Stashward
Stashward is a log formatter and handler for Python that implements the (poorly specified) logstash-forwarder protocol.
The protocol is described in what appears to be good enough detail here: https://github.com/elasticsearch/logstash-forwarder/blob/master/PROTOCOL.md
But if you implement the protocol as described, you will crash logstash every time you send a data packet to it.
The trick is that there are three required key/value pairs: host, line and
offset. Those must be sent with every packet. And you also cannot send an
@timestamp
field. I do not know if that is a logstash-forwarder issue, or a
logstash issue.
Security
Following logstash-forwarder's lead, a server SSL certificate is required, and it must be signed by a CA. The common name on the certificate must match the host you are connecting to.
Usage
import logging
from stashward import StashwardHandler
root = logging.getLogger('')
root.setLevel(logging.INFO)
# give it a host, and port where logstash forwarder is listening, and the path
# to a CA file
handler = StashwardHandler("example.com", 5043, ca_certs="/etc/pki/tls/certs/ALL_CAs.crt")
root.addHandler(handler)
# log something
logging.info("Foo")
# log something with an exception
try:
raise ValueError("foo")
except ValueError:
logging.exception("Foobar!")
Example Logstash Config
input {
lumberjack {
port => 5043
type => "lumberjack"
ssl_key => "/etc/logstash/private.key"
ssl_certificate => "/etc/logstash/a_CA_signed_certificate_file.crt"
}
}
output {
elasticsearch {
host => localhost
protocol => http
}
}
Testing
The unit tests can be run in Python2 and Python3 by running:
make test