logstash-output-loginsight 0.2.0 → 0.2.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +66 -16
- data/lib/logstash/outputs/loginsight.rb +9 -2
- data/logstash-output-loginsight.gemspec +2 -2
- data/spec/outputs/loginsight_spec.rb +3 -0
- metadata +4 -10
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: bb98e3b8031a18f4f06888b94cbc673e8078f0e3
|
4
|
+
data.tar.gz: 75101e0f13bb6bbbcd90202c74632dd8dd3d4d46
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: e030d1d0de528941f83e0b07642b67d6b1cbd0c5be8906082a9f5ae217761af7c778846644dc9dd705decac2bb31c154dadd877247bed95e12ae3275bd171481
|
7
|
+
data.tar.gz: d373190258f4a8dcf0afcc183e0325cab139636fd65851b88ca3ddf5a990f6e122d2068c7d8b982e64e2a9a5dcda8d16276dcf5732697ebd5f95e2280cb89b09
|
data/README.md
CHANGED
@@ -4,7 +4,57 @@ This is a plugin for [Logstash](https://github.com/elastic/logstash), sending ev
|
|
4
4
|
|
5
5
|
It is fully free and fully open source. The license is Apache 2.0, meaning you are pretty much free to use it however you want in whatever way.
|
6
6
|
|
7
|
-
##
|
7
|
+
## Installation from rubygems
|
8
|
+
|
9
|
+
[logstash-output-loginsight](http://rubygems.org/gems/logstash-output-loginsight) is hosted on rubygems.org. [Download and install the latest gem](https://www.elastic.co/guide/en/logstash/current/working-with-plugins.html) in your Logstash deployment:
|
10
|
+
|
11
|
+
```sh
|
12
|
+
bin/logstash-plugin install logstash-output-loginsight
|
13
|
+
```
|
14
|
+
|
15
|
+
Verify installed version:
|
16
|
+
```sh
|
17
|
+
bin/logstash-plugin list --verbose logstash-output-loginsight
|
18
|
+
logstash-output-loginsight (0.1.12)
|
19
|
+
```
|
20
|
+
|
21
|
+
## Usage
|
22
|
+
|
23
|
+
The plugin requires, at minimum, the hostname or IP address of a remote Log Insight server. Connections are established via HTTPS on port 9543, with certificate verification by default. If the Log Insight server carries a certificate issued by a trusted authority, a hostname is the only required option.
|
24
|
+
|
25
|
+
```
|
26
|
+
loginsight {
|
27
|
+
host => "loginsightvip.example.com"
|
28
|
+
}
|
29
|
+
```
|
30
|
+
|
31
|
+
| option | default | notes |
|
32
|
+
| --- | --- | --- |
|
33
|
+
| `host` | | required remote sserver to connect to |
|
34
|
+
| `port` | `9543` | ingestion api port 9000 uses http |
|
35
|
+
| `proto` | `https` | `https` or `http` |
|
36
|
+
| `uuid` | `id` or `0` | unique identifier for client |
|
37
|
+
| `verify` | `True` | verify certificate chain and hostname for SSL connections |
|
38
|
+
| `ca_file` | | alternate certificate chain to trust |
|
39
|
+
|
40
|
+
## Self-signed Certificate
|
41
|
+
|
42
|
+
Verification of the remote certificate is done against the platform's certificate authority. If you're using a self-signed certificate, you can retrieve a copy of the certificate and then configure the client to trust it. The certificate's common name must still match the `host` option.
|
43
|
+
|
44
|
+
Connect to your Log Insight server and retrieve the certificate, writing it out to a PEM-formatted file. This method works for single-certificate chains, as in the self-signed case.
|
45
|
+
```sh
|
46
|
+
openssl s_client -showcerts -connect 10.11.12.13:9543 < /dev/null | openssl x509 -outform PEM > certificate.pem
|
47
|
+
```
|
48
|
+
|
49
|
+
For longer untrusted chains, use `openssl s_client -connect 10.11.12.13:9543 -verify 1` and copy the contents of all the sections inside `-----BEGIN CERTIFICATE-----` and `-----END CERTIFICATE-----`, inclusive, and save them in a new`certificate.pem` file.
