├── spec ├── fixtures │ ├── invalid.pem │ ├── README.txt │ ├── client-ec-key.pem │ ├── ca-crl.pem │ ├── client-ec.pem │ ├── certs.yaml │ ├── client.pem │ ├── ca.pem │ ├── untrusted-server.pem │ ├── valid-server.pem │ ├── revoked-server.pem │ ├── ca-key.pem │ ├── client-key.pem │ ├── revoked-server-key.pem │ ├── valid-server-key.pem │ └── untrusted-server-key.pem └── outputs │ ├── syslog_tls_spec.rb │ └── syslog_spec.rb ├── .gitignore ├── .travis.yml ├── Rakefile ├── NOTICE.TXT ├── .github ├── PULL_REQUEST_TEMPLATE.md ├── ISSUE_TEMPLATE.md └── CONTRIBUTING.md ├── Gemfile ├── CONTRIBUTORS ├── logstash-output-syslog.gemspec ├── CHANGELOG.md ├── README.md ├── lib └── logstash │ └── outputs │ └── syslog.rb ├── docs └── index.asciidoc └── LICENSE /spec/fixtures/invalid.pem: -------------------------------------------------------------------------------- 1 | not a pem file 2 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *.gem 2 | Gemfile.lock 3 | .bundle 4 | vendor 5 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | import: 2 | - logstash-plugins/.ci:travis/travis.yml@1.x -------------------------------------------------------------------------------- /spec/fixtures/README.txt: -------------------------------------------------------------------------------- 1 | To regenerate the test certificates, you can use https://github.com/tsaarni/certyaml. 2 | -------------------------------------------------------------------------------- /Rakefile: -------------------------------------------------------------------------------- 1 | @files=[] 2 | 3 | task :default do 4 | system("rake -T") 5 | end 6 | 7 | require "logstash/devutils/rake" 8 | -------------------------------------------------------------------------------- /NOTICE.TXT: -------------------------------------------------------------------------------- 1 | Elasticsearch 2 | Copyright 2012-2015 Elasticsearch 3 | 4 | This product includes software developed by The Apache Software 5 | Foundation (http://www.apache.org/). -------------------------------------------------------------------------------- /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | Thanks for contributing to Logstash! If you haven't already signed our CLA, here's a handy link: https://www.elastic.co/contributor-agreement/ 2 | -------------------------------------------------------------------------------- /spec/fixtures/client-ec-key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg6P7i1NqXVKChh8dR 3 | pqHcCSwlxDjKoaDBGiYzWHgy5vqhRANCAAQSX1YGFCuXL7f5Utp5X45+h7ixghyQ 4 | vhYfT4gY6M31DAUaf59DENYUZ36k4IYrWP6lU/ChBH0Mlntjb1TCD+Tw 5 | -----END PRIVATE KEY----- 6 | -------------------------------------------------------------------------------- /Gemfile: -------------------------------------------------------------------------------- 1 | source 'https://rubygems.org' 2 | 3 | gemspec 4 | 5 | logstash_path = ENV["LOGSTASH_PATH"] || "../../logstash" 6 | use_logstash_source = ENV["LOGSTASH_SOURCE"] && ENV["LOGSTASH_SOURCE"].to_s == "1" 7 | 8 | if Dir.exist?(logstash_path) && use_logstash_source 9 | gem 'logstash-core', :path => "#{logstash_path}/logstash-core" 10 | gem 'logstash-core-plugin-api', :path => "#{logstash_path}/logstash-core-plugin-api" 11 | end 12 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | Please post all product and debugging questions on our [forum](https://discuss.elastic.co/c/logstash). Your questions will reach our wider community members there, and if we confirm that there is a bug, then we can open a new issue here. 2 | 3 | For all general issues, please provide the following details for fast resolution: 4 | 5 | - Version: 6 | - Operating System: 7 | - Config File (if you have sensitive info, please remove it): 8 | - Sample Data: 9 | - Steps to Reproduce: 10 | -------------------------------------------------------------------------------- /spec/fixtures/ca-crl.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN X509 CRL----- 2 | MIIBmDCBgQIBATANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJjYRcNMjMwOTEz 3 | MTEwOTA4WhcNMjMwOTIwMTEwOTA4WjAbMBkCCBeEcMRQn525Fw0yMzA5MTMxMTA5 4 | MDhaoCMwITAfBgNVHSMEGDAWgBRNukfgtxJMkwu7XMvQ8ETWqi5BVTANBgkqhkiG 5 | 9w0BAQsFAAOCAQEAEMhDOnI3Nh8ggAty32gkGwVd4ypGrVu8dI0CvD+PjnYRAHfK 6 | Ngs4ByGOM5mKVTN63To6MulytSRR2WtW4JwcfHq1N9lQiL3qLePcU0CNYfcpRK48 7 | yRVV9qXV2jQAT2halBEhAqlyOH6+enFklCQNUdeCO38jWGPwFOyS4zR+PYWYuymq 8 | WhtScDaHqk/8DZmY/nblabZ4BIDmActqtfpjR+nF8xhTwThgPpETJkQFh3N4PCy+ 9 | UHp46T5hMlib1Dj1JN/TvSW9XsW40QSJGhqOaaEB0tZKRnGWzpABgcMylrtmuVW/ 10 | du7jT9nrGVczZYoaxF9HVRNHs5d9jUgqfDVETg== 11 | -----END X509 CRL----- 12 | -------------------------------------------------------------------------------- /CONTRIBUTORS: -------------------------------------------------------------------------------- 1 | The following is a list of people who have contributed ideas, code, bug 2 | reports, or in general have helped logstash along its way. 3 | 4 | Maintainers: 5 | * Lucas Bremgartner (breml) 6 | 7 | Contributors: 8 | * Aaron Mildenstein (untergeek) 9 | * Dan Everton (deverton) 10 | * Jordan Sissel (jordansissel) 11 | * Pier-Hugues Pellerin (ph) 12 | * Richard Pijnenburg (electrical) 13 | * ruckalvnet 14 | * Lucas Bremgartner (breml) 15 | 16 | Note: If you've sent us patches, bug reports, or otherwise contributed to 17 | Logstash, and you aren't on the list above and want to be, please let us know 18 | and we'll make sure you're here. Contributions from folks like you are what make 19 | open source awesome. 20 | -------------------------------------------------------------------------------- /spec/fixtures/client-ec.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIICCjCB86ADAgECAggXhLgPAPW4dzANBgkqhkiG9w0BAQsFADANMQswCQYDVQQD 3 | EwJjYTAeFw0yMzA5MTQwODU1MzRaFw0yNDA5MTMwODU1MzRaMBQxEjAQBgNVBAMT 4 | CWNsaWVudC1lYzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBJfVgYUK5cvt/lS 5 | 2nlfjn6HuLGCHJC+Fh9PiBjozfUMBRp/n0MQ1hRnfqTghitY/qVT8KEEfQyWe2Nv 6 | VMIP5PCjMzAxMA4GA1UdDwEB/wQEAwIFoDAfBgNVHSMEGDAWgBRNukfgtxJMkwu7 7 | XMvQ8ETWqi5BVTANBgkqhkiG9w0BAQsFAAOCAQEAP+HsEKYA2d6kCAH/JJSpxMnP 8 | gwMfjDkmV1bMguYSoOv8fbD17WqpyRojhi+THInP6ggXhJW0Zbz6UNy2GHXtO4+o 9 | OGLKI2FMUnaLRDMF4NL//FcC1unRQxyw8HQ2oMPNtWVEoo8KURLe0IW2q9/afT89 10 | 59RAZYxizFKSWcoIQGeCoyWzVIa/E+MB4cFKgpTF3zkxr6uWJvXYYwkVtzknsGvW 11 | v0c2h2Ck//kuQatJSZQpbMaYMEE2480VnwskiOTu1ltxrmcQxz5P0g1zcjEnKQAm 12 | kB3ENdewzHIq8yaybbf+a/WCsNyyEjKPOsSWeElk77v719B24x1HqkV8FW/eRA== 13 | -----END CERTIFICATE----- 14 | -------------------------------------------------------------------------------- /spec/fixtures/certs.yaml: -------------------------------------------------------------------------------- 1 | subject: cn=ca 2 | key_type: RSA 3 | not_before: 1970-01-01T00:00:00Z 4 | not_after: 2100-01-01T00:00:00Z 5 | --- 6 | subject: cn=valid-server 7 | issuer: cn=ca 8 | key_type: RSA 9 | not_before: 1970-01-01T00:00:00Z 10 | not_after: 2100-01-01T00:00:00Z 11 | sans: 12 | - DNS:localhost 13 | --- 14 | subject: cn=revoked-server 15 | issuer: cn=ca 16 | key_type: RSA 17 | revoked: true 18 | not_before: 1970-01-01T00:00:00Z 19 | not_after: 2100-01-01T00:00:00Z 20 | sans: 21 | - DNS:localhost 22 | --- 23 | subject: cn=untrusted-server 24 | key_type: RSA 25 | ca: false 26 | not_before: 1970-01-01T00:00:00Z 27 | not_after: 2100-01-01T00:00:00Z 28 | sans: 29 | - DNS:localhost 30 | --- 31 | subject: cn=client 32 | issuer: cn=ca 33 | key_type: RSA 34 | not_before: 1970-01-01T00:00:00Z 35 | not_after: 2100-01-01T00:00:00Z 36 | --- 37 | subject: cn=client-ec 38 | issuer: cn=ca 39 | key_type: EC 40 | not_before: 1970-01-01T00:00:00Z 41 | not_after: 2100-01-01T00:00:00Z 42 | -------------------------------------------------------------------------------- /spec/fixtures/client.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIC1TCCAb2gAwIBAgIIGCmaVaybuVEwDQYJKoZIhvcNAQELBQAwDTELMAkGA1UE 3 | AxMCY2EwIBcNNzAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBExDzANBgNV 4 | BAMTBmNsaWVudDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMcuaFfh 5 | 0wE+BdwygEdUfUhGeMDLe4shCsI0TUed5k9O8s8BwvDUDo9ODeAudESrPqjimuUa 6 | tye3Q5m6eqqfdzqVPAb6Q3B5KKnt0OMM1vlpLo7CnoQCZd+QirtdNvq0C35q7ns+ 7 | colCkZW8QgygriBv9RIWb4Gs6geTEt9UJA2UtWJD0MX2jSv1V0klqclaY+scqw66 8 | +trVlmT/2dgA7gqECtp5ZeFnJbLBel+HFWOH6uTi5xAhVVJ4W1wwds6l+pI+Zvdw 9 | pjkSvXpJCI1OUGq4fMXuzPd8jDf2sN1oXwbluJ4j1Ur/kUSVq+Osa4CjpJP6b28a 10 | rKXTWAIPHphhuUUCAwEAAaMzMDEwDgYDVR0PAQH/BAQDAgWgMB8GA1UdIwQYMBaA 11 | FE26R+C3EkyTC7tcy9DwRNaqLkFVMA0GCSqGSIb3DQEBCwUAA4IBAQCqtyU6GOZX 12 | 7uoDQti9KhqNtvQIR2GueBN7A9h+E6xchIReWgWEId5PXzfmwxhlbGeRuB+fxrQ0 13 | KAsCRP5LxGz4oEU7gsnb6Gffez2urtHwd7Jhf/0pcsVzRdEQ1ZnwGlvc9WjkW37I 14 | HdT9HVsWSotlnq66VPZLbXtnPN5QMmepuheCNl+I1uWEdtI7i+oF/18cFN1Qq8Q8 15 | N45qS6svlMTJ/Wt4IQR8gEaQgTGPr31UPF31bPik7H9NUDJvmeiJdE1ZGbzcR/X/ 16 | 1vCR71eHMXtYUOEb8G1sytiMhb4hZGbY00bmUX5UQjZY5XxJExpKtgxSN1/rSXpl 17 | GXkJ7redVKpS 18 | -----END CERTIFICATE----- 19 | -------------------------------------------------------------------------------- /spec/fixtures/ca.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIC4DCCAcigAwIBAgIIF4RwxEiEg+UwDQYJKoZIhvcNAQELBQAwDTELMAkGA1UE 3 | AxMCY2EwIBcNNzAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMA0xCzAJBgNV 4 | BAMTAmNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtW0Wn1Z/RSzA 5 | VbMauPWb+vVySDD5Ju46+nOu41yMPlex9cWK8LD4baZ7uJ2jNfOU+heCErRbgbtC 6 | rYAMOtbd8ZNBCMBCDdBEhuoNQ1FZ5NJWprzf6o4IPdrBa7G9eC9eqzvIRBecdhBo 7 | aKauPtIqwoIFIxtgoiez2EITFvD0FN10mU9yuh/grHoL7ecIw2C3MbcXKbUXQR5b 8 | 5VgEAAoNXtqkN+ii/t7UcFRZG79s8LwLueQ8xx6BpTsH8neIsi55PQcNRiKfICWq 9 | oqHUhErzgMZBy3lVKqvL8695ETfqTTepVgA8XDk8gE4sM5Dyo3vuViZ+OETr6Jm7 10 | ZvZfvik/lQIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB 11 | /zAdBgNVHQ4EFgQUTbpH4LcSTJMLu1zL0PBE1qouQVUwDQYJKoZIhvcNAQELBQAD 12 | ggEBADG3pp79VsvFqR3dAznHtMmprya6gLbh6/oFLGeSaYRZG/eIQQFdnGBxhBu/ 13 | 7YfYsZ385ATRvPB5diwpbPZ0u6PVLkXhE2RbYwV3EtPTvRHoTAB1/jdzAp5OoKlx 14 | DEpN45KiGgkwknkBz0NEPKoOPc++dTnPn1SD3mqdIPSBD+nDrQibCKODAhN+TjfZ 15 | Fith6yp+RIgst62RrFML56/EhKF4TgCXPKQBvXTXhwyBKeMlXglxhxghXXa+9Pw6 16 | X6PL238t3iGJm/ClZd+nyifPjR1DUNVJQXDC/ZDsI6qHe5TNZyYBBwC6ymDd/sCU 17 | L/SfQIFGjFAc2GP3DCiZM5HgvFg= 18 | -----END CERTIFICATE----- 19 | -------------------------------------------------------------------------------- /spec/fixtures/untrusted-server.