Skip to content

TCP TLS support #28

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

TCP TLS support #28

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
eb28d3e
Added TCP TLS Support
Stexxen Nov 7, 2017
37ab02e
Added Flag that will be used once Pull https://github.com/graylog-lab…
Stexxen Nov 8, 2017
76f23e4
Update Docs for TCP and TLS
Stexxen Nov 8, 2017
15a1a2d
Added tls.version config option
Stexxen Nov 8, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
61 changes: 53 additions & 8 deletions docs/index.asciidoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,10 +40,12 @@ This plugin supports the following configuration options plus the <<plugins-{typ
| <<plugins-{type}s-{plugin}-ignore_metadata>> |<<array,array>>|No
| <<plugins-{type}s-{plugin}-level>> |<<array,array>>|No
| <<plugins-{type}s-{plugin}-port>> |<<number,number>>|No
| <<plugins-{type}s-{plugin}-protocol>> |<<string,string>>|No
| <<plugins-{type}s-{plugin}-sender>> |<<string,string>>|No
| <<plugins-{type}s-{plugin}-ship_metadata>> |<<boolean,boolean>>|No
| <<plugins-{type}s-{plugin}-ship_tags>> |<<boolean,boolean>>|No
| <<plugins-{type}s-{plugin}-short_message>> |<<string,string>>|No
| <<plugins-{type}s-{plugin}-tls>> |<<hash,hash>>|No
|=======================================================================

Also see <<plugins-{type}s-{plugin}-common-options>> for a list of options supported by all
Expand All @@ -52,15 +54,15 @@ output plugins.
&nbsp;

[id="plugins-{type}s-{plugin}-chunksize"]
===== `chunksize`
===== `chunksize`

* Value type is <<number,number>>
* Default value is `1420`

The GELF chunksize. You usually don't need to change this.

[id="plugins-{type}s-{plugin}-custom_fields"]
===== `custom_fields`
===== `custom_fields`

* Value type is <<hash,hash>>
* Default value is `{}`
Expand All @@ -71,15 +73,15 @@ e.g. `custom_fields => ['foo_field', 'some_value']`
sets `_foo_field` = `some_value`.

[id="plugins-{type}s-{plugin}-full_message"]
===== `full_message`
===== `full_message`

* Value type is <<string,string>>
* Default value is `"%{message}"`

The GELF full message. Dynamic values like `%{foo}` are permitted here.

[id="plugins-{type}s-{plugin}-host"]
===== `host`
===== `host`

* This is a required setting.
* Value type is <<string,string>>
Expand All @@ -88,7 +90,7 @@ The GELF full message. Dynamic values like `%{foo}` are permitted here.
Graylog2 server IP address or hostname.

[id="plugins-{type}s-{plugin}-ignore_metadata"]
===== `ignore_metadata`
===== `ignore_metadata`

* Value type is <<array,array>>
* Default value is `["@timestamp", "@version", "severity", "host", "source_host", "source_path", "short_message"]`
Expand All @@ -97,7 +99,7 @@ Ignore these fields when `ship_metadata` is set. Typically this lists the
fields used in dynamic values for GELF fields.

[id="plugins-{type}s-{plugin}-level"]
===== `level`
===== `level`

* Value type is <<array,array>>
* Default value is `["%{severity}", "INFO"]`
Expand All @@ -115,13 +117,22 @@ are accepted: "emergency", "alert", "critical", "warning", "notice", and
"informational".

[id="plugins-{type}s-{plugin}-port"]
===== `port`
===== `port`

* Value type is <<number,number>>
* Default value is `12201`

Graylog2 server port number.

[id="plugins-{type}s-{plugin}-protocol"]
===== `protocol`

* Value type is <<string,string>>
* Default value is `"UDP"`

GELF message network Protocol. +
Set to `"TCP"` for TCP and TCPTLS

[id="plugins-{type}s-{plugin}-sender"]
===== `sender`

Expand Down Expand Up @@ -161,7 +172,41 @@ event as the field `\_tags`.
The GELF short message field name. If the field does not exist or is empty,
the event message is taken instead.

