname.
15
+ config :host, :validate => :string, :required => true
16
+
17
+ # Graylog2 server port number.
18
+ config :port, :validate => :number, :default => 12201
19
+
20
+ # The GELF chunksize. You usually don't need to change this.
21
+ config :chunksize, :validate => :number, :default => 1420
22
+
23
+ # Allow overriding of the GELF `sender` field. This is useful if you
24
+ # want to use something other than the event's source host as the
25
+ # "sender" of an event. A common case for this is using the application name
26
+ # instead of the hostname.
27
+ config :sender, :validate => :string, :default => "%{host}"
28
+
29
+ # The GELF message level. Dynamic values like %{level} are permitted here;
30
+ # useful if you want to parse the 'log level' from an event and use that
31
+ # as the GELF level/severity.
32
+ #
33
+ # Values here can be integers [0..7] inclusive or any of
34
+ # "debug", "info", "warn", "error", "fatal" (case insensitive).
35
+ # Single-character versions of these are also valid, "d", "i", "w", "e", "f",
36
+ # "u"
37
+ # The following additional severity\_labels from Logstash's syslog\_pri filter
38
+ # are accepted: "emergency", "alert", "critical", "warning", "notice", and
39
+ # "informational".
40
+ config :level, :validate => :array, :default => [ "%{severity}", "INFO" ]
41
+
42
+ # The GELF facility. Dynamic values like %{foo} are permitted here; this
43
+ # is useful if you need to use a value from the event as the facility name.
44
+ # Should now be sent as an underscored "additional field" (e.g. `\_facility`)
45
+ config :facility, :validate => :string, :deprecated => true
46
+
47
+ # The GELF line number; this is usually the line number in your program where
48
+ # the log event originated. Dynamic values like %{foo} are permitted here, but the
49
+ # value should be a number.
50
+ # Should now be sent as an underscored "additional field" (e.g. `\_line`).
51
+ config :line, :validate => :string, :deprecated => true
52
+
53
+ # The GELF file; this is usually the source code file in your program where
54
+ # the log event originated. Dynamic values like %{foo} are permitted here.
55
+ # Should now be sent as an underscored "additional field" (e.g. `\_file`).
56
+ config :file, :validate => :string, :deprecated => true
57
+
58
+ # Should Logstash ship metadata within event object? This will cause Logstash
59
+ # to ship any fields in the event (such as those created by grok) in the GELF
60
+ # messages. These will be sent as underscored "additional fields".
61
+ config :ship_metadata, :validate => :boolean, :default => true
62
+
63
+ # Ship tags within events. This will cause Logstash to ship the tags of an
64
+ # event as the field `\_tags`.
65
+ config :ship_tags, :validate => :boolean, :default => true
66
+
67
+ # Ignore these fields when `ship_metadata` is set. Typically this lists the
68
+ # fields used in dynamic values for GELF fields.
69
+ config :ignore_metadata, :validate => :array, :default => [ "@timestamp", "@version", "severity", "host", "source_host", "source_path", "short_message" ]
70
+
71
+ # The GELF custom field mappings. GELF supports arbitrary attributes as custom
72
+ # fields. This exposes that. Exclude the `_` portion of the field name
73
+ # e.g. `custom_fields => ['foo_field', 'some_value']
74
+ # sets `_foo_field` = `some_value`.
75
+ config :custom_fields, :validate => :hash, :default => {}
76
+
77
+ # The GELF full message. Dynamic values like %{foo} are permitted here.
78
+ config :full_message, :validate => :string, :default => "%{message}"
79
+
80
+ # The GELF short message field name. If the field does not exist or is empty,
81
+ # the event message is taken instead.
