Skip to content

🌲 Convert Pino logs to GELF format and send to Graylog via HTTPS

License

Notifications You must be signed in to change notification settings

dynabase/pino-gelf-http

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Pino GELF HTTP

Pino GELF (pino-gelf-http) is a transport for the Pino logger. Pino GELF receives Pino logs from stdin and transforms them into GELF format before sending them to a remote Graylog server via HTTP.

Contents

Installation

Pino GELF should be installed globally so it can be used as a utility:

npm i -g pino-gelf-http

Usage

The recommended pipeline to run Pino GELF as a transform for Pino logs is as follows:

node your-app.js | pino-gelf-http log

The host, port and maximum chunk size of your Graylog server can be specified using options. Fields logged by express-pino-middleware or any other custom fields included with Pino requests will be converted into strings (if they aren't already) and their keys will be prefixed with an underscore, according to the GELF spec. Also, you can choose to enable verbose mode which outputs all GELF messages locally, this can be useful for initial configuration.

Finally, you can enable passthrough mode which will output the original input back to stdout. That enables you to make pino-gelf-http part of a chain of commands and use the original input for further processing (for example pino-pretty).

// Set Graylog URL
node your-app.js | pino-gelf-http log -h https://graylog.server.com/gelf

// Enable local output
node your-app.js | pino-gelf-http log -v

// Enable passthrough mode
node your-app.js | pino-gelf-http log -t

Note: The defaults for these options are:

Property Default
Host 127.0.0.1
Port 12201
Maximum Chunk Size 1420
Verbose Logging false
Passthrough false

Example

Given the Pino log message (formatted as JSON for readability):

{
  "pid":16699,
  "hostname":"han",
  "name":"pino-gelf-http-test-app",
  "level":30,
  "time":1481840140708,
  "msg":"request completed",
  "res":{
    "statusCode":304,
    "header":"HTTP/1.1 304 Not Modified\r\nX-Powered-By: Express\r\nETag: W/\"d-bNNVbesNpUvKBgtMOUeYOQ\"\r\nDate: Thu, 15 Dec 2016 22:15:40 GMT\r\nConnection: keep-alive\r\n\r\n"
  },
  "responseTime":8,
  "environment":"dev",
  "colour":"black",
  "req":{
    "id":1,
    "method":"GET",
    "url":"/",
    "headers":{
      "host":"localhost:3000",
      "connection":"keep-alive",
      "if-none-match":"W/\"d-bNNVbesNpUvKBgtMOUeYOQ\"",
      "upgrade-insecure-requests":"1",
      "accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
      "user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1) AppleWebKit/602.2.14 (KHTML, like Gecko) Version/10.0.1 Safari/602.2.14",
      "accept-language":"en-gb",
      "dnt":"1",
      "accept-encoding":"gzip, deflate"
    },
    "remoteAddress":"::1",
    "remotePort":52829
  },
  "v":1
}

And the usage:

node server.js | pino-gelf-http log

Pino GELF will send the following message to your Graylog server (formatted here as JSON for readability):

Formatted JSON Data
{  
  "version":"1.1",
  "host":"han",
  "short_message":"request completed",
  "full_message":"request completed",
  "timestamp":1481840140.708,
  "level":6,
  "_name":"pino-gelf-http-test-app",
  "_res":"{\"statusCode\":304,\"header\":\"HTTP/1.1 304 Not Modified\\r\\nX-Powered-By: Express\\r\\nETag: W/\\\"d-bNNVbesNpUvKBgtMOUeYOQ\\\"\\r\\nDate: Thu, 15 Dec 2016 22:15:40 GMT\\r\\nConnection: keep-alive\\r\\n\\r\\n\"}",
  "_responseTime":"8",
  "_environment":"dev",
  "_colour":"black",
  "_req":"{\"id\":1,\"method\":\"GET\",\"url\":\"/\",\"headers\":{\"host\":\"localhost:3000\",\"connection\":\"keep-alive\",\"if-none-match\":\"W/\\\"d-bNNVbesNpUvKBgtMOUeYOQ\\\"\",\"upgrade-insecure-requests\":\"1\",\"accept\":\"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\",\"user-agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1) AppleWebKit/602.2.14 (KHTML, like Gecko) Version/10.0.1 Safari/602.2.14\",\"accept-language\":\"en-gb\",\"dnt\":\"1\",\"accept-encoding\":\"gzip, deflate\"},\"remoteAddress\":\"::1\",\"remotePort\":52829}"
}

GELF

At present the mapping from standard Pino log messages to GELF messages is as follows:

GELF Property Pino Log Property Notes
version - Hardcoded to 1.1 per GELF docs
host hostname -
short_message msg msg is truncated to 64 characters
full_message msg msg is not truncated
timestamp time -
level level Pino level is mapped to SysLog levels1

Log Level Mapping

The mapping from Pino log levels to SysLog levels used by GELF are as follows:

Pino Log Level SysLog Level
Trace Debug
Debug Debug
Info Info
Warn Warning
Error Error
Fatal Critical

Note: Pino log messages without a level map to SysLog Critical

Acknowledgements

The implementation of Pino GELF is based in large part on pino-gelf.

About

🌲 Convert Pino logs to GELF format and send to Graylog via HTTPS

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published