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIC4jCCAcqgAwIBAgIIF4RwxFmE1F4wDQYJKoZIhvcNAQELBQAwGzEZMBcGA1UE 3 | AxMQdW50cnVzdGVkLXNlcnZlcjAgFw03MDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAw 4 | MDAwMFowGzEZMBcGA1UEAxMQdW50cnVzdGVkLXNlcnZlcjCCASIwDQYJKoZIhvcN 5 | AQEBBQADggEPADCCAQoCggEBAMggFmsLIzwd6xtmSUFDgct8DC0mLZwJHdle9Fi9 6 | WWb6FS1eqXAStLe2vHubt4RIH8zIe9aHJ2fBUQEijP5yvJmhNqDW9dbS+09MP55S 7 | erIo7bi65eLm6kk2Cv/5XAR3k4gBuWmZlwXIuAvlXIRL7+QOYONAP0zViZqf6isi 8 | w2ABUt39sNcyk/MZ4fXnV9BWL7gw17V2vgNKXHnCFFT/x7ieR+uABglbEaX+/OAu 9 | diaplVVQ8GhsQG8D9l3S10jY5YCTNwWb5GtqcKZ+PHHFnvrkzMitOI+Lo99Mx1l6 10 | dUJt7kd5Bg+PEMjSsR0xhLlCBOas6cb0pca8Kq6539LEHDMCAwEAAaMoMCYwDgYD 11 | VR0PAQH/BAQDAgWgMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDANBgkqhkiG9w0BAQsF 12 | AAOCAQEAY3kMdTa4PAFVv218EFw2SoMswIn0IjnSbaP18PGPQJyeAtjInE3Y6Aza 13 | zkZK2lOcgHF8GTJNldP+7SIMlY3ulJLTBvqgEHshGH3lvZEWCkJzheCUMnvbsz8b 14 | ByhsHnKtLMTGQab8TxVpx4QGA2KI/7yhnVRwBCfyqJxaj98d9O62AjOJJmcOdc7t 15 | K9CAXpjXqmU5YZJ+hb3s2KPY8v5QqAYcNCI/OtIQcHQh+8vnu1McILMljUmJHwVX 16 | ZTmEJizVtZr+UEg2XDw9GgC+OXppFRb1ll0E5Kp+ird7hRDl3VKdh5rEYR5vMTUH 17 | 5tX5tdoGCR5cN8jxlwTgqSfz6XrYfg== 18 | -----END CERTIFICATE----- 19 | -------------------------------------------------------------------------------- /spec/fixtures/valid-server.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIC8TCCAdmgAwIBAgIIF4RwxEzf0ogwDQYJKoZIhvcNAQELBQAwDTELMAkGA1UE 3 | AxMCY2EwIBcNNzAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV 4 | BAMTDHZhbGlkLXNlcnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB 5 | AO59JkW5guj8oI5SdbnqIo0V/1pnWfpt5Gb+zonkDxiHjwypf78jBDloqLIuMk/i 6 | CsTUQxmVbhOr48PRpVzGfi0XCnHUydCsVIzBMSo65aX9la12gvr/mNGWtJLhM8QR 7 | 19ZSE1Qntd4J5d1ElhcZBQVZP3EjSEcxVL3MHwhdpbTSpW0heEvdLnxqWxw1uNKp 8 | MYypZQJkQE1fqIr7Bpm/HuaNu4pucFDu039m/E5LUldU2G2u9pwVqe+WOd8rHD4i 9 | nDmU3oHvoAAI6sEzQC7fdRbnuSnB6QhB8UYOlSCRdClNLfSjfxgKMOwpwwH6hKCE 10 | J6v4QuHl4fwKNM2ddL3MFjcCAwEAAaNJMEcwDgYDVR0PAQH/BAQDAgWgMB8GA1Ud 11 | IwQYMBaAFE26R+C3EkyTC7tcy9DwRNaqLkFVMBQGA1UdEQQNMAuCCWxvY2FsaG9z 12 | dDANBgkqhkiG9w0BAQsFAAOCAQEAVBgDXf3vh0U+5CK36cBArUCbT/ByQQ/4jByy 13 | m1VRM4Mbxumpw7LPtSDUqSpyCO4LaHq+Jp76VbtyPPTZnwWnowJwXDLXykHyJ4Mp 14 | wKVBUoHMxXcnQwE8VfWGiRi101WSx6ts2lXJjqUcjz9rsq+syE0/ZMnoM5BXIL5q 15 | YPKQ+Apscu6VRP8Ecnz0+ivy365FVhENOrGsACau5aPAaR1jmoWtUCyjA4UmskFd 16 | c1Ovj8AbB1HR18XGcs+EnVdAjum5kdKfOiGHmy/qqfkflHiFYu02qZ0bNgB0pU3b 17 | EYR054dXU0Hic/5ZoasBYzFaHebqyT1rosYWENFSKxNjafn71g== 18 | -----END CERTIFICATE----- 19 | -------------------------------------------------------------------------------- /spec/fixtures/revoked-server.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIC8zCCAdugAwIBAgIIF4RwxFCfnbkwDQYJKoZIhvcNAQELBQAwDTELMAkGA1UE 3 | AxMCY2EwIBcNNzAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBkxFzAVBgNV 4 | BAMTDnJldm9rZWQtc2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC 5 | AQEA4jdX2twXE27xzVze7pTJ2MhaxgvkYjpaWvz5SO+jVo6GjpoMu7A81z93tuxE 6 | upOpEbQX/zq4hlyXQSkNM9eDgss05Bu5lI4YETEbaKbFskygvE0XI4jmyAbnvPTX 7 | okimZNGDwjVhWQrNgyAUs6ytz6CsjLfnMOZ4fTDw3tHcqaHgyZolePeCxXTjuxZI 8 | y6hR/anAat9BxXae2YtODiBZ5khDllnYSDoV1FCqf2iIqbEAqfvrdWJ+69rbx11O 9 | yn0+v6uHCqsQObFkmtCrE/yK3Af349Q6XSxt2qWsRE2YmlvugLgg3zXnisRtLEC2 10 | +lNftSLEqf6e7xvUttrqRMZ64wIDAQABo0kwRzAOBgNVHQ8BAf8EBAMCBaAwHwYD 11 | VR0jBBgwFoAUTbpH4LcSTJMLu1zL0PBE1qouQVUwFAYDVR0RBA0wC4IJbG9jYWxo 12 | b3N0MA0GCSqGSIb3DQEBCwUAA4IBAQBJlXamVwRDqGqbsLCyKef1AXtnsr5h/bih 13 | lHyO5YChSTiAKb/5rbZx7n1ydIlbFZ1aOCQrqXomQKKSBpW5alHHYSbWeiEit64t 14 | wDxcqMnz+O+mOvt6NF8ceawUTLRBZLSBV7GJyTBKBAqmLv4UyYti8dEwUScsnxE3 15 | 4nLD9DMCscsoWnG8EADnsiOwXDtZvv7Dt9B/Z8mKUXRH5egeEVNHi7ZSDlCQtadJ 16 | QO4+Ov/gejknFn8nw4falb94vDYKaZLMHfdtVJ8by+bZ3PNJjSQrvOBC6DC8OStd 17 | Xh0fNSnDhbKyeSIaMECfYFnCMoph6j9hlU6v1ekml1YNKj0SvAWa 18 | -----END CERTIFICATE----- 19 | -------------------------------------------------------------------------------- /logstash-output-syslog.gemspec: -------------------------------------------------------------------------------- 1 | Gem::Specification.new do |s| 2 | 3 | s.name = 'logstash-output-syslog' 4 | s.version = '3.0.6' 5 | s.licenses = ['Apache License (2.0)'] 6 | s.summary = "Sends events to a `syslog` server" 7 | s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program" 8 | s.authors = ["Elastic"] 9 | s.email = 'info@elastic.co' 10 | s.homepage = "http://www.elastic.co/guide/en/logstash/current/index.html" 11 | s.require_paths = ["lib"] 12 | 13 | # Files 14 | s.files = Dir["lib/**/*","spec/**/*","*.gemspec","*.md","CONTRIBUTORS","Gemfile","LICENSE","NOTICE.TXT", "vendor/jar-dependencies/**/*.jar", "vendor/jar-dependencies/**/*.rb", "VERSION", "docs/**/*"] 15 | 16 | # Tests 17 | s.test_files = s.files.grep(%r{^(test|spec|features)/}) 18 | 19 | # Special flag to let us know this is actually a logstash plugin 20 | s.metadata = { "logstash_plugin" => "true", "logstash_group" => "output" } 21 | 22 | # Gem dependencies 23 | s.add_runtime_dependency "logstash-core-plugin-api", ">= 1.60", "<= 2.99" 24 | s.add_runtime_dependency 'logstash-codec-plain' 25 | 26 | s.add_development_dependency 'logstash-devutils' 27 | s.add_development_dependency 'logstash-codec-json' 28 | end 29 | 30 | -------------------------------------------------------------------------------- /spec/fixtures/ca-key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC1bRafVn9FLMBV 3 | sxq49Zv69XJIMPkm7jr6c67jXIw+V7H1xYrwsPhtpnu4naM185T6F4IStFuBu0Kt 4 | gAw61t3xk0EIwEIN0ESG6g1DUVnk0lamvN/qjgg92sFrsb14L16rO8hEF5x2EGho 5 | pq4+0irCggUjG2CiJ7PYQhMW8PQU3XSZT3K6H+Csegvt5wjDYLcxtxcptRdBHlvl 6 | WAQACg1e2qQ36KL+3tRwVFkbv2zwvAu55DzHHoGlOwfyd4iyLnk9Bw1GIp8gJaqi 7 | odSESvOAxkHLeVUqq8vzr3kRN+pNN6lWADxcOTyATiwzkPKje+5WJn44ROvombtm 8 | 9l++KT+VAgMBAAECggEBALJDD7lb+g10HT+XjigyXCLHzJSWWhkgdx7jT/HiW4Je 9 | FGPSx+QbXt4OeP47FcTLI5RgSNQsFsVvw+JKMLoXqVfWQk5g6gY8nziY/JMqedNV 10 | wQJwDuuexwZPzUEOEYbntHM3eF0/feKb2JsLO6ZKRu17Z6TJH7f0nsdclPkzpABi 11 | uJUChSVmHvcI7lK2aKrrW7NLgO05VDKNp0Z+9f7m3qpsputdc01+S50D9+I6FXOv 12 | zPBdjNz4LYvKLqdBkJZerBeViTvQ+YcoovxQzy6g5gaWfknVy/vvUG7DXN1yptJ0 13 | si4ZLT0WbSRX0NU7tAuaaQ2dCVgzYEheYQwDBqFq/4ECgYEA3pRFsyW4doAbY3R7 14 | 598LZjoMGr8LzllOxJEjEPnQiC4sSn2kP2HJ9YQBHt/oZ9Sixx5RmLF05jbWVpEE 15 | FKxNqPj3B1Ny11lMTUYc8nmu6040u1F30XrG3fRB7bPUSMq7+SfeM9CBMiDlMsJG 16 | CqJUt6Mf4HiwBIY9cQn8HB5KBbECgYEA0KrusLgxzquF/I7eFEzVdf4u2GlRB8lw 17 | QDFZNkx4AmHca+dVDUb/QWRGvaHN6Mn9vS1CC1GqO7Vpx6FD6BOm/+ZMHTEFpXmz 18 | CkDTjXv3oivzfJmec/YCaSSx/xjaYPdz9xesfNhBzraAh1c+KeG4ilYZ/z9H1yAV 19 | +03o+dxffSUCgYEAra1A3dM3JrA7rtU7wehW+sOcolokmjUxs0wU8rAbucddpBp5 20 | yUNC1aLVRQQuUqanBXxw6xa9Qs3TXeT2LDNuvcTW7Q5+c+8oDLwC5mlwxgdWOjwN 21 | pJWLC7IGp7ZElTAskPQ8/G1cAoOMlJjnEnEsbcaJnxxNLJqa4tOJt18jH2ECgYA4 22 | cgSfSTQv87YK25q3YxFbGacSY2rH8HWs56x6Q7Uy78XwamNXdB0YU0fPhDVvAzTg 23 | N53l8fFatXgnyDfWT3qdPm7YdqpQWNtVqrOPUjlqZPk4e1WhiKqeRo7fsplgIY/9 24 | Byphmx4yDKw38CGgsq54vVHK+hM03jkUAb9D15j9AQKBgF+mgmL8teGiKPM6u932 25 | O5zX/vwvcdxdT/BInliJA2I/gJZ0wYEIMcFlTSl8DI52nBZIssjPpNRp4W3fKWR3 26 | tnbBzFiFXU88l6QOd3NotINFh/br0LOaJ550zyepcx9z6mN1Z5vv0iYgsZE78nCg 27 | Z6Tlk4gYoS3xG1q5V1f0JJee 28 | -----END PRIVATE KEY----- 29 | -------------------------------------------------------------------------------- /spec/fixtures/client-key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDHLmhX4dMBPgXc 3 | MoBHVH1IRnjAy3uLIQrCNE1HneZPTvLPAcLw1A6PTg3gLnREqz6o4prlGrcnt0OZ 4 | unqqn3c6lTwG+kNweSip7dDjDNb5aS6Owp6EAmXfkIq7XTb6tAt+au57PnKJQpGV 5 | vEIMoK4gb/USFm+BrOoHkxLfVCQNlLViQ9DF9o0r9VdJJanJWmPrHKsOuvra1ZZk 6 | /9nYAO4KhAraeWXhZyWywXpfhxVjh+rk4ucQIVVSeFtcMHbOpfqSPmb3cKY5Er16 7 | SQiNTlBquHzF7sz3fIw39rDdaF8G5bieI9VK/5FElavjrGuAo6ST+m9vGqyl01gC 8 | Dx6YYblFAgMBAAECggEAIs4dNZ4kfQcVhxDcEZrV+Zc26pmkEP/JHX5+MpGI+TrW 9 | ew3XvrWPhcMh8ZasgoNaA7D1WCt+7dW8XlSTstUCxJ3nS2DYAANr86W25rYLqrGS 10 | jSe9A1xX6OUdGPiE7vIfQAv3eFnFMe8L+ZpYAFTjmI93x51cBtDsZD5zAct2MVkI 11 | CRB0AdWlvdY4j/FGmDJiDpgFTvBrYDh+fbckFll72Etxt1U7Ssfzw9UTvJWPH1XE 12 | Pr9Ax/kxCwUy3D/h8dQv5q2jz1lGXCHoo7wq7D0vNRn2i/aA8tPHBdplvf2hN77+ 13 | oUnLGTr+kxI42EkTdG+t/IrPslyG0pFz87TIE8DRAQKBgQDsWJr4dBVdWUUjERN/ 14 | PkpcGHtzu6okxGnXmEcInesKo+E24BdEdrR0+XPtw+JDYhpuWRp4Dta1N2/7Btkk 15 | MgL3Me3yuz366Q8GIOZqM0+9Sj8qXleb0R66ozIQJECIVEBUYZQN2JyM/wO8hgfL 16 | oV2S64/fRlAdbqZnjCAFc7yAMQKBgQDXvqDGBxcdU0U1PmDitWydqc8tsNNEDklw 17 | JyzXAXMZ0OEEYTxta7LP72GWleRm9CyUUcNCC7WLiPcTq77oWLjKzQKx//8JnZ9I 18 | tDbsfh3LI9h4GG7vIW6tVLbG/CSMRbtVvqdJewNvQeLb6ARlRTpkAXUb5DQiU4O0 19 | 4hydvHR5VQKBgQDazEBTKCwrKhx+FS3mi0UNs0B+aMpflVGi3H9OM9vHEuXJBnWj 20 | 1PzEmba/86rA1M5BP83oPVx5kSPi0XkuL/pc2+U75CnB4gYdl1GYGX6Fb3nAgGw8 21 | fMEk6TXMibMQQmb3dwo4M0LiqKbN3YrT8cQN4nNjsNU0Gh6FF80BHx7v0QKBgQDH 22 | b7IhvZYxhrOYh6R6jqnsiXg6zZZO+EINCjnaO73SJJSOPvDkWcW/kJOO59tvDNNU 23 | /MxadoaJicCVj5N4J+QTnTabo4F4uxvu0qFfNyqFigpm4ndSWX59fq1D/vwuK5wE 24 | pKzyMWQ4ahiznqTJlRhoMCy47tj+zmMXSFqZugeVzQKBgAcGan9v9Lb7fOVwqcGm 25 | HBFxzFMljr3NNXUwjAfY64NT8jDLoDj7fHgn+kf779CmHam1vqTRgxWouSlrw1DJ 26 | qE7qwd6LsOL+WW0XXCWad5NtgFmoMLaCj2u+Fz9xmZX2QmdaZYo3xtlpDK0i2NzK 27 | SSS5SK+adI5UqxmI0wLlDS4a 28 | -----END PRIVATE KEY----- 29 | -------------------------------------------------------------------------------- /spec/fixtures/revoked-server-key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDiN1fa3BcTbvHN 3 | XN7ulMnYyFrGC+RiOlpa/PlI76NWjoaOmgy7sDzXP3e27ES6k6kRtBf/OriGXJdB 4 | KQ0z14OCyzTkG7mUjhgRMRtopsWyTKC8TRcjiObIBue89NeiSKZk0YPCNWFZCs2D 5 | IBSzrK3PoKyMt+cw5nh9MPDe0dypoeDJmiV494LFdOO7FkjLqFH9qcBq30HFdp7Z 6 | i04OIFnmSEOWWdhIOhXUUKp/aIipsQCp++t1Yn7r2tvHXU7KfT6/q4cKqxA5sWSa 7 | 0KsT/IrcB/fj1DpdLG3apaxETZiaW+6AuCDfNeeKxG0sQLb6U1+1IsSp/p7vG9S2 8 | 2upExnrjAgMBAAECggEAbcyzBfYB9VrKXwWO53qspl5JQQuQpOTx6mwTi4VVYLP5 9 | N8oqGAeo4ElcEBuKGI2HaKJja2zTF9RlTilg0SLwIFIFsBqM70AxClctmJQqLSro 10 | cb1xV7whWEGRxbOJ3qkoqpLPQzqpr5CAw/6UTcmo67hvSDYTLzcOkKVqpJx0YJja 11 | XvQ9m9zeOIOANN2cj3mZPCniDNGzYMF6D2twNEjEwE1OOm8wTkhfdWIimVGmn4US 12 | mOA4vT78XV2lDvFrroCWKdNFaUZhw0pw3b/uVqagXk2PmDAi0gVg1PzbjwkniwXt 13 | poTltUpAMyMveMYDK8dbK2wQIJ95F0qQa4KyLIkl4QKBgQD04Bcu6JyUWWAERrm4 14 | dOxXEGCQeCNp8QmBddSGa8HaWFlmTedCXvCNNOJZYeB+pYdbzVc0nJM3xxDq0o9X 15 | hXg5iS+I1jEQAuLJCcnaqXdM9nB2EFsy/KRSK6xoxZsiYyUof5DGozbo6GB+bdyl 16 | NgaPGUkIsOS5GWF+se9whj00WQKBgQDsfj7sMo//bJEPexMsMxTSbq9stAsk9MFe 17 | WBCYmvD1p7OcwgnICYFOkWo6jcOHYA4ByDIJUyufDgu0Ta4wLyTBZh2dXqHs80jW 18 | DmeYl4xQzTlEtpVZUX8vMDk9N+9tWHi+Z19MgNpt/QeKBJqaBHgGGqx2CEQzAcjC 19 | jRAxLPDxmwKBgQDkhGc+IFdW3Z0MAJB6gaq4iREEYQjzabvsM3C0TMUoJQCwxwyE 20 | VKL5s5tzvDJLHeAWnKa/80ozaDLyYLLiAy0xzEMu2GwKvBa1c8wKodEyYlyK4TKq 21 | fzg9coI/eAEQ8yMPCxSpOlEYwxqhgZbCGou+aONOF/4qenQQTq7a/HsLaQKBgQDn 22 | qF7wtjLSDMIn/PJx+HOsElpqzA6im9KTHQbcxeHFcQoDQxubxJvSn6UESHvBLzlp 23 | S3agJcV0H6kdbH51mqiRffsCfYF2f3XYoPGfysvbFrzDb2rqvGcujTl0m0dAwEo+ 24 | kToL0ail1xc8fngG6Nu9dwF6+Wv83wGOeenjkddPgwKBgD/tIsEPxkiNfi/y1mLT 25 | cM8i6zZNjoH52lkhJ+zWGwPPLTE2HP5FzY/FEG7qwVAqMTC1Tnw9IXiP0bXPTcxk 26 | NEaP2GG9g57OtLR4NK+Pw+fiYemoxDf3l9dgoa5T/HBv7Epzaadv0np2TterpE0H 27 | ul9dMftda0KPvPdGf5xdWCkJ 28 | -----END PRIVATE KEY----- 29 | -------------------------------------------------------------------------------- /spec/fixtures/valid-server-key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDufSZFuYLo/KCO 3 | UnW56iKNFf9aZ1n6beRm/s6J5A8Yh48MqX+/IwQ5aKiyLjJP4grE1EMZlW4Tq+PD 4 | 0aVcxn4tFwpx1MnQrFSMwTEqOuWl/ZWtdoL6/5jRlrSS4TPEEdfWUhNUJ7XeCeXd 5 | RJYXGQUFWT9xI0hHMVS9zB8IXaW00qVtIXhL3S58alscNbjSqTGMqWUCZEBNX6iK 6 | +waZvx7mjbuKbnBQ7tN/ZvxOS1JXVNhtrvacFanvljnfKxw+Ipw5lN6B76AACOrB 7 | M0Au33UW57kpwekIQfFGDpUgkXQpTS30o38YCjDsKcMB+oSghCer+ELh5eH8CjTN 8 | nXS9zBY3AgMBAAECggEBAK2FmYc5xypGRXvIO6gd1y3YR4c7k5hGxNy7oQNrUCCE 9 | 4WxRF4W2sKgkojmiqzC8QyGbX4cJ1qGxe3NK4opyUfP0w8C3FnAiMxKGroMPf3Aa 10 | 5gDkLcD6n/I/OPt1p/iNEwH5jd65VfZMNVedQ6diqOiPWz2ycjB6kDHYhuvLV3oM 11 | Mnj/l5B7Qr6lZoM6a47ECX4d2FSIbxBaS1sAGCN2eckwL/oEMaufyGd7H9Juj4pa 12 | lEdALrA+AOtn6f6grXQvMwej1mFx4ac7Teidvs+cPJGJBMONMiSFjHiUFQHW3ZSq 13 | qBhXbCHmfoqdDw5BqgvwxEc4H75BQrFyr63vush1deECgYEA8pePyYjcB4o4j2Ib 14 | DZFXD5kDuWvA6J1mM2XReww+y/y7nW4jf6XJhcY+dA7JazYDDrwNRziDdbmjuTQ4 15 | XrDDqJgeklENrEubWsDtPTiH7Tp8/caQH1p0SwIEwXcrr8MAeWdv/Ixcb6+p+QCt 16 | Wp2eAjwHYLPzEjea+8a6q2M6M8MCgYEA+6uIMBUAUZsoID+AA77+NUR1xL54M7aJ 17 | 1WjKAj7uyHe8jP58I+39GlEYLBd8vQNqUb9v9fPbIDXQXyzQGe6KWzWfSDCUoFsA 18 | jP66qk6xqLqxb5Qlc8VXXIgcONyYCudRgvNLaKPYW7gslkwziwwCulfNHLpuPj16 19 | 4KI3MyMe8H0CgYBqzHaszuevGhbUaOhoDLg7Ua3mD54ZylGYBxc2CKoMu/MM19Qg 20 | +ifCEQilp2zdGiY2cmuWEzcsuNFvU6INbdx1eKLc33oZhB+c0Jqg/SY6NimYv7Xr 21 | V7Mi4nydf41oD31B9VvD3zdCpB88VCP9ZK6PZUYKOK6mMny0o0TC9yhEaQKBgQCc 22 | IbShr8W82vcv2nU+3bSzsz8kyc2kt3AXV6VLc2OMNsxg5Fh7qd/F/d1zLTcTxBSn 23 | lo6NFbYx63DUOub3z4dCQqgIjysFuK9EyZtgoOWS+g+uW0hI5HroSwDHPgONcCif 24 | hvSXfF5zuHTg4XFwqAjhNitn0Tknn9ill72LGhTNuQKBgQClALtYE5se9mU/ehfK 25 | igu/jqEYiUfHSm8AroCK5IVnqM1tHliN9r7fLnRAfQv2gF/Mbq7/wFIRyko4WIBp 26 | 0CKz7dv4v1zmdxk/k1jaZFLVQXpgDgPEuVxTmOiZCncef/P8gYO+x5PPDoVPsPlf 27 | zQIF+YRER5vsPJUBOG1QP97zZg== 28 | -----END PRIVATE KEY----- 29 | -------------------------------------------------------------------------------- /spec/fixtures/untrusted-server-key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDIIBZrCyM8Hesb 3 | ZklBQ4HLfAwtJi2cCR3ZXvRYvVlm+hUtXqlwErS3trx7m7eESB/MyHvWhydnwVEB 4 | Ioz+cryZoTag1vXW0vtPTD+eUnqyKO24uuXi5upJNgr/+VwEd5OIAblpmZcFyLgL 5 | 5VyES+/kDmDjQD9M1Yman+orIsNgAVLd/bDXMpPzGeH151fQVi+4MNe1dr4DSlx5 6 | whRU/8e4nkfrgAYJWxGl/vzgLnYmqZVVUPBobEBvA/Zd0tdI2OWAkzcFm+RranCm 7 | fjxxxZ765MzIrTiPi6PfTMdZenVCbe5HeQYPjxDI0rEdMYS5QgTmrOnG9KXGvCqu 8 | ud/SxBwzAgMBAAECggEBAIULF/xH5j/EIBYSFSdHKtXNfQbS98VhJi/peYY5M2NL 9 | ZKLJ6NjyBqSP3pRKfGF71XA95F5FccP/d8vKXXOXcZys2XVqEvujPaGFLlIhwSIK 10 | JagG0GfdXeoX/I4aB7uMh08G3m2+xvD4dKqr66qkFTJHANBzWOHKoHVkVLgin0KF 11 | 0WoQ+t1xc519Xewi/ghatNifIYKML1prkwIekWUBM7CxONfaAxYg828edgEDDgoy 12 | Iq7lGyCj5AZfYeW7G7rSxsnMylf5XoA2c68AC0JT6uRLKYQAKzPjntKALktRwROt 13 | 2j1hOq6pw7vSKYCHHXjcB1wrIfGCGegEZISV1890kGECgYEA1xRhB6ezLd7/5yw0 14 | 8w4nYz0YW8/QXcatRDtvvP/kX+RBZLutIivVwCKdDYknuISbcx4uTfgJCfnh9Gju 15 | 6u/EIJWe97k+YLUFeH23lGhnsWTfmJ3XAhs76Jxn/akHypRZ5c4z6tlpydxvHU4X 16 | c52c6v+yGWuXAP1Wt/fzo9ZAiDECgYEA7jNZct+k/0tqcIdgvkv+bzObDcghyl3d 17 | aHL1gGCCI4ZT43fp/+7RmAuPK+d+JCzHxDuXIHOZ+gAjfhw6dVjZWCMKXNlI587g 18 | /rtIgjfZTLUDt+T/5l4hr147xgISyLtaGgvy+BBAF3GpvlhkA1LbNaV2XkUSrzop 19 | Y5iHocOfdaMCgYEAo2NN2rzg90Xi7UC98K6d6VuuN4EFb1fQpHbqiY9zdA04SEfy 20 | XHUkalNhL7kzvY6vcKJK1txIMZXsuvlEFqGSQpanLtVAt8KMp14Jqeoua6qP2aZ+ 21 | gZEiz7CRpzdTPee460TcV9pV7Q1SM9bxJdlkLXmVWI5NJmlOCW+JXLsURuECgYAl 22 | vd0eZnEuQjTLP6gEfuYBmJuow10XQ2ghdJWRkbkNB+uizw00kBKFlM9KlZNXCAFf 23 | BlIbwjVTd1IoWTCqBznozSSHMaZrlEvyEJqch1zW2peMO6yQQ7nyn2u5I/r18zmD 24 | hwEobOq6zDepAThXjnlNNrpalXcwbHbCYRicePJ7IQKBgQCt47xW8YWcCyKPksL5 25 | WHTV40eWOa8ZJotGf0LN1YKUd5f8aIzAY26CV3677T5cmDO80qZ8rFrZ01TDZ4Qj 26 | HN5lJqVp4vddpkIJ6EXEQ0AbiSbrip6qHm/LNuxFcdcoB8FAmqvMQe8xf90+tLOy 27 | BTH3fMe4qQzbSa3KCdNzQRM9eg== 28 | -----END PRIVATE KEY----- 29 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | ## Unreleased 2 | - Change codec instance comparison [#69](https://github.com/logstash-plugins/logstash-output-syslog/pull/69) 3 | - Added support for RFC5424 structured data [#67](https://github.com/logstash-plugins/logstash-output-syslog/pull/67) 4 | - The SNI (Server Name Indication) extension is now used when connecting to syslog server with TLS and `host` is set to FQDN (Fully Qualified Domain Name) [#66](https://github.com/logstash-plugins/logstash-output-syslog/pull/66) 5 | - Added support for certificate revocation check for the server certificate [#62](https://github.com/logstash-plugins/logstash-output-syslog/pull/62) 6 | - Added support for setting cipher suites for TLS connections [#75](https://github.com/logstash-plugins/logstash-output-syslog/pull/75) 7 | - Added support for setting TLS protocol versions [#77](https://github.com/logstash-plugins/logstash-output-syslog/pull/77) 8 | - Added support for loading PKCS8 EC private keys [#61](https://github.com/logstash-plugins/logstash-output-syslog/pull/61) 9 | 10 | ## 3.0.5 11 | - Docs: Set the default_codec doc attribute. 12 | 13 | ## 3.0.4 14 | - Update gemspec summary 15 | 16 | ## 3.0.3 17 | - Fix some documentation issues 18 | 19 | ## 3.0.1 20 | - Relax constraint on logstash-core-plugin-api to >= 1.60 <= 2.99 21 | 22 | ## 3.0.0 23 | - breaking,config: Remove deprecated `timestamp` config. 24 | - internal: migrate to Logstash Event API 2.0 25 | 26 | ## 2.1.5 27 | - [Internal] test fix to not depend on json order 28 | 29 | ## 2.1.4 30 | - [Internal] fix tests 31 | 32 | ## 2.1.3 33 | - Depend on logstash-core-plugin-api instead of logstash-core, removing the need to mass update plugins on major releases of logstash 34 | 35 | ## 2.1.2 36 | - New dependency requirements for logstash-core for the 5.0 release 37 | 38 | ## 2.1.1 39 | - Add SSL/TLS support to syslog output plugin (thanks @breml) 40 | - Added ability to use codecs for this output (thanks @breml) 41 | 42 | ## 2.1.0 43 | - reconnect on exception. added basic specs 44 | 45 | ## 2.0.0 46 | - Plugins were updated to follow the new shutdown semantic, this mainly allows Logstash to instruct input plugins to terminate gracefully, 47 | instead of using Thread.raise on the plugins' threads. Ref: https://github.com/elastic/logstash/pull/3895 48 | - Dependency on logstash-core update to 2.0 49 | -------------------------------------------------------------------------------- /.github/CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing to Logstash 2 | 3 | All contributions are welcome: ideas, patches, documentation, bug reports, 4 | complaints, etc! 5 | 6 | Programming is not a required skill, and there are many ways to help out! 7 | It is more important to us that you are able to contribute. 8 | 9 | That said, some basic guidelines, which you are free to ignore :) 10 | 11 | ## Want to learn? 12 | 13 | Want to lurk about and see what others are doing with Logstash? 14 | 15 | * The irc channel (#logstash on irc.freenode.org) is a good place for this 16 | * The [forum](https://discuss.elastic.co/c/logstash) is also 17 | great for learning from others. 18 | 19 | ## Got Questions? 20 | 21 | Have a problem you want Logstash to solve for you? 22 | 23 | * You can ask a question in the [forum](https://discuss.elastic.co/c/logstash) 24 | * Alternately, you are welcome to join the IRC channel #logstash on 25 | irc.freenode.org and ask for help there! 26 | 27 | ## Have an Idea or Feature Request? 28 | 29 | * File a ticket on [GitHub](https://github.com/elastic/logstash/issues). Please remember that GitHub is used only for issues and feature requests. If you have a general question, the [forum](https://discuss.elastic.co/c/logstash) or IRC would be the best place to ask. 30 | 31 | ## Something Not Working? Found a Bug? 32 | 33 | If you think you found a bug, it probably is a bug. 34 | 35 | * If it is a general Logstash or a pipeline issue, file it in [Logstash GitHub](https://github.com/elasticsearch/logstash/issues) 36 | * If it is specific to a plugin, please file it in the respective repository under [logstash-plugins](https://github.com/logstash-plugins) 37 | * or ask the [forum](https://discuss.elastic.co/c/logstash). 38 | 39 | # Contributing Documentation and Code Changes 40 | 41 | If you have a bugfix or new feature that you would like to contribute to 42 | logstash, and you think it will take more than a few minutes to produce the fix 43 | (ie; write code), it is worth discussing the change with the Logstash users and developers first! You can reach us via [GitHub](https://github.com/elastic/logstash/issues), the [forum](https://discuss.elastic.co/c/logstash), or via IRC (#logstash on freenode irc) 44 | Please note that Pull Requests without tests will not be merged. If you would like to contribute but do not have experience with writing tests, please ping us on IRC/forum or create a PR and ask our help. 45 | 46 | ## Contributing to plugins 47 | 48 | Check our [documentation](https://www.elastic.co/guide/en/logstash/current/contributing-to-logstash.html) on how to contribute to plugins or write your own! It is super easy! 49 | 50 | ## Contribution Steps 51 | 52 | 1. Test your changes! [Run](https://github.com/elastic/logstash#testing) the test suite 53 | 2. Please make sure you have signed our [Contributor License 54 | Agreement](https://www.elastic.co/contributor-agreement/). We are not 55 | asking you to assign copyright to us, but to give us the right to distribute 56 | your code without restriction. We ask this of all contributors in order to 57 | assure our users of the origin and continuing existence of the code. You 58 | only need to sign the CLA once. 59 | 3. Send a pull request! Push your changes to your fork of the repository and 60 | [submit a pull 61 | request](https://help.github.com/articles/using-pull-requests). In the pull 62 | request, describe what your changes do and mention any bugs/issues related 63 | to the pull request. 64 | 65 | 66 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Logstash Plugin 2 | 3 | [![Travis Build Status](https://travis-ci.com/logstash-plugins/logstash-output-syslog.svg)](https://travis-ci.com/logstash-plugins/logstash-output-syslog) 4 | 5 | This is a plugin for [Logstash](https://github.com/elastic/logstash). 