syslog-shipper 1.0.20120102102042 → 1.1

data/HISTORY

@@ -0,0 +1,8 @@
+1.1
+
+Added TLS support
+  Can supply custom CA cert, bypass peer checking, or accept an unknown certificate
+Ping mode
+  When used with verbose, helps debug TLS issues
+Config file
+  Use -f to supply a YAML config file that maps to the command line flags

data/LICENSE

@@ -0,0 +1,2 @@
+This software is licensed under the BSD license as here:
+  http://www.opensource.org/licenses/bsd-license.php

data/README

@@ -1,9 +1,21 @@
 Ship logs to a syslog server
 ----------------------------
 
-Usage: bin/syslog-shipper [options] -s HOST:PORT <path_or_glob> [path_or_glob2] [...]
-  If a path begins with '+' each line is sent unmodified to the syslog server.
-  Otherwise, this tool will prefix each line read from the file with a syslog
-  header. 
-
-  For example: syslog-shipper -s somehost:514 +/var/log/messages /var/log/apache2/access.log
+[syslog-shipper (master *+$)]$ bin/syslog-shipper -h
+      Usage: bin/syslog-shipper [options] -s HOST:PORT <path_or_glob> [path_or_glob2] [...]
+      If a path begins with '+' each line is sent unmodified to the syslog server.
+      Otherwise, this tool will prefix each line read from the file with a syslog
+      header.
+        
+      For example: bin/syslog-shipper -s somehost:514 +/var/log/messages /var/log/apache2/access.syslog
+  --check-interval, -i <i>:   How frequently, in seconds, to check the glob patternsfor new files (default: 5)
+        --exclude, -x <s+>:   A pattern to ignore. Wildcard/globs accepted. Can be specified multiple times
+          --server, -s <s>:   What syslog server to ship to (uses TCP)
+             --verbose, -v:   Verbose mode
+                --ping, -p:   Try to connect and quit immediately after
+         --ca-cert, -c <s>:   Custom certificate used to verify TLS certificates (implies --tls)
+     --skip-peer-check, -k:   When connecting with TLS, do not prompt the user to verify the peer (not recommended, implies --tls)
+                 --tls, -t:   Connect via tls
+     --config-file, -f <s>:   YAML config file (command line options override values in this file)
+             --version, -e:   Print version and exit
+                --help, -h:   Show this message

data/bin/syslog-shipper

@@ -1,57 +1,53 @@
-#!/usr/bin/env ruby
+#!/usr/bin/env ruby -rubygems
 
-require "rubygems"
-require "optparse"
 require File.expand_path('../../lib/syslog_shipper',  __FILE__)
+require 'trollop'
+require 'yaml'
 
 def main(args)
-  globcheck_interval = 5
-  exclude_patterns = []
-  hostarg = nil
-  verbose = false
-
-  opts = OptionParser.new do |opts|
-    opts.banner = [
-      "Usage: #{$0} [options] -s HOST:PORT <path_or_glob> [path_or_glob2] [...]",
-      "  If a path begins with '+' each line is sent unmodified to the syslog server.",
-      "  Otherwise, this tool will prefix each line read from the file with a syslog",
-      "  header. ",
-      "",
-      "  For example: #{$0} -s somehost:514 +/var/log/messages /var/log/apache2/access.log",
-    ].join("\n")
-
-    opts.on("-i SECONDS", "--check-interval SECONDS",
-            "How frequently, in seconds, to check the glob patterns" \
-            "for new files") do |x|
-      globcheck_interval = x.to_f
-    end # -i SECONDS
-
-    opts.on("-x EXCLUDE", "--exclude EXCLUDE",
-            "A pattern to ignore. Wildcard/globs accepted." \
-            " Can be specified multiple times") do |pattern|
-      exclude_patterns << pattern_to_regexp(pattern)
-    end
+  options = Trollop::options do
+    version "syslog-shipper 1.0"
+    banner <<-EOS
+      Usage: #{$0} [options] -s HOST:PORT <path_or_glob> [path_or_glob2] [...]
+      If a path begins with '+' each line is sent unmodified to the syslog server.
+      Otherwise, this tool will prefix each line read from the file with a syslog
+      header.
+        
+      For example: #{$0} -s somehost:514 +/var/log/messages /var/log/apache2/access.syslog
+    EOS
+
+    opt :check_interval, "How frequently, in seconds, to check the glob patterns" \
+            "for new files", :default => 5, :short => :i
+    opt :exclude, "A pattern to ignore. Wildcard/globs accepted." \
+            " Can be specified multiple times", :short => :x, :type => :strings, :multi => true       
+    opt :server, "What syslog server to ship to (uses TCP)", :type => :string
+    opt :verbose, "Verbose mode"
+    opt :ping, "Try to connect and quit immediately after"
+    opt :ca_cert, "Custom certificate used to verify TLS certificates (implies --tls)", :type => :string
+    opt :skip_peer_check, "When connecting with TLS, do not prompt the user to verify the peer (not recommended, implies --tls)"
+    opt :tls, "Connect via tls"
+    opt :config_file, "YAML config file (command line options override values in this file)", :type => :string, :short => :f
+  end
 
