Difference between revisions of "MagnetoDB/Logging configs"
(Created page with "TBD") |
|||
(One intermediate revision by the same user not shown) | |||
Line 1: | Line 1: | ||
− | + | ===Configs for Logstash=== | |
+ | |||
+ | syslog.conf | ||
+ | <pre> | ||
+ | input { | ||
+ | syslog { | ||
+ | type => "syslog" | ||
+ | port => "5544" | ||
+ | } | ||
+ | } | ||
+ | |||
+ | filter { | ||
+ | if [type] == "syslog" { | ||
+ | grok { | ||
+ | match => { "message" => "%{POSINT}>%{SYSLOGTIMESTAMP} %{SYSLOGHOST} %{TIMESTAMP_ISO8601:time} %{NUMBER:pid} %{LOGLEVEL:loglevel} %{PACKAGE:package} %{DASH} %{GREEDYDATA:logmessage}" } | ||
+ | } | ||
+ | if ![loglevel] { | ||
+ | drop { } | ||
+ | } | ||
+ | mutate { | ||
+ | replace => [ "message", "%{logmessage}" ] | ||
+ | remove_field => ["logmessage"] | ||
+ | remove_tag => ["_grokparsefailure"] | ||
+ | } | ||
+ | } | ||
+ | mutate { | ||
+ | add_field => ["apikey", "ffffffff-ffff-ffff-ffff-ffffffffffff"] | ||
+ | add_field => ["tenant_id", "ffffffffffffffffffffffffffffffff"] | ||
+ | } | ||
+ | if [loglevel] == "INFO" or [loglevel] == "DEBUG" { | ||
+ | drop { } | ||
+ | } | ||
+ | } | ||
+ | |||
+ | output { | ||
+ | stdout { | ||
+ | codec => rubydebug | ||
+ | } | ||
+ | udp { | ||
+ | host => "123.123.123.123" | ||
+ | port => "12345" | ||
+ | } | ||
+ | } | ||
+ | </pre> | ||
+ | |||
+ | |||
+ | magneto_cassandra.conf | ||
+ | |||
+ | <pre> | ||
+ | input { | ||
+ | file { | ||
+ | type => "magnetodb" | ||
+ | start_position => "beginning" | ||
+ | path => "/var/log/magnetodb/magnetodb.log" | ||
+ | } | ||
+ | file { | ||
+ | type => "cassandra" | ||
+ | start_position => "beginning" | ||
+ | path => "/var/log/cassandra/system.log" | ||
+ | } | ||
+ | } | ||
+ | |||
+ | filter { | ||
+ | if [type] == "magnetodb" { | ||
+ | multiline { | ||
+ | pattern => "(^%{TIMESTAMP_ISO8601})" | ||
+ | what => "previous" | ||
+ | negate => true | ||
+ | } | ||
+ | if ([message] == "") { | ||
+ | drop{} | ||
+ | } | ||
+ | grok { | ||
+ | match => { "message" => "(?m)%{TIMESTAMP_ISO8601:time} %{NUMBER:pid} %{LOGLEVEL:loglevel} %{PACKAGE:package} %{DASH} %{GREEDYDATA:logmessage}" } | ||
+ | } | ||
+ | mutate { | ||
+ | replace => [ "message", "%{logmessage}" ] | ||
+ | remove_field => ["logmessage"] | ||
+ | } | ||
+ | } | ||
+ | if [type] == "cassandra" { | ||
+ | multiline { | ||
+ | pattern => "(^ %{LOGLEVEL})" | ||
+ | what => "previous" | ||
+ | negate => true | ||
+ | } | ||
+ | grok { | ||
+ | match => { "message" => "%{LOGLEVEL:loglevel} %{THREAD:thread} %{TIMESTAMP_ISO8601:time} %{GREEDYDATA:logmessage}" } | ||
+ | } | ||
+ | mutate { | ||
+ | replace => [ "message", "%{logmessage}" ] | ||
+ | remove_field => ["logmessage"] | ||
+ | } | ||
+ | } | ||
+ | mutate { | ||
+ | add_field => ["apikey", "ffffffff-ffff-ffff-ffff-ffffffffffff"] | ||
+ | add_field => ["tenant_id", "ffffffffffffffffffffffffffffffff"] | ||
+ | } | ||
+ | if [loglevel] == "INFO" or [loglevel] == "DEBUG" { | ||
+ | drop { } | ||
+ | } | ||
+ | } | ||
+ | |||
+ | output { | ||
+ | stdout { | ||
+ | codec => rubydebug | ||
+ | } | ||
+ | udp { | ||
+ | host => "123.123.123.123" | ||
+ | port => "12345" | ||
+ | } | ||
+ | } | ||
+ | </pre> |
Latest revision as of 14:40, 30 May 2014
Configs for Logstash
syslog.conf
input { syslog { type => "syslog" port => "5544" } } filter { if [type] == "syslog" { grok { match => { "message" => "%{POSINT}>%{SYSLOGTIMESTAMP} %{SYSLOGHOST} %{TIMESTAMP_ISO8601:time} %{NUMBER:pid} %{LOGLEVEL:loglevel} %{PACKAGE:package} %{DASH} %{GREEDYDATA:logmessage}" } } if ![loglevel] { drop { } } mutate { replace => [ "message", "%{logmessage}" ] remove_field => ["logmessage"] remove_tag => ["_grokparsefailure"] } } mutate { add_field => ["apikey", "ffffffff-ffff-ffff-ffff-ffffffffffff"] add_field => ["tenant_id", "ffffffffffffffffffffffffffffffff"] } if [loglevel] == "INFO" or [loglevel] == "DEBUG" { drop { } } } output { stdout { codec => rubydebug } udp { host => "123.123.123.123" port => "12345" } }
magneto_cassandra.conf
input { file { type => "magnetodb" start_position => "beginning" path => "/var/log/magnetodb/magnetodb.log" } file { type => "cassandra" start_position => "beginning" path => "/var/log/cassandra/system.log" } } filter { if [type] == "magnetodb" { multiline { pattern => "(^%{TIMESTAMP_ISO8601})" what => "previous" negate => true } if ([message] == "") { drop{} } grok { match => { "message" => "(?m)%{TIMESTAMP_ISO8601:time} %{NUMBER:pid} %{LOGLEVEL:loglevel} %{PACKAGE:package} %{DASH} %{GREEDYDATA:logmessage}" } } mutate { replace => [ "message", "%{logmessage}" ] remove_field => ["logmessage"] } } if [type] == "cassandra" { multiline { pattern => "(^ %{LOGLEVEL})" what => "previous" negate => true } grok { match => { "message" => "%{LOGLEVEL:loglevel} %{THREAD:thread} %{TIMESTAMP_ISO8601:time} %{GREEDYDATA:logmessage}" } } mutate { replace => [ "message", "%{logmessage}" ] remove_field => ["logmessage"] } } mutate { add_field => ["apikey", "ffffffff-ffff-ffff-ffff-ffffffffffff"] add_field => ["tenant_id", "ffffffffffffffffffffffffffffffff"] } if [loglevel] == "INFO" or [loglevel] == "DEBUG" { drop { } } } output { stdout { codec => rubydebug } udp { host => "123.123.123.123" port => "12345" } }