SlideShare ist ein Scribd-Unternehmen logo

Writing External Rsyslog Plugins

Rainer Gerhards
Rainer Gerhards

Want to make rsyslog talk to some not-yet-supported output? With v8 it's extremly simple.This presentation contains everything you need to know about writing great plugins in ANY language (like perl or pyton).

TechnologieKunst & Fotos
1 von 13
Writing external output plugins for rsyslog Rainer Gerhards
Output plugins in rsyslog • Output plugins permit to connect to a variety of log destinations • Pre-v8, plugins needed to be internal modules ▫ Loaded into rsyslog process space ▫ Must be written in C (or link to it) ▫ Deeply tied into rsyslog infrastructure • with v8, we officially support external plugins ▫ Written in any language (Python, Perl, Java, ...) ▫ Have their own process ▫ Relatively de-coupled Rainer Gerhards, http://blog.gerhards.net
Interface Overview process border Internal plugin rsyslog core engine perl plugin external plugin connector python plugin Rainer Gerhards, http://blog.gerhards.net
External Interface Design Goals • Keep it stupid simple ▫ Must support almost any language ▫ Dumb easy to use even for novice programmer ▫ Do not require explicit threading • Speed is NOT the most important goal ▫ Don't make it unnecessarily slow ▫ Many real-world log destinations are slow in any case (like when you connect via http...) ▫ Focus on “enable to build solution” ▫ If necessary, conversion to internal module can be done later Rainer Gerhards, http://blog.gerhards.net
Interface Details: communication • use pipes • stdin ▫ one message per line ▫ format can be customized via rsyslog templates ▫ multi-line messags via JSON • stdout/stderr ▫ Must NOT be written in initial version ▫ Will later convey back state information via plain text (e.g. “ERR”, “ERRMSG:xxx”, ...) • JSON as input format is recommended Rainer Gerhards, http://blog.gerhards.net
Interface Details: Threading • Do NOT care about threading • Write app according to single-thread paradigm • rsyslog will spawn multiple instances of your plugin if there is need to do so ▫ ▫ ▫ ▫ Happens based on config in busy cases Works well in most cases (e.g. http connects) Can be disabled if necessary If your program can run in multiple ter-minal sessions concurrently, it can also be run as multiple rsyslog action instances. Rainer Gerhards, http://blog.gerhards.net
Startup & Termination • • • • • • rsyslog will startup the plugin automatically Plugin needs to read stdin until EOF Do NOT terminate before EOF is reached On EOF, cleanup and terminate If the plugin dies, rsyslog restarts a new instance Some signals (like sigint) are blocked and should remain so Rainer Gerhards, http://blog.gerhards.net
Skeletons • The rsyslog project provides sample plugin skeletons • Available in ./plugins/external/skeletons • These contain ▫ the necessary plumbing ▫ often a kind of abstraction layer to make writing plugins even easier ▫ often performance-enhancement features • Can simply be copied to create your own plugins, don't care about the (minimal) plumbing! Rainer Gerhards, http://blog.gerhards.net
Example: Python Skeleton • Handles all interface plumbing • Uses “eventHandlers” to call the acutal app coding • Is used as a basis, for example, for the Solr output plugin • Available at https://github.com/rsyslog/rsyslog/blob/master/plugin Rainer Gerhards, http://blog.gerhards.net
onInit() Handler • Called when the plugin is initially loaded • Ready outbound connections, files, etc... def onInit(): """ Do everything that is needed to initialize processing (e.g. open files, create handles, connect to systems...) """ global outfile outfile = open("/tmp/logfile", "w") Rainer Gerhards, http://blog.gerhards.net
onReceive() • Called when new messages arrive • Receives one or more message via Python list object --> e.g. place them into one transaction, HTTP request, ... def onReceive(msgs): """This is the entry point where actual work needs to be done. It receives a list with all messages pulled from rsyslog. The list is of variable length, but contains all messages that are currently available. It is suggest NOT to use any further buffering, as we do not know when the next message will arrive. It may be in a nanosecond from now, but it may also be in three hours... """ global outfile for msg in msgs: outfile.write(msg) Rainer Gerhards, http://blog.gerhards.net
onExit() • Called immediately before the plugin terminates • Gurantees that no more messages arrive • Used to cleanup connections, write some final records, ... def onExit(): """ Do everything that is needed to finish processing (e.g. close files, handles, disconnect from systems...). This is being called immediately before exiting. """ global outfile outfile.close() Rainer Gerhards, http://blog.gerhards.net
Call to Action • If you need to send logs to a destination that is not yet supported, you can quickly write an external plugin – in any language you know! • Writing rsyslog plugins is easy ▫ If there is already a skeleton for your language, copy it and add your app-specific code ▫ If not ... no problem, the interface is dumb easy If you can write a script that reads stdin and does something useful with it, you can also write a rsyslog plugin! Rainer Gerhards, http://blog.gerhards.net

