line |
stmt |
bran |
cond |
sub |
pod |
time |
code |
1
|
|
|
|
|
|
|
package Log::Saftpresse::Input::RELP; |
2
|
|
|
|
|
|
|
|
3
|
1
|
|
|
1
|
|
1664
|
use Moose; |
|
1
|
|
|
|
|
2
|
|
|
1
|
|
|
|
|
9
|
|
4
|
|
|
|
|
|
|
|
5
|
1
|
|
|
1
|
|
5380
|
use Log::Saftpresse::Log4perl; |
|
1
|
|
|
|
|
2
|
|
|
1
|
|
|
|
|
153
|
|
6
|
|
|
|
|
|
|
|
7
|
|
|
|
|
|
|
# ABSTRACT: RELP server input plugin for saftpresse |
8
|
|
|
|
|
|
|
our $VERSION = '1.6'; # VERSION |
9
|
|
|
|
|
|
|
|
10
|
|
|
|
|
|
|
|
11
|
|
|
|
|
|
|
extends 'Log::Saftpresse::Input::Server'; |
12
|
|
|
|
|
|
|
|
13
|
1
|
|
|
1
|
|
596
|
use Log::Saftpresse::Input::RELP::Frame; |
|
1
|
|
|
|
|
4
|
|
|
1
|
|
|
|
|
45
|
|
14
|
1
|
|
|
1
|
|
598
|
use Log::Saftpresse::Input::RELP::RSP; |
|
1
|
|
|
|
|
3
|
|
|
1
|
|
|
|
|
46
|
|
15
|
1
|
|
|
1
|
|
8
|
use Time::Piece; |
|
1
|
|
|
|
|
1
|
|
|
1
|
|
|
|
|
11
|
|
16
|
|
|
|
|
|
|
|
17
|
|
|
|
|
|
|
sub handle_data { |
18
|
0
|
|
|
0
|
0
|
|
my ( $self, $conn ) = @_; |
19
|
0
|
|
|
|
|
|
my @events; |
20
|
0
|
|
|
|
|
|
while( defined( my $frame = $self->_read_frame($conn) ) ) { |
21
|
0
|
0
|
|
|
|
|
if( $frame->command eq 'open' ) { |
|
|
0
|
|
|
|
|
|
|
|
0
|
|
|
|
|
|
22
|
0
|
|
|
|
|
|
$self->cmd_open( $conn, $frame ); |
23
|
|
|
|
|
|
|
} elsif( $frame->command eq 'close' ) { |
24
|
0
|
|
|
|
|
|
$self->cmd_close( $conn, $frame ); |
25
|
|
|
|
|
|
|
} elsif( $frame->command eq 'syslog' ) { |
26
|
0
|
|
|
|
|
|
my $data = $self->cmd_syslog( $conn, $frame ); |
27
|
0
|
0
|
|
|
|
|
if( defined $data ) { |
28
|
0
|
|
|
|
|
|
push( @events, { message => $data } ); |
29
|
|
|
|
|
|
|
} |
30
|
|
|
|
|
|
|
} |
31
|
|
|
|
|
|
|
} |
32
|
0
|
|
|
|
|
|
return @events; |
33
|
|
|
|
|
|
|
} |
34
|
|
|
|
|
|
|
|
35
|
|
|
|
|
|
|
sub cmd_open { |
36
|
0
|
|
|
0
|
0
|
|
my ( $self, $conn, $frame ) = @_; |
37
|
0
|
|
|
|
|
|
my $resp; |
38
|
|
|
|
|
|
|
|
39
|
0
|
|
|
|
|
|
$log->debug('client announced: '.$frame->data); |
40
|
|
|
|
|
|
|
|
41
|
0
|
0
|
|
|
|
|
if( $frame->data =~ /^relp_version=0/ ) { |
42
|
0
|
|
|
|
|
|
$resp = Log::Saftpresse::Input::RELP::Frame->new_next_frame( |
43
|
|
|
|
|
|
|
$frame, |
44
|
|
|
|
|
|
|
command => 'rsp', |
45
|
|
|
|
|
|
|
data => Log::Saftpresse::Input::RELP::RSP->new( |
46
|
|
|
|
|
|
|
code => 200, |
47
|
|
|
|
|
|
|
message => 'OK', |
48
|
|
|
|
|
|
|
data => "relp_version=0\nrelp_software=saftpresse\ncommands=open,close,syslog", |
49
|
|
|
|
|
|
|
)->as_string, |
50
|
|
|
|
|
|
|
); |
51
|
|
|
|
|
|
|
} else { |
52
|
0
|
|
|
|
|
|
$resp = Log::Saftpresse::Input::RELP::Frame->new_next_frame( |
53
|
|
|
|
|
|
|
$frame, |
54
|
|
|
|
|
|