82
+ config :short_message, :validate => :string, :default => "short_message"
83
+
84
+ public
85
+ def register
86
+ require "gelf" # rubygem 'gelf'
87
+ option_hash = Hash.new
88
+
89
+ #@gelf = GELF::Notifier.new(@host, @port, @chunksize, option_hash)
90
+ @gelf = GELF::Notifier.new(@host, @port, @chunksize)
91
+
92
+ # This sets the 'log level' of gelf; since we're forwarding messages, we'll
93
+ # want to forward *all* messages, so set level to 0 so all messages get
94
+ # shipped
95
+ @gelf.level = 0
96
+
97
+ # Since we use gelf-rb which assumes the severity level integer
98
+ # is coming from a ruby logging subsystem, we need to instruct it
99
+ # that the levels we provide should be mapped directly since they're
100
+ # already RFC 5424 compliant
101
+ # this requires gelf-rb commit bb1f4a9 which added the level_mapping def
102
+ level_mapping = Hash.new
103
+ (0..7).step(1) { |l| level_mapping[l]=l }
104
+ @gelf.level_mapping = level_mapping
105
+
106
+ # If we leave that set, the gelf gem will extract the file and line number
107
+ # of the source file that logged the message (i.e. logstash/gelf.rb:138).
108
+ # With that set to false, it can use the actual event's filename (i.e.
109
+ # /var/log/syslog), which is much more useful
110
+ @gelf.collect_file_and_line = false
111
+
112
+ # these are syslog words and abbreviations mapped to RFC 5424 integers
113
+ # and logstash's syslog_pri filter
114
+ @level_map = {
115
+ "debug" => 7, "d" => 7,
116
+ "info" => 6, "i" => 6, "informational" => 6,
117
+ "notice" => 5, "n" => 5,
118
+ "warn" => 4, "w" => 4, "warning" => 4,
119
+ "error" => 3, "e" => 3,
120
+ "critical" => 2, "c" => 2,
121
+ "alert" => 1, "a" => 1,
122
+ "emergency" => 0, "e" => 0,
123
+ }
124
+ end # def register
125
+
126
+ public
127
+ def receive(event)
128
+ return unless output?(event)
129
+
130
+ # We have to make our own hash here because GELF expects a hash
131
+ # with a specific format.
132
+ m = Hash.new
133
+
134
+ m["short_message"] = event["message"]
135
+ if event[@short_message]
136
+ v = event[@short_message]
137
+ short_message = (v.is_a?(Array) && v.length == 1) ? v.first : v
138
+ short_message = short_message.to_s
139
+ if !short_message.empty?
140
+ m["short_message"] = short_message
141
+ end
142
+ end
143
+
144
+ m["full_message"] = event.sprintf(@full_message)
145
+
146
+ m["host"] = event.sprintf(@sender)
147
+
148
+ # deprecated fields
149
+ m["facility"] = event.sprintf(@facility) if @facility
150
+ m["file"] = event.sprintf(@file) if @file
151
+ m["line"] = event.sprintf(@line) if @line
152
+ m["line"] = m["line"].to_i if m["line"].is_a?(String) and m["line"] === /^[\d]+$/
153
+
154
+ if @ship_metadata
155
+ event.to_hash.each do |name, value|
156
+ next if value == nil
157
+ next if name == "message"
158
+
159
+ # Trim leading '_' in the event
160
+ name = name[1..-1] if name.start_with?('_')
161
+ name = "_id" if name == "id" # "_id" is reserved, so use "__id"
162
+ if !value.nil? and !@ignore_metadata.include?(name)
163
+ if value.is_a?(Array)
164
+ m["_#{name}"] = value.join(', ')
165
+ elsif value.is_a?(Hash)
166
+ value.each do |hash_name, hash_value|
167
+ m["_#{name}_#{hash_name}"] = hash_value
168
+ end
169
+ else
170
+ # Non array values should be presented as-is
171
+ # https://logstash.jira.com/browse/LOGSTASH-113
172
+ m["_#{name}"] = value
173
+ end
174
+ end
175
+ end
176
+ end
177
+
178
+ if @ship_tags
179
+ m["_tags"] = event["tags"].join(', ') if event["tags"]
180
+ end
181
+
182
+ if @custom_fields
183
+ @custom_fields.each do |field_name, field_value|
184
+ m["_#{field_name}"] = field_value unless field_name == 'id'
185
+ end
186
+ end
187
+
188
+ # Probe severity array levels
189
+ level = nil
190
+ if @level.is_a?(Array)
191
+ @level.each do |value|
192
+ parsed_value = event.sprintf(value)
193
+ next if value.count('%{') > 0 and parsed_value == value
194
+
195
+ level = parsed_value
196
+ break
197
+ end
198
+ else
199
+ level = event.sprintf(@level.to_s)
200
+ end
201
+ m["level"] = (@level_map[level.downcase] || level).to_i
202
+
203
+ @logger.debug(["Sending GELF event", m])
204
+ begin
205
+ @gelf.notify!(m, :timestamp => event.timestamp.to_f)
206
+ rescue
207
+ @logger.warn("Trouble sending GELF event", :gelf_event => m,
208
+ :event => event, :error => $!)
