logstash-output-syslog 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +15 -0
- data/.gitignore +4 -0
- data/Gemfile +4 -0
- data/LICENSE +13 -0
- data/Rakefile +6 -0
- data/lib/logstash/outputs/syslog.rb +146 -0
- data/logstash-output-syslog.gemspec +26 -0
- data/rakelib/publish.rake +9 -0
- data/rakelib/vendor.rake +169 -0
- data/spec/outputs/syslog_spec.rb +1 -0
- metadata +76 -0
checksums.yaml
ADDED
@@ -0,0 +1,15 @@
|
|
1
|
+
---
|
2
|
+
!binary "U0hBMQ==":
|
3
|
+
metadata.gz: !binary |-
|
4
|
+
YTRmNDMwYjE2ZmE0ZGE0YWZkNTFkMjM1NjVlZTUyMWIwMTE0MGNhMA==
|
5
|
+
data.tar.gz: !binary |-
|
6
|
+
Y2JjMDRmZTJhODIzZTI0MTQxNGE5OWQ5N2MzNDY0NzFiZjRiOGM1Ng==
|
7
|
+
SHA512:
|
8
|
+
metadata.gz: !binary |-
|
9
|
+
YjdmMjUyMWJiNjlhZWQ3ZjM1MmE5NmM5NDcyMGI3ZDljNGU3YjYyOTA5ZGFk
|
10
|
+
NTBhYmY5YTQyNGQ4MWMxYzZlZjEzY2MyOGRhODgyYTBlZTliMzk5OTk2NjJl
|
11
|
+
NjI3NmY1Y2UwNGIzNGUwNDc5NmI4NDhiZDhjYTc1ZTRjNjllYzk=
|
12
|
+
data.tar.gz: !binary |-
|
13
|
+
MGZjMWRlMjM3NjZkOWViZDY2YjgwY2E2ODZlMjQyNjY1MDgzNTk4MmI0NzM4
|
14
|
+
ODlkY2Y4NWRiYTFmMWNlNDA0M2M4MjMwMzNlN2YwYjhmZjE5ZmFlYjZjOWZl
|
15
|
+
YzQ1YTc4ZDc2OWVjYjNjNjcxYzQ5YTBkZjQyNzgzMTdkNGRiYjU=
|
data/.gitignore
ADDED
data/Gemfile
ADDED
data/LICENSE
ADDED
@@ -0,0 +1,13 @@
|
|
1
|
+
Copyright (c) 2012-2014 Elasticsearch <http://www.elasticsearch.org>
|
2
|
+
|
3
|
+
Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
+
you may not use this file except in compliance with the License.
|
5
|
+
You may obtain a copy of the License at
|
6
|
+
|
7
|
+
http://www.apache.org/licenses/LICENSE-2.0
|
8
|
+
|
9
|
+
Unless required by applicable law or agreed to in writing, software
|
10
|
+
distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
+
See the License for the specific language governing permissions and
|
13
|
+
limitations under the License.
|
data/Rakefile
ADDED
@@ -0,0 +1,146 @@
|
|
1
|
+
# encoding: utf-8
|
2
|
+
require "logstash/outputs/base"
|
3
|
+
require "logstash/namespace"
|
4
|
+
require "date"
