logstash-output-syslog 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml ADDED
@@ -0,0 +1,15 @@
1
+ ---
2
+ !binary "U0hBMQ==":
3
+ metadata.gz: !binary |-
4
+ YTRmNDMwYjE2ZmE0ZGE0YWZkNTFkMjM1NjVlZTUyMWIwMTE0MGNhMA==
5
+ data.tar.gz: !binary |-
6
+ Y2JjMDRmZTJhODIzZTI0MTQxNGE5OWQ5N2MzNDY0NzFiZjRiOGM1Ng==
7
+ SHA512:
8
+ metadata.gz: !binary |-
9
+ YjdmMjUyMWJiNjlhZWQ3ZjM1MmE5NmM5NDcyMGI3ZDljNGU3YjYyOTA5ZGFk
10
+ NTBhYmY5YTQyNGQ4MWMxYzZlZjEzY2MyOGRhODgyYTBlZTliMzk5OTk2NjJl
11
+ NjI3NmY1Y2UwNGIzNGUwNDc5NmI4NDhiZDhjYTc1ZTRjNjllYzk=
12
+ data.tar.gz: !binary |-
13
+ MGZjMWRlMjM3NjZkOWViZDY2YjgwY2E2ODZlMjQyNjY1MDgzNTk4MmI0NzM4
14
+ ODlkY2Y4NWRiYTFmMWNlNDA0M2M4MjMwMzNlN2YwYjhmZjE5ZmFlYjZjOWZl
15
+ YzQ1YTc4ZDc2OWVjYjNjNjcxYzQ5YTBkZjQyNzgzMTdkNGRiYjU=
data/.gitignore ADDED
@@ -0,0 +1,4 @@
1
+ *.gem
2
+ Gemfile.lock
3
+ .bundle
4
+ vendor
data/Gemfile ADDED
@@ -0,0 +1,4 @@
1
+ source 'http://rubygems.org'
2
+ gem 'rake'
3
+ gem 'gem_publisher'
4
+ gem 'archive-tar-minitar'
data/LICENSE ADDED
@@ -0,0 +1,13 @@
1
+ Copyright (c) 2012-2014 Elasticsearch <http://www.elasticsearch.org>
2
+
3
+ Licensed under the Apache License, Version 2.0 (the "License");
4
+ you may not use this file except in compliance with the License.
5
+ You may obtain a copy of the License at
6
+
7
+ http://www.apache.org/licenses/LICENSE-2.0
8
+
9
+ Unless required by applicable law or agreed to in writing, software
10
+ distributed under the License is distributed on an "AS IS" BASIS,
11
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
+ See the License for the specific language governing permissions and
13
+ limitations under the License.
data/Rakefile ADDED
@@ -0,0 +1,6 @@
1
+ @files=[]
2
+
3
+ task :default do
4
+ system("rake -T")
5
+ end
6
+
@@ -0,0 +1,146 @@
1
+ # encoding: utf-8
2
+ require "logstash/outputs/base"
3
+ require "logstash/namespace"
4
+ require "date"
5
+
6
+
7
+ # Send events to a syslog server.
8
+ #
9
+ # You can send messages compliant with RFC3164 or RFC5424
10
+ # UDP or TCP syslog transport is supported
11
+ class LogStash::Outputs::Syslog < LogStash::Outputs::Base
12
+ config_name "syslog"
13
+ milestone 1
14
+
15
+ FACILITY_LABELS = [
16
+ "kernel",
17
+ "user-level",
18
+ "mail",
19
+ "daemon",
20
+ "security/authorization",
21
+ "syslogd",
22
+ "line printer",
23
+ "network news",
24
+ "uucp",
25
+ "clock",
26
+ "security/authorization",
27
+ "ftp",
28
+ "ntp",
29
+ "log audit",
30
+ "log alert",
31
+ "clock",
32
+ "local0",
33
+ "local1",
34
+ "local2",
35
+ "local3",
36
+ "local4",
37
+ "local5",
38
+ "local6",
39
+ "local7",
40
+ ]
41
+
42
+ SEVERITY_LABELS = [
43
+ "emergency",
44
+ "alert",
45
+ "critical",
46
+ "error",
47
+ "warning",
48
+ "notice",
49
+ "informational",
50
+ "debug",
51
+ ]
52
+
53
+ # syslog server address to connect to
54
+ config :host, :validate => :string, :required => true
55
+
56
+ # syslog server port to connect to
57
+ config :port, :validate => :number, :required => true
58
+
59
+ # syslog server protocol. you can choose between udp and tcp
60
+ config :protocol, :validate => ["tcp", "udp"], :default => "udp"
61
+
62
+ # facility label for syslog message
63
+ config :facility, :validate => FACILITY_LABELS, :required => true
64
+
65
+ # severity label for syslog message
66
+ config :severity, :validate => SEVERITY_LABELS, :required => true
67
+
68
+ # source host for syslog message
69
+ config :sourcehost, :validate => :string, :default => "%{host}"
70
+
71
+ # timestamp for syslog message
72
+ config :timestamp, :validate => :string, :default => "%{@timestamp}", :deprecated => "This setting is no longer necessary. The RFC setting will determine what time format is used."
