2015-08-27 19:03:46 -04:00
|
|
|
// Package splunk provides the log driver for forwarding server logs to
|
|
|
|
// Splunk HTTP Event Collector endpoint.
|
|
|
|
package splunk
|
|
|
|
|
|
|
|
import (
|
|
|
|
"bytes"
|
|
|
|
"crypto/tls"
|
|
|
|
"crypto/x509"
|
|
|
|
"encoding/json"
|
|
|
|
"fmt"
|
|
|
|
"io"
|
|
|
|
"io/ioutil"
|
|
|
|
"net/http"
|
|
|
|
"net/url"
|
|
|
|
"strconv"
|
|
|
|
|
|
|
|
"github.com/Sirupsen/logrus"
|
|
|
|
"github.com/docker/docker/daemon/logger"
|
2015-11-10 19:42:27 -05:00
|
|
|
"github.com/docker/docker/daemon/logger/loggerutils"
|
2015-08-27 19:03:46 -04:00
|
|
|
"github.com/docker/docker/pkg/urlutil"
|
|
|
|
)
|
|
|
|
|
|
|
|
const (
|
|
|
|
driverName = "splunk"
|
|
|
|
splunkURLKey = "splunk-url"
|
|
|
|
splunkTokenKey = "splunk-token"
|
|
|
|
splunkSourceKey = "splunk-source"
|
|
|
|
splunkSourceTypeKey = "splunk-sourcetype"
|
|
|
|
splunkIndexKey = "splunk-index"
|
|
|
|
splunkCAPathKey = "splunk-capath"
|
|
|
|
splunkCANameKey = "splunk-caname"
|
|
|
|
splunkInsecureSkipVerifyKey = "splunk-insecureskipverify"
|
2015-11-10 19:42:27 -05:00
|
|
|
envKey = "env"
|
|
|
|
labelsKey = "labels"
|
|
|
|
tagKey = "tag"
|
2015-08-27 19:03:46 -04:00
|
|
|
)
|
|
|
|
|
|
|
|
type splunkLogger struct {
|
|
|
|
client *http.Client
|
|
|
|
transport *http.Transport
|
|
|
|
|
|
|
|
url string
|
|
|
|
auth string
|
|
|
|
nullMessage *splunkMessage
|
|
|
|
}
|
|
|
|
|
|
|
|
type splunkMessage struct {
|
|
|
|
Event splunkMessageEvent `json:"event"`
|
|
|
|
Time string `json:"time"`
|
|
|
|
Host string `json:"host"`
|
|
|
|
Source string `json:"source,omitempty"`
|
|
|
|
SourceType string `json:"sourcetype,omitempty"`
|
|
|
|
Index string `json:"index,omitempty"`
|
|
|
|
}
|
|
|
|
|
|
|
|
type splunkMessageEvent struct {
|
2015-11-10 19:42:27 -05:00
|
|
|
Line string `json:"line"`
|
|
|
|
Source string `json:"source"`
|
|
|
|
Tag string `json:"tag,omitempty"`
|
|
|
|
Attrs map[string]string `json:"attrs,omitempty"`
|
2015-08-27 19:03:46 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
func init() {
|
|
|
|
if err := logger.RegisterLogDriver(driverName, New); err != nil {
|
|
|
|
logrus.Fatal(err)
|
|
|
|
}
|
|
|
|
if err := logger.RegisterLogOptValidator(driverName, ValidateLogOpt); err != nil {
|
|
|
|
logrus.Fatal(err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// New creates splunk logger driver using configuration passed in context
|
|
|
|
func New(ctx logger.Context) (logger.Logger, error) {
|
|
|
|
hostname, err := ctx.Hostname()
|
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("%s: cannot access hostname to set source field", driverName)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Parse and validate Splunk URL
|
|
|
|
splunkURL, err := parseURL(ctx)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
// Splunk Token is required parameter
|
|
|
|
splunkToken, ok := ctx.Config[splunkTokenKey]
|
|
|
|
if !ok {
|
|
|
|
return nil, fmt.Errorf("%s: %s is expected", driverName, splunkTokenKey)
|
|
|
|
}
|
|
|
|
|
|
|
|
tlsConfig := &tls.Config{}
|
|
|
|
|
|
|
|
// Splunk is using autogenerated certificates by default,
|
2015-12-13 11:00:39 -05:00
|
|
|
// allow users to trust them with skipping verification
|
2015-08-27 19:03:46 -04:00
|
|
|
if insecureSkipVerifyStr, ok := ctx.Config[splunkInsecureSkipVerifyKey]; ok {
|
|
|
|
insecureSkipVerify, err := strconv.ParseBool(insecureSkipVerifyStr)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
tlsConfig.InsecureSkipVerify = insecureSkipVerify
|
|
|
|
}
|
|
|
|
|
|
|
|
// If path to the root certificate is provided - load it
|
|
|
|
if caPath, ok := ctx.Config[splunkCAPathKey]; ok {
|
|
|
|
caCert, err := ioutil.ReadFile(caPath)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
caPool := x509.NewCertPool()
|
|
|
|
caPool.AppendCertsFromPEM(caCert)
|
|
|
|
tlsConfig.RootCAs = caPool
|
|
|
|
}
|
|
|
|
|
|
|
|
if caName, ok := ctx.Config[splunkCANameKey]; ok {
|
|
|
|
tlsConfig.ServerName = caName
|
|
|
|
}
|
|
|
|
|
|
|
|
transport := &http.Transport{
|
|
|
|
TLSClientConfig: tlsConfig,
|
|
|
|
}
|
|
|
|
client := &http.Client{
|
|
|
|
Transport: transport,
|
|
|
|
}
|
|
|
|
|
|
|
|
var nullMessage = &splunkMessage{
|
|
|
|
Host: hostname,
|
|
|
|
}
|
|
|
|
|
|
|
|
// Optional parameters for messages
|
|
|
|
nullMessage.Source = ctx.Config[splunkSourceKey]
|
|
|
|
nullMessage.SourceType = ctx.Config[splunkSourceTypeKey]
|