|
5
|
+
|
6
|
+
|
7
|
+
# Send events to a syslog server.
|
8
|
+
#
|
9
|
+
# You can send messages compliant with RFC3164 or RFC5424
|
10
|
+
# UDP or TCP syslog transport is supported
|
11
|
+
class LogStash::Outputs::Syslog < LogStash::Outputs::Base
|
12
|
+
config_name "syslog"
|
13
|
+
milestone 1
|
14
|
+
|
15
|
+
FACILITY_LABELS = [
|
16
|
+
"kernel",
|
17
|
+
"user-level",
|
18
|
+
"mail",
|
19
|
+
"daemon",
|
20
|
+
"security/authorization",
|
21
|
+
"syslogd",
|
22
|
+
"line printer",
|
23
|
+
"network news",
|
24
|
+
"uucp",
|
25
|
+
"clock",
|
26
|
+
"security/authorization",
|
27
|
+
"ftp",
|
28
|
+
"ntp",
|
29
|
+
"log audit",
|
30
|
+
"log alert",
|
31
|
+
"clock",
|
32
|
+
"local0",
|
33
|
+
"local1",
|
34
|
+
"local2",
|
35
|
+
"local3",
|
36
|
+
"local4",
|
37
|
+
"local5",
|
38
|
+
"local6",
|
39
|
+
"local7",
|
40
|
+
]
|
41
|
+
|
42
|
+
SEVERITY_LABELS = [
|
43
|
+
"emergency",
|
44
|
+
"alert",
|
45
|
+
"critical",
|
46
|
+
"error",
|
47
|
+
"warning",
|
48
|
+
"notice",
|
49
|
+
"informational",
|
50
|
+
"debug",
|
51
|
+
]
|
52
|
+
|
53
|
+
# syslog server address to connect to
|
54
|
+
config :host, :validate => :string, :required => true
|
55
|
+
|
56
|
+
# syslog server port to connect to
|
57
|
+
config :port, :validate => :number, :required => true
|
58
|
+
|
59
|
+
# syslog server protocol. you can choose between udp and tcp
|
60
|
+
config :protocol, :validate => ["tcp", "udp"], :default => "udp"
|
61
|
+
|
62
|
+
# facility label for syslog message
|
63
|
+
config :facility, :validate => FACILITY_LABELS, :required => true
|
64
|
+
|
65
|
+
# severity label for syslog message
|
66
|
+
config :severity, :validate => SEVERITY_LABELS, :required => true
|
67
|
+
|
68
|
+
# source host for syslog message
|
69
|
+
config :sourcehost, :validate => :string, :default => "%{host}"
|
70
|
+
|
71
|
+
# timestamp for syslog message
|
72
|
+
config :timestamp, :validate => :string, :default => "%{@timestamp}", :deprecated => "This setting is no longer necessary. The RFC setting will determine what time format is used."
|
73
|
+
|
74
|
+
# application name for syslog message
|
75
|
+
config :appname, :validate => :string, :default => "LOGSTASH"
|
76
|
+
|
77
|
+
# process id for syslog message
|
78
|
+
config :procid, :validate => :string, :default => "-"
|
79
|
+
|
80
|
+
# message id for syslog message
|
81
|
+
config :msgid, :validate => :string, :default => "-"
|
82
|
+
|
83
|
+
# syslog message format: you can choose between rfc3164 or rfc5424
|
84
|
+
config :rfc, :validate => ["rfc3164", "rfc5424"], :default => "rfc3164"
|
85
|
+
|
86
|
+
|
87
|
+
public
|
88
|
+
def register
|
89
|
+
@client_socket = nil
|
90
|
+
end
|
91
|
+
|
92
|
+
private
|
93
|
+
def udp?
|
94
|
+
@protocol == "udp"
|
95
|
+
end
|
96
|
+
|
97
|
+
private
|
98
|
+
def rfc3164?
|
99
|
+
@rfc == "rfc3164"
|
100
|
+
end
|
101
|
+
|
102
|
+
private
|
103
|
+
def connect
|
104
|
+
if udp?
|
105
|
+
@client_socket = UDPSocket.new
|
106
|
+
@client_socket.connect(@host, @port)
|
107
|
+
else
|
108
|
+
@client_socket = TCPSocket.new(@host, @port)
|
109
|
+
end
|
110
|
+
end
|
111
|
+
|
112
|
+
public
|
113
|
+
def receive(event)
|
114
|
+
return unless output?(event)
|
115
|
+
|
116
|
+
appname = event.sprintf(@appname)
|
117
|
+
procid = event.sprintf(@procid)
|
118
|
+
sourcehost = event.sprintf(@sourcehost)
|
119
|
+
|
120
|
+
facility_code = FACILITY_LABELS.index(@facility)
|
121
|
+
|
122
|
+
severity_code = SEVERITY_LABELS.index(@severity)
|
123
|
+
|
124
|
+
priority = (facility_code * 8) + severity_code
|
125
|
+
|
126
|
+
if rfc3164?
