remote_syslog 1.2.1 → 1.3.0

data/README.md

@@ -41,14 +41,17 @@ specified as arguments to the remote_syslog daemon. More below.
     Options:
         -c, --configfile PATH            Path to config (/etc/log_files.yml)
         -d, --dest-host HOSTNAME         Destination syslog hostname or IP (logs.papertrailapp.com)
+        -p, --dest-port PORT             Destination syslog port (514)
         -D, --no-detach                  Don't daemonize and detach from the terminal
         -f, --facility FACILITY          Facility (user)
-        -p, --dest-port PORT             Destination syslog port (514)
+            --hostname HOST              Local hostname to send from
         -P, --pid-dir DIRECTORY          Directory to write .pid file in (/var/run/)
+            --pid-file FILENAME          PID filename (<program name>.pid)
+            --parse-syslog               Parse file as syslog-formatted file
         -s, --severity SEVERITY          Severity (notice)
+            --tls                        Connect via TCP with TLS
             --strip-color                Strip color codes
         -h, --help                       Show this message
-
     
 
 ## Example
@@ -68,6 +71,13 @@ remote_syslog.init.d. You may be able to:
 
     $ cp examples/remote_syslog.init.d /etc/init.d/remote_syslog
 
+## Sending messages securely ##
+
+If the receiving system supports sending syslog over TCP with TLS, you can
+pass the `--tls` option when running `remote_syslog`:
+
+    $ remote_syslog --tls -p 1234 /var/log/mysqld.log
+
 
 ## Configuration
 
@@ -110,6 +120,10 @@ The `syslog` regex is `(\w+ \d+ \S+) (\S+) ([^:]+): (.*)`. It parses this:
 
     Jul 18 08:25:08 hostname programname[1234]: The log message
 
+Or provide `parse_fields: rfc3339` to parse high-precision RFC 3339
+timestamps like:
+    2011-07-16T08:25:08.651413-07:00 hostname programname[1234]: The log message
+    
 Or provide your own regex that includes these 4 backreferences, in order: 
 timestamp, system name, program name, message. Match and return empty 
 strings for any empty positions where the log value should be ignored.

data/lib/remote_syslog.rb

@@ -1,5 +1,7 @@
 module RemoteSyslog
- VERSION = "1.2.1"
+ VERSION = "1.3.0"
 end
 
 require 'remote_syslog/reader'
+require 'remote_syslog/tls_endpoint'
+require 'remote_syslog/udp_endpoint'

data/lib/remote_syslog/cli.rb

@@ -8,6 +8,7 @@ module RemoteSyslog
   class Cli
     FIELD_REGEXES = {
       'syslog' => /^(\w+ \d+ \S+) (\w+) ([^: ]+):? (.*)$/,
+      'rfc3339' => /^(\S+) (\w+) ([^: ]+):? (.*)$/
     }
 
     def self.process!(argv)
@@ -81,6 +82,9 @@ module RemoteSyslog
         opts.on("-s", "--severity SEVERITY", "Severity (notice)") do |v|
           @severity = v
         end
+        opts.on("--tls", "Connect via TCP with TLS") do
+          @tls = true
+        end
         opts.on("--strip-color", "Strip color codes") do
           @strip_color = true
         end
@@ -149,16 +153,19 @@ module RemoteSyslog
 
     def start
       EventMachine.run do
-        socket = EventMachine.open_datagram_socket('0.0.0.0', 0)
+        if @tls
+          connection = TlsEndpoint.new(@dest_host, @dest_port)
+        else
+          connection = UdpEndpoint.new(@dest_host, @dest_port)
+        end
 
         @files.each do |path|
           begin
             EventMachine::file_tail(path, RemoteSyslog::Reader,
               @dest_host, @dest_port,
-              :socket => socket, :facility => @facility,
+              :socket => connection, :facility => @facility,
               :severity => @severity, :strip_color => @strip_color,
               :hostname => @hostname, :parse_fields => @parse_fields)
-
           rescue Errno::ENOENT => e
             puts "#{path} not found, continuing. (#{e.message})"
           end

data/lib/remote_syslog/reader.rb

@@ -11,13 +11,10 @@ module RemoteSyslog
     def initialize(path, destination_address, destination_port, options = {})
       super(path, -1)
 
-      @destination_address = destination_address
-      @destination_port    = destination_port.to_i
-
       @parse_fields = options[:parse_fields]
       @strip_color = options[:strip_color]
 
-      @socket = options[:socket] || EventMachine.open_datagram_socket('0.0.0.0', 0)
+      @socket = options[:socket] || UdpEndpoint.new(destination_address, destination_port)
 