6 | 7 | It is fully free and fully open source. The license is Apache 2.0, meaning you are pretty much free to use it however you want in whatever way. 8 | 9 | ## Documentation 10 | 11 | Logstash provides infrastructure to automatically generate documentation for this plugin. We use the asciidoc format to write documentation so any comments in the source code will be first converted into asciidoc and then into html. All plugin documentation are placed under one [central location](http://www.elastic.co/guide/en/logstash/current/). 12 | 13 | - For formatting code or config example, you can use the asciidoc `[source,ruby]` directive 14 | - For more asciidoc formatting tips, see the excellent reference here https://github.com/elastic/docs#asciidoc-guide 15 | 16 | ## Need Help? 17 | 18 | Need help? Try #logstash on freenode IRC or the https://discuss.elastic.co/c/logstash discussion forum. 19 | 20 | ## Developing 21 | 22 | ### 1. Plugin Developement and Testing 23 | 24 | #### Code 25 | - To get started, you'll need JRuby with the Bundler gem installed. 26 | 27 | - Create a new plugin or clone and existing from the GitHub [logstash-plugins](https://github.com/logstash-plugins) organization. We also provide [example plugins](https://github.com/logstash-plugins?query=example). 28 | 29 | - Install dependencies 30 | ```sh 31 | bundle install 32 | ``` 33 | 34 | #### Test 35 | 36 | - Update your dependencies 37 | 38 | ```sh 39 | bundle install 40 | ``` 41 | 42 | - Run tests 43 | 44 | ```sh 45 | bundle exec rspec 46 | ``` 47 | 48 | ### 2. Running your unpublished Plugin in Logstash 49 | 50 | #### 2.1 Run in a local Logstash clone 51 | 52 | - Edit Logstash `Gemfile` and add the local plugin path, for example: 53 | ```ruby 54 | gem "logstash-filter-awesome", :path => "/your/local/logstash-filter-awesome" 55 | ``` 56 | - Install plugin 57 | ```sh 58 | # Logstash 2.3 and higher 59 | bin/logstash-plugin install --no-verify 60 | 61 | # Prior to Logstash 2.3 62 | bin/plugin install --no-verify 63 | 64 | ``` 65 | - Run Logstash with your plugin 66 | ```sh 67 | bin/logstash -e 'filter {awesome {}}' 68 | ``` 69 | At this point any modifications to the plugin code will be applied to this local Logstash setup. After modifying the plugin, simply rerun Logstash. 70 | 71 | #### 2.2 Run in an installed Logstash 72 | 73 | You can use the same **2.1** method to run your plugin in an installed Logstash by editing its `Gemfile` and pointing the `:path` to your local plugin development directory or you can build the gem and install it using: 74 | 75 | - Build your plugin gem 76 | ```sh 77 | gem build logstash-filter-awesome.gemspec 78 | ``` 79 | - Install the plugin from the Logstash home 80 | ```sh 81 | # Logstash 2.3 and higher 82 | bin/logstash-plugin install --no-verify 83 | 84 | # Prior to Logstash 2.3 85 | bin/plugin install --no-verify 86 | 87 | ``` 88 | - Start Logstash and proceed to test the plugin 89 | 90 | ## Contributing 91 | 92 | All contributions are welcome: ideas, patches, documentation, bug reports, complaints, and even something you drew up on a napkin. 93 | 94 | Programming is not a required skill. Whatever you've seen about open source and maintainers or community members saying "send patches or die" - you will not see that here. 95 | 96 | It is more important to the community that you are able to contribute. 97 | 98 | For more information about contributing, see the [CONTRIBUTING](https://github.com/elastic/logstash/blob/master/CONTRIBUTING.md) file. -------------------------------------------------------------------------------- /spec/outputs/syslog_tls_spec.rb: -------------------------------------------------------------------------------- 1 | # encoding: utf-8 2 | 3 | require "logstash/devutils/rspec/spec_helper" 4 | require "logstash/outputs/syslog" 5 | require "logstash/codecs/plain" 6 | require "json" 7 | 8 | describe LogStash::Outputs::Syslog do 9 | FIXTURES_PATH = File.expand_path("../fixtures", File.dirname(__FILE__)) 10 | 11 | subject do 12 | plugin = LogStash::Plugin.lookup("output", "syslog").new(options) 13 | plugin.register 14 | plugin 15 | end 16 | 17 | let(:port) do 18 | begin 19 | # Start high to better avoid common services 20 | port = rand(10000..65535) 21 | s = TCPServer.new("127.0.0.1", port) 22 | s.close 23 | 24 | port 25 | rescue Errno::EADDRINUSE 26 | retry 27 | end 28 | end 29 | 30 | let(:server) { TCPServer.new("127.0.0.1", port) } 31 | 32 | shared_examples "syslog output" do 33 | it "should write expected format" do 34 | Thread.start { sleep 0.25; subject.receive event } 35 | socket = secure_server.accept 36 | expect(socket.cipher).to eq(chosen_cipher) if defined?(chosen_cipher) 37 | expect(socket.ssl_version).to eq(chosen_tls_version) if defined?(chosen_tls_version) 38 | read = socket.sysread(100) 39 | expect(read.size).to be > 0 40 | expect(read).to match(output) 41 | end 42 | end 43 | 44 | context "connects with TLS" do 45 | let(:event) { LogStash::Event.new({ "message" => "foo bar", "host" => "baz" }) } 46 | let(:options) { { "host" => "localhost", "port" => port, "protocol" => "ssl-tcp", 47 | "ssl_cacert" => File.join(FIXTURES_PATH, "ca.pem"), 48 | "ssl_cert" => File.join(FIXTURES_PATH, "client.pem"), 49 | "ssl_key" => File.join(FIXTURES_PATH, "client-key.pem") } } 50 | # The output details are tested in syslog_spec.rb so simply check for message to be present. 51 | let(:output) { /foo bar/ } 52 | 53 | let(:secure_server) do 54 | # Create TLS server with given certificate and private key, and verify client certificate against CA. 55 | ssl_context = OpenSSL::SSL::SSLContext.new 56 | ssl_context.cert = OpenSSL::X509::Certificate.new(File.read(server_cert_file)) 57 | ssl_context.key = OpenSSL::PKey::read(File.read(server_pkey_file), nil) 58 | ssl_context.verify_mode = OpenSSL::SSL::VERIFY_PEER 59 | ssl_context.ciphers = "ALL" 60 | ssl_context.cert_store = OpenSSL::X509::Store.new 61 | ssl_context.cert_store.add_cert(OpenSSL::X509::Certificate.new(File.read(File.join(FIXTURES_PATH, "ca.pem")))) 62 | OpenSSL::SSL::SSLServer.new(server, ssl_context) 63 | end 64 | 65 | after(:each) do 66 | secure_server.close rescue nil 67 | end 68 | 69 | context "server with valid certificates" do 70 | let(:server_cert_file) { File.join(FIXTURES_PATH, "valid-server.pem") } 71 | let(:server_pkey_file) { File.join(FIXTURES_PATH, "valid-server-key.pem") } 72 | 73 | context "with SSL verification" do 74 | let(:options ) { super().merge("ssl_verify" => true) } 75 | 76 | it_behaves_like "syslog output" 77 | end 78 | 79 | context "with TLSv1.2" do 80 | let(:options ) { super().merge("ssl_supported_protocols" => ["TLSv1.2"]) } 81 | let(:chosen_tls_version) { "TLSv1.2" } 82 | 83 | it_behaves_like "syslog output" 84 | end 85 | 86 | context "with TLSv1.3" do 87 | let(:options ) { super().merge("ssl_supported_protocols" => ["TLSv1.3"]) } 88 | let(:chosen_tls_version) { "TLSv1.3" } 89 | 90 | it_behaves_like "syslog output" 91 | end 92 | 93 | context "with TLSv1.2 and TLSv1.3" do 94 | let(:options ) { super().merge("ssl_supported_protocols" => ["TLSv1.2", "TLSv1.3"]) } 95 | let(:chosen_tls_version) { "TLSv1.3" } 96 | 97 | it_behaves_like "syslog output" 98 | end 99 | 100 | context "with cipher suites" do 101 | let(:options ) { super().merge("ssl_cipher_suites" => ["TLS_CHACHA20_POLY1305_SHA256"]) } 102 | let(:chosen_cipher) { "TLS_CHACHA20_POLY1305_SHA256" } 103 | 104 | it_behaves_like "syslog output" 105 | end 106 | 107 | end 108 | 109 | context "server with untrusted certificates" do 110 | let(:server_cert_file) { File.join(FIXTURES_PATH, "untrusted-server.pem") } 111 | let(:server_pkey_file) { File.join(FIXTURES_PATH, "untrusted-server-key.pem") } 112 | 113 | context "ssl_verify disabled" do 114 | let(:options ) { super().merge("ssl_verify" => false) } 115 | 116 | it_behaves_like "syslog output" 117 | end 118 | 119 | context "ssl_verify enabled" do 120 | let(:options ) { super().merge("ssl_verify" => true) } 121 | 122 | it "should refuse to connect" do 123 | Thread.start { secure_server.accept rescue nil } 124 | expect(subject.logger).to receive(:error).with(/SSL Error/i, hash_including(exception: OpenSSL::SSL::SSLError)).once.and_throw :TEST_DONE 125 | expect { subject.receive event }.to throw_symbol(:TEST_DONE) 126 | end 127 | end 128 | 129 | end 130 | 131 | context "server with revoked certificates" do 132 | let(:options ) { super().merge("ssl_verify" => true, "ssl_crl" => File.join(FIXTURES_PATH, "ca-crl.pem")) } 133 | let(:server_cert_file) { File.join(FIXTURES_PATH, "revoked-server.pem") } 134 | let(:server_pkey_file) { File.join(FIXTURES_PATH, "revoked-server-key.pem") } 135 | 136 | it "syslog output refuses to connect" do 137 | Thread.start { secure_server.accept rescue nil } 138 | expect(subject.logger).to receive(:error).with(/SSL Error/i, hash_including(exception: OpenSSL::SSL::SSLError)).once.and_throw :TEST_DONE 139 | expect { subject.receive event }.to throw_symbol(:TEST_DONE) 140 | end 141 | end 142 | end 143 | 144 | context "read PEM" do 145 | let(:options) { { "host" => "localhost", "port" => port, "protocol" => "ssl-tcp", "ssl_verify" => true } } 146 | 147 | context "RSA certificate and private key" do 148 | let(:options ) { super().merge( 149 | "ssl_cert" => File.join(FIXTURES_PATH, "client.pem"), 150 | "ssl_key" => File.join(FIXTURES_PATH, "client-key.pem"), 151 | "ssl_cacert" => File.join(FIXTURES_PATH, "ca.pem"), 152 | "ssl_crl" => File.join(FIXTURES_PATH, "ca-crl.pem") 153 | ) } 154 | 155 | it "register succeeds" do 156 | expect { subject.register }.not_to raise_error 157 | end 158 | end 159 | 160 | context "EC certificate and private key" do 161 | let(:options ) { super().merge( 162 | "ssl_cert" => File.join(FIXTURES_PATH, "client-ec.pem"), 163 | "ssl_key" => File.join(FIXTURES_PATH, "client-ec-key.pem"), 164 | "ssl_cacert" => File.join(FIXTURES_PATH, "ca.pem"), 165 | "ssl_crl" => File.join(FIXTURES_PATH, "ca-crl.pem") 166 | ) } 167 | 168 | it "register succeeds" do 169 | expect { subject.register }.not_to raise_error 170 | end 171 | end 172 | 173 | context "invalid client certificate" do 174 | let(:options ) { super().merge( 175 | "ssl_cert" => File.join(FIXTURES_PATH, "invalid.pem"), 176 | "ssl_key" => File.join(FIXTURES_PATH, "client-key.pem"), 177 | "ssl_cacert" => File.join(FIXTURES_PATH, "ca.pem"), 178 | "ssl_crl" => File.join(FIXTURES_PATH, "ca-crl.pem") 179 | ) } 180 | 181 | it "register raises error" do 182 | expect { subject.register }.to raise_error(OpenSSL::X509::CertificateError, /malformed PEM data/) 183 | end 184 | end 185 | 186 | context "invalid client private key" do 187 | let(:options ) { super().merge( 188 | "ssl_cert" => File.join(FIXTURES_PATH, "client.pem"), 189 | "ssl_key" => File.join(FIXTURES_PATH, "invalid.pem"), 190 | "ssl_cacert" => File.join(FIXTURES_PATH, "ca.pem"), 191 | "ssl_crl" => File.join(FIXTURES_PATH, "ca-crl.pem") 192 | ) } 193 | 194 | it "register raises error" do 195 | expect { subject.register }.to raise_error(OpenSSL::PKey::PKeyError, /Could not parse PKey/) 196 | end 197 | end 198 | 199 | context "invalid CRL" do 200 | let(:options ) { super().merge( 201 | "ssl_cert" => File.join(FIXTURES_PATH, "client.pem"), 202 | "ssl_key" => File.join(FIXTURES_PATH, "client-key.pem"), 203 | "ssl_cacert" => File.join(FIXTURES_PATH, "ca.pem"), 204 | "ssl_crl" => File.join(FIXTURES_PATH, "invalid.pem") 205 | ) } 206 | 207 | it "register raises error" do 208 | expect { subject.register }.to raise_error(OpenSSL::X509::CRLError, /malformed PEM data/) 209 | end 210 | end 211 | 212 | end 213 | end 214 | -------------------------------------------------------------------------------- /spec/outputs/syslog_spec.rb: -------------------------------------------------------------------------------- 1 | # encoding: utf-8 2 | 3 | require "logstash/devutils/rspec/spec_helper" 4 | require "logstash/outputs/syslog" 5 | require "logstash/codecs/plain" 6 | require "json" 7 | 8 | describe LogStash::Outputs::Syslog do 9 | 10 | RFC3164_DATE_TIME_REGEX = "(Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec) (0[1-9]|[12][0-9]|3[01]) ([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)" 11 | RFC3339_DATE_TIME_REGEX = "([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\.