|
127
|
+
timestamp = event.sprintf("%{+MMM dd HH:mm:ss}")
|
128
|
+
syslog_msg = "<"+priority.to_s()+">"+timestamp+" "+sourcehost+" "+appname+"["+procid+"]: "+event["message"]
|
129
|
+
else
|
130
|
+
msgid = event.sprintf(@msgid)
|
131
|
+
timestamp = event.sprintf("%{+YYYY-MM-dd'T'HH:mm:ss.SSSZ}")
|
132
|
+
syslog_msg = "<"+priority.to_s()+">1 "+timestamp+" "+sourcehost+" "+appname+" "+procid+" "+msgid+" - "+event["message"]
|
133
|
+
end
|
134
|
+
|
135
|
+
begin
|
136
|
+
connect unless @client_socket
|
137
|
+
@client_socket.write(syslog_msg + "\n")
|
138
|
+
rescue => e
|
139
|
+
@logger.warn(@protocol+" output exception", :host => @host, :port => @port,
|
140
|
+
:exception => e, :backtrace => e.backtrace)
|
141
|
+
@client_socket.close rescue nil
|
142
|
+
@client_socket = nil
|
143
|
+
end
|
144
|
+
end
|
145
|
+
end
|
146
|
+
|
@@ -0,0 +1,26 @@
|
|
1
|
+
Gem::Specification.new do |s|
|
2
|
+
|
3
|
+
s.name = 'logstash-output-syslog'
|
4
|
+
s.version = '0.1.0'
|
5
|
+
s.licenses = ['Apache License (2.0)']
|
6
|
+
s.summary = "Send events to a syslog server."
|
7
|
+
s.description = "Send events to a syslog server. You can send messages compliant with RFC3164 or RFC5424. UDP or TCP syslog transport is supported"
|
8
|
+
s.authors = ["Elasticsearch"]
|
9
|
+
s.email = 'richard.pijnenburg@elasticsearch.com'
|
10
|
+
s.homepage = "http://logstash.net/"
|
11
|
+
s.require_paths = ["lib"]
|
12
|
+
|
13
|
+
# Files
|
14
|
+
s.files = `git ls-files`.split($\)+::Dir.glob('vendor/*')
|
15
|
+
|
16
|
+
# Tests
|
17
|
+
s.test_files = s.files.grep(%r{^(test|spec|features)/})
|
18
|
+
|
19
|
+
# Special flag to let us know this is actually a logstash plugin
|
20
|
+
s.metadata = { "logstash_plugin" => "true", "group" => "output" }
|
21
|
+
|
22
|
+
# Gem dependencies
|
23
|
+
s.add_runtime_dependency 'logstash', '>= 1.4.0', '< 2.0.0'
|
24
|
+
|
25
|
+
end
|
26
|
+
|
@@ -0,0 +1,9 @@
|
|
1
|
+
require "gem_publisher"
|
2
|
+
|
3
|
+
desc "Publish gem to RubyGems.org"
|
4
|
+
task :publish_gem do |t|
|
5
|
+
gem_file = Dir.glob(File.expand_path('../*.gemspec',File.dirname(__FILE__))).first
|
6
|
+
gem = GemPublisher.publish_if_updated(gem_file, :rubygems)
|
7
|
+
puts "Published #{gem}" if gem
|
8
|
+
end
|
9
|
+
|
data/rakelib/vendor.rake
ADDED
@@ -0,0 +1,169 @@
|
|
1
|
+
require "net/http"
|
2
|
+
require "uri"
|
3
|
+
require "digest/sha1"
|
4
|
+
|
5
|
+
def vendor(*args)
|
6
|
+
return File.join("vendor", *args)
|
7
|
+
end
|
8
|
+
|
9
|
+
directory "vendor/" => ["vendor"] do |task, args|
|
10
|
+
mkdir task.name
|
11
|
+
end
|
12
|
+
|
13
|
+
def fetch(url, sha1, output)
|
14
|
+
|
15
|
+
puts "Downloading #{url}"
|
16
|
+
actual_sha1 = download(url, output)
|
17
|
+
|
18
|
+
if actual_sha1 != sha1
|
19
|
+
fail "SHA1 does not match (expected '#{sha1}' but got '#{actual_sha1}')"
|
20
|
+
end
|
21
|
+
end # def fetch
|
22
|
+
|
23
|
+
def file_fetch(url, sha1)
|
24
|
+
filename = File.basename( URI(url).path )
|
25
|
+
output = "vendor/#{filename}"
|
26
|
+
task output => [ "vendor/" ] do
|
27
|
+
begin
|
28
|
+
actual_sha1 = file_sha1(output)
|
29
|
+
if actual_sha1 != sha1
|
30
|
+
fetch(url, sha1, output)
|
31
|
+
end
|
32
|
+
rescue Errno::ENOENT
|
33
|
+
fetch(url, sha1, output)
|
34
|
+
end
|
35
|
+
end.invoke
|
36
|
+
|
37
|
+
return output
|
38
|
+
end
|
39
|
+
|
40
|
+
def file_sha1(path)
|
41
|
+
digest = Digest::SHA1.new
|
42
|
+
fd = File.new(path, "r")
|
43
|
+
while true
|
44
|
+
begin
|
45
|
+
digest << fd.sysread(16384)
|
46
|
+
rescue EOFError
|
47
|
+
break
|
48
|
+
end
|
49
|
+
end
|
50
|
+
return digest.hexdigest
|
51
|
+
ensure
|
52
|
+
fd.close if fd
|
53
|
+
end
|
54
|
+
|
55
|
+
def download(url, output)
|
56
|
+
uri = URI(url)
|
57
|
+
digest = Digest::SHA1.new
|
58
|
+
tmp = "#{output}.tmp"
|
59
|
+
Net::HTTP.start(uri.host, uri.port, :use_ssl => (uri.scheme == "https")) do |http|
|
60
|
+
request = Net::HTTP::Get.new(uri.path)
|
61
|
+
http.request(request) do |response|
|
62
|
+
fail "HTTP fetch failed for #{url}. #{response}" if [200, 301].include?(response.code)
|
63
|
+
size = (response["content-length"].to_i || -1).to_f
|
64
|
+
count = 0
|
65
|
+
File.open(tmp, "w") do |fd|
|
66
|
+
response.read_body do |chunk|
|
67
|
+
fd.write(chunk)
|
68
|
+
digest << chunk
|
69
|
+
if size > 0 && $stdout.tty?
