Class: LogStash::Outputs::Exec

Inherits:

Base

• Object
• Base
• LogStash::Outputs::Exec

Defined in:

lib/logstash/outputs/exec.rb

Overview

The exec output will run a command for each event received. Ruby’s ‘system()` function will be used, i.e. the command string will be passed to a shell. You can use `%name` and other dynamic strings in the command to pass select fields from the event to the child process. Example:

source,ruby

output

if [type] == "abuse" {
  exec {
    command => "iptables -A INPUT -s %{clientip -j DROP"
  }
}

}

WARNING: If you want it non-blocking you should use ‘&` or `dtach` or other such techniques. There is no timeout for the commands being run so misbehaving commands could otherwise stall the Logstash pipeline indefinitely.

WARNING: Exercise great caution with ‘%{name}` field placeholders. The contents of the field will be included verbatim without any sanitization, i.e. any shell metacharacters from the field values will be passed straight to the shell.

Instance Method Summary

• #receive(event) ⇒ Object
• #register ⇒ Object

Instance Method Details

#receive(event) ⇒ Object

# File 'lib/logstash/outputs/exec.rb', line 47

def receive(event)
  cmd = event.sprintf(@command)
  @logger.debug("running exec command", :command => cmd)

  Open3.popen3(cmd) do |stdin, stdout, stderr|
    if @logger.debug?
      @logger.debug("debugging command", :stdout => stdout.read.chomp, :stderr => stderr.read.chomp)
    else
      # This is for backward compatibility,
      # the previous implementation was using `Kernel#system' and the default behavior
      # of this method is to output the result to the terminal.
      @logger.info(stdout.read.chomp) unless quiet?
    end
  end
end

#register ⇒ Object

# File 'lib/logstash/outputs/exec.rb', line 42

def register
  @logger.debug("exec output registered", :config => @config)
end