:plugin: tcp
:type: input
:default_codec: line
///////////////////////////////////////////
START - GENERATED VARIABLES, DO NOT EDIT!
///////////////////////////////////////////
:version: %VERSION%
:release_date: %RELEASE_DATE%
:changelog_url: %CHANGELOG_URL%
:include_path: ../../../../logstash/docs/include
///////////////////////////////////////////
END - GENERATED VARIABLES, DO NOT EDIT!
///////////////////////////////////////////
[id="plugins-{type}s-{plugin}"]
=== Tcp input plugin
include::{include_path}/plugin_header.asciidoc[]
==== Description
Read events over a TCP socket.
Like stdin and file inputs, each event is assumed to be one line of text.
Can either accept connections from clients or connect to a server,
depending on `mode`.
===== Accepting log4j2 logs
Log4j2 can send JSON over a socket, and we can use that combined with our tcp
input to accept the logs.
First, we need to configure your application to send logs in JSON over a
socket. The following log4j2.xml accomplishes this task.
Note, you will want to change the `host` and `port` settings in this
configuration to match your needs.
To accept this in Logstash, you will want tcp input and a date filter:
input {
tcp {
port => 12345
codec => json
}
}
and add a date filter to take log4j2's `timeMillis` field and use it as the
event timestamp
filter {
date {
match => [ "timeMillis", "UNIX_MS" ]
}
}
[id="plugins-{type}s-{plugin}-options"]
==== Tcp Input Configuration Options
This plugin supports the following configuration options plus the <> described later.
[cols="<,<,<",options="header",]
|=======================================================================
|Setting |Input type|Required
| <> |<>|No
| <> |<>, one of `["server", "client"]`|No
| <> |<>|Yes
| <> |<>|No
| <> |a valid filesystem path|No
| <> |<>|No
| <> |<>|No
| <> |<>|No
| <> |a valid filesystem path|No
| <> |<>|No
| <> |<>|No
| <> |<>|No
| <> |<>|No
|=======================================================================
Also see <> for a list of options supported by all
input plugins.
[id="plugins-{type}s-{plugin}-host"]
===== `host`
* Value type is <>
* Default value is `"0.0.0.0"`
When mode is `server`, the address to listen on.
When mode is `client`, the address to connect to.
[id="plugins-{type}s-{plugin}-mode"]
===== `mode`
* Value can be any of: `server`, `client`
* Default value is `"server"`
Mode to operate in. `server` listens for client connections,
`client` connects to a server.
[id="plugins-{type}s-{plugin}-port"]
===== `port`
* This is a required setting.
* Value type is <>
* There is no default value for this setting.
When mode is `server`, the port to listen on.
When mode is `client`, the port to connect to.
[id="plugins-{type}s-{plugin}-proxy_protocol"]
===== `proxy_protocol`
* Value type is <>
* Default value is `false`
Proxy protocol support, only v1 is supported at this time
http://www.haproxy.org/download/1.5/doc/proxy-protocol.txt
[id="plugins-{type}s-{plugin}-ssl_cert"]
===== `ssl_cert`
* Value type is <>
* There is no default value for this setting.
Path to certificate in PEM format. This certificate will be presented
to the connecting clients.
[id="plugins-{type}s-{plugin}-ssl_certificate_authorities"]
===== `ssl_certificate_authorities`
* Value type is <>
* Default value is `[]`
Validate client certificate or certificate chain against these authorities.
You can define multiple files or paths. All the certificates will be read and added to the trust store.
[id="plugins-{type}s-{plugin}-ssl_enable"]
===== `ssl_enable`
* Value type is <>
* Default value is `false`
Enable SSL (must be set for other `ssl_` options to take effect).
[id="plugins-{type}s-{plugin}-ssl_extra_chain_certs"]
===== `ssl_extra_chain_certs`
* Value type is <>
* Default value is `[]`
An Array of paths to extra X509 certificates.
These are used together with the certificate to construct the certificate chain
presented to the client.
[id="plugins-{type}s-{plugin}-ssl_key"]
===== `ssl_key`
* Value type is <>
* There is no default value for this setting.
The path to the private key corresponding to the specified certificate (PEM format).
[id="plugins-{type}s-{plugin}-ssl_key_passphrase"]
===== `ssl_key_passphrase`
* Value type is <>
* Default value is `nil`
SSL key passphrase for the private key.
[id="plugins-{type}s-{plugin}-ssl_verify"]
===== `ssl_verify`
* Value type is <>
* Default value is `true`
Verify the identity of the other end of the SSL connection against the CA.
For input, sets the field `sslsubject` to that of the client certificate.
[id="plugins-{type}s-{plugin}-tcp_keep_alive"]
===== `tcp_keep_alive`
* Value type is <>
* Default value is `false`
Instruct the socket to use TCP keep alive. If it's `true` then the underlying socket
will use the OS defaults settings for keep alive. If it's `false` it doesn't configure any
keep alive setting for the underlying socket.
[id="plugins-{type}s-{plugin}-dns_reverse_lookup_enabled"]
===== `dns_reverse_lookup_enabled`
* Value type is <>
* Default value is `true`
It is possible to avoid DNS reverse-lookups by disabling this setting. If disabled,
the address metadata that is added to events will contain the source address as-specified
at the TCP layer and IPs will not be resolved to hostnames.
[id="plugins-{type}s-{plugin}-common-options"]
include::{include_path}/{type}.asciidoc[]
:default_codec!: