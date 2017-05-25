bunyan-lumberjack is a stream for Bunyan which takes in Bunyan logs and writes the results to Logstash via the lumberjack protocol (used by logstash-forwarder).
There are alternatives to this package if you don't need/want encryption:
npm install --save bunyan-lumberjack
See below for a complete end-to-end setup, but the basics are:
var bunyanLumberjackStream = require('bunyan-lumberjack');
var log = bunyan.createLogger({
name: "myLog",
streams: [{
level: 'info',
type: 'raw',
stream: bunyanLumberjackStream({
tlsOptions: {host: 'logstash.mycorp.com', port: 5000},
lumberjackOptions: {
allowDrop: function(logEntry) {
// If we have to drop logs, drop INFO level logs and lower - keep errors.
return logEntry.level <= bunyan.INFO
}
},
metadata:{beat:"example",type:"default"}
})
}]
});
You can pass anything here that you would normally pass to
tls.connect(). You probably
want to pass
host,
port, and if you're using a self-signed certificate,
ca. See the
the tutorial for a
concrete example.
If you're having problems connecting, have a look at the lumberjack-proto troubleshooting section.
Any option that can be passed to lumberjack-proto
can be passed here. If unspecified, this defaults to
{unref: true}.
Note that
lumberjackOptions.allowDrop is passed a lumberjack data frame; this will have a
line field, which is the JSON string to be sent to logstash, a
host field, and a
bunyanLevel field.
An array of tags to use in the logstash log entry. Defaults to
['bunyan'].
The name to use for the application in the
source field. Defaults to
process.title.
If specified, will be added to the entry before being sent to logstash. Defaults to 'json'.
If specified, will be added to the entry before being sent to logstash. Can be used for extra parameters that will stay within logstash (logstash will not forward these to elasticsearch). Defaults to empty object.
This explains how to set up logstash and bunyan-lumberjack to work together. This assumes you have a working logstash server up and running.
First, we need a certificate and private key on the logstash server. You can generate a self-signed certificate:
$ sudo mkdir -p /etc/logstash/ssl
$ sudo openssl req -new -nodes -x509 \
-subj "/C=CA/ST=Onatrio/L=Ottawa/O=IT/CN=logstash.mycompany.com" \
-days 3650 -keyout /etc/logstash/ssl/lumberjack.key \
-out /etc/logstash/ssl/lumberjack.crt -extensions v3_ca
$ sudo chmod 700 /etc/logstash/ssl/lumberjack.key
Note that the
CN above MUST be the host name you pass to
bunyan-lumberjack via
tlsOptions.host or else
bunyan-lumberjack will not be able to connect. You can't use an IP
here. See the
lumberjack-proto troubleshooting section
for more details and workarounds.
If your logstash server is not running as root, make sure it has read access to lumberjack.key (but this is a secret key, so try to limit who has access to it.)
Also note that while a self-signed certificate is usually not trustworthy, here it will be because we're going to copy the self-signed certificate to the client - the client won't connect to just any self-signed certificate.
The simple way to do this is to add this to the
input section of logstash.conf:
lumberjack {
codec => json
port => 5000
ssl_certificate => "/etc/logstash/ssl/logstash.crt"
ssl_key => "/etc/logstash/ssl/logstash.key"
}
Here the
codec must be set to
json to work correctly with
bunyan-lumberjack.
Alternatively, by default bunyan-lumberjack will set the
type to 'json', so if you want to be
able to share a single lumberjack input for multiple different types of logs:
input {
lumberjack {
port => 5000
ssl_certificate => "/opt/ssl/logstash.crt"
ssl_key => "/opt/ssl/logstash.key"
}
}
filter {
if [type] == "json" {
json {
source => "message"
}
}
if [type] == "syslog" {
grok {
match => { "message" => "%{SYSLOGLINE}" }
}
}
# Other filters go here...
}
On the client side, we need a copy of the
logstash.crt file we just created, then:
var fs = require('fs');
var bunyan = require('bunyan');
var bunyanLumberjackStream = require('bunyan-lumberjack');
outStream = bunyanLumberjackStream({
tlsOptions: {
host: 'logstash.mycorp.com',
port: 5000,
ca: [fs.readFileSync('path/to/logstash.crt', {encoding: 'utf-8'})]
},
metadata:{beat:"lowercase-name",type:"default"}
});
outStream.on('connect', function() {
console.log("Connected!");
});
outStream.on('dropped', function(count) {
console.log("ERROR: Dropped " + count + " messages!");
});
outStream.on('disconnect', function(err) {
console.log("WARN : Disconnected", err);
});
var log = bunyan.createLogger({
name: "myLog",
streams: [{level: 'info', type: 'raw', stream: outStream}]
});
log.info("This should work!");
log.info({_md:{type:"custom"}},"Item-based custom metadata!");