|
70
|
+
count += chunk.bytesize
|
71
|
+
$stdout.write(sprintf("\r%0.2f%%", count/size * 100))
|
72
|
+
end
|
73
|
+
end
|
74
|
+
end
|
75
|
+
$stdout.write("\r \r") if $stdout.tty?
|
76
|
+
end
|
77
|
+
end
|
78
|
+
|
79
|
+
File.rename(tmp, output)
|
80
|
+
|
81
|
+
return digest.hexdigest
|
82
|
+
rescue SocketError => e
|
83
|
+
puts "Failure while downloading #{url}: #{e}"
|
84
|
+
raise
|
85
|
+
ensure
|
86
|
+
File.unlink(tmp) if File.exist?(tmp)
|
87
|
+
end # def download
|
88
|
+
|
89
|
+
def untar(tarball, &block)
|
90
|
+
require "archive/tar/minitar"
|
91
|
+
tgz = Zlib::GzipReader.new(File.open(tarball))
|
92
|
+
# Pull out typesdb
|
93
|
+
tar = Archive::Tar::Minitar::Input.open(tgz)
|
94
|
+
tar.each do |entry|
|
95
|
+
path = block.call(entry)
|
96
|
+
next if path.nil?
|
97
|
+
parent = File.dirname(path)
|
98
|
+
|
99
|
+
mkdir_p parent unless File.directory?(parent)
|
100
|
+
|
101
|
+
# Skip this file if the output file is the same size
|
102
|
+
if entry.directory?
|
103
|
+
mkdir path unless File.directory?(path)
|
104
|
+
else
|
105
|
+
entry_mode = entry.instance_eval { @mode } & 0777
|
106
|
+
if File.exists?(path)
|
107
|
+
stat = File.stat(path)
|
108
|
+
# TODO(sissel): Submit a patch to archive-tar-minitar upstream to
|
109
|
+
# expose headers in the entry.
|
110
|
+
entry_size = entry.instance_eval { @size }
|
111
|
+
# If file sizes are same, skip writing.
|
112
|
+
next if stat.size == entry_size && (stat.mode & 0777) == entry_mode
|
113
|
+
end
|
114
|
+
puts "Extracting #{entry.full_name} from #{tarball} #{entry_mode.to_s(8)}"
|
115
|
+
File.open(path, "w") do |fd|
|
116
|
+
# eof? check lets us skip empty files. Necessary because the API provided by
|
117
|
+
# Archive::Tar::Minitar::Reader::EntryStream only mostly acts like an
|
118
|
+
# IO object. Something about empty files in this EntryStream causes
|
119
|
+
# IO.copy_stream to throw "can't convert nil into String" on JRuby
|
120
|
+
# TODO(sissel): File a bug about this.
|
121
|
+
while !entry.eof?
