class LogStash::Outputs::Syslog

Send events to a syslog server.

You can send messages compliant with RFC3164 or RFC5424 UDP or TCP syslog transport is supported

Constants

FACILITY_LABELS
SEVERITY_LABELS

Public Instance Methods

receive(event) click to toggle source
# File lib/logstash/outputs/syslog.rb, line 112
def receive(event)
  return unless output?(event)

  appname = event.sprintf(@appname)
  procid = event.sprintf(@procid)
  sourcehost = event.sprintf(@sourcehost)

  facility_code = FACILITY_LABELS.index(@facility)

  severity_code = SEVERITY_LABELS.index(@severity)

  priority = (facility_code * 8) + severity_code

  if rfc3164?
    timestamp = event.sprintf("%{+MMM dd HH:mm:ss}")
    syslog_msg = "<"+priority.to_s()+">"+timestamp+" "+sourcehost+" "+appname+"["+procid+"]: "+event["message"]
  else
    msgid = event.sprintf(@msgid)
    timestamp = event.sprintf("%{+YYYY-MM-dd'T'HH:mm:ss.SSSZ}")
    syslog_msg = "<"+priority.to_s()+">1 "+timestamp+" "+sourcehost+" "+appname+" "+procid+" "+msgid+" - "+event["message"]
  end

  begin
    connect unless @client_socket
    @client_socket.write(syslog_msg + "\n")
  rescue => e
    @logger.warn(@protocol+" output exception", :host => @host, :port => @port,
               :exception => e, :backtrace => e.backtrace)
    @client_socket.close rescue nil
    @client_socket = nil
  end
end
register() click to toggle source
# File lib/logstash/outputs/syslog.rb, line 87
def register
    @client_socket = nil
end

Private Instance Methods

connect() click to toggle source
# File lib/logstash/outputs/syslog.rb, line 102
def connect
  if udp?
      @client_socket = UDPSocket.new
      @client_socket.connect(@host, @port)
  else
      @client_socket = TCPSocket.new(@host, @port)
  end
end
rfc3164?() click to toggle source
# File lib/logstash/outputs/syslog.rb, line 97
def rfc3164?
  @rfc == "rfc3164"
end
udp?() click to toggle source
# File lib/logstash/outputs/syslog.rb, line 92
def udp?
  @protocol == "udp"
end