output-syslog 1.0.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: f4757f45fb993186d1f1ccfe8307f0e9dc8f6539
4
+ data.tar.gz: 08430f983eb880d14d8994581cd351c858b3eaf0
5
+ SHA512:
6
+ metadata.gz: 6dceeb225f8a59bc62ee1627f7e4c8e6d99a040eda56559a61d7b5b8117bf793cf1cec59e8b394f198f5a42b745e5b0ef4186d1be04f29df43c94a8d268c4da8
7
+ data.tar.gz: 443ba8a17f2d1a7db4575f88bb434926ed259b1d80c6b18cfe9393d615cd513bf26c2055592d274e92f7c1efad51221d8206c978af78f36dc2ead60b618beb94
@@ -0,0 +1,31 @@
1
+ ## 3.0.1
2
+ - Relax constraint on logstash-core-plugin-api to >= 1.60 <= 2.99
3
+
4
+ ## 3.0.0
5
+ - breaking,config: Remove deprecated `timestamp` config.
6
+ - internal: migrate to Logstash Event API 2.0
7
+
8
+ ## 2.1.5
9
+ - [Internal] test fix to not depend on json order
10
+
11
+ ## 2.1.4
12
+ - [Internal] fix tests
13
+
14
+ ## 2.1.3
15
+ - Depend on logstash-core-plugin-api instead of logstash-core, removing the need to mass update plugins on major releases of logstash
16
+
17
+ ## 2.1.2
18
+ - New dependency requirements for logstash-core for the 5.0 release
19
+
20
+ ## 2.1.1
21
+ - Add SSL/TLS support to syslog output plugin (thanks @breml)
22
+ - Added ability to use codecs for this output (thanks @breml)
23
+
24
+ ## 2.1.0
25
+ - reconnect on exception. added basic specs
26
+
27
+ ## 2.0.0
28
+ - Plugins were updated to follow the new shutdown semantic, this mainly allows Logstash to instruct input plugins to terminate gracefully,
29
+ instead of using Thread.raise on the plugins' threads. Ref: https://github.com/elastic/logstash/pull/3895
30
+ - Dependency on logstash-core update to 2.0
31
+
@@ -0,0 +1,19 @@
1
+ The following is a list of people who have contributed ideas, code, bug
2
+ reports, or in general have helped logstash along its way.
3
+
4
+ Maintainers:
5
+ * Lucas Bremgartner (breml)
6
+
7
+ Contributors:
8
+ * Aaron Mildenstein (untergeek)
9
+ * Dan Everton (deverton)
10
+ * Jordan Sissel (jordansissel)
11
+ * Pier-Hugues Pellerin (ph)
12
+ * Richard Pijnenburg (electrical)
13
+ * ruckalvnet
14
+ * Lucas Bremgartner (breml)
15
+
16
+ Note: If you've sent us patches, bug reports, or otherwise contributed to
17
+ Logstash, and you aren't on the list above and want to be, please let us know
18
+ and we'll make sure you're here. Contributions from folks like you are what make
19
+ open source awesome.
data/Gemfile ADDED
@@ -0,0 +1,2 @@
1
+ source 'https://rubygems.org'
2
+ gemspec
data/LICENSE ADDED
@@ -0,0 +1,13 @@
1
+ Copyright (c) 2012–2016 Elasticsearch <http://www.elastic.co>
2
+
3
+ Licensed under the Apache License, Version 2.0 (the "License");
4
+ you may not use this file except in compliance with the License.
5
+ You may obtain a copy of the License at
6
+
7
+ http://www.apache.org/licenses/LICENSE-2.0
8
+
9
+ Unless required by applicable law or agreed to in writing, software
10
+ distributed under the License is distributed on an "AS IS" BASIS,
11
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
+ See the License for the specific language governing permissions and
13
+ limitations under the License.
@@ -0,0 +1,5 @@
1
+ Elasticsearch
2
+ Copyright 2012-2015 Elasticsearch
3
+
4
+ This product includes software developed by The Apache Software
5
+ Foundation (http://www.apache.org/).