[0-9]{3})?([Zz]|([+-]([01][0-9]|2[0-3]):[0-5][0-9]))" 12 | 13 | it "should register without errors" do 14 | plugin = LogStash::Plugin.lookup("output", "syslog").new({"host" => "foo", "port" => "123", "facility" => "kernel", "severity" => "emergency"}) 15 | expect { plugin.register }.to_not raise_error 16 | end 17 | 18 | subject do 19 | plugin = LogStash::Plugin.lookup("output", "syslog").new(options) 20 | plugin.register 21 | plugin 22 | end 23 | 24 | let(:socket) { double("fake socket") } 25 | let(:event) { LogStash::Event.new({"message" => "bar", "host" => "baz"}) } 26 | 27 | shared_examples "syslog output" do 28 | it "should write expected format" do 29 | expect(subject).to receive(:connect).and_return(socket) 30 | expect(socket).to receive(:write).with(output) 31 | subject.receive(event) 32 | end 33 | end 34 | 35 | context "rfc 3164 and udp by default" do 36 | let(:options) { {"host" => "foo", "port" => "123", "facility" => "kernel", "severity" => "emergency"} } 37 | let(:output) { /^<0>#{RFC3164_DATE_TIME_REGEX} baz LOGSTASH\[-\]: bar\n/m } 38 | 39 | it_behaves_like "syslog output" 40 | end 41 | 42 | context "rfc 5424 and tcp" do 43 | let(:options) { {"rfc" => "rfc5424", "protocol" => "tcp", "host" => "foo", "port" => "123", "facility" => "kernel", "severity" => "emergency"} } 44 | let(:output) { /^<0>1 #{RFC3339_DATE_TIME_REGEX} baz LOGSTASH - - - bar\n/m } 45 | 46 | it_behaves_like "syslog output" 47 | end 48 | 49 | context "calculate priority" do 50 | let(:options) { {"host" => "foo", "port" => "123", "facility" => "mail", "severity" => "critical"} } 51 | let(:output) { /^<18>#{RFC3164_DATE_TIME_REGEX} baz LOGSTASH\[-\]: bar\n/m } 52 | 53 | it_behaves_like "syslog output" 54 | end 55 | 56 | context "sprintf rfc 3164" do 57 | let(:event) { LogStash::Event.new({"message" => "bar", "host" => "baz", "facility" => "mail", "severity" => "critical", "appname" => "appname", "procid" => "1000" }) } 58 | let(:options) { {"host" => "foo", "port" => "123", "facility" => "%{facility}", "severity" => "%{severity}", "appname" => "%{appname}", "procid" => "%{procid}"} } 59 | let(:output) { /^<18>#{RFC3164_DATE_TIME_REGEX} baz appname\[1000\]: bar\n/m } 60 | 61 | it_behaves_like "syslog output" 62 | end 63 | 64 | context "sprintf rfc 5424" do 65 | let(:event) { LogStash::Event.new({"message" => "bar", "host" => "baz", "facility" => "mail", "severity" => "critical", "appname" => "appname", "procid" => "1000", "msgid" => "2000" }) } 66 | let(:options) { {"rfc" => "rfc5424", "host" => "foo", "port" => "123", "facility" => "%{facility}", "severity" => "%{severity}", "appname" => "%{appname}", "procid" => "%{procid}", "msgid" => "%{msgid}"} } 67 | let(:output) { /^<18>1 #{RFC3339_DATE_TIME_REGEX} baz appname 1000 2000 - bar\n/m } 68 | 69 | it_behaves_like "syslog output" 70 | end 71 | 72 | context "use_labels == false, default" do 73 | let(:event) { LogStash::Event.new({"message" => "bar", "host" => "baz" }) } 74 | let(:options) { {"use_labels" => false, "host" => "foo", "port" => "123" } } 75 | let(:output) { /^<13>#{RFC3164_DATE_TIME_REGEX} baz LOGSTASH\[-\]: bar\n/m } 76 | 77 | it_behaves_like "syslog output" 78 | end 79 | 80 | context "use_labels == false, syslog_pri" do 81 | let(:event) { LogStash::Event.new({"message" => "bar", "host" => "baz", "syslog_pri" => "18" }) } 82 | let(:options) { {"use_labels" => false, "host" => "foo", "port" => "123" } } 83 | let(:output) { /^<18>#{RFC3164_DATE_TIME_REGEX} baz LOGSTASH\[-\]: bar\n/m } 84 | 85 | it_behaves_like "syslog output" 86 | end 87 | 88 | context "use_labels == false, sprintf" do 89 | let(:event) { LogStash::Event.new({"message" => "bar", "host" => "baz", "priority" => "18" }) } 90 | let(:options) { {"use_labels" => false, "host" => "foo", "port" => "123", "priority" => "%{priority}" } } 91 | let(:output) { /^<18>#{RFC3164_DATE_TIME_REGEX} baz LOGSTASH\[-\]: bar\n/m } 92 | 93 | it_behaves_like "syslog output" 94 | end 95 | 96 | context "use plain codec with format set" do 97 | let(:plain) { LogStash::Codecs::Plain.new({"format" => "%{host} %{message}"}) } 98 | let(:options) { {"host" => "foo", "port" => "123", "facility" => "kernel", "severity" => "emergency", "codec" => plain} } 99 | let(:output) { /^<0>#{RFC3164_DATE_TIME_REGEX} baz LOGSTASH\[-\]: baz bar\n/m } 100 | 101 | it_behaves_like "syslog output" 102 | end 103 | 104 | context "use codec json" do 105 | let(:options) { {"host" => "foo", "port" => "123", "facility" => "kernel", "severity" => "emergency", "codec" => "json" } } 106 | 107 | it "should write event encoded with json codec" do 108 | expect(subject).to receive(:connect).and_return(socket) 109 | expect(socket).to receive(:write) do |arg| 110 | message = arg[/^<0>#{RFC3164_DATE_TIME_REGEX} baz LOGSTASH\[-\]: (.*)/, 1] 111 | expect(message).not_to be_nil 112 | message_json = JSON.parse(message) 113 | expect(message_json).to include("@timestamp") 114 | expect(message_json).to include("host" => "baz") 115 | expect(message_json).to include("@version" => "1") 116 | expect(message_json).to include("message" => "bar") 117 | end 118 | subject.receive(event) 119 | end 120 | end 121 | 122 | context "escape carriage return, newline and newline to \\n" do 123 | let(:options) { {"host" => "foo", "port" => "123", "facility" => "kernel", "severity" => "emergency", "message" => "foo\r\nbar\nbaz" } } 124 | let(:output) { /^<0>#{RFC3164_DATE_TIME_REGEX} baz LOGSTASH\[-\]: foo\\nbar\\nbaz\n/m } 125 | 126 | it_behaves_like "syslog output" 127 | end 128 | 129 | context "tailing newline" do 130 | let(:options) { {"host" => "foo", "port" => "123", "facility" => "kernel", "severity" => "emergency", "message" => "%{message}\n" } } 131 | let(:output) { /^<0>#{RFC3164_DATE_TIME_REGEX} baz LOGSTASH\[-\]: bar\n/m } 132 | 133 | it_behaves_like "syslog output" 134 | end 135 | 136 | context "tailing carriage return and newline (windows)" do 137 | let(:options) { {"host" => "foo", "port" => "123", "facility" => "kernel", "severity" => "emergency", "message" => "%{message}\n" } } 138 | let(:output) { /^<0>#{RFC3164_DATE_TIME_REGEX} baz LOGSTASH\[-\]: bar\n/m } 139 | 140 | it_behaves_like "syslog output" 141 | end 142 | 143 | context "structured data is not supported for RFC3164" do 144 | let(:options) { {"host" => "foo", "port" => "123", "rfc" => "rfc3164", "structured_data" => "[foo@12345]" } } 145 | 146 | it "should raise exception" do 147 | expect { subject.register }.to raise_error(LogStash::ConfigurationError) 148 | end 149 | end 150 | 151 | context "send with both structured data and message" do 152 | let(:options) { {"host" => "foo", "port" => "123", "rfc" => "rfc5424", "structured_data" => '[exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"][examplePriority@32473 class="high"]' } } 153 | let(:output) { /^<13>1 #{RFC3339_DATE_TIME_REGEX} baz LOGSTASH - - \[exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"\]\[examplePriority@32473 class="high"\] bar\n/m } 154 | 155 | it_behaves_like "syslog output" 156 | end 157 | 158 | context "set structured data elements from event" do 159 | let(:event) { LogStash::Event.new({"message" => "bar", "host" => "baz", "pod" => "mypod" }) } 160 | let(:options) { {"host" => "foo", "port" => "123", "rfc" => "rfc5424", "structured_data" => '[exampleSDID@32473 pod="%{pod}"]' } } 161 | let(:output) { /^<13>1 #{RFC3339_DATE_TIME_REGEX} baz LOGSTASH - - \[exampleSDID@32473 pod="mypod"\] bar\n/m } 162 | 163 | it_behaves_like "syslog output" 164 | end 165 | 166 | context "tcp protocol with unused ssl settings" do 167 | let(:options) { {"protocol" => "tcp", "host" => "foo", "port" => "123", "ssl_cacert" => File.join(File.expand_path("../fixtures", File.dirname(__FILE__)), "ca.pem") } } 168 | 169 | it "logs a warning about unused ssl settings" do 170 | plugin = LogStash::Plugin.lookup("output", "syslog").new(options) 171 | expect(plugin.logger).to receive(:warn).with(a_string_matching(/Configured SSL settings are not used/)).once 172 | plugin.register 173 | end 174 | end 175 | 176 | end 177 | -------------------------------------------------------------------------------- /lib/logstash/outputs/syslog.rb: -------------------------------------------------------------------------------- 1 | # encoding: utf-8 2 | require "logstash/outputs/base" 3 | require "logstash/namespace" 4 | require "date" 5 | require "logstash/codecs/plain" 6 | 7 | 8 | # Send events to a syslog server. 9 | # 10 | # You can send messages compliant with RFC3164 or RFC5424 11 | # using either UDP or TCP as the transport protocol. 12 | # 13 | # By default the contents of the `message` field will be shipped as 14 | # the free-form message text part of the emitted syslog message. If 15 | # your messages don't have a `message` field or if you for some other 16 | # reason want to change the emitted message, modify the `message` 17 | # configuration option. 