MagnetoDB/Logging configs
< MagnetoDB
Revision as of 14:40, 30 May 2014 by Oleksandr Minakov (talk | contribs)
Configs for Logstash
syslog.conf
input { syslog { type => "syslog" port => "5544" } } filter { if [type] == "syslog" { grok { match => { "message" => "%{POSINT}>%{SYSLOGTIMESTAMP} %{SYSLOGHOST} %{TIMESTAMP_ISO8601:time} %{NUMBER:pid} %{LOGLEVEL:loglevel} %{PACKAGE:package} %{DASH} %{GREEDYDATA:logmessage}" } } if ![loglevel] { drop { } } mutate { replace => [ "message", "%{logmessage}" ] remove_field => ["logmessage"] remove_tag => ["_grokparsefailure"] } } mutate { add_field => ["apikey", "ffffffff-ffff-ffff-ffff-ffffffffffff"] add_field => ["tenant_id", "ffffffffffffffffffffffffffffffff"] } if [loglevel] == "INFO" or [loglevel] == "DEBUG" { drop { } } } output { stdout { codec => rubydebug } udp { host => "123.123.123.123" port => "12345" } }
magneto_cassandra.conf
input { file { type => "magnetodb" start_position => "beginning" path => "/var/log/magnetodb/magnetodb.log" } file { type => "cassandra" start_position => "beginning" path => "/var/log/cassandra/system.log" } } filter { if [type] == "magnetodb" { multiline { pattern => "(^%{TIMESTAMP_ISO8601})" what => "previous" negate => true } if ([message] == "") { drop{} } grok { match => { "message" => "(?m)%{TIMESTAMP_ISO8601:time} %{NUMBER:pid} %{LOGLEVEL:loglevel} %{PACKAGE:package} %{DASH} %{GREEDYDATA:logmessage}" } } mutate { replace => [ "message", "%{logmessage}" ] remove_field => ["logmessage"] } } if [type] == "cassandra" { multiline { pattern => "(^ %{LOGLEVEL})" what => "previous" negate => true } grok { match => { "message" => "%{LOGLEVEL:loglevel} %{THREAD:thread} %{TIMESTAMP_ISO8601:time} %{GREEDYDATA:logmessage}" } } mutate { replace => [ "message", "%{logmessage}" ] remove_field => ["logmessage"] } } mutate { add_field => ["apikey", "ffffffff-ffff-ffff-ffff-ffffffffffff"] add_field => ["tenant_id", "ffffffffffffffffffffffffffffffff"] } if [loglevel] == "INFO" or [loglevel] == "DEBUG" { drop { } } } output { stdout { codec => rubydebug } udp { host => "123.123.123.123" port => "12345" } }