Empfohlen

Using Wildcards with rsyslog's File Monitor imfile
Using Wildcards with rsyslog's File Monitor imfileUsing Wildcards with rsyslog's File Monitor imfile
Using Wildcards with rsyslog's File Monitor imfileRainer Gerhards
 
HTTP/2の現状とこれから
HTTP/2の現状とこれからHTTP/2の現状とこれから
HTTP/2の現状とこれからshigeki_ohtsu
 
REST API に疲れたあなたへ贈る GraphQL 入門
REST API に疲れたあなたへ贈る GraphQL 入門REST API に疲れたあなたへ贈る GraphQL 入門
REST API に疲れたあなたへ贈る GraphQL 入門Keisuke Tsukagoshi
 
Intel 82599 10GbE Controllerで遊ぼう
Intel 82599 10GbE Controllerで遊ぼうIntel 82599 10GbE Controllerで遊ぼう
Intel 82599 10GbE Controllerで遊ぼうTakuya ASADA
 
MQTTとAMQPと.NET
MQTTとAMQPと.NETMQTTとAMQPと.NET
MQTTとAMQPと.NETterurou
 
ライセンスを理解してますか?知っておきたいWordPressとGPLライセンス
ライセンスを理解してますか?知っておきたいWordPressとGPLライセンスライセンスを理解してますか?知っておきたいWordPressとGPLライセンス
ライセンスを理解してますか?知っておきたいWordPressとGPLライセンスJun Nogata
 
KeycloakでAPI認可に入門する
KeycloakでAPI認可に入門するKeycloakでAPI認可に入門する
KeycloakでAPI認可に入門するHitachi, Ltd. OSS Solution Center.
 
Git 版本控制系統 -- 從微觀到宏觀
Git 版本控制系統 -- 從微觀到宏觀Git 版本控制系統 -- 從微觀到宏觀
Git 版本控制系統 -- 從微觀到宏觀Wen-Tien Chang
 

Empfohlen

Using Wildcards with rsyslog's File Monitor imfile
Using Wildcards with rsyslog's File Monitor imfileUsing Wildcards with rsyslog's File Monitor imfile
Using Wildcards with rsyslog's File Monitor imfileRainer Gerhards
 
HTTP/2の現状とこれから
HTTP/2の現状とこれからHTTP/2の現状とこれから
HTTP/2の現状とこれからshigeki_ohtsu
 
REST API に疲れたあなたへ贈る GraphQL 入門
REST API に疲れたあなたへ贈る GraphQL 入門REST API に疲れたあなたへ贈る GraphQL 入門
REST API に疲れたあなたへ贈る GraphQL 入門Keisuke Tsukagoshi
 
Intel 82599 10GbE Controllerで遊ぼう
Intel 82599 10GbE Controllerで遊ぼうIntel 82599 10GbE Controllerで遊ぼう
Intel 82599 10GbE Controllerで遊ぼうTakuya ASADA
 
MQTTとAMQPと.NET
MQTTとAMQPと.NETMQTTとAMQPと.NET
MQTTとAMQPと.NETterurou
 
ライセンスを理解してますか?知っておきたいWordPressとGPLライセンス
ライセンスを理解してますか?知っておきたいWordPressとGPLライセンスライセンスを理解してますか?知っておきたいWordPressとGPLライセンス
ライセンスを理解してますか?知っておきたいWordPressとGPLライセンスJun Nogata
 
KeycloakでAPI認可に入門する
KeycloakでAPI認可に入門するKeycloakでAPI認可に入門する
KeycloakでAPI認可に入門するHitachi, Ltd. OSS Solution Center.
 
Git 版本控制系統 -- 從微觀到宏觀
Git 版本控制系統 -- 從微觀到宏觀Git 版本控制系統 -- 從微觀到宏觀
Git 版本控制系統 -- 從微觀到宏觀Wen-Tien Chang
 
Rsyslog log normalization
Rsyslog log normalizationRsyslog log normalization
Rsyslog log normalizationRainer Gerhards
 
工程師必備第一工具 - Git
工程師必備第一工具 - Git工程師必備第一工具 - Git
工程師必備第一工具 - GitAlan Tsai
 
내가써본 nGrinder-SpringCamp 2015
내가써본 nGrinder-SpringCamp 2015내가써본 nGrinder-SpringCamp 2015
내가써본 nGrinder-SpringCamp 2015Lim SungHyun
 
Introducing GitLab (June 2018)
Introducing GitLab (June 2018)Introducing GitLab (June 2018)
Introducing GitLab (June 2018)Noa Harel
 
Binderのはじめの一歩とAndroid
Binderのはじめの一歩とAndroidBinderのはじめの一歩とAndroid
Binderのはじめの一歩とAndroidl_b__
 
