API tools faq
paste
Advertisement
thanh_thu

openstack-filter.conf

thanh_thu
Jun 23rd, 2019
162
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.60 KB | None | 0 0
raw download clone embed print report
  1. filter {
  2. if [type] == "nova" {
  3. grok {
  4. break_on_match => true
  5. match => [
  6. "message", "%{HOSTNAME:openstack_hostname} %{TIMESTAMP_ISO8601:timestamp} %{POSINT:openstack_pid} %{OPENSTACK_LOGLEVEL:openstack_loglevel} %{OPENSTACK_PROG:openstack_program}%{REQ_LIST} %{ID} %{GREEDYDATA:openstack_instance_action}",
  7. "message", "%{HOSTNAME:openstack_hostname} %{TIMESTAMP_ISO8601:timestamp} %{POSINT:openstack_pid} %{OPENSTACK_LOGLEVEL:openstack_loglevel} %{OPENSTACK_PROG:openstack_program}%{REQ_LIST} %{RESOURCE_DISK_RAM:Free_disk_ram}",
  8. "message", "%{HOSTNAME:openstack_hostname} %{TIMESTAMP_ISO8601:timestamp} %{POSINT:openstack_pid} %{OPENSTACK_LOGLEVEL:openstack_loglevel} %{OPENSTACK_PROG:openstack_program}%{REQ_LIST} %{RESOURCE_CPU:Free_vcpus}",
  9. "message", "%{HOSTNAME:openstack_hostname} %{TIMESTAMP_ISO8601:timestamp} %{POSINT:openstack_pid} %{OPENSTACK_LOGLEVEL:openstack_loglevel} %{OPENSTACK_PROG:openstack_program}%{REQ_LIST} %{WORD} %{NOTSPACE:openstack_image_id} %{NOTSPACE} %{NOTSPACE:openstack_image_location} %{GREEDYDATA:image_message}",
  10. "message", "%{HOSTNAME:openstack_hostname} %{TIMESTAMP_ISO8601:timestamp} %{POSINT:openstack_pid} %{OPENSTACK_LOGLEVEL:openstack_loglevel} %{OPENSTACK_PROG:openstack_program}%{REQ_LIST} %{IP:IP} %{NOVA_INSTANCE_REQUEST:nova_api_request} %{NOTSPACE} %{NOTSPACE} %{INT:nova_response_code} %{NOTSPACE} %{INT} %{NOTSPACE} %{NUMBER:nova_response_time}",
  11. "message", "%{HOSTNAME:openstack_hostname} %{TIMESTAMP_ISO8601:timestamp} %{POSINT:openstack_pid} %{OPENSTACK_LOGLEVEL:openstack_loglevel} %{OPENSTACK_PROG:openstack_program}%{REQ_LIST} %{IP:IP} %{QUOTEDSTRING:nova_api_request} %{NOTSPACE} %{INT:nova_response_code} %{NOTSPACE} %{INT} %{NOTSPACE} %{NUMBER:nova_response_time}",
  12. "message", "%{HOSTNAME:openstack_hostname} %{TIMESTAMP_ISO8601:timestamp} %{POSINT:openstack_pid} %{OPENSTACK_LOGLEVEL:openstack_loglevel} %{OPENSTACK_PROG:openstack_program}%{REQ_LIST} %{BASE_FILE} %{PATH:openstack_basefile_path}"
  13. ]
  14. add_tag => "openstack_logs"
  15. add_tag => "nova"
  16. }
  17. }
  18.  
