Class: LogStash::Inputs::Http

Inherits:

Base

• Object
• Base
• LogStash::Inputs::Http

Defined in:

lib/logstash/inputs/http.rb,
lib/logstash/inputs/http/tls.rb,
lib/logstash/inputs/http/message_handler.rb

Overview

Using this input you can receive single or multiline events over http(s). Applications can send a HTTP POST request with a body to the endpoint started by this input and Logstash will convert it into an event for subsequent processing. Users can pass plain text, JSON, or any formatted data and use a corresponding codec with this input. For Content-Type ‘application/json` the `json` codec is used, but for all other data formats, `plain` codec is used.

This input can also be used to receive webhook requests to integrate with other services and applications. By taking advantage of the vast plugin ecosystem available in Logstash you can trigger actionable events right from your application.

Security

This plugin supports standard HTTP basic authentication headers to identify the requester. You can pass in an username, password combination while sending data to this input

You can also setup SSL and send data securely over https, with an option of validating the client’s certificate. Currently, the certificate setup is through docs.oracle.com/cd/E19509-01/820-3503/ggfen/index.html[Java Keystore format]

Defined Under Namespace

Classes: MessageHandler, TLS

Instance Method Summary

• #build_ssl_params ⇒ Object
• #client_authentication? ⇒ Boolean
• #close ⇒ Object
• #create_http_server(message_handler) ⇒ Object
• #decode_body(headers, remote_address, body, default_codec, additional_codecs) ⇒ Object
• #push_decoded_event(headers, remote_address, event) ⇒ Object
• #register ⇒ Object
• #require_certificate_authorities? ⇒ Boolean
• #run(queue) ⇒ Object

  def register.

• #ssl_jks_configured? ⇒ Boolean
• #ssl_key_configured? ⇒ Boolean
• #stop ⇒ Object
• #validate_ssl_settings! ⇒ Object

Instance Method Details

#build_ssl_params ⇒ Object

# File 'lib/logstash/inputs/http.rb', line 217

def build_ssl_params
  return nil unless @ssl

  if @keystore && @keystore_password
    ssl_builder = org.logstash.plugins.inputs.http.util.JksSslBuilder.new(@keystore, @keystore_password.value)
  else
    begin
      ssl_builder = org.logstash.plugins.inputs.http.util.SslSimpleBuilder
                        .new(@ssl_certificate, @ssl_key, @ssl_key_passphrase.nil? ? nil : @ssl_key_passphrase.value)
                        .setCipherSuites(normalized_ciphers)
    rescue java.lang.IllegalArgumentException => e
      @logger.error("SSL configuration invalid", error_details(e))
      raise LogStash::ConfigurationError, e
    end

    if client_authentication?
      ssl_builder.setCertificateAuthorities(@ssl_certificate_authorities)
    end
  end

  new_ssl_handshake_provider(ssl_builder)
end

#client_authentication? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/logstash/inputs/http.rb', line 248

def client_authentication?
  @ssl_certificate_authorities && @ssl_certificate_authorities.size > 0
end

#close ⇒ Object

# File 'lib/logstash/inputs/http.rb', line 159

def close
  @http_server.close() rescue nil
end

#create_http_server(message_handler) ⇒ Object

# File 'lib/logstash/inputs/http.rb', line 212

def create_http_server(message_handler)
  org.logstash.plugins.inputs.http.NettyHttpServer.new(
    @host, @port, message_handler, build_ssl_params(), @threads, @max_pending_requests, @max_content_length, @response_code)
end

#decode_body(headers, remote_address, body, default_codec, additional_codecs) ⇒ Object

# File 'lib/logstash/inputs/http.rb', line 163

def decode_body(headers, remote_address, body, default_codec, additional_codecs)
  content_type = headers.fetch("content_type", "")
  codec = additional_codecs.fetch(HttpUtil.getMimeType(content_type), default_codec)
  codec.decode(body) { |event| push_decoded_event(headers, remote_address, event) }
  codec.flush { |event| push_decoded_event(headers, remote_address, event) }
  true
rescue => e
  @logger.error(
    "unable to process event.",
    :message => e.message,
    :class => e.class.name,
    :backtrace => e.backtrace
  )
  false
end

#push_decoded_event(headers, remote_address, event) ⇒ Object

# File 'lib/logstash/inputs/http.rb', line 179

def push_decoded_event(headers, remote_address, event)
  event.set(@request_headers_target_field, headers)
  event.set(@remote_host_target_field, remote_address)
  decorate(event)
  @queue << event
end

#register ⇒ Object

# File 'lib/logstash/inputs/http.rb', line 129

def register

  validate_ssl_settings!

  if @user && @password then
    token = Base64.strict_encode64("#{@user}:#{@password.value}")
    @auth_token = "Basic #{token}"
  end

  @codecs = Hash.new

  @additional_codecs.each do |content_type, codec|
    @codecs[content_type] = LogStash::Plugin.lookup("codec", codec).new
  end

  require "logstash/inputs/http/message_handler"
  message_handler = MessageHandler.new(self, @codec, @codecs, @auth_token)
  @http_server = create_http_server(message_handler)
end

#require_certificate_authorities? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/logstash/inputs/http.rb', line 252

def require_certificate_authorities?
  @ssl_verify_mode_final == "force_peer" || @ssl_verify_mode_final == "peer"
end

#run(queue) ⇒ Object

def register

# File 'lib/logstash/inputs/http.rb', line 149

def run(queue)
  @queue = queue
  @logger.info("Starting http input listener", :address => "#{@host}:#{@port}", :ssl => "#{@ssl}")
  @http_server.run()
end

#ssl_jks_configured? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/logstash/inputs/http.rb', line 244

def ssl_jks_configured?
  !!(@keystore && @keystore_password)
end

#ssl_key_configured? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/logstash/inputs/http.rb', line 240

def ssl_key_configured?
  !!(@ssl_certificate && @ssl_key)
end

#stop ⇒ Object

# File 'lib/logstash/inputs/http.rb', line 155

def stop
  @http_server.close() rescue nil
end

#validate_ssl_settings! ⇒ Object

# File 'lib/logstash/inputs/http.rb', line 186

def validate_ssl_settings!
  if !@ssl
    @logger.warn("SSL Certificate will not be used") if @ssl_certificate
    @logger.warn("SSL Key will not be used") if @ssl_key
    @logger.warn("SSL Java Key Store will not be used") if @keystore
  elsif !(ssl_key_configured? || ssl_jks_configured?)
    raise LogStash::ConfigurationError, "Certificate or JKS must be configured"
  end

  if @ssl && (original_params.key?("verify_mode") && original_params.key?("ssl_verify_mode"))
      raise LogStash::ConfigurationError, "Both 'ssl_verify_mode' and 'verify_mode' were set. Use only 'ssl_verify_mode'."
  elsif original_params.key?("verify_mode")
    @ssl_verify_mode_final = @verify_mode
  elsif original_params.key?("ssl_verify_mode")
    @ssl_verify_mode_final = @ssl_verify_mode
  else
    @ssl_verify_mode_final = @ssl_verify_mode
  end

  if @ssl && require_certificate_authorities? && !client_authentication?
    raise LogStash::ConfigurationError, "Using `ssl_verify_mode` or `verify_mode` set to PEER or FORCE_PEER, requires the configuration of `ssl_certificate_authorities`"
  elsif @ssl && !require_certificate_authorities? && client_authentication?
    raise LogStash::ConfigurationError, "The configuration of `ssl_certificate_authorities` requires setting `ssl_verify_mode` or `verify_mode` to PEER or FORCE_PEER"
  end
end