paStash
"When logs give you spaghetti, make pasta"
What is paStash ?
PaStasH (pastaʃ'ʃ-utta) is a NodeJS multi I/O processor supporting ingestion, decoding, interpolation and correlation of data - be it logs, packets, events and beyond. PaStash supports the Logstash configuration format and delivers cross-functionality comparable to "Beats" with custom modules, providing a flexible and agnostig data pipelining tool.
What can I do with paStash ?
paStash is designed manage spaghetti I/O with input, processors and output modules for all seasons, and can be useful in many scenarios, such as parsing logs to objects, distributing data to multiple formats, interexchanging and correlating protocols and streams, while interpolating and manipulating data intransit. paStash is developed using NodeJS, which is an ideal language for applications with many IO and offers:
- lower memory footprint
- lower cpu footprint
- faster startup delay
- ease of extension
paStash configuration is compatible with logstash. You can easily replace a logstash node by a paStash one in most cases. The data are formatted in the same way to be compatible with logstash UIs.
How does it work ?
The architecture is identical to logstash architecture. You have to instanciates plugins with the paStash core. There are three type of modules:
- inputs plugins: where datas come into paStash. Examples: file, zeromq transport layer
- filter plugins: extract and manipulate fields from logs, like timestamps. Example: regex plugin
- outputs plugins: where datas leave from paStash: Examples: ElasticSearch , zeromq transport layer.
A typical paStash deployement contains agents to crawl logs and a log server.
On agent, paStash is configured whith inputs plugins to get logs from your software stack, and one output plugin to send logs to log server (eg. zeromq output plugin).
On log server, logs come trough a zeromq input plugin, are processed (fields and timestamps extraction), and send to ElasticSearch.
How to use it ?
Installation
NPM install
PaStash and its dependencies can be easily installed with NPM (provides pastash as command) as root or sudo user:
npm install --unsafe-perm -g @pastash/pastash
NPM plugin install
PaStash can be extended with modules from the @pastash NPM keyspace
npm install --unsafe-perm -g @pastash/output_loki
Plugins list
- See paStash plugins for plugins lists, examples and docs
Configuration formats
There are two format for configuration. The legacy format use urls. The new one is identical to the logstash config format.
Note : multiple configuration files can be used in parallel with the --config_dir switch.
Configuration by logstash config files
Example for a simple logging pipeline:
input {
file {
path => '/tmp/toto.log'
}
}
output {
loki {
host => localhost
port => 3100
path => "/loki/api/v1/push"
}
}
You can use if to have an event dependent configuration. See here for details.
As for urls, config can be specified
- directly on the command line
- in a file (use the
--config_fileswitch) - in all files in a directory (use the
--config_dirswitch)
Note : the implementation is young, all bugs reports are welcome. Note : both formats can be mixed.
Command lines params
--log_levelto change the log level (emergency, alert, critical, error, warning, notice, info, debug)--log_fileto redirect log to a log file.--patterns_directoriesto add some directories (separated by ,), for loading config for regex plugin and grok plugins. Grok patterns files must be located under agroksubdirectory for each specified directory.--db_fileto specify the file to use as database for file inputs (see below)--http_max_socketsto specify the max sockets of http.globalAgent.maxSockets. Default to 100.--alarm_fileto specify a file which will be created if paStash goes in alarm mode.
Examples
Config file for an agent:
input {
file {
path => "/var/log/nginx/access.log"
}
}
output {
zeromq {
address => ["tcp://log_server:5555"]
}
}
Config file for log server:
input {
zeromq {
address => ["tcp://0.0.0.0:5555"]
}
}
filter {
regex {
pattern => http_combined
}
}
output {
elasticsearch {
host => localhost
port => 9200
}
}
See our wiki for many more examples
License
paStash Copyright 2016 - 2020 QXIP BV
node-logstash Copyright 2012 - 2014 Bertrand Paquet
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Made by Humans
This Open-Source project is made possible by actual Humans without corporate sponsors, angels or patreons.
If you use this software in production, please consider supporting its development with contributions or donations
