Modify Fluentbit to add appropriate tags

Adding auth tags for the logs to support special filter for openstack and application security logs Change-Id: Ifbd2395e4268d8d8fc4a2a3ac4d351db3d3e0845
2018-11-28 17:14:48 -05:00 · 2018-11-28 17:14:48 -05:00 · d09254c6de
commit d09254c6de
parent a5b8223eeb
1 changed files with 29 additions and 0 deletions
--- a/fluent-logging/values.yaml
+++ b/fluent-logging/values.yaml
@ -288,6 +288,35 @@ conf:
              key: level
              pattern: CRITICAL
              tag: critical.${tag}
+      #NOTE(tp6510): This prefixes the tag for auth entries
+      # it allows for lookups on openstack logs with
+      # a particular auth log (ie: auth.openstack.keystone)
+    - tag_auth_log:
+        header: match
+        type: rewrite_tag_filter
+        expression: "*.openstack.**"
+        rule:
+          -
+            - header: rule
+              key: application
+              pattern: keystone
+              tag: auth.${tag}
+            - header: rule
+              key: application
+              pattern: horizon
+              tag: auth.${tag}
+            - header: rule
+              key: application
+              pattern: mariadb
+              tag: auth.${tag}
+            - header: rule
+              key: application
+              pattern: memcached
+              tag: auth.${tag}
+            - header: rule
+              key: application
+              pattern: rabbitmq
+              tag: auth.${tag}
    - journal_elasticsearch:
        header: match
        type: elasticsearch