Skip to content

Commit bffe560

Browse files
eht16eht16
committed
Merge pull request #1 from skwashd/ssl
Ssl
2 parents a7c5dd2 + e25c56a commit bffe560

File tree

1 file changed

+30
-2
lines changed

1 file changed

+30
-2
lines changed

logstash/handler_tcp.py

Lines changed: 30 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,8 @@
1-
from logging.handlers import DatagramHandler, SocketHandler
1+
import ssl
2+
from logging.handlers import SocketHandler
23
from logstash import formatter
34

5+
from pprint import pprint
46

57
# Derive from object to force a new-style class and thus allow super() to work
68
# on Python 2.6
@@ -12,14 +14,40 @@ class TCPLogstashHandler(SocketHandler, object):
1214
:param fqdn; Indicates whether to show fully qualified domain name or not (default False).
1315
:param version: version of logstash event schema (default is 0).
1416
:param tags: list of tags for a logger (default is None).
17+
:param ssl: Should SSL be enabled for the connection? Default is True.
18+
:param ssl_verify: Should the server's SSL certificate be verified?
19+
:param keyfile: The path to client side SSL key file (default is None).
20+
:param certfile: The path to client side SSL certificate file (default is None).
21+
:param ca_certs: The path to the file containing recognised CA certificates.
1522
"""
1623

17-
def __init__(self, host, port=5959, message_type='logstash', tags=None, fqdn=False, version=0):
24+
def __init__(self, host, port=5959, message_type='logstash', tags=None, fqdn=False, version=0, ssl=True, ssl_verify=True, keyfile=None, certfile=None, ca_certs=None):
1825
super(TCPLogstashHandler, self).__init__(host, port)
26+
27+
self.ssl = ssl
28+
self.ssl_verify = ssl_verify
29+
self.keyfile = keyfile
30+
self.certfile = certfile
31+
self.ca_certs = ca_certs
32+
1933
if version == 1:
2034
self.formatter = formatter.LogstashFormatterVersion1(message_type, tags, fqdn)
2135
else:
2236
self.formatter = formatter.LogstashFormatterVersion0(message_type, tags, fqdn)
2337

2438
def makePickle(self, record):
2539
return self.formatter.format(record) + b'\n'
40+
41+
def makeSocket(self, timeout=1):
42+
s = super(TCPLogstashHandler, self).makeSocket(timeout)
43+
if not self.ssl:
44+
return s
45+
46+
cert_reqs = ssl.CERT_REQUIRED
47+
if not self.ssl_verify:
48+
if self.ca_certs:
49+
cert_reqs = ssl.CERT_OPTIONAL
50+
else:
51+
cert_reqs = ssl.CERT_NONE
52+
53+
return ssl.wrap_socket(s, keyfile=self.keyfile, certfile=self.certfile, ca_certs=self.ca_certs, cert_reqs=cert_reqs)

0 commit comments

Comments
 (0)