func (l *TcpInput) handleConn(client net.Conn, output chan common.MapStr) {
reader := bufio.NewReader(client)
buffer := new(bytes.Buffer)
var source string = client.RemoteAddr().String()
var offset int64 = 0
var line uint64 = 0
var read_timeout = 10 * time.Second
logp.Debug("tcpinput", "Handling New Connection from %s", source)
now := func() time.Time {
t := time.Now()
return t
}
for {
text, bytesread, err := l.readline(reader, buffer, read_timeout)
if err != nil {
logp.Info("Unexpected state reading from %v; error: %s\n", client.RemoteAddr().String, err)
return
}
logp.Debug("tcpinputlines", "New Line: %s", &text)
line++
event := common.MapStr{}
event["source"] = &source
event["offset"] = offset
event["line"] = line
event["message"] = text
event["type"] = l.Type
event.EnsureTimestampField(now)
event.EnsureCountField()
offset += int64(bytesread)
logp.Debug("tcpinput", "InputEvent: %v", event)
output <- event // ship the new event downstream
client.Write([]byte("OK"))
}
logp.Debug("tcpinput", "Closed Connection from %s", source)
}
func (l *NullInput) doStuff(output chan common.MapStr) {
now := func() time.Time {
t := time.Now()
return t
}
// construct event and write it to channel
event := common.MapStr{}
text := "null event"
event["message"] = &text
event["type"] = l.Type
event.EnsureTimestampField(now)
event.EnsureCountField()
output <- event
}
func scanProcs(output chan common.MapStr) {
now := func() time.Time {
t := time.Now()
return t
}
if !pathExists(procfsdir) {
return
}
ds, err := ioutil.ReadDir(procfsdir)
if err != nil {
return
}
event := common.MapStr{}
processes := common.MapStr{}
proc_detail := common.MapStr{}
// get all numeric entries
for _, d := range ds {
n := d.Name()
if isNumeric(n) {
processes[n] = getCmdline(n)
proc_detail[n] = getProcDetail(n)
}
}
text := "process report"
event["message"] = &text
event["data"] = processes
event["data_detail"] = proc_detail
event["type"] = "report"
event.EnsureTimestampField(now)
event.EnsureCountField()
output <- event
}
func (l *SyslogInput) Run(output chan common.MapStr) error {
logp.Debug("sysloginput", "Running Syslog Input")
logp.Debug("sysloginput", "Listening on %d", l.Port)
listen := fmt.Sprintf("0.0.0.0:%d", l.Port)
channel := make(syslog.LogPartsChannel)
handler := syslog.NewChannelHandler(channel)
server := syslog.NewServer()
server.SetFormat(syslog.Automatic)
server.SetHandler(handler)
err := server.ListenUDP(listen)
if err != nil {
logp.Err("couldn't start ListenUDP: " + err.Error())
}
err = server.ListenTCP(listen)
if err != nil {
logp.Err("couldn't start ListenTCP: " + err.Error())
}
err = server.Boot()
if err != nil {
logp.Err("couldn't start server.Boot(): " + err.Error())
}
go func(channel syslog.LogPartsChannel, output chan common.MapStr) {
var line uint64 = 0
now := func() time.Time {
t := time.Now()
return t
}
for logParts := range channel {
logp.Debug("sysloginput", "InputEvent: %v", logParts)
line++
event := common.MapStr{}
event["line"] = line
event["type"] = l.Type
for k, v := range logParts {
event[k] = v
}
event["source"] = event["client"].(string)
if event["message"] != nil {
message := event["message"].(string)
event["message"] = &message
} else if event["content"] != nil {
message := event["content"].(string)
event["message"] = &message
}
// This syslog parser uses the standard name "tag"
// which is usually the program that wrote it.
// The logstash syslog_pri puts "program" for this field.
if event["tag"] != nil {
program := event["tag"].(string)
event["program"] = &program
}
event.EnsureTimestampField(now)
event.EnsureCountField()
logp.Debug("sysloginput", "Output Event: %v", event)
output <- event // ship the new event downstream
}
}(channel, output)
return nil
}