|
|
|
nullMessage.Index = ctx.Config[splunkIndexKey]
|
|
|
|
|
2015-11-10 19:42:27 -05:00
|
|
|
tag, err := loggerutils.ParseLogTag(ctx, "{{.ID}}")
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
nullMessage.Event.Tag = tag
|
|
|
|
nullMessage.Event.Attrs = ctx.ExtraAttributes(nil)
|
|
|
|
|
2015-08-27 19:03:46 -04:00
|
|
|
logger := &splunkLogger{
|
|
|
|
client: client,
|
|
|
|
transport: transport,
|
|
|
|
url: splunkURL.String(),
|
|
|
|
auth: "Splunk " + splunkToken,
|
|
|
|
nullMessage: nullMessage,
|
|
|
|
}
|
|
|
|
|
|
|
|
err = verifySplunkConnection(logger)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
return logger, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (l *splunkLogger) Log(msg *logger.Message) error {
|
|
|
|
// Construct message as a copy of nullMessage
|
|
|
|
message := *l.nullMessage
|
|
|
|
message.Time = fmt.Sprintf("%f", float64(msg.Timestamp.UnixNano())/1000000000)
|
2015-11-10 19:42:27 -05:00
|
|
|
message.Event.Line = string(msg.Line)
|
|
|
|
message.Event.Source = msg.Source
|
2015-08-27 19:03:46 -04:00
|
|
|
|
|
|
|
jsonEvent, err := json.Marshal(&message)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
req, err := http.NewRequest("POST", l.url, bytes.NewBuffer(jsonEvent))
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
req.Header.Set("Authorization", l.auth)
|
|
|
|
res, err := l.client.Do(req)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2016-03-16 11:38:13 -04:00
|
|
|
defer res.Body.Close()
|
2015-08-27 19:03:46 -04:00
|
|
|
if res.StatusCode != http.StatusOK {
|
|
|
|
var body []byte
|
|
|
|
body, err = ioutil.ReadAll(res.Body)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
return fmt.Errorf("%s: failed to send event - %s - %s", driverName, res.Status, body)
|
|
|
|
}
|
|
|
|
io.Copy(ioutil.Discard, res.Body)
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (l *splunkLogger) Close() error {
|
|
|
|
l.transport.CloseIdleConnections()
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (l *splunkLogger) Name() string {
|
|
|
|
return driverName
|
|
|
|
}
|
|
|
|
|
|
|
|
// ValidateLogOpt looks for all supported by splunk driver options
|
|
|
|
func ValidateLogOpt(cfg map[string]string) error {
|
|
|
|
for key := range cfg {
|
|
|
|
switch key {
|
|
|
|
case splunkURLKey:
|
|
|
|
case splunkTokenKey:
|
|
|
|
case splunkSourceKey:
|
|
|
|
case splunkSourceTypeKey:
|
|
|
|
case splunkIndexKey:
|
|
|
|
case splunkCAPathKey:
|
|
|
|
case splunkCANameKey:
|
|
|
|
case splunkInsecureSkipVerifyKey:
|
2015-11-10 19:42:27 -05:00
|
|
|
case envKey:
|
|
|
|
case labelsKey:
|
|
|
|
case tagKey:
|
2015-08-27 19:03:46 -04:00
|
|
|
default:
|
|
|
|
return fmt.Errorf("unknown log opt '%s' for %s log driver", key, driverName)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func parseURL(ctx logger.Context) (*url.URL, error) {
|
|
|
|
splunkURLStr, ok := ctx.Config[splunkURLKey]
|
|
|
|
if !ok {
|
|
|
|
return nil, fmt.Errorf("%s: %s is expected", driverName, splunkURLKey)
|
|
|
|
}
|
|
|
|
|
|
|
|
splunkURL, err := url.Parse(splunkURLStr)
|
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("%s: failed to parse %s as url value in %s", driverName, splunkURLStr, splunkURLKey)
|
|
|
|
}
|
|
|
|
|
|
|
|
if !urlutil.IsURL(splunkURLStr) ||
|
|
|
|
!splunkURL.IsAbs() ||
|
|
|
|
(splunkURL.Path != "" && splunkURL.Path != "/") ||
|
|
|
|
splunkURL.RawQuery != "" ||
|
|
|
|
splunkURL.Fragment != "" {
|
2016-03-29 02:36:38 -04:00
|
|
|
return nil, fmt.Errorf("%s: expected format scheme://dns_name_or_ip:port for %s", driverName, splunkURLKey)
|
2015-08-27 19:03:46 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
splunkURL.Path = "/services/collector/event/1.0"
|
|
|
|
|
|
|
|
return splunkURL, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func verifySplunkConnection(l *splunkLogger) error {
|
|
|
|
req, err := http.NewRequest("OPTIONS", l.url, nil)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
res, err := l.client.Do(req)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
if res.Body != nil {
|
|
|
|
defer res.Body.Close()
|
|
|
|
}
|
|
|
|
if res.StatusCode != http.StatusOK {
|
|
|
|
var body []byte
|
|
|
|
body, err = ioutil.ReadAll(res.Body)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
return fmt.Errorf("%s: failed to verify connection - %s - %s", driverName, res.Status, body)
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|