|
122
|
+
chunk = entry.read(16384)
|
123
|
+
fd.write(chunk)
|
124
|
+
end
|
125
|
+
#IO.copy_stream(entry, fd)
|
126
|
+
end
|
127
|
+
File.chmod(entry_mode, path)
|
128
|
+
end
|
129
|
+
end
|
130
|
+
tar.close
|
131
|
+
File.unlink(tarball) if File.file?(tarball)
|
132
|
+
end # def untar
|
133
|
+
|
134
|
+
def ungz(file)
|
135
|
+
|
136
|
+
outpath = file.gsub('.gz', '')
|
137
|
+
tgz = Zlib::GzipReader.new(File.open(file))
|
138
|
+
begin
|
139
|
+
File.open(outpath, "w") do |out|
|
140
|
+
IO::copy_stream(tgz, out)
|
141
|
+
end
|
142
|
+
File.unlink(file)
|
143
|
+
rescue
|
144
|
+
File.unlink(outpath) if File.file?(outpath)
|
145
|
+
raise
|
146
|
+
end
|
147
|
+
tgz.close
|
148
|
+
end
|
149
|
+
|
150
|
+
desc "Process any vendor files required for this plugin"
|
151
|
+
task "vendor" do |task, args|
|
152
|
+
|
153
|
+
@files.each do |file|
|
154
|
+
download = file_fetch(file['url'], file['sha1'])
|
155
|
+
if download =~ /.tar.gz/
|
156
|
+
prefix = download.gsub('.tar.gz', '').gsub('vendor/', '')
|
157
|
+
untar(download) do |entry|
|
158
|
+
if !file['files'].nil?
|
159
|
+
next unless file['files'].include?(entry.full_name.gsub(prefix, ''))
|
160
|
+
out = entry.full_name.split("/").last
|
161
|
+
end
|
162
|
+
File.join('vendor', out)
|
163
|
+
end
|
164
|
+
elsif download =~ /.gz/
|
165
|
+
ungz(download)
|
166
|
+
end
|
167
|
+
end
|
168
|
+
|
169
|
+
end
|
@@ -0,0 +1 @@
|
|
1
|
+
require 'spec_helper'
|
metadata
ADDED
@@ -0,0 +1,76 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: logstash-output-syslog
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.1.0
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Elasticsearch
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2014-11-06 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: logstash
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - ! '>='
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: 1.4.0
|
20
|
+
- - <
|
21
|
+
- !ruby/object:Gem::Version
|
22
|
+
version: 2.0.0
|
23
|
+
type: :runtime
|
24
|
+
prerelease: false
|
25
|
+
version_requirements: !ruby/object:Gem::Requirement
|
26
|
+
requirements:
|
27
|
+
- - ! '>='
|
28
|
+
- !ruby/object:Gem::Version
|
29
|
+
version: 1.4.0
|
30
|
+
- - <
|
31
|
+
- !ruby/object:Gem::Version
|
32
|
+
version: 2.0.0
|
33
|
+
description: Send events to a syslog server. You can send messages compliant with
|
34
|
+
RFC3164 or RFC5424. UDP or TCP syslog transport is supported
|
35
|
+
email: richard.pijnenburg@elasticsearch.com
|
36
|
+
executables: []
|
37
|
+
extensions: []
|
38
|
+
extra_rdoc_files: []
|
39
|
+
files:
|
40
|
+
- .gitignore
|
41
|
+
- Gemfile
|
42
|
+
- LICENSE
|
43
|
+
- Rakefile
|
44
|
+
- lib/logstash/outputs/syslog.rb
|
45
|
+
- logstash-output-syslog.gemspec
|
46
|
+
- rakelib/publish.rake
|
47
|
+
- rakelib/vendor.rake
|
48
|
+
- spec/outputs/syslog_spec.rb
|
49
|
+
homepage: http://logstash.net/
|
50
|
+
licenses:
|
51
|
+
- Apache License (2.0)
|
52
|
+
metadata:
|
53
|
+
logstash_plugin: 'true'
|
54
|
+
group: output
|
55
|
+
post_install_message:
|
56
|
+
rdoc_options: []
|
57
|
+
require_paths:
|
58
|
+
- lib
|
59
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
60
|
+
requirements:
|
61
|
+
- - ! '>='
|
62
|
+
- !ruby/object:Gem::Version
|
63
|
+
version: '0'
|
64
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
65
|
+
requirements:
|
66
|
+
- - ! '>='
|
67
|
+
- !ruby/object:Gem::Version
|
68
|
+
version: '0'
|
69
|
+
requirements: []
|
70
|
+
rubyforge_project:
|
71
|
+
rubygems_version: 2.4.1
|
72
|
+
signing_key:
|
73
|
+
specification_version: 4
|
74
|
+
summary: Send events to a syslog server.
|
75
|
+
test_files:
|
76
|
+
- spec/outputs/syslog_spec.rb
|