@@ -0,0 +1,98 @@
1
+ # Logstash Plugin
2
+
3
+ [![Travis Build Status](https://travis-ci.org/logstash-plugins/logstash-output-syslog.svg)](https://travis-ci.org/logstash-plugins/logstash-output-syslog)
4
+
5
+ This is a plugin for [Logstash](https://github.com/elastic/logstash).
6
+
7
+ It is fully free and fully open source. The license is Apache 2.0, meaning you are pretty much free to use it however you want in whatever way.
8
+
9
+ ## Documentation
10
+
11
+ Logstash provides infrastructure to automatically generate documentation for this plugin. We use the asciidoc format to write documentation so any comments in the source code will be first converted into asciidoc and then into html. All plugin documentation are placed under one [central location](http://www.elastic.co/guide/en/logstash/current/).
12
+
13
+ - For formatting code or config example, you can use the asciidoc `[source,ruby]` directive
14
+ - For more asciidoc formatting tips, see the excellent reference here https://github.com/elastic/docs#asciidoc-guide
15
+
16
+ ## Need Help?
17
+
18
+ Need help? Try #logstash on freenode IRC or the https://discuss.elastic.co/c/logstash discussion forum.
19
+
20
+ ## Developing
21
+
22
+ ### 1. Plugin Developement and Testing
23
+
24
+ #### Code
25
+ - To get started, you'll need JRuby with the Bundler gem installed.
26
+
27
+ - Create a new plugin or clone and existing from the GitHub [logstash-plugins](https://github.com/logstash-plugins) organization. We also provide [example plugins](https://github.com/logstash-plugins?query=example).
28
+
29
+ - Install dependencies
30
+ ```sh
31
+ bundle install
32
+ ```
33
+
34
+ #### Test
35
+
36
+ - Update your dependencies
37
+
38
+ ```sh
39
+ bundle install
40
+ ```
41
+
42
+ - Run tests
43
+
44
+ ```sh
45
+ bundle exec rspec
46
+ ```
47
+
48
+ ### 2. Running your unpublished Plugin in Logstash
49
+
50
+ #### 2.1 Run in a local Logstash clone
51
+
52
+ - Edit Logstash `Gemfile` and add the local plugin path, for example:
53
+ ```ruby
54
+ gem "logstash-filter-awesome", :path => "/your/local/logstash-filter-awesome"
55
+ ```
56
+ - Install plugin
57
+ ```sh
58
+ # Logstash 2.3 and higher
59
+ bin/logstash-plugin install --no-verify
60
+
61
+ # Prior to Logstash 2.3
62
+ bin/plugin install --no-verify
63
+
64
+ ```
65
+ - Run Logstash with your plugin
66
+ ```sh
67
+ bin/logstash -e 'filter {awesome {}}'
68
+ ```
69
+ At this point any modifications to the plugin code will be applied to this local Logstash setup. After modifying the plugin, simply rerun Logstash.
70
+
71
+ #### 2.2 Run in an installed Logstash
72
+
73
+ You can use the same **2.1** method to run your plugin in an installed Logstash by editing its `Gemfile` and pointing the `:path` to your local plugin development directory or you can build the gem and install it using:
74
+
75
+ - Build your plugin gem
76
+ ```sh
77
+ gem build logstash-filter-awesome.gemspec
78
+ ```
79
+ - Install the plugin from the Logstash home
80
+ ```sh
81
+ # Logstash 2.3 and higher
82
+ bin/logstash-plugin install --no-verify
83
+
84
+ # Prior to Logstash 2.3
85
+ bin/plugin install --no-verify
86
+
87
+ ```
88
+ - Start Logstash and proceed to test the plugin
89
+
90
+ ## Contributing
91
+
92
+ All contributions are welcome: ideas, patches, documentation, bug reports, complaints, and even something you drew up on a napkin.
93
+
94
+ Programming is not a required skill. Whatever you've seen about open source and maintainers or community members saying "send patches or die" - you will not see that here.
95
+
96
+ It is more important to the community that you are able to contribute.
97
+
98
+ For more information about contributing, see the [CONTRIBUTING](https://github.com/elastic/logstash/blob/master/CONTRIBUTING.md) file.