PostgreSQL運用管理入門
PostgreSQL運用管理入門PostgreSQL運用管理入門
PostgreSQL運用管理入門Yoshiyuki Asaba
 
Ninja Build: Simple Guide for Beginners
Ninja Build: Simple Guide for BeginnersNinja Build: Simple Guide for Beginners
Ninja Build: Simple Guide for BeginnersChang W. Doh
 
TIP1 - Overview of C/C++ Debugging/Tracing/Profiling Tools
TIP1 - Overview of C/C++ Debugging/Tracing/Profiling ToolsTIP1 - Overview of C/C++ Debugging/Tracing/Profiling Tools
TIP1 - Overview of C/C++ Debugging/Tracing/Profiling ToolsXiaozhe Wang
 
4. linux file systems
4. linux file systems4. linux file systems
4. linux file systemsMarian Marinov
 
Android起動周りのノウハウ
Android起動周りのノウハウAndroid起動周りのノウハウ
Android起動周りのノウハウchancelab
 
Linux Kernel vs DPDK: HTTP Performance Showdown
Linux Kernel vs DPDK: HTTP Performance ShowdownLinux Kernel vs DPDK: HTTP Performance Showdown
Linux Kernel vs DPDK: HTTP Performance ShowdownScyllaDB
 
SSH力をつかおう
SSH力をつかおうSSH力をつかおう
SSH力をつかおう(^-^) togakushi
 
Kibanaでsysstatを可視化する
Kibanaでsysstatを可視化するKibanaでsysstatを可視化する
Kibanaでsysstatを可視化するKensuke Maeda
 
初心者向け負荷軽減のはなし
初心者向け負荷軽減のはなし初心者向け負荷軽減のはなし
初心者向け負荷軽減のはなしOonishi Takaaki
 
Scapyで作る・解析するパケット
Scapyで作る・解析するパケットScapyで作る・解析するパケット
Scapyで作る・解析するパケットTakaaki Hoyo
 
Javaトラブルに備えよう #jjug_ccc #ccc_h2
Javaトラブルに備えよう #jjug_ccc #ccc_h2Javaトラブルに備えよう #jjug_ccc #ccc_h2
Javaトラブルに備えよう #jjug_ccc #ccc_h2Norito Agetsuma
 
Ingressの概要とLoadBalancerとの比較
Ingressの概要とLoadBalancerとの比較Ingressの概要とLoadBalancerとの比較
Ingressの概要とLoadBalancerとの比較Mei Nakamura
 
本当は恐ろしい分散システムの話
本当は恐ろしい分散システムの話本当は恐ろしい分散システムの話
本当は恐ろしい分散システムの話Kumazaki Hiroki
 
Javaコードが速く実⾏される秘密 - JITコンパイラ⼊⾨(JJUG CCC 2020 Fall講演資料)
Javaコードが速く実⾏される秘密 - JITコンパイラ⼊⾨(JJUG CCC 2020 Fall講演資料)Javaコードが速く実⾏される秘密 - JITコンパイラ⼊⾨(JJUG CCC 2020 Fall講演資料)
Javaコードが速く実⾏される秘密 - JITコンパイラ⼊⾨(JJUG CCC 2020 Fall講演資料)NTT DATA Technology & Innovation
 
NginxとLuaを用いた動的なリバースプロキシでデプロイを 100 倍速くした
NginxとLuaを用いた動的なリバースプロキシでデプロイを 100 倍速くしたNginxとLuaを用いた動的なリバースプロキシでデプロイを 100 倍速くした
NginxとLuaを用いた動的なリバースプロキシでデプロイを 100 倍速くしたtoshi_pp
 
RSYSLOG v8 improvements and how to write plugins in any language.
RSYSLOG v8 improvements and how to write plugins in any language.RSYSLOG v8 improvements and how to write plugins in any language.
RSYSLOG v8 improvements and how to write plugins in any language.Rainer Gerhards
 
Fedora Developer's Conference 2014 Talk
Fedora Developer's Conference 2014 TalkFedora Developer's Conference 2014 Talk
Fedora Developer's Conference 2014 TalkRainer Gerhards
 

Weitere ähnliche Inhalte

Was ist angesagt?