-    opts.on("-s HOST:PORT", "--server HOST:PORT",
-            "What syslog server to ship to (uses TCP)") do |arg|
-      hostarg = arg
-    end
+  files = ARGV || []
 
-    opts.on("-v", "--verbose", "verbose (outputs each log line as seen)") do |arg|
-      verbose = true
-    end
+  if options[:config_file]
+    config = Hash[YAML::load(open(options[:config_file])).map { |k, v| [k.to_sym, v] }]
+    # prefer command line values, but take them from the config file
+    options.merge!(config) {|k, right_v, left_v| right_v.nil? ? left_v : right_v }
+    files += options[:files]
+  end
 
-    opts.on("-c CERT_PATH", "--ca-cert CERT_PATH", "Certificate authority PEM file to use") do |arg|
-      SyslogShipper::Client.ca_cert = arg
-    end
-  end # OptionParser
+  Trollop.die "You must supply files to watch" if files.empty?
+  Trollop.die "You must supply the host:port to connect to" if options.server.nil?
 
-  opts.parse!(args)
+  host, port = options[:server].split(":")
+  port = 514 if port == nil
+  exluded_patterns = options[:exclude] ? options[:exclude].map{|glob| pattern_to_regexp(glob)} : []
 
-  if args.length == 0 or hostarg == nil
-    puts opts.banner
-    return 1
-  end
+  options[:tls] = true if (options[:tls] || options[:skip_peer_check] || options[:ca_cert])
+
+  puts options if options[:verbose]
 
   EventMachine.run do
     Signal.trap("INT") do
@@ -61,26 +57,28 @@ def main(args)
       end
     end
 
-    host, port = hostarg.split(":")
-    port = 514 if port == nil
-
-    connection = EventMachine::connect(host, port, SyslogShipper::TlsWrapper)
-
-    args.each do |path|
-      if path.start_with?("+")
+    files.uniq.each do |path|
+      if path =~ /\A\+/
         raw = true
         path = path[1..-1]
       else
         raw = false
       end
+
+      connection = if options[:tls]
+        EventMachine::connect(host, port, SyslogShipper::TlsWrapper, options[:ca_cert], options[:tls], options[:skip_peer_check], options[:verbose]) 
+      else
+        EventMachine::connect(host, port)
+      end
+
       EventMachine::FileGlobWatchTail.new(path, SyslogShipper::Client,
-                                          interval = globcheck_interval,
-                                          exclude = exclude_patterns,
-                                          start_pos = -1,
-                                          connection = connection,
-                                          raw = raw,
-                                          verbose = verbose
-                                          )
+                                          options[:check_interval],
+                                          exclude = exluded_patterns,
+                                          {:startpos => -1,
+                                          :connection => connection,
+                                          :raw => raw,
+                                          :ping => options[:ping],
+                                          :verbose => options[:verbose]})
     end # args.each
   end # EventMachine.run
 end # def main

data/lib/syslog_shipper/client.rb

@@ -2,29 +2,27 @@ require "socket"
 
 module SyslogShipper
   class Client < EventMachine::FileTail
-    class << self
-      attr_accessor :ca_cert
-    end
-
-    def initialize(path, startpos=-1, connection=nil, raw=false, verbose=false)
-      super(path, startpos)
+    def initialize path, options = {:startpos => -1}
+      super path, options[:startpos]
       @buffer = BufferedTokenizer.new
       @hostname = Socket.gethostname
-      @connection = connection
-      @raw = raw
-      @verbose = verbose
+      @connection = options[:connection]
+      @raw = options[:raw]
+      @ping = options[:ping]
+      @verbose = options[:verbose]
     end
 