|
command => 'rsp', |
55
|
|
|
|
|
|
|
data => Log::Saftpresse::Input::RELP::RSP->new( |
56
|
|
|
|
|
|
|
code => 500, |
57
|
|
|
|
|
|
|
message => 'unsupported protocol version', |
58
|
|
|
|
|
|
|
)->as_string, |
59
|
|
|
|
|
|
|
); |
60
|
0
|
|
|
|
|
|
$log->error('client uses unsupported RELP protocol version'); |
61
|
|
|
|
|
|
|
} |
62
|
|
|
|
|
|
|
|
63
|
0
|
|
|
|
|
|
$conn->print( $resp->as_string ); |
64
|
|
|
|
|
|
|
|
65
|
0
|
|
|
|
|
|
return; |
66
|
|
|
|
|
|
|
} |
67
|
|
|
|
|
|
|
|
68
|
|
|
|
|
|
|
sub cmd_close { |
69
|
0
|
|
|
0
|
0
|
|
my ( $self, $conn, $frame ) = @_; |
70
|
0
|
|
|
|
|
|
my $resp; |
71
|
|
|
|
|
|
|
|
72
|
0
|
|
|
|
|
|
$log->info('peer '.$conn->peerhost.':'.$conn->peerport.' intialized connection shutdown'); |
73
|
0
|
|
|
|
|
|
$resp = Log::Saftpresse::Input::RELP::Frame->new_next_frame( |
74
|
|
|
|
|
|
|
$frame, |
75
|
|
|
|
|
|
|
command => 'rsp', |
76
|
|
|
|
|
|
|
data => Log::Saftpresse::Input::RELP::RSP->new( |
77
|
|
|
|
|
|
|
code => 200, |
78
|
|
|
|
|
|
|
message => 'OK', |
79
|
|
|
|
|
|
|
)->as_string, |
80
|
|
|
|
|
|
|
); |
81
|
0
|
|
|
|
|
|
$conn->print( $resp->as_string ); |
82
|
0
|
|
|
|
|
|
$self->shutdown_connection( $conn ); |
83
|
|
|
|
|
|
|
|
84
|
0
|
|
|
|
|
|
return; |
85
|
|
|
|
|
|
|
} |
86
|
|
|
|
|
|
|
|
87
|
|
|
|
|
|
|
sub cmd_syslog { |
88
|
0
|
|
|
0
|
0
|
|
my ( $self, $conn, $frame ) = @_; |
89
|
0
|
|
|
|
|
|
my $resp; |
90
|
|
|
|
|
|
|
|
91
|
0
|
|
|
|
|
|
$resp = Log::Saftpresse::Input::RELP::Frame->new_next_frame( |
92
|
|
|
|
|
|
|
$frame, |
93
|
|
|
|
|
|
|
command => 'rsp', |
94
|
|
|
|
|
|
|
data => Log::Saftpresse::Input::RELP::RSP->new( |
95
|
|
|
|
|
|
|
code => 200, |
96
|
|
|
|
|
|
|
message => 'OK', |
97
|
|
|
|
|
|
|
)->as_string, |
98
|
|
|
|
|
|
|
); |
99
|
0
|
|
|
|
|
|
$conn->print( $resp->as_string ); |
100
|
|
|
|
|
|
|
|
101
|
0
|
|
|
|
|
|
return $frame->data; |
102
|
|
|
|
|
|
|
} |
103
|
|
|
|
|
|
|
|
104
|
|
|
|
|
|
|
sub _read_frame { |
105
|
0
|
|
|
0
|
|
|
my ( $self, $conn ) = @_; |
106
|
0
|
|
|
|
|
|
my $frame; |
107
|
|
|
|
|
|
|
|
108
|
0
|
|
|
|
|
|
$frame = Log::Saftpresse::Input::RELP::Frame->new_from_fh($conn); |
109
|
|
|
|
|
|
|
|
110
|
0
|
|
|
|
|
|
return( $frame ); |
111
|
|
|
|
|
|
|
} |
112
|
|
|
|
|
|
|
|
113
|
|
|
|
|
|
|
1; |
114
|
|
|
|
|
|
|
|
115
|
|
|
|
|
|
|
__END__ |
116
|
|
|
|
|
|
|
|
117
|
|
|
|
|
|
|
=pod |
118
|
|
|
|
|
|
|
|
119
|
|
|
|
|
|
|
=encoding UTF-8 |
120
|
|
|
|
|
|
|
|
121
|
|
|
|
|
|
|
=head1 NAME |
122
|
|
|
|
|
|
|
|
123
|
|
|
|
|
|
|
Log::Saftpresse::Input::RELP - RELP server input plugin for saftpresse |
124
|
|
|
|
|
