Class: LogStash::Outputs::Syslog
- Inherits:
-
Base
- Object
- Base
- LogStash::Outputs::Syslog
- Defined in:
- lib/logstash/outputs/syslog.rb
Overview
Send events to a syslog server.
You can send messages compliant with RFC3164 or RFC5424 using either UDP or TCP as the transport protocol.
By default the contents of the ‘message` field will be shipped as the free-form message text part of the emitted syslog message. If your messages don’t have a ‘message` field or if you for some other reason want to change the emitted message, modify the `message` configuration option.
Constant Summary collapse
- FACILITY_LABELS =
[ "kernel", "user-level", "mail", "daemon", "security/authorization", "syslogd", "line printer", "network news", "uucp", "clock", "ftp", "ntp", "log audit", "log alert", "local0", "local1", "local2", "local3", "local4", "local5", "local6", "local7", ]
- SEVERITY_LABELS =
[ "emergency", "alert", "critical", "error", "warning", "notice", "informational", "debug", ]
Instance Method Summary collapse
Instance Method Details
#publish(event, payload) ⇒ Object
150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 |
# File 'lib/logstash/outputs/syslog.rb', line 150 def publish(event, payload) appname = event.sprintf(@appname) procid = event.sprintf(@procid) sourcehost = event.sprintf(@sourcehost) = payload.to_s.rstrip.gsub(/[\r][\n]/, "\n").gsub(/[\n]/, '\n') # fallback to pri 13 (facility 1, severity 5) if @use_labels facility_code = (FACILITY_LABELS.index(event.sprintf(@facility)) || 1) severity_code = (SEVERITY_LABELS.index(event.sprintf(@severity)) || 5) priority = (facility_code * 8) + severity_code else priority = Integer(event.sprintf(@priority)) rescue 13 priority = 13 if (priority < 0 || priority > 191) end if @is_rfc3164 = event.sprintf("%{+MMM dd HH:mm:ss}") syslog_msg = "<#{priority.to_s}>#{} #{sourcehost} #{appname}[#{procid}]: #{}" else msgid = event.sprintf(@msgid) = event.sprintf("%{+YYYY-MM-dd'T'HH:mm:ss.SSSZZ}") syslog_msg = "<#{priority.to_s}>1 #{} #{sourcehost} #{appname} #{procid} #{msgid} - #{}" end begin @client_socket ||= connect @client_socket.write(syslog_msg + "\n") rescue => e # We don't expect udp connections to fail because they are stateless, but ... # udp connections may fail/raise an exception if used with localhost/127.0.0.1 return if udp? @logger.warn("syslog " + @protocol + " output exception: closing, reconnecting and resending event", :host => @host, :port => @port, :exception => e, :backtrace => e.backtrace, :event => event) @client_socket.close rescue nil @client_socket = nil sleep(@reconnect_interval) retry end end |
#receive(event) ⇒ Object
146 147 148 |
# File 'lib/logstash/outputs/syslog.rb', line 146 def receive(event) @codec.encode(event) end |
#register ⇒ Object
128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 |
# File 'lib/logstash/outputs/syslog.rb', line 128 def register @client_socket = nil if ssl? @ssl_context = setup_ssl end if @codec.instance_of? LogStash::Codecs::Plain if @codec.config["format"].nil? @codec = LogStash::Codecs::Plain.new({"format" => @message}) end end @codec.on_event(&method(:publish)) # use instance variable to avoid string comparison for each event @is_rfc3164 = (@rfc == "rfc3164") end |