logstash-output-tcp 3.1.1 → 3.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +3 -0
  3. data/lib/logstash/outputs/tcp.rb +85 -4
  4. data/logstash-output-tcp.gemspec +1 -1
  5. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 74e0474b7a4e935ba8952b80b5b4169f2b472730
4
- data.tar.gz: bb736f1d5f6ff2c3cf870262d24c10f7f400df79
3
+ metadata.gz: 4389bec372bcd792d65085047d3e61e809062ace
4
+ data.tar.gz: 17a8ec05a14153a46f187a47fb88ae1b032692bb
5
5
  SHA512:
6
- metadata.gz: 3dd3dc38a97f307321cbdaeebe0a3410c3df4fcc3d5c15d2f7c959788b350e3faad77a17eb87209693c06b7a47bd5c58e725e2056972d905cd01d697a1527721
7
- data.tar.gz: bbbe0a64aca9112bc5f9db6fdc6a467957f1078c7e17efb8144afff94f2705e834baeb6f66882a0e1feddd6f98912fe7f8f6912991950d57cad8a4c60f217fb6
6
+ metadata.gz: 45b25dac4c91cdf81bcdfb3cfc1129078d429f484f16bf2924388064168b935aed561e7243bdfb2a85a4808ee7ff73dce276c4c9854ce3f33c853fe51b4a3e9d
7
+ data.tar.gz: 350ce2abbc36f8d1b0291ecfd1c772da8494b12bfe27e0a209d8648151f4a4e2d84c3a47454d25eb43acbf61d15685cf26d28e58e18ed0c5807c707a608720fd
data/CHANGELOG.md CHANGED
@@ -1,3 +1,6 @@
1
+ ## 3.2.0
2
+ - Added SSL support to this plugin (@michaelweiser)
3
+
1
4
  ## 3.1.1
2
5
  - Relax constraint on logstash-core-plugin-api to >= 1.60 <= 2.99
3
6
 
data/lib/logstash/outputs/tcp.rb CHANGED
@@ -2,6 +2,7 @@
2
2
  require "logstash/outputs/base"
3
3
  require "logstash/namespace"
4
4
  require "thread"
5
+ require "logstash/util/socket_peer"
5
6
 
6
7
  # Write events over a TCP socket.
7
8
  #
@@ -30,6 +31,33 @@ class LogStash::Outputs::Tcp < LogStash::Outputs::Base
30
31
  # `client` connects to a server.
31
32
  config :mode, :validate => ["server", "client"], :default => "client"
32
33
 
34
+ # Enable SSL (must be set for other `ssl_` options to take effect).
35
+ config :ssl_enable, :validate => :boolean, :default => false
36
+
37
+ # Verify the identity of the other end of the SSL connection against the CA.
38
+ # For input, sets the field `sslsubject` to that of the client certificate.
39
+ config :ssl_verify, :validate => :boolean, :default => false
40
+
41
+ # The SSL CA certificate, chainfile or CA path. The system CA path is automatically included.
42
+ config :ssl_cacert, :validate => :path
43
+
44
+ # SSL certificate path
45
+ config :ssl_cert, :validate => :path
46
+
47
+ # SSL key path
48
+ config :ssl_key, :validate => :path
49
+
50
+ # SSL key passphrase
51
+ config :ssl_key_passphrase, :validate => :password, :default => nil
52
+
53
+ # The format to use when writing events to the file. This value
54
+ # supports any string and can include `%{name}` and other dynamic
55
+ # strings.
56
+ #
57
+ # If this setting is omitted, the full json representation of the
58
+ # event will be written as a single line.
59
+ config :message_format, :validate => :string, :deprecated => true
60
+
33
61
  class Client
34
62
  public
35
63
  def initialize(socket, logger)
@@ -57,25 +85,63 @@ class LogStash::Outputs::Tcp < LogStash::Outputs::Base
57
85
  end # def write
58
86
  end # class Client
59
87
 