Rsyslog log normalization
Rsyslog log normalizationRsyslog log normalization
Rsyslog log normalizationRainer Gerhards
 
工程師必備第一工具 - Git
工程師必備第一工具 - Git工程師必備第一工具 - Git
工程師必備第一工具 - GitAlan Tsai
 
내가써본 nGrinder-SpringCamp 2015
내가써본 nGrinder-SpringCamp 2015내가써본 nGrinder-SpringCamp 2015
내가써본 nGrinder-SpringCamp 2015Lim SungHyun
 
Introducing GitLab (June 2018)
Introducing GitLab (June 2018)Introducing GitLab (June 2018)
Introducing GitLab (June 2018)Noa Harel
 
Binderのはじめの一歩とAndroid
Binderのはじめの一歩とAndroidBinderのはじめの一歩とAndroid
Binderのはじめの一歩とAndroidl_b__
 
PostgreSQL運用管理入門
PostgreSQL運用管理入門PostgreSQL運用管理入門
PostgreSQL運用管理入門Yoshiyuki Asaba
 
Ninja Build: Simple Guide for Beginners
Ninja Build: Simple Guide for BeginnersNinja Build: Simple Guide for Beginners
Ninja Build: Simple Guide for BeginnersChang W. Doh
 
TIP1 - Overview of C/C++ Debugging/Tracing/Profiling Tools
TIP1 - Overview of C/C++ Debugging/Tracing/Profiling ToolsTIP1 - Overview of C/C++ Debugging/Tracing/Profiling Tools
TIP1 - Overview of C/C++ Debugging/Tracing/Profiling ToolsXiaozhe Wang
 
Android起動周りのノウハウ
Android起動周りのノウハウAndroid起動周りのノウハウ
Android起動周りのノウハウchancelab
 
Linux Kernel vs DPDK: HTTP Performance Showdown
Linux Kernel vs DPDK: HTTP Performance ShowdownLinux Kernel vs DPDK: HTTP Performance Showdown
Linux Kernel vs DPDK: HTTP Performance ShowdownScyllaDB
 
Kibanaでsysstatを可視化する
Kibanaでsysstatを可視化するKibanaでsysstatを可視化する
Kibanaでsysstatを可視化するKensuke Maeda
 
初心者向け負荷軽減のはなし
初心者向け負荷軽減のはなし初心者向け負荷軽減のはなし
初心者向け負荷軽減のはなしOonishi Takaaki
 
Scapyで作る・解析するパケット
Scapyで作る・解析するパケットScapyで作る・解析するパケット
Scapyで作る・解析するパケットTakaaki Hoyo
 
Javaトラブルに備えよう #jjug_ccc #ccc_h2
Javaトラブルに備えよう #jjug_ccc #ccc_h2Javaトラブルに備えよう #jjug_ccc #ccc_h2
Javaトラブルに備えよう #jjug_ccc #ccc_h2Norito Agetsuma
 
Ingressの概要とLoadBalancerとの比較
Ingressの概要とLoadBalancerとの比較Ingressの概要とLoadBalancerとの比較
Ingressの概要とLoadBalancerとの比較Mei Nakamura
 
本当は恐ろしい分散システムの話
本当は恐ろしい分散システムの話本当は恐ろしい分散システムの話
本当は恐ろしい分散システムの話Kumazaki Hiroki
 
Javaコードが速く実⾏される秘密 - JITコンパイラ⼊⾨(JJUG CCC 2020 Fall講演資料)
Javaコードが速く実⾏される秘密 - JITコンパイラ⼊⾨(JJUG CCC 2020 Fall講演資料)Javaコードが速く実⾏される秘密 - JITコンパイラ⼊⾨(JJUG CCC 2020 Fall講演資料)
Javaコードが速く実⾏される秘密 - JITコンパイラ⼊⾨(JJUG CCC 2020 Fall講演資料)NTT DATA Technology & Innovation
 
NginxとLuaを用いた動的なリバースプロキシでデプロイを 100 倍速くした
NginxとLuaを用いた動的なリバースプロキシでデプロイを 100 倍速くしたNginxとLuaを用いた動的なリバースプロキシでデプロイを 100 倍速くした
NginxとLuaを用いた動的なリバースプロキシでデプロイを 100 倍速くしたtoshi_pp
 

Was ist angesagt? (20)

Rsyslog log normalization
Rsyslog log normalizationRsyslog log normalization
Rsyslog log normalization
 
工程師必備第一工具 - Git
工程師必備第一工具 - Git工程師必備第一工具 - Git
工程師必備第一工具 - Git
 
내가써본 nGrinder-SpringCamp 2015
내가써본 nGrinder-SpringCamp 2015내가써본 nGrinder-SpringCamp 2015
내가써본 nGrinder-SpringCamp 2015
 
Introducing GitLab (June 2018)
Introducing GitLab (June 2018)Introducing GitLab (June 2018)
Introducing GitLab (June 2018)
 
Binderのはじめの一歩とAndroid
Binderのはじめの一歩とAndroidBinderのはじめの一歩とAndroid
Binderのはじめの一歩とAndroid
 
PostgreSQL運用管理入門
PostgreSQL運用管理入門PostgreSQL運用管理入門
PostgreSQL運用管理入門
 
Ninja Build: Simple Guide for Beginners
Ninja Build: Simple Guide for BeginnersNinja Build: Simple Guide for Beginners
Ninja Build: Simple Guide for Beginners
 
