class LogStash::Outputs::Syslog
Send events to a syslog server.
You can send messages compliant with RFC3164 or RFC5424 UDP or TCP syslog transport is supported
Constants
- FACILITY_LABELS
- SEVERITY_LABELS
Public Instance Methods
receive(event)
click to toggle source
# File lib/logstash/outputs/syslog.rb, line 112 def receive(event) return unless output?(event) appname = event.sprintf(@appname) procid = event.sprintf(@procid) sourcehost = event.sprintf(@sourcehost) facility_code = FACILITY_LABELS.index(@facility) severity_code = SEVERITY_LABELS.index(@severity) priority = (facility_code * 8) + severity_code if rfc3164? timestamp = event.sprintf("%{+MMM dd HH:mm:ss}") syslog_msg = "<"+priority.to_s()+">"+timestamp+" "+sourcehost+" "+appname+"["+procid+"]: "+event["message"] else msgid = event.sprintf(@msgid) timestamp = event.sprintf("%{+YYYY-MM-dd'T'HH:mm:ss.SSSZ}") syslog_msg = "<"+priority.to_s()+">1 "+timestamp+" "+sourcehost+" "+appname+" "+procid+" "+msgid+" - "+event["message"] end begin connect unless @client_socket @client_socket.write(syslog_msg + "\n") rescue => e @logger.warn(@protocol+" output exception", :host => @host, :port => @port, :exception => e, :backtrace => e.backtrace) @client_socket.close rescue nil @client_socket = nil end end
register()
click to toggle source
# File lib/logstash/outputs/syslog.rb, line 87 def register @client_socket = nil end
Private Instance Methods
connect()
click to toggle source
# File lib/logstash/outputs/syslog.rb, line 102 def connect if udp? @client_socket = UDPSocket.new @client_socket.connect(@host, @port) else @client_socket = TCPSocket.new(@host, @port) end end
rfc3164?()
click to toggle source
# File lib/logstash/outputs/syslog.rb, line 97 def rfc3164? @rfc == "rfc3164" end
udp?()
click to toggle source
# File lib/logstash/outputs/syslog.rb, line 92 def udp? @protocol == "udp" end