logstash-output-tcp 3.1.1 → 3.2.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +3 -0
  3. data/lib/logstash/outputs/tcp.rb +85 -4
  4. data/logstash-output-tcp.gemspec +1 -1
  5. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 74e0474b7a4e935ba8952b80b5b4169f2b472730
4
- data.tar.gz: bb736f1d5f6ff2c3cf870262d24c10f7f400df79
3
+ metadata.gz: 4389bec372bcd792d65085047d3e61e809062ace
4
+ data.tar.gz: 17a8ec05a14153a46f187a47fb88ae1b032692bb
5
5
  SHA512:
6
- metadata.gz: 3dd3dc38a97f307321cbdaeebe0a3410c3df4fcc3d5c15d2f7c959788b350e3faad77a17eb87209693c06b7a47bd5c58e725e2056972d905cd01d697a1527721
7
- data.tar.gz: bbbe0a64aca9112bc5f9db6fdc6a467957f1078c7e17efb8144afff94f2705e834baeb6f66882a0e1feddd6f98912fe7f8f6912991950d57cad8a4c60f217fb6
6
+ metadata.gz: 45b25dac4c91cdf81bcdfb3cfc1129078d429f484f16bf2924388064168b935aed561e7243bdfb2a85a4808ee7ff73dce276c4c9854ce3f33c853fe51b4a3e9d
7
+ data.tar.gz: 350ce2abbc36f8d1b0291ecfd1c772da8494b12bfe27e0a209d8648151f4a4e2d84c3a47454d25eb43acbf61d15685cf26d28e58e18ed0c5807c707a608720fd
data/CHANGELOG.md CHANGED
@@ -1,3 +1,6 @@
1
+ ## 3.2.0
2
+ - Added SSL support to this plugin (@michaelweiser)
3
+
1
4
  ## 3.1.1
2
5
  - Relax constraint on logstash-core-plugin-api to >= 1.60 <= 2.99
3
6
 
data/lib/logstash/outputs/tcp.rb CHANGED
@@ -2,6 +2,7 @@
2
2
  require "logstash/outputs/base"
3
3
  require "logstash/namespace"
4
4
  require "thread"
5
+ require "logstash/util/socket_peer"
5
6
 
6
7
  # Write events over a TCP socket.
7
8
  #
@@ -30,6 +31,33 @@ class LogStash::Outputs::Tcp < LogStash::Outputs::Base
30
31
  # `client` connects to a server.
31
32
  config :mode, :validate => ["server", "client"], :default => "client"
32
33
 
34
+ # Enable SSL (must be set for other `ssl_` options to take effect).
35
+ config :ssl_enable, :validate => :boolean, :default => false
36
+
37
+ # Verify the identity of the other end of the SSL connection against the CA.
38
+ # For input, sets the field `sslsubject` to that of the client certificate.
39
+ config :ssl_verify, :validate => :boolean, :default => false
40
+
41
+ # The SSL CA certificate, chainfile or CA path. The system CA path is automatically included.
42
+ config :ssl_cacert, :validate => :path
43
+
44
+ # SSL certificate path
45
+ config :ssl_cert, :validate => :path
46
+
47
+ # SSL key path
48
+ config :ssl_key, :validate => :path
49
+
50
+ # SSL key passphrase
51
+ config :ssl_key_passphrase, :validate => :password, :default => nil
52
+
53
+ # The format to use when writing events to the file. This value
54
+ # supports any string and can include `%{name}` and other dynamic
55
+ # strings.
56
+ #
57
+ # If this setting is omitted, the full json representation of the
58
+ # event will be written as a single line.
59
+ config :message_format, :validate => :string, :deprecated => true
60
+
33
61
  class Client
34
62
  public
35
63
  def initialize(socket, logger)
@@ -57,25 +85,63 @@ class LogStash::Outputs::Tcp < LogStash::Outputs::Base
57
85
  end # def write
58
86
  end # class Client
59
87
 
