logstash-output-syslog 0.1.4 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: d333d7299ba493752bafbe7436d06bc9ef9271fa
-  data.tar.gz: 70c4927dbab0e42ec21a41ed4e2c9831373e0a17
+  metadata.gz: adf244fc4a07c51b9b7f855fd561c04904f07776
+  data.tar.gz: 02c9b31239c8090938d623b19a091d0a67d7e446
 SHA512:
-  metadata.gz: 779056b2cf2b7d8f440c049c56c96a12f4d1da647c6f332d974938bc8e2476bbd71a46c5751f2d6f6176538b5e3da666d806fc102cc125f7260622688982e707
-  data.tar.gz: 2202189c3f11f2d55594ef6bedbf1d883822db51a4c5a75c00a94f2112e15b8eb819fb1a97ff792dfdb253b5cf1243234a73408ec843d011f5eae51f274dce59
+  metadata.gz: 642bae90d7875e24535ec18c8162883f86b78a0eb6feed53124e20e182c3dd3dcf2b55cb0a327c5dfeb97dde765a2e996ad39044ed60d825b50f8866031ac9ec
+  data.tar.gz: cdf6c9fdc485edde59acfc49c21eacd8b5a3a85fc20b50ca9ffc14186ad87526e36e787e4967ebfdc6e8fe792f94af3b46addbe17b9b0bf9d4ec2653ad9ec95d

data/NOTICE.TXT

@@ -0,0 +1,5 @@
+Elasticsearch
+Copyright 2012-2015 Elasticsearch
+
+This product includes software developed by The Apache Software
+Foundation (http://www.apache.org/).

data/README.md

@@ -1,19 +1,19 @@
 # Logstash Plugin
 
-This is a plugin for [Logstash](https://github.com/elasticsearch/logstash).
+This is a plugin for [Logstash](https://github.com/elastic/logstash).
 
 It is fully free and fully open source. The license is Apache 2.0, meaning you are pretty much free to use it however you want in whatever way.
 
 ## Documentation
 
-Logstash provides infrastructure to automatically generate documentation for this plugin. We use the asciidoc format to write documentation so any comments in the source code will be first converted into asciidoc and then into html. All plugin documentation are placed under one [central location](http://www.elasticsearch.org/guide/en/logstash/current/).
+Logstash provides infrastructure to automatically generate documentation for this plugin. We use the asciidoc format to write documentation so any comments in the source code will be first converted into asciidoc and then into html. All plugin documentation are placed under one [central location](http://www.elastic.co/guide/en/logstash/current/).
 
 - For formatting code or config example, you can use the asciidoc `[source,ruby]` directive
-- For more asciidoc formatting tips, see the excellent reference here https://github.com/elasticsearch/docs#asciidoc-guide
+- For more asciidoc formatting tips, see the excellent reference here https://github.com/elastic/docs#asciidoc-guide
 
 ## Need Help?
 
-Need help? Try #logstash on freenode IRC or the logstash-users@googlegroups.com mailing list.
+Need help? Try #logstash on freenode IRC or the https://discuss.elastic.co/c/logstash discussion forum.
 
 ## Developing
 
@@ -83,4 +83,4 @@ Programming is not a required skill. Whatever you've seen about open source and
 
 It is more important to the community that you are able to contribute.
 
-For more information about contributing, see the [CONTRIBUTING](https://github.com/elasticsearch/logstash/blob/master/CONTRIBUTING.md) file.
+For more information about contributing, see the [CONTRIBUTING](https://github.com/elastic/logstash/blob/master/CONTRIBUTING.md) file.

data/lib/logstash/outputs/syslog.rb

@@ -7,7 +7,13 @@ require "date"
 # Send events to a syslog server.
 #
 # You can send messages compliant with RFC3164 or RFC5424
-# UDP or TCP syslog transport is supported
+# using either UDP or TCP as the transport protocol.
+#
+# By default the contents of the `message` field will be shipped as
+# the free-form message text part of the emitted syslog message. If
+# your messages don't have a `message` field or if you for some other
+# reason want to change the emitted message, modify the `message`
+# configuration option.
 class LogStash::Outputs::Syslog < LogStash::Outputs::Base
   config_name "syslog"
 
