Пример #1
0
func (l *TcpInput) handleConn(client net.Conn, output chan common.MapStr) {
	reader := bufio.NewReader(client)
	buffer := new(bytes.Buffer)

	var source string = client.RemoteAddr().String()
	var offset int64 = 0
	var line uint64 = 0
	var read_timeout = 10 * time.Second

	logp.Debug("tcpinput", "Handling New Connection from %s", source)

	now := func() time.Time {
		t := time.Now()
		return t
	}

	for {
		text, bytesread, err := l.readline(reader, buffer, read_timeout)

		if err != nil {
			logp.Info("Unexpected state reading from %v; error: %s\n", client.RemoteAddr().String, err)
			return
		}

		logp.Debug("tcpinputlines", "New Line: %s", &text)

		line++

		event := common.MapStr{}
		event["source"] = &source
		event["offset"] = offset
		event["line"] = line
		event["message"] = text
		event["type"] = l.Type

		event.EnsureTimestampField(now)
		event.EnsureCountField()

		offset += int64(bytesread)

		logp.Debug("tcpinput", "InputEvent: %v", event)
		output <- event // ship the new event downstream
		client.Write([]byte("OK"))
	}
	logp.Debug("tcpinput", "Closed Connection from %s", source)
}
Пример #2
0
func (l *NullInput) doStuff(output chan common.MapStr) {
	now := func() time.Time {
		t := time.Now()
		return t
	}

	// construct event and write it to channel
	event := common.MapStr{}

	text := "null event"
	event["message"] = &text
	event["type"] = l.Type

	event.EnsureTimestampField(now)
	event.EnsureCountField()

	output <- event

}
Пример #3
0
func scanProcs(output chan common.MapStr) {
	now := func() time.Time {
		t := time.Now()
		return t
	}

	if !pathExists(procfsdir) {
		return
	}
	ds, err := ioutil.ReadDir(procfsdir)
	if err != nil {
		return
	}

	event := common.MapStr{}
	processes := common.MapStr{}
	proc_detail := common.MapStr{}

	// get all numeric entries
	for _, d := range ds {
		n := d.Name()
		if isNumeric(n) {
			processes[n] = getCmdline(n)
			proc_detail[n] = getProcDetail(n)
		}
	}

	text := "process report"
	event["message"] = &text
	event["data"] = processes
	event["data_detail"] = proc_detail
	event["type"] = "report"

	event.EnsureTimestampField(now)
	event.EnsureCountField()
	output <- event
}
Пример #4
0
func (l *SyslogInput) Run(output chan common.MapStr) error {
	logp.Debug("sysloginput", "Running Syslog Input")
	logp.Debug("sysloginput", "Listening on %d", l.Port)

	listen := fmt.Sprintf("0.0.0.0:%d", l.Port)

	channel := make(syslog.LogPartsChannel)
	handler := syslog.NewChannelHandler(channel)

	server := syslog.NewServer()
	server.SetFormat(syslog.Automatic)
	server.SetHandler(handler)
	err := server.ListenUDP(listen)
	if err != nil {
		logp.Err("couldn't start ListenUDP: " + err.Error())
	}
	err = server.ListenTCP(listen)
	if err != nil {
		logp.Err("couldn't start ListenTCP: " + err.Error())
	}
	err = server.Boot()
	if err != nil {
		logp.Err("couldn't start server.Boot(): " + err.Error())
	}

	go func(channel syslog.LogPartsChannel, output chan common.MapStr) {
		var line uint64 = 0

		now := func() time.Time {
			t := time.Now()
			return t
		}

		for logParts := range channel {
			logp.Debug("sysloginput", "InputEvent: %v", logParts)

			line++
			event := common.MapStr{}
			event["line"] = line
			event["type"] = l.Type

			for k, v := range logParts {
				event[k] = v
			}

			event["source"] = event["client"].(string)

			if event["message"] != nil {
				message := event["message"].(string)
				event["message"] = &message
			} else if event["content"] != nil {
				message := event["content"].(string)
				event["message"] = &message
			}

			// This syslog parser uses the standard name "tag"
			// which is usually the program that wrote it.
			// The logstash syslog_pri puts "program" for this field.
			if event["tag"] != nil {
				program := event["tag"].(string)
				event["program"] = &program
			}

			event.EnsureTimestampField(now)
			event.EnsureCountField()

			logp.Debug("sysloginput", "Output Event: %v", event)
			output <- event // ship the new event downstream
		}
	}(channel, output)

	return nil
}