diff --git a/docs/index.asciidoc b/docs/index.asciidoc index c1c62b2..d405065 100644 --- a/docs/index.asciidoc +++ b/docs/index.asciidoc @@ -40,10 +40,12 @@ This plugin supports the following configuration options plus the <> |<>|No | <> |<>|No | <> |<>|No +| <> |<>|No | <> |<>|No | <> |<>|No | <> |<>|No | <> |<>|No +| <> |<>|No |======================================================================= Also see <> for a list of options supported by all @@ -52,7 +54,7 @@ output plugins.   [id="plugins-{type}s-{plugin}-chunksize"] -===== `chunksize` +===== `chunksize` * Value type is <> * Default value is `1420` @@ -60,7 +62,7 @@ output plugins. The GELF chunksize. You usually don't need to change this. [id="plugins-{type}s-{plugin}-custom_fields"] -===== `custom_fields` +===== `custom_fields` * Value type is <> * Default value is `{}` @@ -71,7 +73,7 @@ e.g. `custom_fields => ['foo_field', 'some_value']` sets `_foo_field` = `some_value`. [id="plugins-{type}s-{plugin}-full_message"] -===== `full_message` +===== `full_message` * Value type is <> * Default value is `"%{message}"` @@ -79,7 +81,7 @@ sets `_foo_field` = `some_value`. The GELF full message. Dynamic values like `%{foo}` are permitted here. [id="plugins-{type}s-{plugin}-host"] -===== `host` +===== `host` * This is a required setting. * Value type is <> @@ -88,7 +90,7 @@ The GELF full message. Dynamic values like `%{foo}` are permitted here. Graylog2 server IP address or hostname. [id="plugins-{type}s-{plugin}-ignore_metadata"] -===== `ignore_metadata` +===== `ignore_metadata` * Value type is <> * Default value is `["@timestamp", "@version", "severity", "host", "source_host", "source_path", "short_message"]` @@ -97,7 +99,7 @@ Ignore these fields when `ship_metadata` is set. Typically this lists the fields used in dynamic values for GELF fields. [id="plugins-{type}s-{plugin}-level"] -===== `level` +===== `level` * Value type is <> * Default value is `["%{severity}", "INFO"]` @@ -115,13 +117,22 @@ are accepted: "emergency", "alert", "critical", "warning", "notice", and "informational". [id="plugins-{type}s-{plugin}-port"] -===== `port` +===== `port` * Value type is <> * Default value is `12201` Graylog2 server port number. +[id="plugins-{type}s-{plugin}-protocol"] +===== `protocol` + + * Value type is <> + * Default value is `"UDP"` + +GELF message network Protocol. + +Set to `"TCP"` for TCP and TCPTLS + [id="plugins-{type}s-{plugin}-sender"] ===== `sender` @@ -161,7 +172,41 @@ event as the field `\_tags`. The GELF short message field name. If the field does not exist or is empty, the event message is taken instead. +[id="plugins-{type}s-{plugin}-tls"] +===== `tls` + + * Value type is <> + * Default value is `{}` + +TLS configuration Hash. + +If protocol is set to `"TCP"` and this hash contains at least one value, then TLS over TCP will +be used + +[cols="<,<,<,<",options="header",] +|======================================================================= +|Name |Input type|Default|Detail +| no_verify |<>|`false`| Disables validation of Root CA +| all_ciphers |<>|`false`| Allows TLS to use any system available cipher. !Insecure! +| rescue_ssl_errors |<> | `false` | SSL Errors will not be handled and will bubble up into the logstash logs. Setting `true` will eat the errors and continue execution. +| version |<>|`"TLSv1_2"`| TLS version, other options are `"TLSv1_1"` and `"TLSv1"` +| cert |<>|None|The client certificate file +| key |<>|None|The key for the client certificate +|======================================================================= +A sample TLS configuration to get things started is below. +---- +output { + gelf { + protocol => "TCP" + host => "localhost" + port=> xxxxxx + tls => { + all_ciphers => true + no_verify => true + } + } + } +---- [id="plugins-{type}s-{plugin}-common-options"] -include::{include_path}/{type}.asciidoc[] \ No newline at end of file +include::{include_path}/{type}.asciidoc[] diff --git a/lib/logstash/outputs/gelf.rb b/lib/logstash/outputs/gelf.rb index 198cfde..0a669ef 100644 --- a/lib/logstash/outputs/gelf.rb +++ b/lib/logstash/outputs/gelf.rb @@ -67,6 +67,10 @@ class LogStash::Outputs::Gelf < LogStash::Outputs::Base # the event message is taken instead. config :short_message, :validate => :string, :default => "short_message" + # The GELF tls field mappings. + # See https://github.com/graylog-labs/gelf-rb/blob/master/lib/gelf/transport/tcp_tls.rb + config :tls, :validate => :hash, :default => {} + public def inject_client(gelf) @@ -81,9 +85,16 @@ def gelf def register require "gelf" # rubygem 'gelf' option_hash = Hash.new + option_hash['protocol'] = GELF::Protocol.const_get(@protocol) + if !@tls.empty? + option_hash['tls'] = @tls + option_hash['tls']['version'] = tls_version + # Makes SSL Errors float up and be logged + option_hash['tls']['rescue_ssl_errors'] = false + end - #@gelf = GELF::Notifier.new(@host, @port, @chunksize, option_hash) - @gelf ||= GELF::Notifier.new(@host, @port, @chunksize, { :protocol => GELF::Protocol.const_get(@protocol) }) + @gelf ||= GELF::Notifier.new(@host, @port, @chunksize, option_hash) + #@gelf ||= GELF::Notifier.new(@host, @port, @chunksize, { :protocol => GELF::Protocol.const_get(@protocol) }) # This sets the 'log level' of gelf; since we're forwarding messages, we'll # want to forward *all* messages, so set level to 0 so all messages get @@ -119,10 +130,23 @@ def register } end # def register + def tls_version + if @tls.key?('version') + METHODS_MAP[@tls['version']] or :TLSv1_2 + else + :TLSv1_2 + end + end + METHODS_MAP = { + "TLSv1" => :TLSv1, + "TLSv1_1" => :TLSv1_1, + "TLSv1_2" => :TLSv1_2, + }.freeze + private_constant :METHODS_MAP + public def receive(event) - # We have to make our own hash here because GELF expects a hash # with a specific format. m = Hash.new @@ -189,7 +213,6 @@ def receive(event) level = event.sprintf(@level.to_s) end m["level"] = (level.respond_to?(:downcase) && @level_map[level.downcase] || level).to_i - @logger.debug("Sending GELF event", :event => m) begin @gelf.notify!(m, :timestamp => event.timestamp.to_f)