@@ -0,0 +1,265 @@
1
+ # encoding: utf-8
2
+ require "logstash/outputs/base"
3
+ require "logstash/namespace"
4
+ require "date"
5
+ require "logstash/codecs/plain"
6
+
7
+
8
+ # Send events to a syslog server.
9
+ #
10
+ # You can send messages compliant with RFC3164 or RFC5424
11
+ # using either UDP or TCP as the transport protocol.
12
+ #
13
+ # By default the contents of the `message` field will be shipped as
14
+ # the free-form message text part of the emitted syslog message. If
15
+ # your messages don't have a `message` field or if you for some other
16
+ # reason want to change the emitted message, modify the `message`
17
+ # configuration option.
18
+ class LogStash::Outputs::Syslog < LogStash::Outputs::Base
19
+ config_name "syslog"
20
+
21
+ FACILITY_LABELS = [
22
+ "kernel",
23
+ "user-level",
24
+ "mail",
25
+ "daemon",
26
+ "security/authorization",
27
+ "syslogd",
28
+ "line printer",
29
+ "network news",
30
+ "uucp",
31
+ "clock",
32
+ "ftp",
33
+ "ntp",
34
+ "log audit",
35
+ "log alert",
36
+ "local0",
37
+ "local1",
38
+ "local2",
39
+ "local3",
40
+ "local4",
41
+ "local5",
42
+ "local6",
43
+ "local7",
44
+ ]
45
+
46
+ SEVERITY_LABELS = [
47
+ "emergency",
48
+ "alert",
49
+ "critical",
50
+ "error",
51
+ "warning",
52
+ "notice",
53
+ "informational",
54
+ "debug",
55
+ ]
56
+
57
+ #key for inclusion in syslog header
58
+ config :key, :validate => :string, :default => "-"
59
+
60
+ #private enterprise number
61
+ config :pen, :validate => :string, :default => "41058"
62
+
63
+ # Loggly tag, can use %{somefield} to build the tag, values must be
64
+ # seperated by a comma, so the system can build the tag.
65
+ config :tag, :validate => :string, :default => "loggly-syslog"
66
+
67
+ # Retry count
68
+ # the number of times we will try to send the data to loggly
69
+ config :retry_count, :validate => :number, :default => 5
70
+
71
+
72
+ # syslog server address to connect to
73
+ config :host, :validate => :string, :required => true
74
+
75
+ # syslog server port to connect to
76
+ config :port, :validate => :number, :required => true
77
+
78
+ # when connection fails, retry interval in sec.
79
+ config :reconnect_interval, :validate => :number, :default => 1
80
+
81
+ # syslog server protocol. you can choose between udp, tcp and ssl/tls over tcp
82
+ config :protocol, :validate => ["tcp", "udp", "ssl-tcp"], :default => "udp"
83
+
84
+ # Verify the identity of the other end of the SSL connection against the CA.
85
+ config :ssl_verify, :validate => :boolean, :default => false
86
+
87
+ # The SSL CA certificate, chainfile or CA path. The system CA path is automatically included.
88
+ config :ssl_cacert, :validate => :path
89
+
90
+ # SSL certificate path
91
+ config :ssl_cert, :validate => :path
92
+
93
+ # SSL key path
94
+ config :ssl_key, :validate => :path
95
+
96
+ # SSL key passphrase
97
+ config :ssl_key_passphrase, :validate => :password, :default => nil
98
+
99
+ # use label parsing for severity and facility levels
100
+ # use priority field if set to false
101
+ config :use_labels, :validate => :boolean, :default => true
102
+
103
+ # syslog priority
104
+ # The new value can include `%{foo}` strings
105
+ # to help you build a new value from other parts of the event.
106
+ config :priority, :validate => :string, :default => "%{syslog_pri}"
107
+
108
+ # facility label for syslog message
109
+ # default fallback to user-level as in rfc3164
110
+ # The new value can include `%{foo}` strings
111
+ # to help you build a new value from other parts of the event.
112
+ config :facility, :validate => :string, :default => "user-level"
113
+
114
+ # severity label for syslog message
115
+ # default fallback to notice as in rfc3164
116
+ # The new value can include `%{foo}` strings
117
+ # to help you build a new value from other parts of the event.