  19. if [type] == "glance" {
  20. grok {
  21. break_on_match => true
  22. match => [
  23. "message", "%{HOSTNAME:openstack_hostname} %{TIMESTAMP_ISO8601:timestamp} %{POSINT:openstack_pid} %{OPENSTACK_LOGLEVEL:openstack_loglevel} %{OPENSTACK_PROG:openstack_program}%{REQ_LIST} %{GREEDYDATA} %{IP:IP}",
  24. #"message", "%{HOSTNAME:openstack_hostname} %{TIMESTAMP_ISO8601:timestamp} %{POSINT:openstack_pid} %{OPENSTACK_LOGLEVEL:openstack_loglevel} %{OPENSTACK_PROG:openstack_program}%{REQ_LIST} %{GLANCE_IMAGE_MESSAGE:glance_image_message}",
  25. "message", "%{HOSTNAME:openstack_hostname} %{TIMESTAMP_ISO8601:timestamp} %{POSINT:openstack_pid} %{OPENSTACK_LOGLEVEL:openstack_loglevel} %{OPENSTACK_PROG:openstack_program}%{REQ_LIST} %{GLANCE_IMAGE_MESSAGE:glance_image_message} %{UUID:glance_image_id}",
  26. "message", "%{HOSTNAME:openstack_hostname} %{TIMESTAMP_ISO8601:timestamp} %{POSINT:openstack_pid} %{OPENSTACK_LOGLEVEL:openstack_loglevel} %{OPENSTACK_PROG:openstack_program}%{REQ_LIST} %{IP:IP} %{GREEDYDATA} %{QUOTEDSTRING:glance_api_request} %{INT:glance_response_code} %{INT} %{NUMBER:glance_response_time}"
  27. ]
  28. add_tag => "openstack_logs"
  29. add_tag => "glance"
  30. }
  31. }
  32.  
  33. if [type] == "neutron" {
  34. grok {
  35. break_on_match => true
  36. match => [
  37. "message", "%{HOSTNAME:openstack_hostname} %{TIMESTAMP_ISO8601:timestamp} %{POSINT:openstack_pid} %{OPENSTACK_LOGLEVEL:openstack_loglevel} %{OPENSTACK_PROG:openstack_program}%{REQ_LIST} %{DATA} %{UUID:neutron_segment_id} %{WORD} %{WORD} %{WORD:neutron_network_type} %{WORD} %{WORD} %{UUID:neutron_network_id}",
  38. "message", "%{HOSTNAME:openstack_hostname} %{TIMESTAMP_ISO8601:timestamp} %{POSINT:openstack_pid} %{OPENSTACK_LOGLEVEL:openstack_loglevel} %{OPENSTACK_PROG:openstack_program}%{REQ_LIST} %{IP:IP} %{GREEDYDATA} %{QUOTEDSTRING:neutron_api_request} %{INT:neutron_response_code} %{INT} %{NUMBER:neutron_response_time}",
  39. "message", "%{HOSTNAME:openstack_hostname} %{TIMESTAMP_ISO8601:timestamp} %{POSINT:openstack_pid} %{OPENSTACK_LOGLEVEL:openstack_loglevel} %{OPENSTACK_PROG:openstack_program}%{REQ_LIST} %{NEUTRON_ACCEPT_MESSAGE:neutron_accept_message}"
  40. ]
  41. add_tag => "openstack_logs"
  42. add_tag => "neutron"
  43. }
  44. }
  45.  
  46. if [type] == "keystone" {
  47. grok {
  48. break_on_match => true
  49. match => [
  50. "message", " %{HOSTNAME:openstack_hostname} %{TIMESTAMP_ISO8601:timestamp} %{POSINT:openstack_pid} %{OPENSTACK_LOGLEVEL:openstack_loglevel} %{OPENSTACK_PROG:openstack_program}%{REQ_LIST} %{IP:IP} %{GREEDYDATA} %{QUOTEDSTRING:keystone_api_request} %{INT:keystone_response_code} %{INT} %{NUMBER:keystone_response_time}"
  51. ]
  52. add_tag => "openstack_logs"
  53. add_tag => "keystone"
  54. }
  55. }
  56.  
  57. # Catch API and general messages
  58. if [type] == "cinder" {
  59. if [message] =~ /(?i)"GET|"POST|"DELETE|GET|POST|DELETE/ {
  60. grok {
  61. match => ["message", "%{HOSTNAME:openstack_hostname} %{TIMESTAMP_ISO8601:timestamp} %{POSINT:openstack_pid} %{OPENSTACK_LOGLEVEL:openstack_loglevel} %{OPENSTACK_PROG:openstack_program}%{REQ_LIST} %{IP:IP} %{GREEDYDATA} %{QUOTEDSTRING:cinder_api_request} %{INT:cinder_response_code} %{INT} %{NUMBER:cinder_response_time}"]
  62. add_tag => "openstack_logs"
  63. add_tag => "cinder"
  64. }
  65. } else {
  66. grok {
  67. match => ["message", "%{HOSTNAME:openstack_hostname} %{TIMESTAMP_ISO8601:timestamp} %{POSINT:openstack_pid} %{OPENSTACK_LOGLEVEL:openstack_loglevel} %{OPENSTACK_PROG:openstack_program}%{REQ_LIST} %{GREEDYDATA:cinder_message}"]
  68. add_tag => "openstack_logs"
  69. add_tag => "cinder"
  70. }
  71. }
  72. }
  73.  
