Exemple #1
0
package logstash

// logstash.go defines the logtash plugin (using lumberjack protocol) as being registered with all
// output plugins

import (
	"crypto/tls"
	"time"

	"github.com/elastic/libbeat/common"
	"github.com/elastic/libbeat/logp"
	"github.com/elastic/libbeat/outputs"
	"github.com/elastic/libbeat/outputs/mode"
)

var debug = logp.MakeDebug("logstash")

func init() {
	outputs.RegisterOutputPlugin("logstash", logstashOutputPlugin{})
}

type logstashOutputPlugin struct{}

func (p logstashOutputPlugin) NewOutput(
	beat string,
	config *outputs.MothershipConfig,
	topologyExpire int,
) (outputs.Outputer, error) {
	output := &logstash{}
	err := output.init(beat, *config, topologyExpire)
	if err != nil {
Exemple #2
0
package elasticsearch

import (
	"crypto/tls"
	"errors"
	"net/url"
	"strings"
	"time"

	"github.com/elastic/libbeat/common"
	"github.com/elastic/libbeat/logp"
	"github.com/elastic/libbeat/outputs"
	"github.com/elastic/libbeat/outputs/mode"
)

var debug = logp.MakeDebug("elasticsearch")

var (
	// ErrNotConnected indicates failure due to client having no valid connection
	ErrNotConnected = errors.New("not connected")

	// ErrJSONEncodeFailed indicates encoding failures
	ErrJSONEncodeFailed = errors.New("json encode failed")

	// ErrResponseRead indicates error parsing Elasticsearch response
	ErrResponseRead = errors.New("bulk item status parse failed.")
)

const (
	defaultMaxRetries = 3
Exemple #3
0
	"github.com/elastic/libbeat/logp"
	"github.com/elastic/libbeat/outputs"
	"github.com/nranchev/go-libGeoIP"

	// load supported output plugins
	_ "github.com/elastic/libbeat/outputs/console"
	_ "github.com/elastic/libbeat/outputs/elasticsearch"
	_ "github.com/elastic/libbeat/outputs/fileout"
	_ "github.com/elastic/libbeat/outputs/logstash"
	_ "github.com/elastic/libbeat/outputs/redis"
)

// command line flags
var publishDisabled *bool

var debug = logp.MakeDebug("publish")

// EventPublisher provides the interface for beats to publish events.
type eventPublisher interface {
	PublishEvent(ctx *context, event common.MapStr) bool
	PublishEvents(ctx *context, events []common.MapStr) bool
}

type context struct {
	publishOptions
	signal outputs.Signaler
}

type publishOptions struct {
	confirm bool
	sync    bool
Exemple #4
0
package lumberjack

// lumberjack.go defines the lumberjack plugin as being registered with all
// output plugins

import (
	"crypto/tls"
	"errors"
	"time"

	"github.com/elastic/libbeat/common"
	"github.com/elastic/libbeat/logp"
	"github.com/elastic/libbeat/outputs"
)

var debug = logp.MakeDebug("lumberjack")

func init() {
	outputs.RegisterOutputPlugin("lumberjack", lumberjackOutputPlugin{})
}

type lumberjackOutputPlugin struct{}

func (p lumberjackOutputPlugin) NewOutput(
	beat string,
	config *outputs.MothershipConfig,
	topologyExpire int,
) (outputs.Outputer, error) {
	output := &lumberjack{}
	err := output.init(beat, *config, topologyExpire)
	if err != nil {
Exemple #5
0
package eventlog

import (
	"fmt"
	"time"

	"github.com/elastic/libbeat/common"
	"github.com/elastic/libbeat/logp"
)

// Debug logging functions for this package.
var (
	debugf  = logp.MakeDebug("eventlog")
	detailf = logp.MakeDebug("eventlog_detail")
)

// EventLoggingAPI provides an interface to the Event Logging API introduced in
// Windows 2000 (not the Windows Event Log API that was introduced in Windows
// Vista).
type EventLoggingAPI interface {
	// Open the event log. recordNumber is the last successfully read event log
	// record number. Read will resume from recordNumber + 1. To start reading
	// from the first event specify a recordNumber of 0.
	Open(recordNumber uint32) error