118
+ config :severity, :validate => :string, :default => "notice"
119
+
120
+ # source host for syslog message. The new value can include `%{foo}` strings
121
+ # to help you build a new value from other parts of the event.
122
+ config :sourcehost, :validate => :string, :default => "%{host}"
123
+
124
+ # application name for syslog message. The new value can include `%{foo}` strings
125
+ # to help you build a new value from other parts of the event.
126
+ config :appname, :validate => :string, :default => "LOGSTASH"
127
+
128
+ # process id for syslog message. The new value can include `%{foo}` strings
129
+ # to help you build a new value from other parts of the event.
130
+ config :procid, :validate => :string, :default => "-"
131
+
132
+ # message text to log. The new value can include `%{foo}` strings
133
+ # to help you build a new value from other parts of the event.
134
+ config :message, :validate => :string, :default => "%{message}"
135
+
136
+ # message id for syslog message. The new value can include `%{foo}` strings
137
+ # to help you build a new value from other parts of the event.
138
+ config :msgid, :validate => :string, :default => "-"
139
+
140
+ # syslog message format: you can choose between rfc3164 or rfc5424
141
+ config :rfc, :validate => ["rfc3164", "rfc5424"], :default => "rfc3164"
142
+
143
+ def register
144
+ @client_socket = nil
145
+
146
+ if ssl?
147
+ @ssl_context = setup_ssl
148
+ end
149
+
150
+ if @codec.instance_of? LogStash::Codecs::Plain
151
+ if @codec.config["format"].nil?
152
+ @codec = LogStash::Codecs::Plain.new({"format" => @message})
153
+ end
154
+ end
155
+ @codec.on_event(&method(:publish))
156
+
157
+ # use instance variable to avoid string comparison for each event
158
+ @is_rfc3164 = (@rfc == "rfc3164")
159
+ end
160
+
161
+ def receive(event)
162
+ @codec.encode(event)
163
+ end
164
+
165
+ def publish(event, payload)
166
+ appname = event.sprintf(@appname)
167
+ procid = event.sprintf(@procid)
168
+ sourcehost = event.sprintf(@sourcehost)
169
+ tag = event.sprintf(@tag)
170
+
171
+ message = payload.to_s.rstrip.gsub(/[\r][\n]/, "\n").gsub(/[\n]/, '\n')
172
+ tags = tag.split(",").map { |value| "tag=\"#{value}\""}.join(" ")
173
+
174
+ # fallback to pri 13 (facility 1, severity 5)
175
+ if @use_labels
176
+ facility_code = (FACILITY_LABELS.index(event.sprintf(@facility)) || 1)
177
+ severity_code = (SEVERITY_LABELS.index(event.sprintf(@severity)) || 5)
178
+ priority = (facility_code * 8) + severity_code
179
+ else
180
+ priority = Integer(event.sprintf(@priority)) rescue 13
181
+ priority = 13 if (priority < 0 || priority > 191)
182
+ end
183
+
184
+ if @is_rfc3164
185
+ timestamp = event.sprintf("%{+MMM dd HH:mm:ss}")
186
+ syslog_msg = "<#{priority.to_s}>#{timestamp} #{sourcehost} #{appname}[#{procid}]: #{message}"
187
+ else
188
+ msgid = event.sprintf(@msgid)
189
+ timestamp = event.sprintf("%{+YYYY-MM-dd'T'HH:mm:ss.SSSZZ}")
190
+ syslog_msg = "<#{priority.to_s}>1 #{timestamp} #{sourcehost} #{appname} #{procid} #{msgid} [#{key}@#{pen} #{tags}] #{message}"
191
+ end
192
+
193
+ counter = 0
194
+ begin
195
+ @client_socket ||= connect
196
+ @client_socket.write(syslog_msg + "\n")
197
+ rescue => e
198
+ # We don't expect udp connections to fail because they are stateless, but ...
199
+ # udp connections may fail/raise an exception if used with localhost/127.0.0.1
200
+ return if udp?