209
+ end
210
+ end # def receive
211
+ end # class LogStash::Outputs::Gelf
@@ -0,0 +1,28 @@
1
+ Gem::Specification.new do |s|
2
+
3
+ s.name = 'logstash-output-gelf'
4
+ s.version = '0.1.0'
5
+ s.licenses = ['Apache License (2.0)']
6
+ s.summary = "This output generates messages in GELF format."
7
+ s.description = "This output generates messages in GELF format. This is most useful if you want to use Logstash to output events to Graylog2."
8
+ s.authors = ["Elasticsearch"]
9
+ s.email = 'richard.pijnenburg@elasticsearch.com'
10
+ s.homepage = "http://logstash.net/"
11
+ s.require_paths = ["lib"]
12
+
13
+ # Files
14
+ s.files = `git ls-files`.split($\)+::Dir.glob('vendor/*')
15
+
16
+ # Tests
17
+ s.test_files = s.files.grep(%r{^(test|spec|features)/})
18
+
19
+ # Special flag to let us know this is actually a logstash plugin
20
+ s.metadata = { "logstash_plugin" => "true", "group" => "output" }
21
+
22
+ # Gem dependencies
23
+ s.add_runtime_dependency 'logstash', '>= 1.4.0', '< 2.0.0'
24
+
25
+ s.add_runtime_dependency 'gelf', ['1.3.2']
26
+
27
+ end
28
+
@@ -0,0 +1,9 @@
1
+ require "gem_publisher"
2
+
3
+ desc "Publish gem to RubyGems.org"
4
+ task :publish_gem do |t|
5
+ gem_file = Dir.glob(File.expand_path('../*.gemspec',File.dirname(__FILE__))).first
6
+ gem = GemPublisher.publish_if_updated(gem_file, :rubygems)
7
+ puts "Published #{gem}" if gem
8
+ end
9
+
@@ -0,0 +1,169 @@
1
+ require "net/http"
2
+ require "uri"
3
+ require "digest/sha1"
4
+
5
+ def vendor(*args)
6
+ return File.join("vendor", *args)
7
+ end
8
+
9
+ directory "vendor/" => ["vendor"] do |task, args|
10
+ mkdir task.name
11
+ end
12
+
13
+ def fetch(url, sha1, output)
14
+
15
+ puts "Downloading #{url}"
16
+ actual_sha1 = download(url, output)
17
+
18
+ if actual_sha1 != sha1
19
+ fail "SHA1 does not match (expected '#{sha1}' but got '#{actual_sha1}')"
20
+ end
21
+ end # def fetch
22
+
23
+ def file_fetch(url, sha1)
24
+ filename = File.basename( URI(url).path )
25
+ output = "vendor/#{filename}"
26
+ task output => [ "vendor/" ] do
27
+ begin
28
+ actual_sha1 = file_sha1(output)
29
+ if actual_sha1 != sha1
30
+ fetch(url, sha1, output)
31
+ end
32
+ rescue Errno::ENOENT
33
+ fetch(url, sha1, output)
34
+ end
35
+ end.invoke
36
+
37
+ return output
38
+ end
39
+
40
+ def file_sha1(path)
41
+ digest = Digest::SHA1.new
42
+ fd = File.new(path, "r")
43
+ while true
44
+ begin
45
+ digest << fd.sysread(16384)
46
+ rescue EOFError
47
+ break
48
+ end
49
+ end
50