@@ -51,10 +57,13 @@ class LogStash::Outputs::Syslog < LogStash::Outputs::Base
 
   # syslog server address to connect to
   config :host, :validate => :string, :required => true
-  
+
   # syslog server port to connect to
   config :port, :validate => :number, :required => true
 
+  # when connection fails, retry interval in sec.
+  config :reconnect_interval, :validate => :number, :default => 1
+
   # syslog server protocol. you can choose between udp and tcp
   config :protocol, :validate => ["tcp", "udp"], :default => "udp"
 
@@ -75,40 +84,27 @@ class LogStash::Outputs::Syslog < LogStash::Outputs::Base
 
   # process id for syslog message
   config :procid, :validate => :string, :default => "-"
- 
+
+  # message text to log
+  config :message, :validate => :string, :default => "%{message}"
+
   # message id for syslog message
   config :msgid, :validate => :string, :default => "-"
 
   # syslog message format: you can choose between rfc3164 or rfc5424
   config :rfc, :validate => ["rfc3164", "rfc5424"], :default => "rfc3164"
 
-  
-  public
   def register
-      @client_socket = nil
-  end
-
-  private
-  def udp?
-    @protocol == "udp"
-  end
+    @client_socket = nil
 
-  private
-  def rfc3164?
-    @rfc == "rfc3164"
-  end 
+    facility_code = FACILITY_LABELS.index(@facility)
+    severity_code = SEVERITY_LABELS.index(@severity)
+    @priority = (facility_code * 8) + severity_code
 
-  private
-  def connect
-    if udp?
-        @client_socket = UDPSocket.new
-        @client_socket.connect(@host, @port)
-    else
-        @client_socket = TCPSocket.new(@host, @port)
-    end
+    # use instance variable to avoid string comparison for each event
+    @is_rfc3164 = (@rfc == "rfc3164")
   end
 
-  public
   def receive(event)
     return unless output?(event)
 
@@ -116,30 +112,42 @@ class LogStash::Outputs::Syslog < LogStash::Outputs::Base
     procid = event.sprintf(@procid)
     sourcehost = event.sprintf(@sourcehost)
 
-    facility_code = FACILITY_LABELS.index(@facility)
-
-    severity_code = SEVERITY_LABELS.index(@severity)
-
-    priority = (facility_code * 8) + severity_code
-
-    if rfc3164?
+    if @is_rfc3164
       timestamp = event.sprintf("%{+MMM dd HH:mm:ss}")
-      syslog_msg = "<"+priority.to_s()+">"+timestamp+" "+sourcehost+" "+appname+"["+procid+"]: "+event["message"]
+      syslog_msg = "<#{@priority.to_s}>#{timestamp} #{sourcehost} #{appname}[#{procid}]: #{event.sprintf(@message)}"
     else
       msgid = event.sprintf(@msgid)
-      timestamp = event.sprintf("%{+YYYY-MM-dd'T'HH:mm:ss.SSSZ}")
-      syslog_msg = "<"+priority.to_s()+">1 "+timestamp+" "+sourcehost+" "+appname+" "+procid+" "+msgid+" - "+event["message"]
+      timestamp = event.sprintf("%{+YYYY-MM-dd'T'HH:mm:ss.SSSZZ}")
+      syslog_msg = "<#{@priority.to_s}>1 #{timestamp} #{sourcehost} #{appname} #{procid} #{msgid} - #{event.sprintf(@message)}"
     end
 
     begin
-      connect unless @client_socket
+      @client_socket ||= connect
       @client_socket.write(syslog_msg + "\n")
     rescue => e
-      @logger.warn(@protocol+" output exception", :host => @host, :port => @port,
-                 :exception => e, :backtrace => e.backtrace)
+      @logger.warn("syslog " + @protocol + " output exception: closing, reconnecting and resending event", :host => @host, :port => @port, :exception => e, :backtrace => e.backtrace, :event => event)
       @client_socket.close rescue nil
       @client_socket = nil
+
+      sleep(@reconnect_interval)
+      retry
     end
   end
-end
 