[id="plugins-{type}s-{plugin}-tls"]
===== `tls`

* Value type is <<hash,hash>>
* Default value is `{}`

TLS configuration Hash. +
If protocol is set to `"TCP"` and this hash contains at least one value, then TLS over TCP will
be used

[cols="<,<,<,<",options="header",]
|=======================================================================
|Name |Input type|Default|Detail
| no_verify |<<boolean,boolean>>|`false`| Disables validation of Root CA
| all_ciphers |<<boolean,boolean>>|`false`| Allows TLS to use any system available cipher. !Insecure!
| rescue_ssl_errors |<<boolean,boolean>> | `false` | SSL Errors will not be handled and will bubble up into the logstash logs. Setting `true` will eat the errors and continue execution.
| version |<<string,string>>|`"TLSv1_2"`| TLS version, other options are `"TLSv1_1"` and `"TLSv1"`
| cert |<<string,string>>|None|The client certificate file
| key |<<string,string>>|None|The key for the client certificate
|=======================================================================

A sample TLS configuration to get things started is below.
----
output {
gelf {
protocol => "TCP"
host => "localhost"
port=> xxxxxx
tls => {
all_ciphers => true
no_verify => true
}
}
}
----

[id="plugins-{type}s-{plugin}-common-options"]
include::{include_path}/{type}.asciidoc[]
include::{include_path}/{type}.asciidoc[]
31 changes: 27 additions & 4 deletions lib/logstash/outputs/gelf.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,10 @@ class LogStash::Outputs::Gelf < LogStash::Outputs::Base
# the event message is taken instead.
config :short_message, :validate => :string, :default => "short_message"

# The GELF tls field mappings.
# See https://github.com/graylog-labs/gelf-rb/blob/master/lib/gelf/transport/tcp_tls.rb
config :tls, :validate => :hash, :default => {}

public

def inject_client(gelf)
Expand All @@ -81,9 +85,16 @@ def gelf
def register
require "gelf" # rubygem 'gelf'
option_hash = Hash.new
option_hash['protocol'] = GELF::Protocol.const_get(@protocol)
if [email protected]?
option_hash['tls'] = @tls
option_hash['tls']['version'] = tls_version
# Makes SSL Errors float up and be logged
option_hash['tls']['rescue_ssl_errors'] = false
end

#@gelf = GELF::Notifier.new(@host, @port, @chunksize, option_hash)
@gelf ||= GELF::Notifier.new(@host, @port, @chunksize, { :protocol => GELF::Protocol.const_get(@protocol) })
@gelf ||= GELF::Notifier.new(@host, @port, @chunksize, option_hash)
#@gelf ||= GELF::Notifier.new(@host, @port, @chunksize, { :protocol => GELF::Protocol.const_get(@protocol) })

# This sets the 'log level' of gelf; since we're forwarding messages, we'll
# want to forward *all* messages, so set level to 0 so all messages get
Expand Down Expand Up @@ -119,10 +130,23 @@ def register
}
end # def register

def tls_version
if @tls.key?('version')
METHODS_MAP[@tls['version']] or :TLSv1_2
else
:TLSv1_2
end
end
METHODS_MAP = {
"TLSv1" => :TLSv1,
"TLSv1_1" => :TLSv1_1,
"TLSv1_2" => :TLSv1_2,
}.freeze
private_constant :METHODS_MAP

public
def receive(event)


# We have to make our own hash here because GELF expects a hash
# with a specific format.
m = Hash.new
Expand Down Expand Up @@ -189,7 +213,6 @@ def receive(event)
level = event.sprintf(@level.to_s)
end
m["level"] = (level.respond_to?(:downcase) && @level_map[level.downcase] || level).to_i

@logger.debug("Sending GELF event", :event => m)
begin
@gelf.notify!(m, :timestamp => event.timestamp.to_f)
Expand Down