ports/182492: Upgrade logstash to version 1.2.1 and add some sample conf tweak
Regis A. Despres
regis.despres at gmail.com
Sun Sep 29 17:50:01 UTC 2013
>Number: 182492
>Category: ports
>Synopsis: Upgrade logstash to version 1.2.1 and add some sample conf tweak
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Sun Sep 29 17:50:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator: Regis A. Despres
>Release: FreeBSD 9.1-RELEASE amd64
>Organization:
>Environment:
System: FreeBSD fbsd-test 9.1-RELEASE FreeBSD 9.1-RELEASE #0 r243825: Tue Dec 4 09:23:10 UTC 2012 root at farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64
>Description:
- Upgrade to version 1.2.1 see https://github.com/logstash/logstash/blob/master/CHANGELOG. Thanks to Daniel's inputs
- Removed not needed backend option from logsatsh_args.
- Moved logstash_log_options to the right place from logsatsh_args.
- Moved logdir declaration before it is used. Thanks to Daniel's input
- Changed logstash config sample in order to default to a working IRL BSD syslog to elasticsearch example
>How-To-Repeat:
N//A
>Fix:
Patch attached :
--- logstash.head.diff begins here ---
Index: Makefile
===================================================================
--- Makefile (revision 328708)
+++ Makefile (working copy)
@@ -2,10 +2,10 @@
# $FreeBSD$
PORTNAME= logstash
-PORTVERSION= 1.1.13
+PORTVERSION= 1.2.1
CATEGORIES= sysutils java
MASTER_SITES= https://logstash.objects.dreamhost.com/release/ \
- http://semicomplete.com/files/logstash/
+ https://download.elasticsearch.org/logstash/logstash/
DISTNAME= ${PORTNAME}-${PORTVERSION}-flatjar
EXTRACT_SUFX= .jar
EXTRACT_ONLY=
Index: distinfo
===================================================================
--- distinfo (revision 328708)
+++ distinfo (working copy)
@@ -1,2 +1,2 @@
-SHA256 (logstash-1.1.13-flatjar.jar) = 5ba0639ff4da064c2a4f6a04bd7006b1997a6573859d3691e210b6855e1e47f1
-SIZE (logstash-1.1.13-flatjar.jar) = 69485313
+SHA256 (logstash-1.2.1-flatjar.jar) = d0b8a56fb1aa71d54c2bab71709d900b359fdf8c6d7d6ff15578423a0d86ee23
+SIZE (logstash-1.2.1-flatjar.jar) = 81648562
Index: files/logstash.conf.sample
===================================================================
--- files/logstash.conf.sample (revision 328708)
+++ files/logstash.conf.sample (working copy)
@@ -1,27 +1,42 @@
input {
- file {
- type => "system logs"
- # # Wildcards work, here :)
- # path => [ "/var/log/*.log", "/var/log/messages", "/var/log/syslog" ]
- path => [ "/var/log/messages" ]
+ file {
+ type => "syslog"
+ # # Wildcards work, here :)
+ # path => [ "/var/log/*.log", "/var/log/messages", "/var/log/syslog" ]
+ path => "/var/log/mesages"
+ start_position => "beginning"
+ }
+}
+
+filter {
+ if [type] == "syslog" {
+ grok {
+ match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} (%{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}|%{GREEDYDATA:syslog_message})" }
+ add_field => [ "received_at", "%{@timestamp}" ]
+ add_field => [ "received_from", "%{@source_host}" ]
+ }
+
+ if !("_grokparsefailure" in [tags]) {
+ mutate {
+ replace => [ "@source_host", "%{syslog_hostname}" ]
+ replace => [ "@message", "%{syslog_message}" ]
+ }
+ }
+ mutate {
+ remove_field => [ "syslog_hostname", "syslog_message" ]
+ }
+ date {
+ match => [ "syslog_timestamp","MMM d HH:mm:ss", "MMM dd HH:mm:ss", "ISO8601" ]
+ }
+ syslog_pri { }
}
-
- #file {
- # type => "Hudson-access"
- # path => "/var/log/www/hudson.ish.com.au-access_log"
- #}
-
- #file {
- # type => "Syslog"
- # path => "/var/log/messages"
- #}
}
output {
# Emit events to stdout for easy debugging of what is going through
# logstash.
- #stdout { }
+ #stdout { debug => "true" }
# This will use elasticsearch to store your logs.
# The 'embedded' option will cause logstash to run the elasticsearch
Index: files/logstash.in
===================================================================
--- files/logstash.in (revision 328708)
+++ files/logstash.in (working copy)
@@ -33,6 +33,8 @@
load_rc_config ${name}
+logdir="/var/log"
+
: ${logstash_enable="NO"}
: ${logstash_home="%%LOGSTASH_HOME%%"}
: ${logstash_config="%%PREFIX%%/etc/${name}/${name}.conf"}
@@ -52,7 +54,6 @@
mkdir -p $piddir
fi
-logdir="/var/log"
command="/usr/sbin/daemon"
java_cmd="${logstash_java_home}/bin/java"
@@ -67,12 +68,12 @@
fi
if [ ${logstash_mode} = "standalone" ]; then
- logstash_args="agent -f ${logstash_config} -- web --port ${logstash_port} --backend elasticsearch:///?local ${logstash_log_options}"
+ logstash_args="agent -f ${logstash_config} ${logstash_log_options} -- web --port ${logstash_port}"
logstash_elastic_options="-Des.path.data=${logstash_elastic_datadir}"
elif [ ${logstash_mode} = "agent" ]; then
logstash_args="agent -f ${logstash_config} ${logstash_log_options}"
elif [ ${logstash_mode} = "web" ]; then
- logstash_args="web --port ${logstash_port} --backend elasticsearch://${logstash_elastic_backend}/ ${logstash_log_options}"
+ logstash_args="web --port ${logstash_port} ${logstash_log_options}"
fi
command_args="-f -p ${pidfile} ${java_cmd} ${logstash_elastic_options} -jar ${logstash_jar} ${logstash_args}"
--- logstash.head.diff ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list