TIP1 - Overview of C/C++ Debugging/Tracing/Profiling Tools
TIP1 - Overview of C/C++ Debugging/Tracing/Profiling ToolsTIP1 - Overview of C/C++ Debugging/Tracing/Profiling Tools
TIP1 - Overview of C/C++ Debugging/Tracing/Profiling Tools
 
4. linux file systems
4. linux file systems4. linux file systems
4. linux file systems
 
Android起動周りのノウハウ
Android起動周りのノウハウAndroid起動周りのノウハウ
Android起動周りのノウハウ
 
Linux Kernel vs DPDK: HTTP Performance Showdown
Linux Kernel vs DPDK: HTTP Performance ShowdownLinux Kernel vs DPDK: HTTP Performance Showdown
Linux Kernel vs DPDK: HTTP Performance Showdown
 
SSH力をつかおう
SSH力をつかおうSSH力をつかおう
SSH力をつかおう
 
Kibanaでsysstatを可視化する
Kibanaでsysstatを可視化するKibanaでsysstatを可視化する
Kibanaでsysstatを可視化する
 
初心者向け負荷軽減のはなし
初心者向け負荷軽減のはなし初心者向け負荷軽減のはなし
初心者向け負荷軽減のはなし
 
Scapyで作る・解析するパケット
Scapyで作る・解析するパケットScapyで作る・解析するパケット
Scapyで作る・解析するパケット
 
Javaトラブルに備えよう #jjug_ccc #ccc_h2
Javaトラブルに備えよう #jjug_ccc #ccc_h2Javaトラブルに備えよう #jjug_ccc #ccc_h2
Javaトラブルに備えよう #jjug_ccc #ccc_h2
 
Ingressの概要とLoadBalancerとの比較
Ingressの概要とLoadBalancerとの比較Ingressの概要とLoadBalancerとの比較
Ingressの概要とLoadBalancerとの比較
 
本当は恐ろしい分散システムの話
本当は恐ろしい分散システムの話本当は恐ろしい分散システムの話
本当は恐ろしい分散システムの話
 
Javaコードが速く実⾏される秘密 - JITコンパイラ⼊⾨(JJUG CCC 2020 Fall講演資料)
Javaコードが速く実⾏される秘密 - JITコンパイラ⼊⾨(JJUG CCC 2020 Fall講演資料)Javaコードが速く実⾏される秘密 - JITコンパイラ⼊⾨(JJUG CCC 2020 Fall講演資料)
Javaコードが速く実⾏される秘密 - JITコンパイラ⼊⾨(JJUG CCC 2020 Fall講演資料)
 
NginxとLuaを用いた動的なリバースプロキシでデプロイを 100 倍速くした
NginxとLuaを用いた動的なリバースプロキシでデプロイを 100 倍速くしたNginxとLuaを用いた動的なリバースプロキシでデプロイを 100 倍速くした
NginxとLuaを用いた動的なリバースプロキシでデプロイを 100 倍速くした
 

Ähnlich wie Writing External Rsyslog Plugins

RSYSLOG v8 improvements and how to write plugins in any language.
RSYSLOG v8 improvements and how to write plugins in any language.RSYSLOG v8 improvements and how to write plugins in any language.
RSYSLOG v8 improvements and how to write plugins in any language.Rainer Gerhards
 
Fedora Developer's Conference 2014 Talk
Fedora Developer's Conference 2014 TalkFedora Developer's Conference 2014 Talk
Fedora Developer's Conference 2014 TalkRainer Gerhards
 
introduction to node.js
introduction to node.jsintroduction to node.js
introduction to node.jsorkaplan
 
My "Perfect" Toolchain Setup for Grails Projects
My "Perfect" Toolchain Setup for Grails ProjectsMy "Perfect" Toolchain Setup for Grails Projects
My "Perfect" Toolchain Setup for Grails ProjectsGR8Conf
 
Techtalks: taking docker to production
Techtalks: taking docker to productionTechtalks: taking docker to production
Techtalks: taking docker to productionmuayyad alsadi
 
Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With...
Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With...Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With...
Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With...Nagios
 
IT Operations for Web Developers
IT Operations for Web DevelopersIT Operations for Web Developers
IT Operations for Web DevelopersMahmoud Said
 
Deep Postgres Extensions in Rust | PGCon 2019 | Jeff Davis
Deep Postgres Extensions in Rust | PGCon 2019 | Jeff DavisDeep Postgres Extensions in Rust | PGCon 2019 | Jeff Davis
Deep Postgres Extensions in Rust | PGCon 2019 | Jeff DavisCitus Data
 
Warden @ Meet magento Romania 2021
Warden @ Meet magento Romania 2021Warden @ Meet magento Romania 2021
Warden @ Meet magento Romania 2021alinalexandru
 