201
+
202
+ @logger.warn("Attempt - #{counter} syslog " + @protocol + " output exception: closing, reconnecting and resending event", :host => @host, :port => @port, :exception => e, :backtrace => e.backtrace, :event => event)
203
+ @logger.warn("Contents: " )
204
+ @logger.warn("#{syslog_msg}")
205
+ @client_socket.close rescue nil
206
+ @client_socket = nil
207
+ counter = counter + 1
208
+ sleep(@reconnect_interval)
209
+ retry if counter <= retry_count
210
+ end
211
+ end
212
+
213
+ private
214
+
215
+ def udp?
216
+ @protocol == "udp"
217
+ end
218
+
219
+ def ssl?
220
+ @protocol == "ssl-tcp"
221
+ end
222
+
223
+ def connect
224
+ socket = nil
225
+ if udp?
226
+ socket = UDPSocket.new
227
+ socket.connect(@host, @port)
228
+ else
229
+ socket = TCPSocket.new(@host, @port)
230
+ if ssl?
231
+ socket = OpenSSL::SSL::SSLSocket.new(socket, @ssl_context)
232
+ begin
233
+ socket.connect
234
+ rescue OpenSSL::SSL::SSLError => ssle
235
+ @logger.error("SSL Error", :exception => ssle,
236
+ :backtrace => ssle.backtrace)
237
+ # NOTE(mrichar1): Hack to prevent hammering peer
238
+ sleep(5)
239
+ raise
240
+ end
241
+ end
242
+ end
243
+ socket
244
+ end
245
+
246
+ def setup_ssl
247
+ require "openssl"
248
+ ssl_context = OpenSSL::SSL::SSLContext.new
249
+ ssl_context.cert = OpenSSL::X509::Certificate.new(File.read(@ssl_cert))
250
+ # ssl_context.key = OpenSSL::PKey::RSA.new(File.read(@ssl_key),@ssl_key_passphrase)
251
+ if @ssl_verify
252
+ cert_store = OpenSSL::X509::Store.new
253
+ # Load the system default certificate path to the store
254
+ cert_store.set_default_paths
255
+ if File.directory?(@ssl_cacert)
256
+ cert_store.add_path(@ssl_cacert)
257
+ else
258
+ cert_store.add_file(@ssl_cacert)
259
+ end
260
+ ssl_context.cert_store = cert_store
261
+ ssl_context.verify_mode = OpenSSL::SSL::VERIFY_PEER|OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT
262
+ end
263
+ ssl_context
264
+ end
265
+ end
@@ -0,0 +1,29 @@
1
+ Gem::Specification.new do |s|
2
+
3
+ s.name = 'output-syslog'
4
+ s.version = '1.0.0'
5
+ s.licenses = ['Apache License (2.0)']
6
+ s.summary = "Sending logstash logs to Loggly via syslog"
7
+ s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
8
+ s.authors = ["Elastic"]
9
+ s.email = 'info@elastic.co'
10
+ s.homepage = "http://www.elastic.co/guide/en/logstash/current/index.html"
11
+ s.require_paths = ["lib"]
12
+
13
+ # Files
14
+ s.files = Dir['lib/**/*','spec/**/*','vendor/**/*','*.gemspec','*.md','CONTRIBUTORS','Gemfile','LICENSE','NOTICE.TXT']
15
+
16
+ # Tests
17
+ s.test_files = s.files.grep(%r{^(test|spec|features)/})
18
+
19
+ # Special flag to let us know this is actually a logstash plugin
20
+ s.metadata = { "logstash_plugin" => "true", "logstash_group" => "output" }
21
+
22
+ # Gem dependencies
23
+ s.add_runtime_dependency "logstash-core-plugin-api", ">= 1.60", "<= 2.99"
24
+ s.add_runtime_dependency 'logstash-codec-plain'
25
+
26
+ s.add_development_dependency 'logstash-devutils'
27
+ s.add_development_dependency 'logstash-codec-json'
28
+ end
29
+
@@ -0,0 +1,142 @@
1
+ # encoding: utf-8
2
+
3
+ require "logstash/devutils/rspec/spec_helper"
4
+ require "logstash/outputs/syslog"
5
+ require "logstash/codecs/plain"
6
+ require "json"
7
+
8
