:plugin: tcp :type: input /////////////////////////////////////////// START - GENERATED VARIABLES, DO NOT EDIT! /////////////////////////////////////////// :version: %VERSION% :release_date: %RELEASE_DATE% :changelog_url: %CHANGELOG_URL% :include_path: ../../../../logstash/docs/include /////////////////////////////////////////// END - GENERATED VARIABLES, DO NOT EDIT! /////////////////////////////////////////// [id="plugins-{type}s-{plugin}"] === Tcp input plugin include::{include_path}/plugin_header.asciidoc[] ==== Description Read events over a TCP socket. Like stdin and file inputs, each event is assumed to be one line of text. Can either accept connections from clients or connect to a server, depending on `mode`. ===== Accepting log4j2 logs Log4j2 can send JSON over a socket, and we can use that combined with our tcp input to accept the logs. First, we need to configure your application to send logs in JSON over a socket. The following log4j2.xml accomplishes this task. Note, you will want to change the `host` and `port` settings in this configuration to match your needs. To accept this in Logstash, you will want tcp input and a date filter: input { tcp { port => 12345 codec => json } } and add a date filter to take log4j2's `timeMillis` field and use it as the event timestamp filter { date { match => [ "timeMillis", "UNIX_MS" ] } } [id="plugins-{type}s-{plugin}-options"] ==== Tcp Input Configuration Options This plugin supports the following configuration options plus the <> described later. [cols="<,<,<",options="header",] |======================================================================= |Setting |Input type|Required | <> |<>|No | <> |<>, one of `["server", "client"]`|No | <> |<>|Yes | <> |<>|No | <> |a valid filesystem path|No | <> |<>|No | <> |<>|No | <> |a valid filesystem path|No | <> |<>|No | <> |<>|No |======================================================================= Also see <> for a list of options supported by all input plugins.   [id="plugins-{type}s-{plugin}-host"] ===== `host` * Value type is <> * Default value is `"0.0.0.0"` When mode is `server`, the address to listen on. When mode is `client`, the address to connect to. [id="plugins-{type}s-{plugin}-mode"] ===== `mode` * Value can be any of: `server`, `client` * Default value is `"server"` Mode to operate in. `server` listens for client connections, `client` connects to a server. [id="plugins-{type}s-{plugin}-port"] ===== `port` * This is a required setting. * Value type is <> * There is no default value for this setting. When mode is `server`, the port to listen on. When mode is `client`, the port to connect to. [id="plugins-{type}s-{plugin}-proxy_protocol"] ===== `proxy_protocol` * Value type is <> * Default value is `false` Proxy protocol support, only v1 is supported at this time http://www.haproxy.org/download/1.5/doc/proxy-protocol.txt [id="plugins-{type}s-{plugin}-ssl_cert"] ===== `ssl_cert` * Value type is <> * There is no default value for this setting. SSL certificate path [id="plugins-{type}s-{plugin}-ssl_enable"] ===== `ssl_enable` * Value type is <> * Default value is `false` Enable SSL (must be set for other `ssl_` options to take effect). [id="plugins-{type}s-{plugin}-ssl_extra_chain_certs"] ===== `ssl_extra_chain_certs` * Value type is <> * Default value is `[]` An Array of extra X509 certificates to be added to the certificate chain. Useful when the CA chain is not necessary in the system store. [id="plugins-{type}s-{plugin}-ssl_key"] ===== `ssl_key` * Value type is <> * There is no default value for this setting. SSL key path [id="plugins-{type}s-{plugin}-ssl_key_passphrase"] ===== `ssl_key_passphrase` * Value type is <> * Default value is `nil` SSL key passphrase [id="plugins-{type}s-{plugin}-ssl_verify"] ===== `ssl_verify` * Value type is <> * Default value is `true` Verify the identity of the other end of the SSL connection against the CA. For input, sets the field `sslsubject` to that of the client certificate. [id="plugins-{type}s-{plugin}-common-options"] include::{include_path}/{type}.asciidoc[]