Node.js 101 with Rami Sayar
Node.js 101 with Rami SayarNode.js 101 with Rami Sayar
Node.js 101 with Rami SayarFITC
 
Fluentd v1.0 in a nutshell
Fluentd v1.0 in a nutshellFluentd v1.0 in a nutshell
Fluentd v1.0 in a nutshellN Masahiro
 
Devoops: DoJ Annual Cybersecurity Training Symposium Edition 2015
Devoops: DoJ Annual Cybersecurity Training Symposium Edition 2015Devoops: DoJ Annual Cybersecurity Training Symposium Edition 2015
Devoops: DoJ Annual Cybersecurity Training Symposium Edition 2015Chris Gates
 
Gianluca Varisco - DevOoops (Increase awareness around DevOps infra security)
Gianluca Varisco - DevOoops (Increase awareness around DevOps infra security)Gianluca Varisco - DevOoops (Increase awareness around DevOps infra security)
Gianluca Varisco - DevOoops (Increase awareness around DevOps infra security)Codemotion
 
O365Con19 - Things I've Learned While Building a Product on SharePoint Modern...
O365Con19 - Things I've Learned While Building a Product on SharePoint Modern...O365Con19 - Things I've Learned While Building a Product on SharePoint Modern...
O365Con19 - Things I've Learned While Building a Product on SharePoint Modern...NCCOMMS
 
node.js 실무 - node js in practice by Jesang Yoon
node.js 실무 - node js in practice by Jesang Yoonnode.js 실무 - node js in practice by Jesang Yoon
node.js 실무 - node js in practice by Jesang YoonJesang Yoon
 

Ähnlich wie Writing External Rsyslog Plugins (20)

RSYSLOG v8 improvements and how to write plugins in any language.
RSYSLOG v8 improvements and how to write plugins in any language.RSYSLOG v8 improvements and how to write plugins in any language.
RSYSLOG v8 improvements and how to write plugins in any language.
 
Fedora Developer's Conference 2014 Talk
Fedora Developer's Conference 2014 TalkFedora Developer's Conference 2014 Talk
Fedora Developer's Conference 2014 Talk
 
rsyslog meets docker
rsyslog meets dockerrsyslog meets docker
rsyslog meets docker
 
introduction to node.js
introduction to node.jsintroduction to node.js
introduction to node.js
 
Ansible - A 'crowd' introduction
Ansible - A 'crowd' introductionAnsible - A 'crowd' introduction
Ansible - A 'crowd' introduction
 
My "Perfect" Toolchain Setup for Grails Projects
My "Perfect" Toolchain Setup for Grails ProjectsMy "Perfect" Toolchain Setup for Grails Projects
My "Perfect" Toolchain Setup for Grails Projects
 
JOSA TechTalk: Taking Docker to Production
JOSA TechTalk: Taking Docker to ProductionJOSA TechTalk: Taking Docker to Production
JOSA TechTalk: Taking Docker to Production
 
Techtalks: taking docker to production
Techtalks: taking docker to productionTechtalks: taking docker to production
Techtalks: taking docker to production
 
Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With...
Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With...Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With...
Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With...
 
IT Operations for Web Developers
IT Operations for Web DevelopersIT Operations for Web Developers
IT Operations for Web Developers
 
Demo 0.9.4
Demo 0.9.4Demo 0.9.4
Demo 0.9.4
 
Deep Postgres Extensions in Rust | PGCon 2019 | Jeff Davis
Deep Postgres Extensions in Rust | PGCon 2019 | Jeff DavisDeep Postgres Extensions in Rust | PGCon 2019 | Jeff Davis
Deep Postgres Extensions in Rust | PGCon 2019 | Jeff Davis
 
Logstash
LogstashLogstash
Logstash
 
Warden @ Meet magento Romania 2021
Warden @ Meet magento Romania 2021Warden @ Meet magento Romania 2021
Warden @ Meet magento Romania 2021
 
Node.js 101 with Rami Sayar
Node.js 101 with Rami SayarNode.js 101 with Rami Sayar
Node.js 101 with Rami Sayar
 
Fluentd v1.0 in a nutshell
Fluentd v1.0 in a nutshellFluentd v1.0 in a nutshell
Fluentd v1.0 in a nutshell
 
Devoops: DoJ Annual Cybersecurity Training Symposium Edition 2015
Devoops: DoJ Annual Cybersecurity Training Symposium Edition 2015Devoops: DoJ Annual Cybersecurity Training Symposium Edition 2015
Devoops: DoJ Annual Cybersecurity Training Symposium Edition 2015
 