18 | class LogStash::Outputs::Syslog < LogStash::Outputs::Base 19 | config_name "syslog" 20 | 21 | FACILITY_LABELS = [ 22 | "kernel", 23 | "user-level", 24 | "mail", 25 | "daemon", 26 | "security/authorization", 27 | "syslogd", 28 | "line printer", 29 | "network news", 30 | "uucp", 31 | "clock", 32 | "ftp", 33 | "ntp", 34 | "log audit", 35 | "log alert", 36 | "local0", 37 | "local1", 38 | "local2", 39 | "local3", 40 | "local4", 41 | "local5", 42 | "local6", 43 | "local7", 44 | ] 45 | 46 | SEVERITY_LABELS = [ 47 | "emergency", 48 | "alert", 49 | "critical", 50 | "error", 51 | "warning", 52 | "notice", 53 | "informational", 54 | "debug", 55 | ] 56 | 57 | CRL_END_TAG = "\n-----END X509 CRL-----\n" 58 | 59 | # syslog server address to connect to 60 | config :host, :validate => :string, :required => true 61 | 62 | # syslog server port to connect to 63 | config :port, :validate => :number, :required => true 64 | 65 | # when connection fails, retry interval in sec. 66 | config :reconnect_interval, :validate => :number, :default => 1 67 | 68 | # syslog server protocol. you can choose between udp, tcp and ssl/tls over tcp 69 | config :protocol, :validate => ["tcp", "udp", "ssl-tcp"], :default => "udp" 70 | 71 | # Verify the identity of the other end of the SSL connection against the CA. 72 | config :ssl_verify, :validate => :boolean, :default => false 73 | 74 | # The SSL CA certificate, chainfile or CA path. The system CA path is automatically included. 75 | config :ssl_cacert, :validate => :path 76 | 77 | # SSL certificate path 78 | config :ssl_cert, :validate => :path 79 | 80 | # SSL key path 81 | config :ssl_key, :validate => :path 82 | 83 | # SSL key passphrase 84 | config :ssl_key_passphrase, :validate => :password, :default => nil 85 | 86 | # CRL file or bundle of CRLs 87 | config :ssl_crl, :validate => :path 88 | 89 | # Check CRL for only leaf certificate (false) or require CRL check for the complete chain (true) 90 | config :ssl_crl_check_all, :validate => :boolean, :default => false 91 | 92 | # The list of cipher suites to use, listed by priorities. 93 | # Supported cipher suites vary depending on which version of Java is used. 94 | config :ssl_cipher_suites, :validate => :string, :list => true 95 | 96 | # NOTE: not setting this param uses Java SSL engine defaults. 97 | config :ssl_supported_protocols, :validate => ['TLSv1.1', 'TLSv1.2', 'TLSv1.3'], :list => true 98 | 99 | # use label parsing for severity and facility levels 100 | # use priority field if set to false 101 | config :use_labels, :validate => :boolean, :default => true 102 | 103 | # syslog priority 104 | # The new value can include `%{foo}` strings 105 | # to help you build a new value from other parts of the event. 106 | config :priority, :validate => :string, :default => "%{syslog_pri}" 107 | 108 | # facility label for syslog message 109 | # default fallback to user-level as in rfc3164 110 | # The new value can include `%{foo}` strings 111 | # to help you build a new value from other parts of the event. 112 | config :facility, :validate => :string, :default => "user-level" 113 | 114 | # severity label for syslog message 115 | # default fallback to notice as in rfc3164 116 | # The new value can include `%{foo}` strings 117 | # to help you build a new value from other parts of the event. 118 | config :severity, :validate => :string, :default => "notice" 119 | 120 | # source host for syslog message. The new value can include `%{foo}` strings 121 | # to help you build a new value from other parts of the event. 122 | config :sourcehost, :validate => :string, :default => "%{host}" 123 | 124 | # application name for syslog message. The new value can include `%{foo}` strings 125 | # to help you build a new value from other parts of the event. 126 | config :appname, :validate => :string, :default => "LOGSTASH" 127 | 128 | # process id for syslog message. The new value can include `%{foo}` strings 129 | # to help you build a new value from other parts of the event. 130 | config :procid, :validate => :string, :default => "-" 131 | 132 | # message text to log. The new value can include `%{foo}` strings 133 | # to help you build a new value from other parts of the event. 134 | config :message, :validate => :string, :default => "%{message}" 135 | 136 | # message id for syslog message. The new value can include `%{foo}` strings 137 | # to help you build a new value from other parts of the event. 138 | config :msgid, :validate => :string, :default => "-" 139 | 140 | # syslog message format: you can choose between rfc3164 or rfc5424 141 | config :rfc, :validate => ["rfc3164", "rfc5424"], :default => "rfc3164" 142 | 143 | # RFC5424 structured data. 144 | config :structured_data, :validate => :string, :default => "" 145 | 146 | def register 147 | @client_socket = nil 148 | 149 | if ssl? 150 | @ssl_context = setup_ssl 151 | else 152 | # Check if any SSL settings were provided when not using SSL. 153 | ssl_config_provided = original_params.select { |k| k.start_with?("ssl_") } 154 | if ssl_config_provided.any? 155 | @logger.warn("Configured SSL settings are not used when `protocol` is set to '#{@protocol}': #{ssl_config_provided.keys}") 156 | end 157 | end 158 | 159 | if @codec.class.name == "LogStash::Codecs::Plain" 160 | if @codec.config["format"].nil? 161 | @codec = LogStash::Codecs::Plain.new({"format" => @message}) 162 | end 163 | end 164 | @codec.on_event(&method(:publish)) 165 | 166 | # use instance variable to avoid string comparison for each event 167 | @is_rfc3164 = (@rfc == "rfc3164") 168 | 169 | if @is_rfc3164 && !@structured_data.empty? 170 | raise LogStash::ConfigurationError, "Structured data is not supported for RFC3164" 171 | end 172 | 173 | end 174 | 175 | def receive(event) 176 | @codec.encode(event) 177 | end 178 | 179 | def publish(event, payload) 180 | appname = event.sprintf(@appname) 181 | procid = event.sprintf(@procid) 182 | sourcehost = event.sprintf(@sourcehost) 183 | 184 | message = payload.to_s.rstrip.gsub(/[\r][\n]/, "\n").gsub(/[\n]/, '\n') 185 | 186 | # fallback to pri 13 (facility 1, severity 5) 187 | if @use_labels 188 | facility_code = (FACILITY_LABELS.index(event.sprintf(@facility)) || 1) 189 | severity_code = (SEVERITY_LABELS.index(event.sprintf(@severity)) || 5) 190 | priority = (facility_code * 8) + severity_code 191 | else 192 | priority = Integer(event.sprintf(@priority)) rescue 13 193 | priority = 13 if (priority < 0 || priority > 191) 194 | end 195 | 196 | if @is_rfc3164 197 | timestamp = event.sprintf("%{+MMM dd HH:mm:ss}") 198 | syslog_msg = "<#{priority.to_s}>#{timestamp} #{sourcehost} #{appname}[#{procid}]: #{message}" 199 | else 200 | msgid = event.sprintf(@msgid) 201 | sd = @structured_data.empty? ? "-" : event.sprintf(@structured_data) 202 | timestamp = event.sprintf("%{+YYYY-MM-dd'T'HH:mm:ss.SSSZZ}") 203 | syslog_msg = "<#{priority.to_s}>1 #{timestamp} #{sourcehost} #{appname} #{procid} #{msgid} #{sd} #{message}" 204 | end 205 | 206 | begin 207 | @client_socket ||= connect 208 | @client_socket.write(syslog_msg + "\n") 209 | rescue => e 210 | # We don't expect udp connections to fail because they are stateless, but ... 211 | # udp connections may fail/raise an exception if used with localhost/127.0.0.1 212 | return if udp? 213 | 214 | @logger.warn("syslog " + @protocol + " output exception: closing, reconnecting and resending event", :host => @host, :port => @port, :exception => e, :backtrace => e.backtrace, :event => event) 215 | @client_socket.close rescue nil 216 | @client_socket = nil 217 | 218 | sleep(@reconnect_interval) 219 | retry 220 | end 221 | end 222 | 223 | private 224 | 225 | def udp? 226 | @protocol == "udp" 227 | end 228 | 229 | def ssl? 230 | @protocol == "ssl-tcp" 231 | end 232 | 233 | def connect 234 | socket = nil 235 | if udp? 236 | socket = UDPSocket.new 237 | socket.connect(@host, @port) 238 | else 239 | socket = TCPSocket.new(@host, @port) 240 | if ssl? 241 | socket = OpenSSL::SSL::SSLSocket.new(socket, @ssl_context) 242 | # Use SNI extension 243 | socket.hostname = @host 244 | begin 245 | socket.connect 246 | rescue OpenSSL::SSL::SSLError => ssle 247 | @logger.error("SSL Error", :exception => ssle, 248 | :backtrace => ssle.backtrace) 249 | # NOTE(mrichar1): Hack to prevent hammering peer 250 | sleep(5) 251 | raise 252 | end 253 | end 254 | end 255 | socket 256 | end 257 | 258 | def setup_ssl 259 | require "openssl" 260 | ssl_context = OpenSSL::SSL::SSLContext.new 261 | ssl_context.cert = OpenSSL::X509::Certificate.new(File.read(@ssl_cert)) 262 | ssl_context.key = OpenSSL::PKey::read(File.read(@ssl_key),@ssl_key_passphrase) 263 | ssl_context.ciphers = @ssl_cipher_suites if @ssl_cipher_suites&.any? 264 | if @ssl_verify 265 | cert_store = OpenSSL::X509::Store.new 266 | # Load the system default certificate path to the store 267 | cert_store.set_default_paths 268 | if File.directory?(@ssl_cacert) 269 | cert_store.add_path(@ssl_cacert) 270 | else 271 | cert_store.add_file(@ssl_cacert) 272 | end 273 | if @ssl_crl 274 | # copy the behavior of X509_load_crl_file() which supports loading bundles of CRLs. 275 | File.read(@ssl_crl).split(CRL_END_TAG).each do |crl| 276 | crl << CRL_END_TAG 277 | cert_store.add_crl(OpenSSL::X509::CRL.new(crl)) 278 | end 279 | cert_store.flags = @ssl_crl_check_all ? OpenSSL::X509::V_FLAG_CRL_CHECK|OpenSSL::X509::V_FLAG_CRL_CHECK_ALL : OpenSSL::X509::V_FLAG_CRL_CHECK 280 | end 281 | ssl_context.cert_store = cert_store 282 | ssl_context.verify_mode = OpenSSL::SSL::VERIFY_PEER|OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT 283 | end 284 | 285 | ssl_context.min_version = :TLS1_1 # not strictly required - JVM should have disabled TLSv1 286 | if @ssl_supported_protocols && @ssl_supported_protocols.any? 287 | disabled_protocols = ['TLSv1.1', 'TLSv1.2', 'TLSv1.3'] - @ssl_supported_protocols 288 | # mapping 'TLSv1.2' -> OpenSSL::SSL::OP_NO_TLSv1_2 289 | disabled_protocols.map! { |v| OpenSSL::SSL.const_get "OP_NO_#{v.sub('.', '_')}" } 290 | ssl_context.options = disabled_protocols.reduce(ssl_context.options, :|) 291 | end 292 | 293 | ssl_context 294 | end 295 | end 296 | -------------------------------------------------------------------------------- /docs/index.asciidoc: -------------------------------------------------------------------------------- 1 | :plugin: syslog 2 | :type: output 3 | :default_codec: plain 4 | 5 | /////////////////////////////////////////// 6 | START - GENERATED VARIABLES, DO NOT EDIT! 7 | /////////////////////////////////////////// 8 | :version: %VERSION% 9 | :release_date: %RELEASE_DATE% 10 | :changelog_url: %CHANGELOG_URL% 11 | :include_path: ../../../../logstash/docs/include 12 | /////////////////////////////////////////// 13 | END - GENERATED VARIABLES, DO NOT EDIT! 14 | /////////////////////////////////////////// 15 | 16 | [id="plugins-{type}s-{plugin}"] 17 | 18 | === Syslog output plugin 19 | 20 | include::{include_path}/plugin_header.asciidoc[] 21 | 22 | ==== Description 23 | 24 | Send events to a syslog server. 