	// Read records from the event log.
	Read() ([]LogRecord, error)

	// Close the event log. It should not be re-opened after closing.
	Close() error
Exemple #6
0
}

type memcacheString struct {
	raw []byte
}

type memcacheData struct {
	data []byte
}

type memcacheStat struct {
	Name  memcacheString `json:"name"`
	Value memcacheString `json:"value"`
}

var debug = logp.MakeDebug("memcache")

// Called to initialize the Plugin
func (mc *Memcache) Init(testMode bool, results publisher.Client) error {
	debug("init memcache plugin")
	return mc.InitWithConfig(
		config.ConfigSingleton.Protocols.Memcache,
		testMode,
		results,
	)
}

func (mc *Memcache) InitDefaults() {
	if err := mc.Ports.Init(11211); err != nil {
		logp.WTF("memcache default port number invalid")
	}
Exemple #7
0
	"github.com/elastic/libbeat/logp"
	"github.com/elastic/libbeat/publisher"
	"github.com/elastic/winlogbeat/config"
	"github.com/elastic/winlogbeat/eventlog"
)

// Metrics that can retrieved through the expvar web interface. Metrics must be
// enable through configuration in order for the web service to be started.
var (
	publishedEvents = expvar.NewMap("publishedEvents")
	ignoredEvents   = expvar.NewMap("ignoredEvents")
)

// Debug logging functions for this package.
var (
	debugf    = logp.MakeDebug("winlogbeat")
	detailf   = logp.MakeDebug("winlogbeat_detail")
	memstatsf = logp.MakeDebug("memstats")
)

// Time the application was started.
var startTime = time.Now().UTC()

func init() {
	expvar.Publish("uptime", expvar.Func(uptime))
}

type Winlogbeat struct {
	beat      *beat.Beat                 // Common beat information.
	config    *config.ConfigSettings     // Configuration settings.
	eventLogs []eventlog.EventLoggingAPI // Interface to the event logs.
Exemple #8
0
import (
	"fmt"
	"strings"
	"time"

	"github.com/elastic/libbeat/common"
	"github.com/elastic/libbeat/logp"
	"github.com/elastic/libbeat/publisher"
	"github.com/elastic/packetbeat/config"
	"github.com/elastic/packetbeat/procs"
	"github.com/elastic/packetbeat/protos"
	"github.com/elastic/packetbeat/protos/tcp"
)

var debugf = logp.MakeDebug("mongodb")

type Mongodb struct {
	// config
	Ports        []int
	SendRequest  bool
	SendResponse bool
	MaxDocs      int
	MaxDocLength int

	requests           *common.Cache
	responses          *common.Cache
	transactionTimeout time.Duration

	results publisher.Client
}
Exemple #9
0
	"fmt"
	"net/url"
	"strings"
	"time"

	"github.com/elastic/libbeat/common"
	"github.com/elastic/libbeat/logp"
	"github.com/elastic/libbeat/publisher"

	"github.com/elastic/packetbeat/config"
	"github.com/elastic/packetbeat/procs"
	"github.com/elastic/packetbeat/protos"
	"github.com/elastic/packetbeat/protos/tcp"
)

var debugf = logp.MakeDebug("http")
var detailedf = logp.MakeDebug("httpdetailed")

type parserState uint8

const (
	stateStart parserState = iota
	stateFLine
	stateHeaders
	stateBody
	stateBodyChunkedStart
	stateBodyChunked
	stateBodyChunkedWaitFinalCRLF
)

type stream struct {
Exemple #10
0
	head, tail *redisMessage
}

// Redis protocol plugin
type Redis struct {
	// config
	Ports        []int
	SendRequest  bool
	SendResponse bool

	transactionTimeout time.Duration

	results publisher.Client
}

var debug = logp.MakeDebug("redis")

func (redis *Redis) InitDefaults() {
	redis.SendRequest = false
	redis.SendResponse = false
	redis.transactionTimeout = protos.DefaultTransactionExpiration
}

func (redis *Redis) setFromConfig(config config.Redis) error {
	redis.Ports = config.Ports

	if config.SendRequest != nil {
		redis.SendRequest = *config.SendRequest
	}
	if config.SendResponse != nil {
		redis.SendResponse = *config.SendResponse