|
|
|
125
|
|
|
|
|
|
|
=head1 VERSION |
126
|
|
|
|
|
|
|
|
127
|
|
|
|
|
|
|
version 1.6 |
128
|
|
|
|
|
|
|
|
129
|
|
|
|
|
|
|
=head1 Description |
130
|
|
|
|
|
|
|
|
131
|
|
|
|
|
|
|
This plugin is a network input implementing the RELP protocol. |
132
|
|
|
|
|
|
|
|
133
|
|
|
|
|
|
|
RELP is the Reliable Event Logging Protocol: |
134
|
|
|
|
|
|
|
|
135
|
|
|
|
|
|
|
http://www.rsyslog.com/doc/relp.html |
136
|
|
|
|
|
|
|
|
137
|
|
|
|
|
|
|
=head2 Synopsis |
138
|
|
|
|
|
|
|
|
139
|
|
|
|
|
|
|
To send events from rsyslog to saftpresse configure rsyslog: |
140
|
|
|
|
|
|
|
|
141
|
|
|
|
|
|
|
$ModLoad omrelp |
142
|
|
|
|
|
|
|
*.* :omrelp:localhost:20514;RSYSLOG_ForwardFormat |
143
|
|
|
|
|
|
|
|
144
|
|
|
|
|
|
|
You should also configure a queue to avoid loosing of events when |
145
|
|
|
|
|
|
|
saftpresse is not running. For more information read: |
146
|
|
|
|
|
|
|
|
147
|
|
|
|
|
|
|
http://www.rsyslog.com/doc/rsyslog_reliable_forwarding.html |
148
|
|
|
|
|
|
|
|
149
|
|
|
|
|
|
|
In saftpresse configuration: |
150
|
|
|
|
|
|
|
|
151
|
|
|
|
|
|
|
# relp network server |
152
|
|
|
|
|
|
|
<Input rsyslog-input> |
153
|
|
|
|
|
|
|
module = "RELP" |
154
|
|
|
|
|
|
|
proto = "tcp" |
155
|
|
|
|
|
|
|
port = 20514 |
156
|
|
|
|
|
|
|
listen = "127.0.0.1" |
157
|
|
|
|
|
|
|
</Input> |
158
|
|
|
|
|
|
|
|
159
|
|
|
|
|
|
|
# decode syslog format |
160
|
|
|
|
|
|
|
<Plugin syslog> |
161
|
|
|
|
|
|
|
module = "Syslog" |
162
|
|
|
|
|
|
|
</Plugin> |
163
|
|
|
|
|
|
|
|
164
|
|
|
|
|
|
|
=head1 Input Format |
165
|
|
|
|
|
|
|
|
166
|
|
|
|
|
|
|
This plugin will output an event for each recieved line with only the field |
167
|
|
|
|
|
|
|
|
168
|
|
|
|
|
|
|
=over |
169
|
|
|
|
|
|
|
|
170
|
|
|
|
|
|
|
=item message |
171
|
|
|
|
|
|
|
|
172
|
|
|
|
|
|
|
The line recieved. |
173
|
|
|
|
|
|
|
|
174
|
|
|
|
|
|
|
=back |
175
|
|
|
|
|
|
|
|
176
|
|
|
|
|
|
|
Use a plugin to decode the content of the line. |
177
|
|
|
|
|
|
|
|
178
|
|
|
|
|
|
|
For example the Syslog plugin could be used to decode the syslog line format. |
179
|
|
|
|
|
|
|
|
180
|
|
|
|
|
|
|
=head1 AUTHOR |
181
|
|
|
|
|
|
|
|
182
|
|
|
|
|
|
|
Markus Benning <ich@markusbenning.de> |
183
|
|
|
|
|
|
|
|
184
|
|
|
|
|
|
|
=head1 COPYRIGHT AND LICENSE |
185
|
|
|
|
|
|
|
|
186
|
|
|
|
|
|
|
This software is Copyright (c) 1998 by James S. Seymour, 2015 by Markus Benning. |
187
|
|
|
|
|
|
|
|
188
|
|
|
|
|
|
|
This is free software, licensed under: |
189
|
|
|
|
|
|
|
|
190
|
|
|
|
|
|
|
The GNU General Public License, Version 2, June 1991 |
191
|
|
|
|
|
|
|
|
192
|
|
|
|
|
|
|
=cut |