+ describe LogStash::Outputs::Syslog do
9
+
10
+ RFC3164_DATE_TIME_REGEX = "(Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec) (0[1-9]|[12][0-9]|3[01]) ([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)"
11
+ RFC3339_DATE_TIME_REGEX = "([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\.[0-9]{3})?([Zz]|([+-]([01][0-9]|2[0-3]):[0-5][0-9]))"
12
+
13
+ it "should register without errors" do
14
+ plugin = LogStash::Plugin.lookup("output", "syslog").new({"host" => "foo", "port" => "123", "facility" => "kernel", "severity" => "emergency"})
15
+ expect { plugin.register }.to_not raise_error
16
+ end
17
+
18
+ subject do
19
+ plugin = LogStash::Plugin.lookup("output", "syslog").new(options)
20
+ plugin.register
21
+ plugin
22
+ end
23
+
24
+ let(:socket) { double("fake socket") }
25
+ let(:event) { LogStash::Event.new({"message" => "bar", "host" => "baz"}) }
26
+
27
+ shared_examples "syslog output" do
28
+ it "should write expected format" do
29
+ expect(subject).to receive(:connect).and_return(socket)
30
+ expect(socket).to receive(:write).with(output)
31
+ subject.receive(event)
32
+ end
33
+ end
34
+
35
+ context "rfc 3164 and udp by default" do
36
+ let(:options) { {"host" => "foo", "port" => "123", "facility" => "kernel", "severity" => "emergency"} }
37
+ let(:output) { /^<0>#{RFC3164_DATE_TIME_REGEX} baz LOGSTASH\[-\]: bar\n/m }
38
+
39
+ it_behaves_like "syslog output"
40
+ end
41
+
42
+ context "rfc 5424 and tcp" do
43
+ let(:options) { {"rfc" => "rfc5424", "protocol" => "tcp", "host" => "foo", "port" => "123", "facility" => "kernel", "severity" => "emergency"} }
44
+ let(:output) { /^<0>1 #{RFC3339_DATE_TIME_REGEX} baz LOGSTASH - - - bar\n/m }
45
+
46
+ it_behaves_like "syslog output"
47
+ end
48
+
49
+ context "calculate priority" do
50
+ let(:options) { {"host" => "foo", "port" => "123", "facility" => "mail", "severity" => "critical"} }
51
+ let(:output) { /^<18>#{RFC3164_DATE_TIME_REGEX} baz LOGSTASH\[-\]: bar\n/m }
52
+
53
+ it_behaves_like "syslog output"
54
+ end
55
+
56
+ context "sprintf rfc 3164" do
57
+ let(:event) { LogStash::Event.new({"message" => "bar", "host" => "baz", "facility" => "mail", "severity" => "critical", "appname" => "appname", "procid" => "1000" }) }
58
+ let(:options) { {"host" => "foo", "port" => "123", "facility" => "%{facility}", "severity" => "%{severity}", "appname" => "%{appname}", "procid" => "%{procid}"} }
59
+ let(:output) { /^<18>#{RFC3164_DATE_TIME_REGEX} baz appname\[1000\]: bar\n/m }
60
+
61
+ it_behaves_like "syslog output"
62
+ end
63
+
64
+ context "sprintf rfc 5424" do
65
+ let(:event) { LogStash::Event.new({"message" => "bar", "host" => "baz", "facility" => "mail", "severity" => "critical", "appname" => "appname", "procid" => "1000", "msgid" => "2000" }) }
66
+ let(:options) { {"rfc" => "rfc5424", "host" => "foo", "port" => "123", "facility" => "%{facility}", "severity" => "%{severity}", "appname" => "%{appname}", "procid" => "%{procid}", "msgid" => "%{msgid}"} }
67
+ let(:output) { /^<18>1 #{RFC3339_DATE_TIME_REGEX} baz appname 1000 2000 - bar\n/m }
68
+
69
+ it_behaves_like "syslog output"
70
+ end
71
+
72
+ context "use_labels == false, default" do
73
+ let(:event) { LogStash::Event.new({"message" => "bar", "host" => "baz" }) }