25 | 26 | You can send messages compliant with RFC3164 or RFC5424 27 | using either UDP or TCP as the transport protocol. 28 | 29 | By default the contents of the `message` field will be shipped as 30 | the free-form message text part of the emitted syslog message. If 31 | your messages don't have a `message` field or if you for some other 32 | reason want to change the emitted message, modify the `message` 33 | configuration option. 34 | 35 | [id="plugins-{type}s-{plugin}-options"] 36 | ==== Syslog Output Configuration Options 37 | 38 | This plugin supports the following configuration options plus the <> described later. 39 | 40 | [cols="<,<,<",options="header",] 41 | |======================================================================= 42 | |Setting |Input type|Required 43 | | <> |<>|No 44 | | <> |<>|No 45 | | <> |<>|Yes 46 | | <> |<>|No 47 | | <> |<>|No 48 | | <> |<>|Yes 49 | | <> |<>|No 50 | | <> |<>|No 51 | | <> |<>, one of `["tcp", "udp", "ssl-tcp"]`|No 52 | | <> |<>|No 53 | | <> |<>, one of `["rfc3164", "rfc5424"]`|No 54 | | <> |<>|No 55 | | <> |<>|No 56 | | <> |a valid filesystem path|No 57 | | <> |a valid filesystem path|No 58 | | <> |a valid filesystem path|No 59 | | <> |<>|No 60 | | <> |<>|No 61 | | <> |a valid filesystem path|No 62 | | <> |<>|No 63 | | <> |<>|No 64 | | <> |<>|No 65 | | <> |<>|No 66 | | <> |<>|No 67 | |======================================================================= 68 | 69 | Also see <> for a list of options supported by all 70 | output plugins. 71 | 72 |   73 | 74 | [id="plugins-{type}s-{plugin}-appname"] 75 | ===== `appname` 76 | 77 | * Value type is <> 78 | * Default value is `"LOGSTASH"` 79 | 80 | application name for syslog message. The new value can include `%{foo}` strings 81 | to help you build a new value from other parts of the event. 82 | 83 | [id="plugins-{type}s-{plugin}-facility"] 84 | ===== `facility` 85 | 86 | * Value type is <> 87 | * Default value is `"user-level"` 88 | 89 | facility label for syslog message 90 | default fallback to user-level as in rfc3164 91 | The new value can include `%{foo}` strings 92 | to help you build a new value from other parts of the event. 93 | 94 | [id="plugins-{type}s-{plugin}-host"] 95 | ===== `host` 96 | 97 | * This is a required setting. 98 | * Value type is <> 99 | * There is no default value for this setting. 100 | 101 | syslog server address to connect to 102 | 103 | [id="plugins-{type}s-{plugin}-message"] 104 | ===== `message` 105 | 106 | * Value type is <> 107 | * Default value is `"%{message}"` 108 | 109 | message text to log. The new value can include `%{foo}` strings 110 | to help you build a new value from other parts of the event. 111 | 112 | [id="plugins-{type}s-{plugin}-msgid"] 113 | ===== `msgid` 114 | 115 | * Value type is <> 116 | * Default value is `"-"` 117 | 118 | message id for syslog message. The new value can include `%{foo}` strings 119 | to help you build a new value from other parts of the event. 120 | 121 | [id="plugins-{type}s-{plugin}-port"] 122 | ===== `port` 123 | 124 | * This is a required setting. 125 | * Value type is <> 126 | * There is no default value for this setting. 127 | 128 | syslog server port to connect to 129 | 130 | [id="plugins-{type}s-{plugin}-priority"] 131 | ===== `priority` 132 | 133 | * Value type is <> 134 | * Default value is `"%{syslog_pri}"` 135 | 136 | syslog priority 137 | The new value can include `%{foo}` strings 138 | to help you build a new value from other parts of the event. 139 | 140 | [id="plugins-{type}s-{plugin}-procid"] 141 | ===== `procid` 142 | 143 | * Value type is <> 144 | * Default value is `"-"` 145 | 146 | process id for syslog message. The new value can include `%{foo}` strings 147 | to help you build a new value from other parts of the event. 148 | 149 | [id="plugins-{type}s-{plugin}-protocol"] 150 | ===== `protocol` 151 | 152 | * Value can be any of: `tcp`, `udp`, `ssl-tcp` 153 | * Default value is `"udp"` 154 | 155 | syslog server protocol. you can choose between udp, tcp and ssl/tls over tcp 156 | 157 | [id="plugins-{type}s-{plugin}-reconnect_interval"] 158 | ===== `reconnect_interval` 159 | 160 | * Value type is <> 161 | * Default value is `1` 162 | 163 | when connection fails, retry interval in sec. 164 | 165 | [id="plugins-{type}s-{plugin}-rfc"] 166 | ===== `rfc` 167 | 168 | * Value can be any of: `rfc3164`, `rfc5424` 169 | * Default value is `"rfc3164"` 170 | 171 | syslog message format: you can choose between rfc3164 or rfc5424 172 | 173 | [id="plugins-{type}s-{plugin}-severity"] 174 | ===== `severity` 175 | 176 | * Value type is <> 177 | * Default value is `"notice"` 178 | 179 | severity label for syslog message 180 | default fallback to notice as in rfc3164 181 | The new value can include `%{foo}` strings 182 | to help you build a new value from other parts of the event. 183 | 184 | [id="plugins-{type}s-{plugin}-sourcehost"] 185 | ===== `sourcehost` 186 | 187 | * Value type is <> 188 | * Default value is `"%{host}"` 189 | 190 | source host for syslog message. The new value can include `%{foo}` strings 191 | to help you build a new value from other parts of the event. 192 | 193 | [id="plugins-{type}s-{plugin}-ssl_cacert"] 194 | ===== `ssl_cacert` 195 | 196 | * Value type is <> 197 | * There is no default value for this setting. 198 | 199 | The SSL CA certificate, chainfile or CA path. The system CA path is automatically included. 200 | 201 | [id="plugins-{type}s-{plugin}-ssl_cert"] 202 | ===== `ssl_cert` 203 | 204 | * Value type is <> 205 | * There is no default value for this setting. 206 | 207 | SSL certificate path 208 | 209 | [id="plugins-{type}s-{plugin}-ssl_key"] 210 | ===== `ssl_key` 211 | 212 | * Value type is <> 213 | * There is no default value for this setting. 214 | 215 | SSL key path 216 | 217 | [id="plugins-{type}s-{plugin}-ssl_key_passphrase"] 218 | ===== `ssl_key_passphrase` 219 | 220 | * Value type is <> 221 | * Default value is `nil` 222 | 223 | SSL key passphrase 224 | 225 | [id="plugins-{type}s-{plugin}-ssl_verify"] 226 | ===== `ssl_verify` 227 | 228 | * Value type is <> 229 | * Default value is `false` 230 | 231 | Verify the identity of the other end of the SSL connection against the CA. 232 | 233 | [id="plugins-{type}s-{plugin}-ssl_crl"] 234 | ===== `ssl_crl` 235 | 236 | * Value type is <> 237 | * There is no default value for this setting. 238 | 239 | SSL CRL path for checking the revocation status of the server certificate. 240 | File may contain one or more PEM encoded CRLs. 241 | 242 | [id="plugins-{type}s-{plugin}-ssl_crl_check_all"] 243 | ===== `ssl_crl_check_all` 244 | 245 | * Value type is <> 246 | * Default value is `false` 247 | 248 | If this option is set to false, only the certificate at the end of the certificate chain will be subject to validation by CRL. 249 | If set to true the complete chain is validated. CRLs must be available from all CAs. 250 | 251 | [id="plugins-{type}s-{plugin}-ssl_cipher_suites"] 252 | ===== `ssl_cipher_suites` 253 | 254 | * Value type is <> 255 | * There is no default value for this setting 256 | 257 | The list of cipher suites to use, listed by priorities. 258 | Supported cipher suites vary depending on the Java and protocol versions. 259 | 260 | [id="plugins-{type}s-{plugin}-ssl_supported_protocols"] 261 | ===== `ssl_supported_protocols` 262 | 263 | * Value type is <> 264 | * Allowed values are: `'TLSv1.1'`, `'TLSv1.2'`, `'TLSv1.3'` 265 | * Default depends on the JDK being used. With up-to-date Logstash, the default is `['TLSv1.2', 'TLSv1.3']`. 266 | `'TLSv1.1'` is not considered secure and is only provided for legacy applications. 267 | 268 | List of allowed SSL/TLS versions to use when establishing a connection to the HTTP endpoint. 269 | 270 | For Java 8 `'TLSv1.3'` is supported only since **8u262** (Adoptium.net), but requires that you set the 271 | `LS_JAVA_OPTS="-Djdk.tls.client.protocols=TLSv1.3"` system property in Logstash. 272 | 273 | NOTE: If you configure the plugin to use `'TLSv1.1'` on any recent JVM, such as the one packaged with Logstash, 274 | the protocol is disabled by default and needs to be enabled manually by changing `jdk.tls.disabledAlgorithms` in 275 | the *$JDK_HOME/conf/security/java.security* configuration file. That is, `TLSv1.1` needs to be removed from the list. 276 | 277 | [id="plugins-{type}s-{plugin}-use_labels"] 278 | ===== `use_labels` 279 | 280 | * Value type is <> 281 | * Default value is `true` 282 | 283 | use label parsing for severity and facility levels 284 | use priority field if set to false 285 | 286 | [id="plugins-{type}s-{plugin}-structured_data"] 287 | ===== `structured_data` 288 | 289 | * Value type is <> 290 | * There is no default value for this setting. 291 | 292 | RFC5424 structured data is a string of one or more structured data elements, including brackets. 293 | The elements need to be formatted according to link:https://datatracker.ietf.org/doc/html/rfc5424#section-6.3[RFC5424 section 6.3], for example: 294 | 295 | ["source",subs="attributes"] 296 | `[exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"][examplePriority@32473 class="high"]` 297 | 298 | The new value can include `%{foo}` strings to help you build a new value from other parts of the event. 299 | 300 | [id="plugins-{type}s-{plugin}-common-options"] 301 | include::{include_path}/{type}.asciidoc[] 302 | 303 | :default_codec!: 304 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | 2 | Apache License 3 | Version 2.0, January 2004 4 | http://www.apache.org/licenses/ 5 | 6 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 7 | 8 | 1. Definitions. 9 | 10 | "License" shall mean the terms and conditions for use, reproduction, 11 | and distribution as defined by Sections 1 through 9 of this document. 12 | 13 | "Licensor" shall mean the copyright owner or entity authorized by 14 | the copyright owner that is granting the License. 15 | 16 | "Legal Entity" shall mean the union of the acting entity and all 17 | other entities that control, are controlled by, or are under common 18 | control with that entity. For the purposes of this definition, 19 | "control" means (i) the power, direct or indirect, to cause the 20 | direction or management of such entity, whether by contract or 21 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 22 | outstanding shares, or (iii) beneficial ownership of such entity. 