88
+ private
89
+ def setup_ssl
90
+ require "openssl"
91
+
92
+ @ssl_context = OpenSSL::SSL::SSLContext.new
93
+ @ssl_context.cert = OpenSSL::X509::Certificate.new(File.read(@ssl_cert))
94
+ @ssl_context.key = OpenSSL::PKey::RSA.new(File.read(@ssl_key),@ssl_key_passphrase)
95
+ if @ssl_verify
96
+ @cert_store = OpenSSL::X509::Store.new
97
+ # Load the system default certificate path to the store
98
+ @cert_store.set_default_paths
99
+ if File.directory?(@ssl_cacert)
100
+ @cert_store.add_path(@ssl_cacert)
101
+ else
102
+ @cert_store.add_file(@ssl_cacert)
103
+ end
104
+ @ssl_context.cert_store = @cert_store
105
+ @ssl_context.verify_mode = OpenSSL::SSL::VERIFY_PEER|OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT
106
+ end
107
+ end # def setup_ssl
108
+
60
109
  public
61
110
  def register
62
111
  require "socket"
63
112
  require "stud/try"
113
+ if @ssl_enable
114
+ setup_ssl
115
+ end # @ssl_enable
116
+
64
117
  if server?
65
118
  workers_not_supported
66
119
 
67
120
  @logger.info("Starting tcp output listener", :address => "#{@host}:#{@port}")
68
- @server_socket = TCPServer.new(@host, @port)
121
+ begin
122
+ @server_socket = TCPServer.new(@host, @port)
123
+ rescue Errno::EADDRINUSE
124
+ @logger.error("Could not start TCP server: Address in use",
125
+ :host => @host, :port => @port)
126
+ raise
127
+ end
128
+ if @ssl_enable
129
+ @server_socket = OpenSSL::SSL::SSLServer.new(@server_socket, @ssl_context)
130
+ end # @ssl_enable
69
131
  @client_threads = []
70
132
 
71
133
  @accept_thread = Thread.new(@server_socket) do |server_socket|
72
134
  loop do
73
- client_thread = Thread.start(server_socket.accept) do |client_socket|
135
+ Thread.start(server_socket.accept) do |client_socket|
136
+ # monkeypatch a 'peer' method onto the socket.
137
+ client_socket.instance_eval { class << self; include ::LogStash::Util::SocketPeer end }
138
+ @logger.debug("Accepted connection", :client => client_socket.peer,
139
+ :server => "#{@host}:#{@port}")
74
140
  client = Client.new(client_socket, @logger)
75
141
  Thread.current[:client] = client
142
+ @client_threads << Thread.current
76
143
  client.run
77
144
  end
78
- @client_threads << client_thread
79
145
  end
80
146
  end
81
147
 
@@ -113,7 +179,22 @@ class LogStash::Outputs::Tcp < LogStash::Outputs::Base
113
179
  private
114
180
  def connect
115
181
  Stud::try do
116
- return TCPSocket.new(@host, @port)
182
+ client_socket = TCPSocket.new(@host, @port)
183
+ if @ssl_enable
184
+ client_socket = OpenSSL::SSL::SSLSocket.new(client_socket, @ssl_context)
185
+ begin
186
+ client_socket.connect
187
+ rescue OpenSSL::SSL::SSLError => ssle
188
+ @logger.error("SSL Error", :exception => ssle,
189
+ :backtrace => ssle.backtrace)
190
+ # NOTE(mrichar1): Hack to prevent hammering peer
191
+ sleep(5)
192
+ raise
193
+ end
194
+ end
195
+ client_socket.instance_eval { class << self; include ::LogStash::Util::SocketPeer end }
196
+ @logger.debug("Opened connection", :client => "#{client_socket.peer}")
197
+ return client_socket
117
198
  end
118
199
  end # def connect
119
200
 
data/logstash-output-tcp.gemspec CHANGED
@@ -1,7 +1,7 @@
1
1
  Gem::Specification.new do |s|
2
2
 
3
3
  s.name = 'logstash-output-tcp'
4
- s.version = '3.1.1'
4
+ s.version = '3.2.0'
5
5
  s.licenses = ['Apache License (2.0)']
6
6
  s.summary = "Write events over a TCP socket."
7
7
  s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: logstash-output-tcp
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.1.1
4
+ version: 3.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Elastic
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-07-14 00:00:00.000000000 Z
11
+ date: 2016-08-05 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  requirement: !ruby/object:Gem::Requirement
@@ -109,7 +109,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
109
109
  version: '0'
110
110
  requirements: []
111
111
  rubyforge_project:
112
- rubygems_version: 2.6.3
112
+ rubygems_version: 2.4.8
113
113
  signing_key:
114
114
  specification_version: 4
115
115
  summary: Write events over a TCP socket.