74
+ let(:options) { {"use_labels" => false, "host" => "foo", "port" => "123" } }
75
+ let(:output) { /^<13>#{RFC3164_DATE_TIME_REGEX} baz LOGSTASH\[-\]: bar\n/m }
76
+
77
+ it_behaves_like "syslog output"
78
+ end
79
+
80
+ context "use_labels == false, syslog_pri" do
81
+ let(:event) { LogStash::Event.new({"message" => "bar", "host" => "baz", "syslog_pri" => "18" }) }
82
+ let(:options) { {"use_labels" => false, "host" => "foo", "port" => "123" } }
83
+ let(:output) { /^<18>#{RFC3164_DATE_TIME_REGEX} baz LOGSTASH\[-\]: bar\n/m }
84
+
85
+ it_behaves_like "syslog output"
86
+ end
87
+
88
+ context "use_labels == false, sprintf" do
89
+ let(:event) { LogStash::Event.new({"message" => "bar", "host" => "baz", "priority" => "18" }) }
90
+ let(:options) { {"use_labels" => false, "host" => "foo", "port" => "123", "priority" => "%{priority}" } }
91
+ let(:output) { /^<18>#{RFC3164_DATE_TIME_REGEX} baz LOGSTASH\[-\]: bar\n/m }
92
+
93
+ it_behaves_like "syslog output"
94
+ end
95
+
96
+ context "use plain codec with format set" do
97
+ let(:plain) { LogStash::Codecs::Plain.new({"format" => "%{host} %{message}"}) }
98
+ let(:options) { {"host" => "foo", "port" => "123", "facility" => "kernel", "severity" => "emergency", "codec" => plain} }
99
+ let(:output) { /^<0>#{RFC3164_DATE_TIME_REGEX} baz LOGSTASH\[-\]: baz bar\n/m }
100
+
101
+ it_behaves_like "syslog output"
102
+ end
103
+
104
+ context "use codec json" do
105
+ let(:options) { {"host" => "foo", "port" => "123", "facility" => "kernel", "severity" => "emergency", "codec" => "json" } }
106
+
107
+ it "should write event encoded with json codec" do
108
+ expect(subject).to receive(:connect).and_return(socket)
109
+ expect(socket).to receive(:write) do |arg|
110
+ message = arg[/^<0>#{RFC3164_DATE_TIME_REGEX} baz LOGSTASH\[-\]: (.*)/, 1]
111
+ expect(message).not_to be_nil
112
+ message_json = JSON.parse(message)
113
+ expect(message_json).to include("@timestamp")
114
+ expect(message_json).to include("host" => "baz")
115
+ expect(message_json).to include("@version" => "1")
116
+ expect(message_json).to include("message" => "bar")
117
+ end
118
+ subject.receive(event)
119
+ end
120
+ end
121
+
122
+ context "escape carriage return, newline and newline to \\n" do
123
+ let(:options) { {"host" => "foo", "port" => "123", "facility" => "kernel", "severity" => "emergency", "message" => "foo\r\nbar\nbaz" } }
124
+ let(:output) { /^<0>#{RFC3164_DATE_TIME_REGEX} baz LOGSTASH\[-\]: foo\\nbar\\nbaz\n/m }
125
+
126
+ it_behaves_like "syslog output"
127
+ end
128
+
129
+ context "tailing newline" do
130
+ let(:options) { {"host" => "foo", "port" => "123", "facility" => "kernel", "severity" => "emergency", "message" => "%{message}\n" } }
131
+ let(:output) { /^<0>#{RFC3164_DATE_TIME_REGEX} baz LOGSTASH\[-\]: bar\n/m }
132
+
133
+ it_behaves_like "syslog output"
134
+ end
135
+
136
+ context "tailing carriage return and newline (windows)" do
137
+ let(:options) { {"host" => "foo", "port" => "123", "facility" => "kernel", "severity" => "emergency", "message" => "%{message}\n" } }
138
+ let(:output) { /^<0>#{RFC3164_DATE_TIME_REGEX} baz LOGSTASH\[-\]: bar\n/m }
139
+
140
+ it_behaves_like "syslog output"
141
+ end
142
+ end
metadata ADDED