23 | 24 | "You" (or "Your") shall mean an individual or Legal Entity 25 | exercising permissions granted by this License. 26 | 27 | "Source" form shall mean the preferred form for making modifications, 28 | including but not limited to software source code, documentation 29 | source, and configuration files. 30 | 31 | "Object" form shall mean any form resulting from mechanical 32 | transformation or translation of a Source form, including but 33 | not limited to compiled object code, generated documentation, 34 | and conversions to other media types. 35 | 36 | "Work" shall mean the work of authorship, whether in Source or 37 | Object form, made available under the License, as indicated by a 38 | copyright notice that is included in or attached to the work 39 | (an example is provided in the Appendix below). 40 | 41 | "Derivative Works" shall mean any work, whether in Source or Object 42 | form, that is based on (or derived from) the Work and for which the 43 | editorial revisions, annotations, elaborations, or other modifications 44 | represent, as a whole, an original work of authorship. For the purposes 45 | of this License, Derivative Works shall not include works that remain 46 | separable from, or merely link (or bind by name) to the interfaces of, 47 | the Work and Derivative Works thereof. 48 | 49 | "Contribution" shall mean any work of authorship, including 50 | the original version of the Work and any modifications or additions 51 | to that Work or Derivative Works thereof, that is intentionally 52 | submitted to Licensor for inclusion in the Work by the copyright owner 53 | or by an individual or Legal Entity authorized to submit on behalf of 54 | the copyright owner. For the purposes of this definition, "submitted" 55 | means any form of electronic, verbal, or written communication sent 56 | to the Licensor or its representatives, including but not limited to 57 | communication on electronic mailing lists, source code control systems, 58 | and issue tracking systems that are managed by, or on behalf of, the 59 | Licensor for the purpose of discussing and improving the Work, but 60 | excluding communication that is conspicuously marked or otherwise 61 | designated in writing by the copyright owner as "Not a Contribution." 62 | 63 | "Contributor" shall mean Licensor and any individual or Legal Entity 64 | on behalf of whom a Contribution has been received by Licensor and 65 | subsequently incorporated within the Work. 66 | 67 | 2. Grant of Copyright License. Subject to the terms and conditions of 68 | this License, each Contributor hereby grants to You a perpetual, 69 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 70 | copyright license to reproduce, prepare Derivative Works of, 71 | publicly display, publicly perform, sublicense, and distribute the 72 | Work and such Derivative Works in Source or Object form. 73 | 74 | 3. Grant of Patent License. Subject to the terms and conditions of 75 | this License, each Contributor hereby grants to You a perpetual, 76 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 77 | (except as stated in this section) patent license to make, have made, 78 | use, offer to sell, sell, import, and otherwise transfer the Work, 79 | where such license applies only to those patent claims licensable 80 | by such Contributor that are necessarily infringed by their 81 | Contribution(s) alone or by combination of their Contribution(s) 82 | with the Work to which such Contribution(s) was submitted. If You 83 | institute patent litigation against any entity (including a 84 | cross-claim or counterclaim in a lawsuit) alleging that the Work 85 | or a Contribution incorporated within the Work constitutes direct 86 | or contributory patent infringement, then any patent licenses 87 | granted to You under this License for that Work shall terminate 88 | as of the date such litigation is filed. 89 | 90 | 4. Redistribution. You may reproduce and distribute copies of the 91 | Work or Derivative Works thereof in any medium, with or without 92 | modifications, and in Source or Object form, provided that You 93 | meet the following conditions: 94 | 95 | (a) You must give any other recipients of the Work or 96 | Derivative Works a copy of this License; and 97 | 98 | (b) You must cause any modified files to carry prominent notices 99 | stating that You changed the files; and 100 | 101 | (c) You must retain, in the Source form of any Derivative Works 102 | that You distribute, all copyright, patent, trademark, and 103 | attribution notices from the Source form of the Work, 104 | excluding those notices that do not pertain to any part of 105 | the Derivative Works; and 106 | 107 | (d) If the Work includes a "NOTICE" text file as part of its 108 | distribution, then any Derivative Works that You distribute must 109 | include a readable copy of the attribution notices contained 110 | within such NOTICE file, excluding those notices that do not 111 | pertain to any part of the Derivative Works, in at least one 112 | of the following places: within a NOTICE text file distributed 113 | as part of the Derivative Works; within the Source form or 114 | documentation, if provided along with the Derivative Works; or, 115 | within a display generated by the Derivative Works, if and 116 | wherever such third-party notices normally appear. The contents 117 | of the NOTICE file are for informational purposes only and 118 | do not modify the License. You may add Your own attribution 119 | notices within Derivative Works that You distribute, alongside 120 | or as an addendum to the NOTICE text from the Work, provided 121 | that such additional attribution notices cannot be construed 122 | as modifying the License. 123 | 124 | You may add Your own copyright statement to Your modifications and 125 | may provide additional or different license terms and conditions 126 | for use, reproduction, or distribution of Your modifications, or 127 | for any such Derivative Works as a whole, provided Your use, 128 | reproduction, and distribution of the Work otherwise complies with 129 | the conditions stated in this License. 130 | 131 | 5. Submission of Contributions. Unless You explicitly state otherwise, 132 | any Contribution intentionally submitted for inclusion in the Work 133 | by You to the Licensor shall be under the terms and conditions of 134 | this License, without any additional terms or conditions. 135 | Notwithstanding the above, nothing herein shall supersede or modify 136 | the terms of any separate license agreement you may have executed 137 | with Licensor regarding such Contributions. 138 | 139 | 6. Trademarks. This License does not grant permission to use the trade 140 | names, trademarks, service marks, or product names of the Licensor, 141 | except as required for reasonable and customary use in describing the 142 | origin of the Work and reproducing the content of the NOTICE file. 143 | 144 | 7. Disclaimer of Warranty. Unless required by applicable law or 145 | agreed to in writing, Licensor provides the Work (and each 146 | Contributor provides its Contributions) on an "AS IS" BASIS, 147 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 148 | implied, including, without limitation, any warranties or conditions 149 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 150 | PARTICULAR PURPOSE. You are solely responsible for determining the 151 | appropriateness of using or redistributing the Work and assume any 152 | risks associated with Your exercise of permissions under this License. 153 | 154 | 8. Limitation of Liability. In no event and under no legal theory, 155 | whether in tort (including negligence), contract, or otherwise, 156 | unless required by applicable law (such as deliberate and grossly 157 | negligent acts) or agreed to in writing, shall any Contributor be 158 | liable to You for damages, including any direct, indirect, special, 159 | incidental, or consequential damages of any character arising as a 160 | result of this License or out of the use or inability to use the 161 | Work (including but not limited to damages for loss of goodwill, 162 | work stoppage, computer failure or malfunction, or any and all 163 | other commercial damages or losses), even if such Contributor 164 | has been advised of the possibility of such damages. 165 | 166 | 9. Accepting Warranty or Additional Liability. While redistributing 167 | the Work or Derivative Works thereof, You may choose to offer, 168 | and charge a fee for, acceptance of support, warranty, indemnity, 169 | or other liability obligations and/or rights consistent with this 170 | License. However, in accepting such obligations, You may act only 171 | on Your own behalf and on Your sole responsibility, not on behalf 172 | of any other Contributor, and only if You agree to indemnify, 173 | defend, and hold each Contributor harmless for any liability 174 | incurred by, or claims asserted against, such Contributor by reason 175 | of your accepting any such warranty or additional liability. 176 | 177 | END OF TERMS AND CONDITIONS 178 | 179 | APPENDIX: How to apply the Apache License to your work. 180 | 181 | To apply the Apache License to your work, attach the following 182 | boilerplate notice, with the fields enclosed by brackets "[]" 183 | replaced with your own identifying information. (Don't include 184 | the brackets!) The text should be enclosed in the appropriate 185 | comment syntax for the file format. We also recommend that a 186 | file or class name and description of purpose be included on the 187 | same "printed page" as the copyright notice for easier 188 | identification within third-party archives. 189 | 190 | Copyright 2020 Elastic and contributors 191 | 192 | Licensed under the Apache License, Version 2.0 (the "License"); 193 | you may not use this file except in compliance with the License. 194 | You may obtain a copy of the License at 195 | 196 | http://www.apache.org/licenses/LICENSE-2.0 197 | 198 | Unless required by applicable law or agreed to in writing, software 199 | distributed under the License is distributed on an "AS IS" BASIS, 200 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 201 | See the License for the specific language governing permissions and 202 | limitations under the License. 203 | --------------------------------------------------------------------------------