88
+ private
89
+ def setup_ssl
90
+ require "openssl"
91
+
92
+ @ssl_context = OpenSSL::SSL::SSLContext.new
93
+ @ssl_context.cert = OpenSSL::X509::Certificate.new(File.read(@ssl_cert))
94
+ @ssl_context.key = OpenSSL::PKey::RSA.new(File.read(@ssl_key),@ssl_key_passphrase)
95
+ if @ssl_verify
96
+ @cert_store = OpenSSL::X509::Store.new
97
+ # Load the system default certificate path to the store
98
+ @cert_store.set_default_paths
99
+ if File.directory?(@ssl_cacert)
100
+ @cert_store.add_path(@ssl_cacert)
101
+ else
102
+ @cert_store.add_file(@ssl_cacert)
103
+ end
104
+ @ssl_context.cert_store = @cert_store
105
+ @ssl_context.verify_mode = OpenSSL::SSL::VERIFY_PEER|OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT
106
+ end
107
+ end # def setup_ssl
108
+
60
109
  public
61
110
  def register
62
111
  require "socket"
63
112
  require "stud/try"
113
+ if @ssl_enable
114
+ setup_ssl
115
+ end # @ssl_enable
116
+
64
117
  if server?
65
118
  workers_not_supported
66
119
 
67
120
  @logger.info("Starting tcp output listener", :address => "#{@host}:#{@port}")
68
- @server_socket = TCPServer.new(@host, @port)
121
+ begin
122
+ @server_socket = TCPServer.new(@host, @port)
123
+ rescue Errno::EADDRINUSE
124
+ @logger.error("Could not start TCP server: Address in use",
125
+ :host => @host, :port => @port)
126
+ raise
127
+ end
128
+ if @ssl_enable
129
+ @server_socket = OpenSSL::SSL::SSLServer.new(@server_socket, @ssl_context)
130
+ end # @ssl_enable
69
131
  @client_threads = []
70
132
 
71
133
  @accept_thread = Thread.new(@server_socket) do |server_socket|
72
134
  loop do
73
- client_thread = Thread.start(server_socket.accept) do |client_socket|
135
+ Thread.start(server_socket.accept) do |client_socket|
136
+ # monkeypatch a 'peer' method onto the socket.
137
+ client_socket.instance_eval { class << self; include ::LogStash::Util::SocketPeer end }
138
+ @logger.debug("Accepted connection", :client => client_socket.peer,
139
+ :server => "#{@host}:#{@port}")
74
140
  client = Client.new(client_socket, @logger)
75
141
  Thread.current[:client] = client
142
+ @client_threads << Thread.current
76
143
  client.run
77
144
  end
78
- @client_threads << client_thread
79
145
  end
80
146
  end
81
147
 
@@ -113,7 +179,22 @@ class LogStash::Outputs::Tcp < LogStash::Outputs::Base
113
179
  private
114
180
  def connect
115
181
  Stud::try do
116
- return TCPSocket.new(@host, @port)
182
+ client_socket = TCPSocket.new(@host, @port)
183
+ if @ssl_enable
184
+ client_socket = OpenSSL::SSL::SSLSocket.new(client_socket, @ssl_context)
185
+ begin
186
+ client_socket.connect
187
+ rescue OpenSSL::SSL::SSLError => ssle
188
+ @logger.error("SSL Error", :exception => ssle,
189
+ :backtrace => ssle.backtrace)
190
+ # NOTE(mrichar1): Hack to prevent hammering peer
191
+ sleep(5)
192
+ raise
193
+ end
194
+ end
195
+ client_socket.instance_eval { class << self; include ::LogStash::Util::SocketPeer end }
196
+ @logger.debug("Opened connection", :client => "#{client_socket.peer}")
197
+ return client_socket
117
198
  end
118
199
  end # def connect
119
200
 
data/logstash-output-tcp.gemspec CHANGED
@@ -1,7 +1,7 @@
1
1
  Gem::Specification.new do |s|
2
2
 
3
3
  s.name = 'logstash-output-tcp'
4
- s.version = '3.1.1'
4
+ s.version = '3.2.0'
5
5
  s.licenses = ['Apache License (2.0)']
6
6
  s.summary = "Write events over a TCP socket."
7
7
  s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: logstash-output-tcp
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.1.1
4
+ version: 3.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Elastic
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-07-14 00:00:00.000000000 Z
11
+ date: 2016-08-05 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  requirement: !ruby/object:Gem::Requirement
@@ -109,7 +109,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
109
109
  version: '0'
110
110
  requirements: []
111
111
  rubyforge_project:
112
- rubygems_version: 2.6.3
112
+ rubygems_version: 2.4.8
113
113
  signing_key:
114
114
  specification_version: 4
115
115
  summary: Write events over a TCP socket.