@@ -0,0 +1,119 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: output-syslog
3
+ version: !ruby/object:Gem::Version
4
+ version: 1.0.0
5
+ platform: ruby
6
+ authors:
7
+ - Elastic
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2018-06-07 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: logstash-core-plugin-api
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ">="
18
+ - !ruby/object:Gem::Version
19
+ version: '1.60'
20
+ - - "<="
21
+ - !ruby/object:Gem::Version
22
+ version: '2.99'
23
+ type: :runtime
24
+ prerelease: false
25
+ version_requirements: !ruby/object:Gem::Requirement
26
+ requirements:
27
+ - - ">="
28
+ - !ruby/object:Gem::Version
29
+ version: '1.60'
30
+ - - "<="
31
+ - !ruby/object:Gem::Version
32
+ version: '2.99'
33
+ - !ruby/object:Gem::Dependency
34
+ name: logstash-codec-plain
35
+ requirement: !ruby/object:Gem::Requirement
36
+ requirements:
37
+ - - ">="
38
+ - !ruby/object:Gem::Version
39
+ version: '0'
40
+ type: :runtime
41
+ prerelease: false
42
+ version_requirements: !ruby/object:Gem::Requirement
43
+ requirements:
44
+ - - ">="
45
+ - !ruby/object:Gem::Version
46
+ version: '0'
47
+ - !ruby/object:Gem::Dependency
48
+ name: logstash-devutils
49
+ requirement: !ruby/object:Gem::Requirement
50
+ requirements:
51
+ - - ">="
52
+ - !ruby/object:Gem::Version
53
+ version: '0'
54
+ type: :development
55
+ prerelease: false
56
+ version_requirements: !ruby/object:Gem::Requirement
57
+ requirements:
58
+ - - ">="
59
+ - !ruby/object:Gem::Version
60
+ version: '0'
61
+ - !ruby/object:Gem::Dependency
62
+ name: logstash-codec-json
63
+ requirement: !ruby/object:Gem::Requirement
64
+ requirements:
65
+ - - ">="
66
+ - !ruby/object:Gem::Version
67
+ version: '0'
68
+ type: :development
69
+ prerelease: false
70
+ version_requirements: !ruby/object:Gem::Requirement
71
+ requirements:
72
+ - - ">="
73
+ - !ruby/object:Gem::Version
74
+ version: '0'
75
+ description: This gem is a Logstash plugin required to be installed on top of the
76
+ Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This
77
+ gem is not a stand-alone program
78
+ email: info@elastic.co
79
+ executables: []
80
+ extensions: []
81
+ extra_rdoc_files: []
82
+ files:
83
+ - CHANGELOG.md
84
+ - CONTRIBUTORS
85
+ - Gemfile
86
+ - LICENSE
87
+ - NOTICE.TXT
88
+ - README.md
89
+ - lib/logstash/outputs/syslog.rb
90
+ - logstash-output-syslog.gemspec
91
+ - spec/outputs/syslog_spec.rb
92
+ homepage: http://www.elastic.co/guide/en/logstash/current/index.html
93
+ licenses:
94
+ - Apache License (2.0)
95
+ metadata:
96
+ logstash_plugin: 'true'
97
+ logstash_group: output
98
+ post_install_message:
99
+ rdoc_options: []
100
+ require_paths:
101
+ - lib
102
+ required_ruby_version: !ruby/object:Gem::Requirement
103
+ requirements:
104
+ - - ">="
105
+ - !ruby/object:Gem::Version
106
+ version: '0'
107
+ required_rubygems_version: !ruby/object:Gem::Requirement
108
+ requirements:
109
+ - - ">="
110
+ - !ruby/object:Gem::Version
111
+ version: '0'
112
+ requirements: []
113
+ rubyforge_project:
114
+ rubygems_version: 2.5.2.1
115
+ signing_key:
116
+ specification_version: 4
117
+ summary: Sending logstash logs to Loggly via syslog
118
+ test_files:
119
+ - spec/outputs/syslog_spec.rb