/beats-output

syslog output

Primary LanguageGoApache License 2.0Apache-2.0

syslog

Simple Elastic Beats output to remote syslog plugin;

uses log/syslog

配置

  • address: address of remote syslog collector (string, default: 127.0.0.1:514)
  • proto: protocol udp or tcp (string, default: udp)
  • see also golang net.Dial documentation
  • facility: syslog facility (string, default SYSLOG)
  • severity: syslog severity (string, default INFO)

样例:

filebeat.inputs:
  - type: log
    ignore_older: 2h
    paths:
      - /var/log/*.log
      - /var/log/syslog
#output.console:
#  pretty: true
output.syslog:
  address: "127.0.0.1:514"
# default info
  severity: "INFO"
# default syslog
  facility: "SYSLOG"
# default udp
  proto: "udp"
  codec.format:
    string: "%{[message]}"

实现

注册及初始化

在某个 init 函数中注册插件

func init() {
	outputs.RegisterType("syslog", makeSyslog)
}

makeSyslog中读取配置生成 syslog 实例

func makeSyslog(_ outputs.IndexManager, beat beat.Info, observer outputs.Observer, cfg *common.Config) (outputs.Group, error) {
	config := defaultConfig
	if err := cfg.Unpack(&config); err != nil {
		return outputs.Fail(err)
	}

	// disable bulk support in publisher pipeline
	cfg.SetInt("bulk_max_size", -1, -1)

	fo := &syslogOutput{
		beat:     beat,
		observer: observer,
		log:      logp.NewLogger("syslog"),
	}
	if err := fo.init(beat, config); err != nil {
		return outputs.Fail(err)
	}

	return outputs.Success(-1, 0, fo)
}

实现输出接口

实现 close()、publish()、string():

// Close close syslog writer.
func (out *syslogOutput) Close() error {
	return out.writer.Close()
}

// Publish sends events to the clients sink.
func (out *syslogOutput) Publish(_ context.Context, batch publisher.Batch) error {
	// ....

	return nil
}

func (out *syslogOutput) String() string {
	return "syslog(" + out.proto + "://" + out.address + ")"
}

参考文献

Generating Beat

在 beats 源码目录中添加 publisher:/{localpath}/beats/libbeat/publisher/includes/includes.go

package includes

import (
	// import queue types
	_ "github.com/elastic/beats/v7/libbeat/outputs/codec/format"
	_ "github.com/elastic/beats/v7/libbeat/outputs/codec/json"
	_ "github.com/elastic/beats/v7/libbeat/outputs/console"
	_ "github.com/elastic/beats/v7/libbeat/outputs/elasticsearch"
	_ "github.com/elastic/beats/v7/libbeat/outputs/fileout"
	_ "github.com/elastic/beats/v7/libbeat/outputs/kafka"
	_ "github.com/elastic/beats/v7/libbeat/outputs/logstash"
	_ "github.com/elastic/beats/v7/libbeat/outputs/redis"
	_ "github.com/yoloz/beats-output/syslog"   // Register syslog output
	_ "github.com/elastic/beats/v7/libbeat/publisher/queue/diskqueue"
	_ "github.com/elastic/beats/v7/libbeat/publisher/queue/memqueue"
	_ "github.com/elastic/beats/v7/libbeat/publisher/queue/spool"
)