     def receive_data(data)
       @buffer.extract(data).each do |line|
-        line = if @raw
-          "#{line}\n"
-        else
-          "#{Time.now.strftime("%b %d %H:%M:%S")} #{@hostname} #{path}: #{line}\n"
+        if @ping
+          puts 'connection successful'
+          exit
+        end
+        
+        if message = build_message(line)
+          puts message if @verbose
+          send_data message
         end
-   
-        print line if @verbose
-        send_data(line)
       end 
     end
 
@@ -33,5 +31,16 @@ module SyslogShipper
     def send_data line
       @connection.send_data line        
     end
+
+    def build_message line
+      # don't send anything if there is no data
+      return if line && line.gsub(/\s/, '').empty?
+
+      if @raw
+        "#{line}\n"
+      else
+        "#{Time.now.strftime("%b %d %H:%M:%S")} #{@hostname} #{path}: #{line}\n"
+      end
+    end
   end
 end

data/lib/syslog_shipper/tls_wrapper.rb

@@ -1,25 +1,69 @@
 require 'openssl'
+require 'thread'
 
 module SyslogShipper::TlsWrapper
+  class << self
+    attr_accessor :verified
+  end
+
+  def initialize(ca_cert = nil, with_tls = false, bypass_peer_check = false, verbose = false)
+    @ca_cert = ca_cert
+    @with_tls = true
+    @bypass_peer_check = bypass_peer_check
+    @verbose = verbose
+  end
+
   def post_init
-    start_tls(:verify_peer => true)
+    puts 'post init' if @verbose
+    
+    start_tls :verify_peer => @with_tls
   end
 
   def connection_completed
-
+    puts 'connection completed' if @verbose
   end
 
   def ssl_verify_peer cert
-    ca_cert = OpenSSL::X509::Certificate.new File.read(SyslogShipper::Client.ca_cert)
-    server_cert = OpenSSL::X509::Certificate.new cert
-    server_cert.verify ca_cert.public_key
+    puts 'verifying peer' if @verbose
+    unless defined?(@@verified)
+      return true if @bypass_peer_check
+
+      server_cert = OpenSSL::X509::Certificate.new cert
+      verified = false
+
+      if @ca_cert
+        ca_cert = read_ca_cert
+        verified = server_cert.verify(ca_cert.public_key)
+      end
+
+      unless verified
+        puts server_cert.inspect
+        print "The server certificate is not recognized, would you still like to connect? (Y/N) "
+        answer = STDIN.gets.chomp
+        unless ['y', 'yes'].include?(answer.downcase)
+          raise OpenSSL::X509::CertificateError.new("Couldn't verify peer")
+        end
+      end
+      
+      @@verified = verified
+
+      puts 'verified peer' if @verbose
+    end
+
+    true
   end
 
   def ssl_handshake_completed
-    $server_handshake_completed = true
+    puts 'ssl handshake completed' if @verbose
   end
 
   def unbind
+    puts 'connection unbound!' if @verbose
+  end
+
+  private 
 
+  def read_ca_cert
+    OpenSSL::X509::Certificate.new(File.read(@ca_cert))
   end
 end

data/spec/client_spec.rb

@@ -6,8 +6,19 @@ describe SyslogShipper::Client do
 
     end
 
-    context "sending data" do
-      it "sends over TLS"
+    it 'builds a message'
+    it 'prints the message if in verbose mode'
+    it 'sends data'
+  end
+
+  describe '#build_message' do
+    context 'raw mode' do
+      it 'does not modify the message'
+    end
+
+    context 'non-raw mode' do
+      it 'prepends the timestamp and host'
     end
+    
   end
 end