+ return digest.hexdigest
51
+ ensure
52
+ fd.close if fd
53
+ end
54
+
55
+ def download(url, output)
56
+ uri = URI(url)
57
+ digest = Digest::SHA1.new
58
+ tmp = "#{output}.tmp"
59
+ Net::HTTP.start(uri.host, uri.port, :use_ssl => (uri.scheme == "https")) do |http|
60
+ request = Net::HTTP::Get.new(uri.path)
61
+ http.request(request) do |response|
62
+ fail "HTTP fetch failed for #{url}. #{response}" if [200, 301].include?(response.code)
63
+ size = (response["content-length"].to_i || -1).to_f
64
+ count = 0
65
+ File.open(tmp, "w") do |fd|
66
+ response.read_body do |chunk|
67
+ fd.write(chunk)
68
+ digest << chunk
69
+ if size > 0 && $stdout.tty?
70
+ count += chunk.bytesize
71
+ $stdout.write(sprintf("\r%0.2f%%", count/size * 100))
72
+ end
73
+ end
74
+ end
75
+ $stdout.write("\r \r") if $stdout.tty?
76
+ end
77
+ end
78
+
79
+ File.rename(tmp, output)
80
+
81
+ return digest.hexdigest
82
+ rescue SocketError => e
83
+ puts "Failure while downloading #{url}: #{e}"
84
+ raise
85
+ ensure
86
+ File.unlink(tmp) if File.exist?(tmp)
87
+ end # def download
88
+
89
+ def untar(tarball, &block)
90
+ require "archive/tar/minitar"
91
+ tgz = Zlib::GzipReader.new(File.open(tarball))
92
+ # Pull out typesdb
93
+ tar = Archive::Tar::Minitar::Input.open(tgz)
94
+ tar.each do |entry|
95
+ path = block.call(entry)
96
+ next if path.nil?
97
+ parent = File.dirname(path)
98
+
99
+ mkdir_p parent unless File.directory?(parent)
100
+
101
+ # Skip this file if the output file is the same size
102
+ if entry.directory?
103
+ mkdir path unless File.directory?(path)
104
+ else
105
+ entry_mode = entry.instance_eval { @mode } & 0777
106
+ if File.exists?(path)
107
+ stat = File.stat(path)
108
+ # TODO(sissel): Submit a patch to archive-tar-minitar upstream to
109
+ # expose headers in the entry.
110
+ entry_size = entry.instance_eval { @size }
111
+ # If file sizes are same, skip writing.
112
+ next if stat.size == entry_size && (stat.mode & 0777) == entry_mode
113
+ end
114
+ puts "Extracting #{entry.full_name} from #{tarball} #{entry_mode.to_s(8)}"
115
+ File.open(path, "w") do |fd|
116
+ # eof? check lets us skip empty files. Necessary because the API provided by
117
+ # Archive::Tar::Minitar::Reader::EntryStream only mostly acts like an
118
+ # IO object. Something about empty files in this EntryStream causes
119
+ # IO.copy_stream to throw "can't convert nil into String" on JRuby
120
+ # TODO(sissel): File a bug about this.
121
+ while !entry.eof?