73
+
74
+ # application name for syslog message
75
+ config :appname, :validate => :string, :default => "LOGSTASH"
76
+
77
+ # process id for syslog message
78
+ config :procid, :validate => :string, :default => "-"
79
+
80
+ # message id for syslog message
81
+ config :msgid, :validate => :string, :default => "-"
82
+
83
+ # syslog message format: you can choose between rfc3164 or rfc5424
84
+ config :rfc, :validate => ["rfc3164", "rfc5424"], :default => "rfc3164"
85
+
86
+
87
+ public
88
+ def register
89
+ @client_socket = nil
90
+ end
91
+
92
+ private
93
+ def udp?
94
+ @protocol == "udp"
95
+ end
96
+
97
+ private
98
+ def rfc3164?
99
+ @rfc == "rfc3164"
100
+ end
101
+
102
+ private
103
+ def connect
104
+ if udp?
105
+ @client_socket = UDPSocket.new
106
+ @client_socket.connect(@host, @port)
107
+ else
108
+ @client_socket = TCPSocket.new(@host, @port)
109
+ end
110
+ end
111
+
112
+ public
113
+ def receive(event)
114
+ return unless output?(event)
115
+
116
+ appname = event.sprintf(@appname)
117
+ procid = event.sprintf(@procid)
118
+ sourcehost = event.sprintf(@sourcehost)
119
+
120
+ facility_code = FACILITY_LABELS.index(@facility)
121
+
122
+ severity_code = SEVERITY_LABELS.index(@severity)
123
+
124
+ priority = (facility_code * 8) + severity_code
125
+
126
+ if rfc3164?
127
+ timestamp = event.sprintf("%{+MMM dd HH:mm:ss}")
128
+ syslog_msg = "<"+priority.to_s()+">"+timestamp+" "+sourcehost+" "+appname+"["+procid+"]: "+event["message"]
129
+ else
130
+ msgid = event.sprintf(@msgid)
131
+ timestamp = event.sprintf("%{+YYYY-MM-dd'T'HH:mm:ss.SSSZ}")
132
+ syslog_msg = "<"+priority.to_s()+">1 "+timestamp+" "+sourcehost+" "+appname+" "+procid+" "+msgid+" - "+event["message"]
133
+ end
134
+
135
+ begin
136
+ connect unless @client_socket
137
+ @client_socket.write(syslog_msg + "\n")
138
+ rescue => e
139
+ @logger.warn(@protocol+" output exception", :host => @host, :port => @port,
140
+ :exception => e, :backtrace => e.backtrace)
141
+ @client_socket.close rescue nil
142
+ @client_socket = nil
143
+ end
144
+ end
145
+ end
146
+
@@ -0,0 +1,26 @@
1
+ Gem::Specification.new do |s|
2
+
3
+ s.name = 'logstash-output-syslog'
4
+ s.version = '0.1.0'
5
+ s.licenses = ['Apache License (2.0)']
6
+ s.summary = "Send events to a syslog server."