+  private
+
+  def udp?
+    @protocol == "udp"
+  end
+
+  def connect
+    socket = nil
+    if udp?
+      socket = UDPSocket.new
+      socket.connect(@host, @port)
+    else
+      socket = TCPSocket.new(@host, @port)
+    end
+    socket
+  end
+end

data/logstash-output-syslog.gemspec

@@ -1,7 +1,7 @@
 Gem::Specification.new do |s|
 
   s.name            = 'logstash-output-syslog'
-  s.version         = '0.1.4'
+  s.version         = '0.2.0'
   s.licenses        = ['Apache License (2.0)']
   s.summary         = "Send events to a syslog server."
   s.description     = "This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program"
@@ -23,5 +23,6 @@ Gem::Specification.new do |s|
   s.add_runtime_dependency "logstash-core", '>= 1.4.0', '< 2.0.0'
 
   s.add_development_dependency 'logstash-devutils'
+  s.add_development_dependency 'logstash-codec-plain'
 end
 

data/spec/outputs/syslog_spec.rb

@@ -1 +1,50 @@
+# encoding: utf-8
+
 require "logstash/devutils/rspec/spec_helper"
+require "logstash/outputs/syslog"
+
+describe LogStash::Outputs::Syslog do
+
+  it "should register without errors" do
+    plugin = LogStash::Plugin.lookup("output", "syslog").new({"host" => "foo", "port" => "123", "facility" => "kernel", "severity" => "emergency"})
+    expect { plugin.register }.to_not raise_error
+  end
+
+  subject do
+    plugin = LogStash::Plugin.lookup("output", "syslog").new(options)
+    plugin.register
+    plugin
+  end
+
+  let(:socket) { double("fake socket") }
+  let(:event) { LogStash::Event.new({"message" => "bar", "host" => "baz"}) }
+
+  shared_examples "syslog output" do
+    it "should write expected format" do
+      expect(subject).to receive(:connect).and_return(socket)
+      expect(socket).to receive(:write).with(output)
+      subject.receive(event)
+    end
+  end
+
+  context "rfc 3164 and udp by default" do
+    let(:options) { {"host" => "foo", "port" => "123", "facility" => "kernel", "severity" => "emergency"} }
+    let(:output) { /^<0>.+baz LOGSTASH\[-\]: bar\n/m }
+
+    it_behaves_like "syslog output"
+  end
+
+  context "rfc 5424 and tcp" do
+    let(:options) { {"rfc" => "rfc5424", "protocol" => "tcp", "host" => "foo", "port" => "123", "facility" => "kernel", "severity" => "emergency"} }
+    let(:output) { /^<0>1 .+baz LOGSTASH - - - bar\n/m }
+
+    it_behaves_like "syslog output"
+  end
+
+  context "calculate priority" do
+    let(:options) { {"host" => "foo", "port" => "123", "facility" => "mail", "severity" => "critical"} }
+    let(:output) { /^<18>.+baz LOGSTASH\[-\]: bar\n/m }
+
+    it_behaves_like "syslog output"
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: logstash-output-syslog
 version: !ruby/object:Gem::Version
-  version: 0.1.4
+  version: 0.2.0
 platform: ruby
 authors:
 - Elastic
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2015-04-20 00:00:00.000000000 Z
+date: 2015-11-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
@@ -44,6 +44,20 @@ dependencies:
     - - '>='
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  name: logstash-codec-plain
+  prerelease: false
+  type: :development
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 description: This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program
 email: info@elastic.co
 executables: []
@@ -51,9 +65,11 @@ extensions: []
 extra_rdoc_files: []
 files:
 - .gitignore
+- CHANGELOG.md
 - CONTRIBUTORS
 - Gemfile
 - LICENSE
+- NOTICE.TXT
 - README.md
 - Rakefile
 - lib/logstash/outputs/syslog.rb
@@ -81,7 +97,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.1.9
+rubygems_version: 2.4.8
 signing_key:
 specification_version: 4
 summary: Send events to a syslog server.