|
50
|
+
|
51
|
+
Pass the PEM-formatted file in the `ca_file` parameter:
|
52
|
+
|
53
|
+
```sh
|
54
|
+
bin/logstash -e 'input { stdin { add_field => { "fieldname" => "10" } } } output { loginsight { host => ["10.11.12.13"] verify => [true] ca_file => ["/Path to PEM/certificate.pem"] } }' --log.level=debug
|
55
|
+
```
|
56
|
+
|
57
|
+
## AsciiDocs
|
8
58
|
|
9
59
|
Logstash provides infrastructure to automatically generate documentation for this plugin. We use the asciidoc format to write documentation so any comments in the source code will be first converted into asciidoc and then into html. All plugin documentation are placed under one [central location](http://www.elastic.co/guide/en/logstash/current/).
|
10
60
|
|
@@ -22,61 +72,61 @@ Need help? Try #logstash on freenode IRC or the https://discuss.elastic.co/c/log
|
|
22
72
|
#### Code
|
23
73
|
- To get started, you'll need JRuby with the Bundler gem installed.
|
24
74
|
|
25
|
-
-
|
75
|
+
- Clone this repository.
|
26
76
|
|
27
|
-
- Install dependencies
|
77
|
+
- Install dependencies:
|
28
78
|
```sh
|
29
79
|
bundle install
|
30
80
|
```
|
31
81
|
|
32
82
|
#### Test
|
33
83
|
|
34
|
-
- Update your dependencies
|
35
|
-
|
84
|
+
- Update your dependencies:
|
36
85
|
```sh
|
37
86
|
bundle install
|
38
87
|
```
|
39
88
|
|
40
|
-
- Run tests
|
41
|
-
|
89
|
+
- Run tests:
|
42
90
|
```sh
|
43
91
|
bundle exec rspec
|
44
92
|
```
|
45
93
|
|
46
|
-
### 2. Running
|
94
|
+
### 2. Running the local, unpublished plugin in Logstash
|
47
95
|
|
48
96
|
#### 2.1 Run in a local Logstash clone
|
49
97
|
|
50
98
|
- Edit Logstash `Gemfile` and add the local plugin path, for example:
|
51
99
|
```ruby
|
52
|
-
gem "logstash-
|
100
|
+
gem "logstash-output-loginsight", :path => "/your/local/logstash-output-loginsight"
|
53
101
|
```
|
54
102
|
- Install plugin
|
55
103
|
```sh
|
56
104
|
bin/logstash-plugin install --no-verify
|
57
105
|
```
|
58
|
-
-
|
106
|
+
- Start Logstash and with the `stdin` input plugin and test connectivity to Log Insight, with debug logging:
|
59
107
|
```sh
|
60
|
-
bin/logstash -e '
|
108
|
+
bin/logstash -e 'input { stdin { add_field => { "fieldname" => "10" } } } output { loginsight { host => ["10.11.12.13"] } }' --log.level=debug
|
61
109
|
```
|
110
|
+
|
62
111
|
At this point any modifications to the plugin code will be applied to this local Logstash setup. After modifying the plugin, simply rerun Logstash.
|
63
112
|
|
64
113
|
#### 2.2 Run in an installed Logstash
|
65
114
|
|
66
115
|
You can use the same **2.1** method to run your plugin in an installed Logstash by editing its `Gemfile` and pointing the `:path` to your local plugin development directory. Or you can build the gem and install it using:
|
67
116
|
|
68
|
-
- Build your plugin gem
|
117
|
+
- Build your plugin gem:
|
69
118
|
```sh
|
70
119
|
gem build logstash-output-loginsight.gemspec
|
71
120
|
```
|
72
|
-
- Install the plugin from the Logstash home
|
121
|
+
- Install the plugin from the Logstash home:
|
73
122
|
```sh
|
74
|
-
bin/logstash-plugin install /your/local/plugin/logstash-
|
123
|
+
bin/logstash-plugin install /your/local/plugin/logstash-output-loginsight.gem
|
75
124
|
```
|
76
|
-
- Start Logstash and
|
125
|
+
- Start Logstash and with the `stdin` input plugin and test connectivity to Log Insight, with debug logging:
|
77
126
|
```sh
|
78
|
-
bin/logstash -e 'input { stdin { add_field => { "fieldname" => "10" } } } output { loginsight { host => "10.11.12.13" } }' --log.level=debug
|
127
|
+
bin/logstash -e 'input { stdin { add_field => { "fieldname" => "10" } } } output { loginsight { host => ["10.11.12.13"] } }' --log.level=debug
|
79
128
|
```
|
129
|
+
|
80
130
|
## Contributing
|
81
131
|
|
82
132
|
All contributions are welcome: ideas, patches, documentation, bug reports, complaints, and even something you drew up on a napkin.