7
+ s.description = "Send events to a syslog server. You can send messages compliant with RFC3164 or RFC5424. UDP or TCP syslog transport is supported"
8
+ s.authors = ["Elasticsearch"]
9
+ s.email = 'richard.pijnenburg@elasticsearch.com'
10
+ s.homepage = "http://logstash.net/"
11
+ s.require_paths = ["lib"]
12
+
13
+ # Files
14
+ s.files = `git ls-files`.split($\)+::Dir.glob('vendor/*')
15
+
16
+ # Tests
17
+ s.test_files = s.files.grep(%r{^(test|spec|features)/})
18
+
19
+ # Special flag to let us know this is actually a logstash plugin
20
+ s.metadata = { "logstash_plugin" => "true", "group" => "output" }
21
+
22
+ # Gem dependencies
23
+ s.add_runtime_dependency 'logstash', '>= 1.4.0', '< 2.0.0'
24
+
25
+ end
26
+
@@ -0,0 +1,9 @@
1
+ require "gem_publisher"
2
+
3
+ desc "Publish gem to RubyGems.org"
4
+ task :publish_gem do |t|
5
+ gem_file = Dir.glob(File.expand_path('../*.gemspec',File.dirname(__FILE__))).first
6
+ gem = GemPublisher.publish_if_updated(gem_file, :rubygems)
7
+ puts "Published #{gem}" if gem
8
+ end
9
+
@@ -0,0 +1,169 @@
1
+ require "net/http"
2
+ require "uri"
3
+ require "digest/sha1"
4
+
5
+ def vendor(*args)
6
+ return File.join("vendor", *args)
7
+ end
8
+
9
+ directory "vendor/" => ["vendor"] do |task, args|
10
+ mkdir task.name
11
+ end
12
+
13
+ def fetch(url, sha1, output)
14
+
15
+ puts "Downloading #{url}"
16
+ actual_sha1 = download(url, output)
17
+
18
+ if actual_sha1 != sha1
19
+ fail "SHA1 does not match (expected '#{sha1}' but got '#{actual_sha1}')"
20
+ end
21
+ end # def fetch
22
+
23
+ def file_fetch(url, sha1)
24
+ filename = File.basename( URI(url).path )
25
+ output = "vendor/#{filename}"
26
+ task output => [ "vendor/" ] do
27
+ begin
28
+ actual_sha1 = file_sha1(output)
29
+ if actual_sha1 != sha1
30
+ fetch(url, sha1, output)
31
+ end
32
+ rescue Errno::ENOENT
33
+ fetch(url, sha1, output)
34
+ end
35
+ end.invoke
36
+
37
+ return output
38
+ end
39
+
40
+ def file_sha1(path)
41
+ digest = Digest::SHA1.new
42
+ fd = File.new(path, "r")
43
+ while true
44
+ begin
45
+ digest << fd.sysread(16384)
46
+ rescue EOFError
47
+ break
48
+ end
49
+ end
50
+ return digest.hexdigest
51
+ ensure
52
+ fd.close if fd
53
+ end
54
+
55
+ def download(url, output)
56
+ uri = URI(url)
57
+ digest = Digest::SHA1.new
58
+ tmp = "#{output}.tmp"
59
+ Net::HTTP.start(uri.host, uri.port, :use_ssl => (uri.scheme == "https")) do |http|
60
+ request = Net::HTTP::Get.new(uri.path)
61
+ http.request(request) do |response|
62
+ fail "HTTP fetch failed for #{url}. #{response}" if [200, 301].include?(response.code)
63
+ size = (response["content-length"].to_i || -1).to_f
64
+ count = 0
65
+ File.open(tmp, "w") do |fd|
66
+ response.read_body do |chunk|
67
+ fd.write(chunk)
68
+ digest << chunk
69
+ if size > 0 && $stdout.tty?
70
+ count += chunk.bytesize
71
+ $stdout.write(sprintf("\r%0.2f%%", count/size * 100))
72
+ end
73
+ end
74
+ end
75
+ $stdout.write("\r \r") if $stdout.tty?
76
+ end
77
+ end
78
+
79
+ File.rename(tmp, output)
80
+
81
+ return digest.hexdigest
82
+ rescue SocketError => e
83
+ puts "Failure while downloading #{url}: #{e}"
84
+ raise
85
+ ensure
86
+ File.unlink(tmp) if File.exist?(tmp)
87
+ end # def download
88
+
89
+ def untar(tarball, &block)
90
+ require "archive/tar/minitar"
91
+ tgz = Zlib::GzipReader.new(File.open(tarball))
92
+ # Pull out typesdb
93
+ tar = Archive::Tar::Minitar::Input.open(tgz)
94
+ tar.each do |entry|
95
+ path = block.call(entry)
96
+ next if path.nil?
97
+ parent = File.dirname(path)
98
+
99
+ mkdir_p parent unless File.directory?(parent)
100
+
101
+ # Skip this file if the output file is the same size
102
+ if entry.directory?
103
+ mkdir path unless File.directory?(path)
104
+ else
105
+ entry_mode = entry.instance_eval { @mode } & 0777
106
+ if File.exists?(path)
107
+ stat = File.stat(path)
108
+ # TODO(sissel): Submit a patch to archive-tar-minitar upstream to
109
+ # expose headers in the entry.
110
+ entry_size = entry.instance_eval { @size }
111
+ # If file sizes are same, skip writing.
