Date: Sun, 29 Sep 2013 17:42:10 GMT From: "Regis A. Despres" <regis.despres@gmail.com> To: FreeBSD-gnats-submit@freebsd.org Subject: ports/182492: Upgrade logstash to version 1.2.1 and add some sample conf tweak Message-ID: <201309291742.r8THgASl023384@home.indolore.net> Resent-Message-ID: <201309291750.r8THo0J2093932@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 182492 >Category: ports >Synopsis: Upgrade logstash to version 1.2.1 and add some sample conf tweak >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Sun Sep 29 17:50:00 UTC 2013 >Closed-Date: >Last-Modified: >Originator: Regis A. Despres >Release: FreeBSD 9.1-RELEASE amd64 >Organization: >Environment: System: FreeBSD fbsd-test 9.1-RELEASE FreeBSD 9.1-RELEASE #0 r243825: Tue Dec 4 09:23:10 UTC 2012 root@farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64 >Description: - Upgrade to version 1.2.1 see https://github.com/logstash/logstash/blob/master/CHANGELOG. Thanks to Daniel's inputs - Removed not needed backend option from logsatsh_args. - Moved logstash_log_options to the right place from logsatsh_args. - Moved logdir declaration before it is used. Thanks to Daniel's input - Changed logstash config sample in order to default to a working IRL BSD syslog to elasticsearch example >How-To-Repeat: N//A >Fix: Patch attached : --- logstash.head.diff begins here --- Index: Makefile =================================================================== --- Makefile (revision 328708) +++ Makefile (working copy) @@ -2,10 +2,10 @@ # $FreeBSD$ PORTNAME= logstash -PORTVERSION= 1.1.13 +PORTVERSION= 1.2.1 CATEGORIES= sysutils java MASTER_SITES= https://logstash.objects.dreamhost.com/release/ \ - http://semicomplete.com/files/logstash/ + https://download.elasticsearch.org/logstash/logstash/ DISTNAME= ${PORTNAME}-${PORTVERSION}-flatjar EXTRACT_SUFX= .jar EXTRACT_ONLY= Index: distinfo =================================================================== --- distinfo (revision 328708) +++ distinfo (working copy) @@ -1,2 +1,2 @@ -SHA256 (logstash-1.1.13-flatjar.jar) = 5ba0639ff4da064c2a4f6a04bd7006b1997a6573859d3691e210b6855e1e47f1 -SIZE (logstash-1.1.13-flatjar.jar) = 69485313 +SHA256 (logstash-1.2.1-flatjar.jar) = d0b8a56fb1aa71d54c2bab71709d900b359fdf8c6d7d6ff15578423a0d86ee23 +SIZE (logstash-1.2.1-flatjar.jar) = 81648562 Index: files/logstash.conf.sample =================================================================== --- files/logstash.conf.sample (revision 328708) +++ files/logstash.conf.sample (working copy) @@ -1,27 +1,42 @@ input { - file { - type => "system logs" - # # Wildcards work, here :) - # path => [ "/var/log/*.log", "/var/log/messages", "/var/log/syslog" ] - path => [ "/var/log/messages" ] + file { + type => "syslog" + # # Wildcards work, here :) + # path => [ "/var/log/*.log", "/var/log/messages", "/var/log/syslog" ] + path => "/var/log/mesages" + start_position => "beginning" + } +} + +filter { + if [type] == "syslog" { + grok { + match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} (%{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}|%{GREEDYDATA:syslog_message})" } + add_field => [ "received_at", "%{@timestamp}" ] + add_field => [ "received_from", "%{@source_host}" ] + } + + if !("_grokparsefailure" in [tags]) { + mutate { + replace => [ "@source_host", "%{syslog_hostname}" ] + replace => [ "@message", "%{syslog_message}" ] + } + } + mutate { + remove_field => [ "syslog_hostname", "syslog_message" ] + } + date { + match => [ "syslog_timestamp","MMM d HH:mm:ss", "MMM dd HH:mm:ss", "ISO8601" ] + } + syslog_pri { } } - - #file { - # type => "Hudson-access" - # path => "/var/log/www/hudson.ish.com.au-access_log" - #} - - #file { - # type => "Syslog" - # path => "/var/log/messages" - #} } output { # Emit events to stdout for easy debugging of what is going through # logstash. - #stdout { } + #stdout { debug => "true" } # This will use elasticsearch to store your logs. # The 'embedded' option will cause logstash to run the elasticsearch Index: files/logstash.in =================================================================== --- files/logstash.in (revision 328708) +++ files/logstash.in (working copy) @@ -33,6 +33,8 @@ load_rc_config ${name} +logdir="/var/log" + : ${logstash_enable="NO"} : ${logstash_home="%%LOGSTASH_HOME%%"} : ${logstash_config="%%PREFIX%%/etc/${name}/${name}.conf"} @@ -52,7 +54,6 @@ mkdir -p $piddir fi -logdir="/var/log" command="/usr/sbin/daemon" java_cmd="${logstash_java_home}/bin/java" @@ -67,12 +68,12 @@ fi if [ ${logstash_mode} = "standalone" ]; then - logstash_args="agent -f ${logstash_config} -- web --port ${logstash_port} --backend elasticsearch:///?local ${logstash_log_options}" + logstash_args="agent -f ${logstash_config} ${logstash_log_options} -- web --port ${logstash_port}" logstash_elastic_options="-Des.path.data=${logstash_elastic_datadir}" elif [ ${logstash_mode} = "agent" ]; then logstash_args="agent -f ${logstash_config} ${logstash_log_options}" elif [ ${logstash_mode} = "web" ]; then - logstash_args="web --port ${logstash_port} --backend elasticsearch://${logstash_elastic_backend}/ ${logstash_log_options}" + logstash_args="web --port ${logstash_port} ${logstash_log_options}" fi command_args="-f -p ${pidfile} ${java_cmd} ${logstash_elastic_options} -jar ${logstash_jar} ${logstash_args}" --- logstash.head.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201309291742.r8THgASl023384>