Class: Fluent::LogglySyslog

Inherits:
BufferedOutput
  • Object
show all
Defined in:
lib/fluent/plugin/out_loggly_syslog.rb

Defined Under Namespace

Classes: SocketFailureError

Constant Summary collapse

DISCARD_STRING =

declare const string for nullifying token if we decide to discard records

'DISCARD'

Instance Attribute Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#socketsObject

Returns the value of attribute sockets.



4
5
6
# File 'lib/fluent/plugin/out_loggly_syslog.rb', line 4

def sockets
  @sockets
end

Instance Method Details

#configure(conf) ⇒ Object



25
26
27
28
# File 'lib/fluent/plugin/out_loggly_syslog.rb', line 25

def configure(conf)
  super
  # parses fluent config
end

#create_packet(tag, time, record, token) ⇒ Object



89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
# File 'lib/fluent/plugin/out_loggly_syslog.rb', line 89

def create_packet(tag, time, record, token)
  # construct Syslog RFC 5424 compliant packet from fluent record, see:
  #   https://tools.ietf.org/html/rfc5424
  # example:
  #   '<134>1 2018-05-10T21:11:58-05:00 mysite.com myapp procid msgid \
  #     [xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx@41058 tag="syslog"] \
  #     message'

  pri             = 134                                          # 134 is hardcoded facility local0 and severity info
  version         = 1                                            # Syslog Protocol v1
  record_time     = time ? Time.at(time) : Time.now
  timestamp       = record_time.to_datetime.rfc3339
  hostname        = @loggly_hostname || '-'
  app_name        = tag || '-'
  procid          = '-'                                          # set procid and msgid to NILVALUE
  msgid           = '-'
  pen             = 41058                                        # Loggly's Private Enterprise Number is 41058
  tag             = @loggly_tag ? " tag=\"#{@loggly_tag}\"" : '' # write tag only if passed in through config
  structured_data = "[#{token}@#{pen}#{tag}]"
  msg             = record.to_json

  "<#{pri}>#{version} #{timestamp} #{hostname} #{app_name} #{procid} #{msgid} #{structured_data} #{msg}"
end

#create_socket(host, port) ⇒ Object



55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
# File 'lib/fluent/plugin/out_loggly_syslog.rb', line 55

def create_socket(host, port)
  log.info "initializing tcp socket for #{host}:#{port}"
  begin
    socket = TCPSocket.new(host, port)
    log.debug "enabling ssl for socket #{host}:#{port}"
    ssl = OpenSSL::SSL::SSLSocket.new(socket)
    # close tcp and ssl socket when either fails
    ssl.sync_close = true
    # initiate SSL/TLS handshake with server
    ssl.connect
  rescue => e
    log.warn "failed to create tcp socket #{host}:#{port}: #{e}"
    ssl = nil
  end
  ssl
end

#format(tag, time, record) ⇒ Object



41
42
43
# File 'lib/fluent/plugin/out_loggly_syslog.rb', line 41

def format(tag, time, record)
  [tag, time, record].to_msgpack
end

#pick_token(record) ⇒ Object



72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
# File 'lib/fluent/plugin/out_loggly_syslog.rb', line 72

def pick_token(record)
  # if kubernetes pod has loggly url as annotation, use it
  if record.dig('kubernetes', 'annotations', 'solarwinds_io/loggly_token')
    token = record['kubernetes']['annotations']['solarwinds_io/loggly_token']
    # else if kubernetes namespace has papertrail destination as annotation, use it
  elsif record.dig('kubernetes', 'namespace_annotations', 'solarwinds_io/loggly_token')
    token = record['kubernetes']['namespace_annotations']['solarwinds_io/loggly_token']
    # else if it is a kubernetes log and we're discarding unannotated logs
  elsif record.dig('kubernetes') && @discard_unannotated_pod_logs
    token = DISCARD_STRING
    # else use pre-configured destination
  else
    token = @loggly_token
  end
  token
end

#send_to_loggly(packet) ⇒ Object



113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
# File 'lib/fluent/plugin/out_loggly_syslog.rb', line 113

def send_to_loggly(packet)
  # recreate the socket if it's nil
  @socket ||= create_socket(@loggly_host, @loggly_port)
  if @socket.nil?
    err_msg = "Unable to create socket with #{@loggly_host}:#{@loggly_port}"
    raise SocketFailureError, err_msg
  else
    begin
      # send it
      @socket.puts packet
    rescue => e
      # socket failed, reset to nil to recreate for the next write
      @socket = nil
      err_msg = "Closing socket. #{e.class} writing to '#{@loggly_host}:#{@loggly_port}': #{e}"
      raise SocketFailureError, err_msg, e.backtrace
    end
  end
end

#shutdownObject



36
37
38
39
# File 'lib/fluent/plugin/out_loggly_syslog.rb', line 36

def shutdown
  super
  @socket.close
end

#startObject



30
31
32
33
34
# File 'lib/fluent/plugin/out_loggly_syslog.rb', line 30

def start
  super
  # create initial socket based on config param
  @socket = create_socket(@loggly_host, @loggly_port)
end

#write(chunk) ⇒ Object



45
46
47
48
49
50
51
52
53
# File 'lib/fluent/plugin/out_loggly_syslog.rb', line 45

def write(chunk)
  chunk.msgpack_each { |(tag, time, record)|
    token = pick_token(record)
    unless token.eql? DISCARD_STRING
      packet = create_packet(tag, time, record, token)
      send_to_loggly(packet)
    end
  }
end