112
+ next if stat.size == entry_size && (stat.mode & 0777) == entry_mode
113
+ end
114
+ puts "Extracting #{entry.full_name} from #{tarball} #{entry_mode.to_s(8)}"
115
+ File.open(path, "w") do |fd|
116
+ # eof? check lets us skip empty files. Necessary because the API provided by
117
+ # Archive::Tar::Minitar::Reader::EntryStream only mostly acts like an
118
+ # IO object. Something about empty files in this EntryStream causes
119
+ # IO.copy_stream to throw "can't convert nil into String" on JRuby
120
+ # TODO(sissel): File a bug about this.
121
+ while !entry.eof?
122
+ chunk = entry.read(16384)
123
+ fd.write(chunk)
124
+ end
125
+ #IO.copy_stream(entry, fd)
126
+ end
127
+ File.chmod(entry_mode, path)
128
+ end
129
+ end
130
+ tar.close
131
+ File.unlink(tarball) if File.file?(tarball)
132
+ end # def untar
133
+
134
+ def ungz(file)
135
+
136
+ outpath = file.gsub('.gz', '')
137
+ tgz = Zlib::GzipReader.new(File.open(file))
138
+ begin
139
+ File.open(outpath, "w") do |out|
140
+ IO::copy_stream(tgz, out)
141
+ end
142
+ File.unlink(file)
143
+ rescue
144
+ File.unlink(outpath) if File.file?(outpath)
145
+ raise
146
+ end
147
+ tgz.close
148
+ end
149
+
150
+ desc "Process any vendor files required for this plugin"
151
+ task "vendor" do |task, args|
152
+
153
+ @files.each do |file|
154
+ download = file_fetch(file['url'], file['sha1'])
155
+ if download =~ /.tar.gz/
156
+ prefix = download.gsub('.tar.gz', '').gsub('vendor/', '')
157
+ untar(download) do |entry|
158
+ if !file['files'].nil?
159
+ next unless file['files'].include?(entry.full_name.gsub(prefix, ''))
160
+ out = entry.full_name.split("/").last
161
+ end
162
+ File.join('vendor', out)
163
+ end
164
+ elsif download =~ /.gz/
165
+ ungz(download)
166
+ end
167
+ end
168
+
169
+ end
@@ -0,0 +1 @@
1
+ require 'spec_helper'
metadata ADDED
@@ -0,0 +1,76 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: logstash-output-syslog
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - Elasticsearch
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2014-11-06 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: logstash
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ! '>='
18
+ - !ruby/object:Gem::Version
19
+ version: 1.4.0
20
+ - - <
21
+ - !ruby/object:Gem::Version
22
+ version: 2.0.0
23
+ type: :runtime
24
+ prerelease: false
25
+ version_requirements: !ruby/object:Gem::Requirement
26
+ requirements:
27
+ - - ! '>='
28
+ - !ruby/object:Gem::Version
29
+ version: 1.4.0
30
+ - - <
31
+ - !ruby/object:Gem::Version
32
+ version: 2.0.0
33
+ description: Send events to a syslog server. You can send messages compliant with
34
+ RFC3164 or RFC5424. UDP or TCP syslog transport is supported
35
+ email: richard.pijnenburg@elasticsearch.com
36
+ executables: []
37
+ extensions: []
38
+ extra_rdoc_files: []
39
+ files:
40
+ - .gitignore
41
+ - Gemfile
42
+ - LICENSE
43
+ - Rakefile
44
+ - lib/logstash/outputs/syslog.rb
45
+ - logstash-output-syslog.gemspec
46
+ - rakelib/publish.rake
47
+ - rakelib/vendor.rake
48
+ - spec/outputs/syslog_spec.rb
49
+ homepage: http://logstash.net/
50
+ licenses:
51
+ - Apache License (2.0)
52
+ metadata:
53
+ logstash_plugin: 'true'
54
+ group: output
55
+ post_install_message:
56
+ rdoc_options: []
57
+ require_paths:
58
+ - lib
59
+ required_ruby_version: !ruby/object:Gem::Requirement
60
+ requirements:
61
+ - - ! '>='
62
+ - !ruby/object:Gem::Version
63
+ version: '0'
64
+ required_rubygems_version: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - ! '>='
67
+ - !ruby/object:Gem::Version
68
+ version: '0'
69
+ requirements: []
70
+ rubyforge_project:
71
+ rubygems_version: 2.4.1
72
+ signing_key:
73
+ specification_version: 4
74
+ summary: Send events to a syslog server.
75
+ test_files:
76
+ - spec/outputs/syslog_spec.rb