Class: Fluent::LogglySyslog

Inherits:

BufferedOutput

• Object
• BufferedOutput
• Fluent::LogglySyslog

Defined in:

lib/fluent/plugin/out_loggly_syslog.rb

Defined Under Namespace

Classes: SocketFailureError

Constant Summary

DISCARD_STRING =

declare const string for nullifying token if we decide to discard records

'DISCARD'

Instance Attribute Summary

• #sockets ⇒ Object

  Returns the value of attribute sockets.

Instance Method Summary

• #configure(conf) ⇒ Object
• #create_packet(tag, time, record, token) ⇒ Object
• #create_socket(host, port) ⇒ Object
• #format(tag, time, record) ⇒ Object
• #pick_token(record) ⇒ Object
• #send_to_loggly(packet) ⇒ Object
• #shutdown ⇒ Object
• #start ⇒ Object
• #write(chunk) ⇒ Object

Instance Attribute Details

#sockets ⇒ Object

Returns the value of attribute sockets.

# File 'lib/fluent/plugin/out_loggly_syslog.rb', line 6

def sockets
  @sockets
end

Instance Method Details

#configure(conf) ⇒ Object

# File 'lib/fluent/plugin/out_loggly_syslog.rb', line 28

def configure(conf)
  super
  # parses fluent config
end

#create_packet(tag, time, record, token) ⇒ Object

# File 'lib/fluent/plugin/out_loggly_syslog.rb', line 92

def create_packet(tag, time, record, token)
  # construct Syslog RFC 5424 compliant packet from fluent record, see:
  #   https://tools.ietf.org/html/rfc5424
  # example:
  #   '<134>1 2018-05-10T21:11:58-05:00 mysite.com myapp procid msgid    #     [xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx@41058 tag="syslog"]    #     message'

  if @parse_json && record.dig('message')
    begin
      parser = Yajl::Parser.new
      parsed_message = parser.parse(record['message'])
      record['log'] = parsed_message
      record.delete('message')
    rescue Yajl::ParseError
    end
  end

  pri             = 134                                          # 134 is hardcoded facility local0 and severity info
  version         = 1                                            # Syslog Protocol v1
  record_time     = time ? Time.at(time) : Time.now
  timestamp       = record_time.to_datetime.rfc3339
  hostname        = @loggly_hostname || '-'
  app_name        = tag || '-'
  procid          = '-'                                          # set procid and msgid to NILVALUE
  msgid           = '-'
  pen             = 41058                                        # Loggly's Private Enterprise Number is 41058
  tag             = @loggly_tag ? " tag=\"#{@loggly_tag}\"" : '' # write tag only if passed in through config
  structured_data = "[#{token}@#{pen}#{tag}]"
  msg             = Yajl.dump(record)

  "<#{pri}>#{version} #{timestamp} #{hostname} #{app_name} #{procid} #{msgid} #{structured_data} #{msg}\n"
end

#create_socket(host, port) ⇒ Object

# File 'lib/fluent/plugin/out_loggly_syslog.rb', line 58

def create_socket(host, port)
  log.info "initializing tcp socket for #{host}:#{port}"
  begin
    socket = TCPSocket.new(host, port)
    log.debug "enabling ssl for socket #{host}:#{port}"
    ssl = OpenSSL::SSL::SSLSocket.new(socket)
    # close tcp and ssl socket when either fails
    ssl.sync_close = true
    # initiate SSL/TLS handshake with server
    ssl.connect
  rescue => e
    log.warn "failed to create tcp socket #{host}:#{port}: #{e}"
    ssl = nil
  end
  ssl
end

#format(tag, time, record) ⇒ Object

# File 'lib/fluent/plugin/out_loggly_syslog.rb', line 44

def format(tag, time, record)
  [tag, time, record].to_msgpack
end

#pick_token(record) ⇒ Object

# File 'lib/fluent/plugin/out_loggly_syslog.rb', line 75

def pick_token(record)
  # if kubernetes pod has loggly url as annotation, use it
  if record.dig('kubernetes', 'annotations', 'solarwinds_io/loggly_token')
    token = record['kubernetes']['annotations']['solarwinds_io/loggly_token']
    # else if kubernetes namespace has papertrail destination as annotation, use it
  elsif record.dig('kubernetes', 'namespace_annotations', 'solarwinds_io/loggly_token')
    token = record['kubernetes']['namespace_annotations']['solarwinds_io/loggly_token']
    # else if it is a kubernetes log and we're discarding unannotated logs
  elsif record.dig('kubernetes') && @discard_unannotated_pod_logs
    token = DISCARD_STRING
    # else use pre-configured destination
  else
    token = @loggly_token
  end
  token
end

#send_to_loggly(packet) ⇒ Object

# File 'lib/fluent/plugin/out_loggly_syslog.rb', line 126

def send_to_loggly(packet)
  # recreate the socket if it's nil
  @socket ||= create_socket(@loggly_host, @loggly_port)
  if @socket.nil?
    err_msg = "Unable to create socket with #{@loggly_host}:#{@loggly_port}"
    raise SocketFailureError, err_msg
  else
    begin
      # send it
      @socket.write packet
    rescue => e
      # socket failed, reset to nil to recreate for the next write
      @socket = nil
      err_msg = "Closing socket. #{e.class} writing to '#{@loggly_host}:#{@loggly_port}': #{e}"
      raise SocketFailureError, err_msg, e.backtrace
    end
  end
end

#shutdown ⇒ Object

# File 'lib/fluent/plugin/out_loggly_syslog.rb', line 39

def shutdown
  super
  @socket.close
end

#start ⇒ Object

# File 'lib/fluent/plugin/out_loggly_syslog.rb', line 33

def start
  super
  # create initial socket based on config param
  @socket = create_socket(@loggly_host, @loggly_port)
end

#write(chunk) ⇒ Object

# File 'lib/fluent/plugin/out_loggly_syslog.rb', line 48

def write(chunk)
  chunk.msgpack_each { |(tag, time, record)|
    token = pick_token(record)
    unless token.eql? DISCARD_STRING
      packet = create_packet(tag, time, record, token)
      send_to_loggly(packet)
    end
  }
end