data/spec/tls_wrapper_spec.rb

@@ -0,0 +1,59 @@
+require 'spec_helper'
+
+class MyTlsModule
+  include SyslogShipper::TlsWrapper
+end
+
+describe SyslogShipper::TlsWrapper do
+
+  let(:subject) {MyTlsModule.new}
+  let(:server_cert) {double}
+  let(:ca_cert) {double}
+
+
+  before(:each) do
+    MyTlsModule.class_variable_set(:@@verified, false)
+    subject.stub(:read_ca_cert).and_return(ca_cert)
+    ca_cert.stub(:public_key)
+    server_cert.stub(:public_key)
+    OpenSSL::X509::Certificate.stub(:new).and_return(server_cert)
+  end
+
+  describe "#ssl_verify_peer" do
+    context 'using a valid CA certificate' do
+      before(:each) do
+        subject.instance_variable_set(:@ca_cert, double)
+        server_cert.stub(:verify).and_return true
+      end
+
+      it 'verifies the peer' do
+        subject.ssl_verify_peer("").should be_true
+      end
+    end
+
+    context 'connecting to an unverified peer' do
+      before(:each) do
+        server_cert.stub(:verify).and_return false
+      end
+
+      it 'should connect if the bypass peer checking flag is set' do
+        subject.instance_variable_set(:@bypass_peer_check, true)
+        subject.ssl_verify_peer("").should be_true
+      end
+
+      it 'should connect if the user answers yes to the command prompt' do
+        pending("previous tests keeping state...")
+        STDIN.should_receive(:gets).and_return("yes")
+        subject.ssl_verify_peer("").should be_true
+      end
+
+      it 'should not connect to an untrusted peer' do
+        pending("previous tests keeping state...")
+        STDIN.stub(:gets).and_return("no")
+        lambda {
+          subject.ssl_verify_peer("")
+        }.should raise_error(OpenSSL::X509::CertificateError)
+      end      
+    end
+  end
+end

metadata

@@ -1,82 +1,78 @@
---- !ruby/object:Gem::Specification 
+--- !ruby/object:Gem::Specification
 name: syslog-shipper
-version: !ruby/object:Gem::Version 
-  prerelease: false
-  segments: 
-  - 1
-  - 0
-  - 20120102102042
-  version: 1.0.20120102102042
+version: !ruby/object:Gem::Version
+  version: '1.1'
+  prerelease: 
 platform: ruby
-authors: 
-- Jordan Sissel
+authors:
+- Neil Matatall
 autorequire: 
 bindir: bin
 cert_chain: []
-
-date: 2012-01-02 00:00:00 -08:00
-default_executable: 
-dependencies: 
-- !ruby/object:Gem::Dependency 
+date: 2012-01-19 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
   name: eventmachine-tail
+  requirement: &70190739730420 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
   prerelease: false
-  requirement: &id001 !ruby/object:Gem::Requirement 
+  version_requirements: *70190739730420
+- !ruby/object:Gem::Dependency
+  name: trollop
+  requirement: &70190739729940 !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        segments: 
-        - 0
-        version: "0"
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :runtime
-  version_requirements: *id001
+  prerelease: false
+  version_requirements: *70190739729940
 description: Ship logs from files to a remote syslog server over TCP
-email: jls@semicomplete.com
-executables: 
+email: neil@matatall.com
+executables:
 - syslog-shipper
 extensions: []
-
 extra_rdoc_files: []
-
-files: 
+files:
 - README
-- lib/syslog_shipper/tls_wrapper.rb
+- LICENSE
+- HISTORY
 - lib/syslog_shipper/client.rb
+- lib/syslog_shipper/tls_wrapper.rb
 - lib/syslog_shipper.rb
 - bin/syslog-shipper
-- spec/spec_helper.rb
 - spec/client_spec.rb
-has_rdoc: true
-homepage: https://github.com/jordansissel/syslog-shipper
+- spec/spec_helper.rb
+- spec/tls_wrapper_spec.rb
+homepage: https://github.com/oreoshake/syslog-shipper
 licenses: []
-
 post_install_message: 
 rdoc_options: []
-
-require_paths: 
+require_paths:
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement 
+required_ruby_version: !ruby/object:Gem::Requirement
   none: false
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      segments: 
-      - 0
-      version: "0"
-required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      segments: 
-      - 0
-      version: "0"
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
 requirements: []
-
 rubyforge_project: 
-rubygems_version: 1.3.7
+rubygems_version: 1.8.10
 signing_key: 
 specification_version: 3
-summary: syslog-shipper - a tool for streaming logs from files to a remote syslog server
+summary: syslog-shipper - a tool for streaming logs from files to a remote syslog
+  server
 test_files: []
-