Gianluca Varisco - DevOoops (Increase awareness around DevOps infra security)
Gianluca Varisco - DevOoops (Increase awareness around DevOps infra security)Gianluca Varisco - DevOoops (Increase awareness around DevOps infra security)
Gianluca Varisco - DevOoops (Increase awareness around DevOps infra security)
 
O365Con19 - Things I've Learned While Building a Product on SharePoint Modern...
O365Con19 - Things I've Learned While Building a Product on SharePoint Modern...O365Con19 - Things I've Learned While Building a Product on SharePoint Modern...
O365Con19 - Things I've Learned While Building a Product on SharePoint Modern...
 
node.js 실무 - node js in practice by Jesang Yoon
node.js 실무 - node js in practice by Jesang Yoonnode.js 실무 - node js in practice by Jesang Yoon
node.js 실무 - node js in practice by Jesang Yoon
 

Mehr von Rainer Gerhards

Sicherheit im Internet - Wie kann man sich schützen?
Sicherheit im Internet - Wie kann man sich schützen?Sicherheit im Internet - Wie kann man sich schützen?
Sicherheit im Internet - Wie kann man sich schützen?Rainer Gerhards
 
Rsyslog version naming (v8.6.0+)
Rsyslog version naming (v8.6.0+)Rsyslog version naming (v8.6.0+)
Rsyslog version naming (v8.6.0+)Rainer Gerhards
 
The rsyslog v8 engine (developer's view)
The rsyslog v8 engine (developer's view)The rsyslog v8 engine (developer's view)
The rsyslog v8 engine (developer's view)Rainer Gerhards
 
Wetterbeobachtung - Ein Vortrag für die Grundschule
Wetterbeobachtung - Ein Vortrag für die GrundschuleWetterbeobachtung - Ein Vortrag für die Grundschule
Wetterbeobachtung - Ein Vortrag für die GrundschuleRainer Gerhards
 
Rsyslog vs Systemd Journal Presentation
Rsyslog vs Systemd Journal PresentationRsyslog vs Systemd Journal Presentation
Rsyslog vs Systemd Journal PresentationRainer Gerhards
 
Rsyslog vs Systemd Journal (Paper)
Rsyslog vs Systemd Journal (Paper)Rsyslog vs Systemd Journal (Paper)
Rsyslog vs Systemd Journal (Paper)Rainer Gerhards
 
CEE Log Integrity and the "Counterpane Paper"
CEE Log Integrity and the "Counterpane Paper"CEE Log Integrity and the "Counterpane Paper"
CEE Log Integrity and the "Counterpane Paper"Rainer Gerhards
 
Status of syslog as of 2005
Status of syslog as of 2005Status of syslog as of 2005
Status of syslog as of 2005Rainer Gerhards
 
LogFile Auswertung (log analysis)
LogFile Auswertung (log analysis)LogFile Auswertung (log analysis)
LogFile Auswertung (log analysis)Rainer Gerhards
 

Mehr von Rainer Gerhards (10)

Sicherheit im Internet - Wie kann man sich schützen?
Sicherheit im Internet - Wie kann man sich schützen?Sicherheit im Internet - Wie kann man sich schützen?
Sicherheit im Internet - Wie kann man sich schützen?
 
Rsyslog version naming (v8.6.0+)
Rsyslog version naming (v8.6.0+)Rsyslog version naming (v8.6.0+)
Rsyslog version naming (v8.6.0+)
 
The rsyslog v8 engine (developer's view)
The rsyslog v8 engine (developer's view)The rsyslog v8 engine (developer's view)
The rsyslog v8 engine (developer's view)
 
Wetterbeobachtung - Ein Vortrag für die Grundschule
Wetterbeobachtung - Ein Vortrag für die GrundschuleWetterbeobachtung - Ein Vortrag für die Grundschule
Wetterbeobachtung - Ein Vortrag für die Grundschule
 
Rsyslog vs Systemd Journal Presentation
Rsyslog vs Systemd Journal PresentationRsyslog vs Systemd Journal Presentation
Rsyslog vs Systemd Journal Presentation
 
Rsyslog vs Systemd Journal (Paper)
Rsyslog vs Systemd Journal (Paper)Rsyslog vs Systemd Journal (Paper)
Rsyslog vs Systemd Journal (Paper)
 
CEE Log Integrity and the "Counterpane Paper"
CEE Log Integrity and the "Counterpane Paper"CEE Log Integrity and the "Counterpane Paper"
CEE Log Integrity and the "Counterpane Paper"
 
State of syslog (2005)
State of syslog (2005)State of syslog (2005)
State of syslog (2005)
 
Status of syslog as of 2005
Status of syslog as of 2005Status of syslog as of 2005
Status of syslog as of 2005
 
LogFile Auswertung (log analysis)
LogFile Auswertung (log analysis)LogFile Auswertung (log analysis)
LogFile Auswertung (log analysis)
 