122
+ chunk = entry.read(16384)
123
+ fd.write(chunk)
124
+ end
125
+ #IO.copy_stream(entry, fd)
126
+ end
127
+ File.chmod(entry_mode, path)
128
+ end
129
+ end
130
+ tar.close
131
+ File.unlink(tarball) if File.file?(tarball)
132
+ end # def untar
133
+
134
+ def ungz(file)
135
+
136
+ outpath = file.gsub('.gz', '')
137
+ tgz = Zlib::GzipReader.new(File.open(file))
138
+ begin
139
+ File.open(outpath, "w") do |out|
140
+ IO::copy_stream(tgz, out)
141
+ end
142
+ File.unlink(file)
143
+ rescue
144
+ File.unlink(outpath) if File.file?(outpath)
145
+ raise
146
+ end
147
+ tgz.close
148
+ end
149
+
150
+ desc "Process any vendor files required for this plugin"
151
+ task "vendor" do |task, args|
152
+
153
+ @files.each do |file|
154
+ download = file_fetch(file['url'], file['sha1'])
155
+ if download =~ /.tar.gz/
156
+ prefix = download.gsub('.tar.gz', '').gsub('vendor/', '')
157
+ untar(download) do |entry|
158
+ if !file['files'].nil?
159
+ next unless file['files'].include?(entry.full_name.gsub(prefix, ''))
160
+ out = entry.full_name.split("/").last
161
+ end
162
+ File.join('vendor', out)
163
+ end
164
+ elsif download =~ /.gz/
165
+ ungz(download)
166
+ end
167
+ end
168
+
169
+ end
@@ -0,0 +1 @@
1
+ require 'spec_helper'
metadata ADDED
@@ -0,0 +1,90 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: logstash-output-gelf
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - Elasticsearch
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2014-11-06 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: logstash
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ! '>='
18
+ - !ruby/object:Gem::Version
19
+ version: 1.4.0
20
+ - - <
21
+ - !ruby/object:Gem::Version
22
+ version: 2.0.0
23
+ type: :runtime
24
+ prerelease: false
25
+ version_requirements: !ruby/object:Gem::Requirement
26
+ requirements:
27
+ - - ! '>='
28
+ - !ruby/object:Gem::Version
29
+ version: 1.4.0
30
+ - - <
31
+ - !ruby/object:Gem::Version
32
+ version: 2.0.0
33
+ - !ruby/object:Gem::Dependency
34
+ name: gelf
35
+ requirement: !ruby/object:Gem::Requirement
36
+ requirements:
37
+ - - '='
38
+ - !ruby/object:Gem::Version
39
+ version: 1.3.2
40
+ type: :runtime
41
+ prerelease: false
42
+ version_requirements: !ruby/object:Gem::Requirement
43
+ requirements:
44
+ - - '='
45
+ - !ruby/object:Gem::Version
46
+ version: 1.3.2
47
+ description: This output generates messages in GELF format. This is most useful if
48
+ you want to use Logstash to output events to Graylog2.
49
+ email: richard.pijnenburg@elasticsearch.com
50
+ executables: []
51
+ extensions: []
52
+ extra_rdoc_files: []
53
+ files:
54
+ - .gitignore
55
+ - Gemfile
56
+ - LICENSE
57
+ - Rakefile
58
+ - lib/logstash/outputs/gelf.rb
59
+ - logstash-output-gelf.gemspec
60
+ - rakelib/publish.rake
61
+ - rakelib/vendor.rake
62
+ - spec/outputs/gelf_spec.rb
63
+ homepage: http://logstash.net/
64
+ licenses:
65
+ - Apache License (2.0)
66
+ metadata:
67
+ logstash_plugin: 'true'
68
+ group: output
69
+ post_install_message:
70
+ rdoc_options: []
71
+ require_paths:
72
+ - lib
73
+ required_ruby_version: !ruby/object:Gem::Requirement
74
+ requirements:
75
+ - - ! '>='
76
+ - !ruby/object:Gem::Version
77
+ version: '0'
78
+ required_rubygems_version: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - ! '>='
81
+ - !ruby/object:Gem::Version
82
+ version: '0'
83
+ requirements: []
84
+ rubyforge_project:
85
+ rubygems_version: 2.4.1
86
+ signing_key:
87
+ specification_version: 4
88
+ summary: This output generates messages in GELF format.
89
+ test_files:
90
+ - spec/outputs/gelf_spec.rb