openstack/openstack-ansible
Code Issues Proposed changes
openstack-ansible/rpc_deployment/roles/logstash/templates/03-generic.conf
d34dh0r53 6f6e75f549 Initial Commit
2014-08-26 18:08:15 -05:00

123 lines
6.3 KiB
Plaintext
Raw Blame History

#===============================================================================
filter {
#---------------------------------------------------------------------------
# Parse & tag generic openstack log message
grok {
match => { "@message" => "%{TIMESTAMP_ISO8601:os_timestamp} %{POSINT:os_program_pid} %{AUDITLOGLEVEL:os_level} %{OPENSTACK_FUNCTION:openstack_function} %{OPENSTACK_CODE:openstack_code} %{GREEDYDATA:openstack_message}" }
# add_tag => [ "openstack-generic" ]
break_on_match => false
tag_on_failure => []
}
#---------------------------------------------------------------------------
# Parse & tag specific openstack project log messages
if "openstack-generic" in [tags] {
#---------------------------------------------------------------------------
# Parse & tag multiline logs where subsequent lines are added to the original, previous line
# multiline {
# pattern => "^(([0-9]+-(?:0?[1-9]|1[0-2])-(?:3[01]|[1-2]?[0-9]|0?[1-9]))|((?:0?[1-9]|1[0-2])/(?:3[01]|[1-2]?[0-9]|0?[1-9]))).*$"
# negate => true
# what => "previous"
# }
#-----------------------------------------------------------------------
# Parse & tag generic nova logs
# i.e.:
# 1) nova-api-os-compute.log: nova.osapi_compute.wsgi.server [-] (11093) accepted ('192.168.1.100', 53437)
# 2) nova-compute.log: nova.compute.resource_tracker [-] Auditing locally available compute resources
grok {
match => ["os_program", "nova.%{GREEDYDATA:os_program_path}"]
add_tag => [ "nova-generic" ]
break_on_match => false
tag_on_failure => []
}
#-----------------------------------------------------------------------
# Parse & tag generic keystoneclient logs (as used by nova)
# i.e.:
# 1) nova-api-os-compute.log: keystonemiddleware.auth_token [-] Using /tmp/keystone-signing-FI3PTe as cache directory for signing certificate
grok {
match => ["os_program", "keystonemiddleware.%{GREEDYDATA:os_program_path}"]
add_tag => [ "keystoneclient-generic" ]
break_on_match => false
tag_on_failure => []
}
#-----------------------------------------------------------------------
# Parse & tag generic keystone logs
# i.e.:
# 1) keystone.log: keystone.common.controller [-] RBAC: Bypassing authorization
# 2) keystone.log: keystone-all [-] Configuration options gathered from: log_opt_values /usr/lib/python2.7/dist-packages/oslo/config/cfg.py:1929
grok {
match => ["os_program", "keystone[.-]%{GREEDYDATA:os_program_path}"]
add_tag => [ "keystone-generic" ]
break_on_match => false
tag_on_failure => []
}
#-----------------------------------------------------------------------
# Parse & tag generic routes logs (as used by keystone & nova)
# i.e.:
# 1) keystone.log: routes.middleware [-] Initialized with method overriding = True, and path info altering = True __init__ /usr/lib/python2.7/dist-packages/routes/middleware.py:41
# 2) keystone.log: routes.middleware [-] Matched GET /tenants __call__ /usr/lib/python2.7/dist-packages/routes/middleware.py:100
grok {
match => ["os_program", "routes[.-]%{GREEDYDATA:os_program_path}"]
add_tag => [ "routes-generic" ]
break_on_match => false
tag_on_failure => []
}
#-----------------------------------------------------------------------
# Parse & tag generic sqlalchemy logs (as used by keystone)
# i.e.:
# 1) keystone.log: 2014-06-10 13:41:24.789 18755 INFO sqlalchemy.engine.base.Engine [-] ('default',)
grok {
match => ["os_program", "sqlalchemy.%{GREEDYDATA:os_program_path}"]
add_tag => [ "sqlalchemy-generic" ]
break_on_match => false
tag_on_failure => []
}
#-----------------------------------------------------------------------
# Parse & tag generic cinder logs
# i.e.:
# 1) cinder.log: 2014-06-11 16:00:30.546 4131 INFO cinder.api.openstack.wsgi [-] http://10.127.26.62:8776/ returned with HTTP 200
grok {
match => ["os_program", "cinder.%{GREEDYDATA:os_program_path}"]
add_tag => [ "cinder-generic" ]
break_on_match => false
tag_on_failure => []
}
#-----------------------------------------------------------------------
# Parse & tag generic neutron logs
# i.e.:
# 1) neutron.log: 2014-06-11 16:00:30.546 4131 INFO cinder.api.openstack.wsgi [-] http://10.127.26.62:8776/ returned with HTTP 200
grok {
match => ["os_program", "neutron.%{GREEDYDATA:os_program_path}"]
add_tag => [ "neutron-generic" ]
break_on_match => false
tag_on_failure => []
}
#-----------------------------------------------------------------------
# Parse & tag generic glance logs
# i.e.:
# 1) neutron.log: 2014-06-11 16:00:30.546 4131 INFO cinder.api.openstack.wsgi [-] http://10.127.26.62:8776/ returned with HTTP 200
grok {
match => ["os_program", "glance.%{GREEDYDATA:os_program_path}"]
add_tag => [ "glance-generic" ]
break_on_match => false
tag_on_failure => []
}
#-----------------------------------------------------------------------
# Generic Apache log (primarily GET/POST requests as seen in keystone)
# i.e.:
# 1) 192.168.1.100 - - [10/Jun/2014:11:43:14 +0000] "POST http://192.168.1.100:5000/v2.0/tokens HTTP/1.0" 200 8374
grok {
match => [
"message", "%{COMMONAPACHELOG}"
]
add_tag => [ "generic-apache-request" ]
break_on_match => false
remove_field => ["message"] # overwrites original message with whats left
tag_on_failure => []
}
#-----------------------------------------------------------------------
}
#---------------------------------------------------------------------------
}
#===============================================================================
View Git Blame Copy Permalink