Kürzlich hochgeladen

Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 

Kürzlich hochgeladen (20)

Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 

Writing External Rsyslog Plugins

  • 1. Writing external output plugins for rsyslog Rainer Gerhards
  • 2. Output plugins in rsyslog • Output plugins permit to connect to a variety of log destinations • Pre-v8, plugins needed to be internal modules ▫ Loaded into rsyslog process space ▫ Must be written in C (or link to it) ▫ Deeply tied into rsyslog infrastructure • with v8, we officially support external plugins ▫ Written in any language (Python, Perl, Java, ...) ▫ Have their own process ▫ Relatively de-coupled Rainer Gerhards, http://blog.gerhards.net
  • 3. Interface Overview process border Internal plugin rsyslog core engine perl plugin external plugin connector python plugin Rainer Gerhards, http://blog.gerhards.net
  • 4. External Interface Design Goals • Keep it stupid simple ▫ Must support almost any language ▫ Dumb easy to use even for novice programmer ▫ Do not require explicit threading • Speed is NOT the most important goal ▫ Don't make it unnecessarily slow ▫ Many real-world log destinations are slow in any case (like when you connect via http...) ▫ Focus on “enable to build solution” ▫ If necessary, conversion to internal module can be done later Rainer Gerhards, http://blog.gerhards.net
  • 5. Interface Details: communication • use pipes • stdin ▫ one message per line ▫ format can be customized via rsyslog templates ▫ multi-line messags via JSON • stdout/stderr ▫ Must NOT be written in initial version ▫ Will later convey back state information via plain text (e.g. “ERR”, “ERRMSG:xxx”, ...) • JSON as input format is recommended Rainer Gerhards, http://blog.gerhards.net
  • 6. Interface Details: Threading • Do NOT care about threading • Write app according to single-thread paradigm • rsyslog will spawn multiple instances of your plugin if there is need to do so ▫ ▫ ▫ ▫ Happens based on config in busy cases Works well in most cases (e.g. http connects) Can be disabled if necessary If your program can run in multiple ter-minal sessions concurrently, it can also be run as multiple rsyslog action instances. Rainer Gerhards, http://blog.gerhards.net
  • 7. Startup & Termination • • • • • • rsyslog will startup the plugin automatically Plugin needs to read stdin until EOF Do NOT terminate before EOF is reached On EOF, cleanup and terminate If the plugin dies, rsyslog restarts a new instance Some signals (like sigint) are blocked and should remain so Rainer Gerhards, http://blog.gerhards.net
  • 8. Skeletons • The rsyslog project provides sample plugin skeletons • Available in ./plugins/external/skeletons • These contain ▫ the necessary plumbing ▫ often a kind of abstraction layer to make writing plugins even easier ▫ often performance-enhancement features • Can simply be copied to create your own plugins, don't care about the (minimal) plumbing! Rainer Gerhards, http://blog.gerhards.net
  • 9. Example: Python Skeleton • Handles all interface plumbing • Uses “eventHandlers” to call the acutal app coding • Is used as a basis, for example, for the Solr output plugin • Available at https://github.com/rsyslog/rsyslog/blob/master/plugin Rainer Gerhards, http://blog.gerhards.net
  • 10. onInit() Handler • Called when the plugin is initially loaded • Ready outbound connections, files, etc... def onInit(): """ Do everything that is needed to initialize processing (e.g. open files, create handles, connect to systems...) """ global outfile outfile = open("/tmp/logfile", "w") Rainer Gerhards, http://blog.gerhards.net
  • 11. onReceive() • Called when new messages arrive • Receives one or more message via Python list object --> e.g. place them into one transaction, HTTP request, ... def onReceive(msgs): """This is the entry point where actual work needs to be done. It receives a list with all messages pulled from rsyslog. The list is of variable length, but contains all messages that are currently available. It is suggest NOT to use any further buffering, as we do not know when the next message will arrive. It may be in a nanosecond from now, but it may also be in three hours... """ global outfile for msg in msgs: outfile.write(msg) Rainer Gerhards, http://blog.gerhards.net
  • 12. onExit() • Called immediately before the plugin terminates • Gurantees that no more messages arrive • Used to cleanup connections, write some final records, ... def onExit(): """ Do everything that is needed to finish processing (e.g. close files, handles, disconnect from systems...). This is being called immediately before exiting. """ global outfile outfile.close() Rainer Gerhards, http://blog.gerhards.net
  • 13. Call to Action • If you need to send logs to a destination that is not yet supported, you can quickly write an external plugin – in any language you know! • Writing rsyslog plugins is easy ▫ If there is already a skeleton for your language, copy it and add your app-specific code ▫ If not ... no problem, the interface is dumb easy If you can write a script that reads stdin and does something useful with it, you can also write a rsyslog plugin! Rainer Gerhards, http://blog.gerhards.net