|
@@ -1,11 +1,18 @@
|
|
1
1
|
# encoding: utf-8
|
2
|
+
# Copyright © 2017 VMware, Inc. All Rights Reserved.
|
3
|
+
# SPDX-License-Identifier: Apache-2.0
|
4
|
+
|
2
5
|
require "logstash/outputs/base"
|
3
6
|
require "logstash/namespace"
|
4
7
|
require "stud/buffer"
|
5
8
|
require "manticore"
|
6
|
-
#require "logstash/agent"
|
7
9
|
|
8
|
-
#
|
10
|
+
# This output plugin is used to send Events to a VMware vRealize Log Insight cluster,
|
11
|
+
# preserving existing fields on Events as key=value fields. Timestamps are transmitted
|
12
|
+
# as milliseconds-since-epoch UTC.
|
13
|
+
|
14
|
+
# output { loginsight { host => ["10.11.12.13"] } }
|
15
|
+
|
9
16
|
class LogStash::Outputs::Loginsight < LogStash::Outputs::Base
|
10
17
|
include Stud::Buffer
|
11
18
|
|
@@ -1,6 +1,6 @@
|
|
1
1
|
Gem::Specification.new do |s|
|
2
2
|
s.name = 'logstash-output-loginsight'
|
3
|
-
s.version = '0.2.
|
3
|
+
s.version = '0.2.1'
|
4
4
|
s.licenses = ['Apache-2.0']
|
5
5
|
s.summary = 'Output events to a Log Insight server. This uses the Ingestion API protocol.'
|
6
6
|
s.description = 'This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install logstash-output-loginsight. This gem is not a stand-alone program.'
|
@@ -21,5 +21,5 @@ Gem::Specification.new do |s|
|
|
21
21
|
s.add_runtime_dependency "logstash-core-plugin-api", ">= 1.60", "<= 2.99"
|
22
22
|
s.add_runtime_dependency "manticore", "~> 0.6", ">= 0.6.0"
|
23
23
|
|
24
|
-
s.add_development_dependency "logstash-devutils"
|
24
|
+
s.add_development_dependency "logstash-devutils"
|
25
25
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: logstash-output-loginsight
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.2.
|
4
|
+
version: 0.2.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Alan Castonguay
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-
|
11
|
+
date: 2017-05-16 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|
@@ -53,23 +53,17 @@ dependencies:
|
|
53
53
|
- !ruby/object:Gem::Dependency
|
54
54
|
requirement: !ruby/object:Gem::Requirement
|
55
55
|
requirements:
|
56
|
-
- - "~>"
|
57
|
-
- !ruby/object:Gem::Version
|
58
|
-
version: '0'
|
59
56
|
- - ">="
|
60
57
|
- !ruby/object:Gem::Version
|
61
|
-
version:
|
58
|
+
version: '0'
|
62
59
|
name: logstash-devutils
|
63
60
|
prerelease: false
|
64
61
|
type: :development
|
65
62
|
version_requirements: !ruby/object:Gem::Requirement
|
66
63
|
requirements:
|
67
|
-
- - "~>"
|
68
|
-
- !ruby/object:Gem::Version
|
69
|
-
version: '0'
|
70
64
|
- - ">="
|
71
65
|
- !ruby/object:Gem::Version
|
72
|
-
version:
|
66
|
+
version: '0'
|
73
67
|
description: This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install logstash-output-loginsight. This gem is not a stand-alone program.
|
74
68
|
email: acastonguay@vmware.com
|
75
69
|
executables: []
|