       @buffer = BufferedTokenizer.new
 
@@ -37,21 +34,6 @@ module RemoteSyslog
       if @packet.tag.length > 32
         @packet.tag = @packet.tag[0..31]
       end
-
-      # Try to resolve the destination address
-      resolve_destination_address
-
-      # Every 60 seconds we'll see if the address has changed
-      EventMachine.add_periodic_timer(60) do
-        resolve_destination_address
-      end
-    end
-
-    def resolve_destination_address
-      request = EventMachine::DnsResolver.resolve(@destination_address)
-      request.callback do |addrs|
-        @cached_destination_ip = addrs.first
-      end
     end
 
     def receive_data(data)
@@ -60,10 +42,6 @@ module RemoteSyslog
       end
     end
 
-    def destination_address
-      @cached_destination_ip || @destination_address
-    end
-
     def transmit(message)
       message = message.gsub(COLORED_REGEXP, '') if @strip_color
 
@@ -78,7 +56,7 @@ module RemoteSyslog
         end
       end
 
-      @socket.send_datagram(packet.assemble, destination_address, @destination_port)
+      @socket.write(packet.assemble)
     end
   end
 end

data/lib/remote_syslog/tls_endpoint.rb

@@ -0,0 +1,68 @@
+module RemoteSyslog
+  class TlsEndpoint
+    class Handler < EventMachine::Connection
+      def initialize(endpoint)
+        @endpoint = endpoint
+        @endpoint.connection = self
+        super()
+      end
+
+      def connection_completed
+        start_tls
+      end
+
+      def unbind
+        @endpoint.unbind
+      end
+    end
+
+    attr_accessor :connection
+
+    def initialize(address, port)
+      @address = address
+      @port    = port.to_i
+
+      # Try to resolve the address
+      resolve_address
+
+      # Every 60 seconds we'll see if the address has changed
+      EventMachine.add_periodic_timer(60) do
+        resolve_address
+      end
+
+      connect
+    end
+
+    def resolve_address
+      request = EventMachine::DnsResolver.resolve(@address)
+      request.callback do |addrs|
+        @cached_ip = addrs.first
+      end
+    end
+
+    def address
+      @cached_ip || @address
+    end
+
+    def connect
+      EventMachine.connect(address, @port, TlsEndpoint::Handler, self)
+    end
+
+    def unbind
+      @connection = nil
+      connect
+    end
+
+    def write(value)
+      if @connection
+        if @queue
+          @connection.send_data(@queue.join("\n") + "\n")
+          @queue = nil
+        end
+        @connection.send_data(value + "\n")
+      else
+        (@queue ||= []) << value
+      end
+    end
+  end
+end

data/lib/remote_syslog/udp_endpoint.rb

@@ -0,0 +1,32 @@
+module RemoteSyslog
+  class UdpEndpoint
+    def initialize(address, port)
+      @address = address
+      @port    = port.to_i
+      @socket  = EventMachine.open_datagram_socket('0.0.0.0', 0)
+
+      # Try to resolve the address
+      resolve_address
+
+      # Every 60 seconds we'll see if the address has changed
+      EventMachine.add_periodic_timer(60) do
+        resolve_address
+      end
+    end
+
+    def resolve_address
+      request = EventMachine::DnsResolver.resolve(@address)
+      request.callback do |addrs|
+        @cached_ip = addrs.first
+      end
+    end
+
+    def address
+      @cached_ip || @address
+    end
+
+    def write(value)
+      @socket.send_datagram(value, address, @port)
+    end
+  end
+end

data/remote_syslog.gemspec

@@ -8,8 +8,8 @@ Gem::Specification.new do |s|
   ## If your rubyforge_project name is different, then edit it and comment out
   ## the sub! line in the Rakefile
   s.name              = 'remote_syslog'
-  s.version           = '1.2.1'
-  s.date              = '2011-07-25'
+  s.version           = '1.3.0'
+  s.date              = '2011-07-29'
   s.rubyforge_project = 'remote_syslog'
 
   ## Make sure your summary is short. The description may be as long
@@ -67,6 +67,8 @@ Gem::Specification.new do |s|
     lib/remote_syslog.rb
     lib/remote_syslog/cli.rb
     lib/remote_syslog/reader.rb
+    lib/remote_syslog/tls_endpoint.rb
+    lib/remote_syslog/udp_endpoint.rb
     remote_syslog.gemspec
   ]
   # = MANIFEST =

metadata

@@ -4,9 +4,9 @@ version: !ruby/object:Gem::Version
   prerelease: false
   segments: 
   - 1
-  - 2
-  - 1
-  version: 1.2.1
+  - 3
+  - 0
+  version: 1.3.0
 platform: ruby
 authors: 
 - Troy Davis
@@ -15,7 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-07-25 00:00:00 -07:00
+date: 2011-07-29 00:00:00 -07:00
 default_executable: remote_syslog
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -104,6 +104,8 @@ files:
 - lib/remote_syslog.rb
 - lib/remote_syslog/cli.rb
 - lib/remote_syslog/reader.rb
+- lib/remote_syslog/tls_endpoint.rb
+- lib/remote_syslog/udp_endpoint.rb
 - remote_syslog.gemspec
 has_rdoc: true
 homepage: http://github.com/papertrail/remote_syslog