  74. if [type] == "heat" {
  75. if [message] =~ /(?i)"GET|"POST|"DELETE|GET|POST|DELETE/ {
  76. grok {
  77. match => ["message", "%{HOSTNAME:openstack_hostname} %{TIMESTAMP_ISO8601:timestamp} %{POSINT:openstack_pid} %{OPENSTACK_LOGLEVEL:openstack_loglevel} %{OPENSTACK_PROG:openstack_program}%{REQ_LIST} %{IP:IP} %{GREEDYDATA} %{QUOTEDSTRING:heat_api_request} %{INT:heat_response_code} %{INT} %{NUMBER:heat_response_time}"]
  78. add_tag => "openstack_logs"
  79. add_tag => "heat"
  80. }
  81. } else {
  82. grok {
  83. match => ["message", "%{HOSTNAME:openstack_hostname} %{TIMESTAMP_ISO8601:timestamp} %{POSINT:openstack_pid} %{OPENSTACK_LOGLEVEL:openstack_loglevel} %{OPENSTACK_PROG:openstack_program}%{REQ_LIST} %{GREEDYDATA:heat_message}"]
  84. add_tag => "openstack_logs"
  85. add_tag => "heat"
  86. }
  87. }
  88. }
  89.  
  90. if [message] =~ /(?i)Compute_service record|Auditing locally|Loading compute driver|wsgi starting up|Stopping WSGI server|WSGI server has stopped|Skipping periodic task|nova.openstack.common.service|Connected to AMQP server|keystoneclient.middleware.auth_token|Starting new HTTP connection|Returning detailed image list|SIGTERM/ {
  91. drop {}
  92. }
  93.  
  94. if ([message] =~"Quota exceeded for resources") {
  95. grok {
  96. match => [
  97. "message", "%{HOSTNAME:openstack_hostname} %{TIMESTAMP_ISO8601:timestamp} %{POSINT:openstack_pid} %{OPENSTACK_LOGLEVEL:openstack_loglevel} %{OPENSTACK_PROG:openstack_program}%{REQ_LIST} %{GREEDYDATA:resource_failed}"
  98. ]
  99. add_tag => "openstack_logs"
  100. add_tag => "resource_quota"
  101. remove_tag => "_grokparsefailure"
  102. }
  103. }
  104. # All matching filter for grokparsefailures, traceback & extensions
  105. if "_grokparsefailure" in [tags] {
  106. if ([message] =~"Traceback") {
  107. grok {
  108. match => ["message", "%{HOSTNAME:openstack_hostname} %{TIMESTAMP_ISO8601:timestamp} %{POSINT:openstack_pid} %{OPENSTACK_LOGLEVEL:openstack_loglevel} %{OPENSTACK_PROG:openstack_program}%{REQ_LIST} %{GREEDYDATA:openstack_trace}"]
  109. add_tag => "openstack_trace"
  110. remove_tag => "_grokparsefailure"
  111. }
  112. } else if ([message] =~ /(?i)Loaded extension/) {
  113. grok {
  114. match => ["message", "%{HOSTNAME:openstack_hostname} %{TIMESTAMP_ISO8601:timestamp} %{POSINT:openstack_pid} %{OPENSTACK_LOGLEVEL:openstack_loglevel} %{OPENSTACK_PROG:openstack_program}%{REQ_LIST} %{GREEDYDATA:openstack_extension}"]
  115. add_tag => "extension_loaded"
  116. remove_tag => "_grokparsefailure"
  117. }
  118. } else {
  119. grok {
  120. match => ["message", "%{HOSTNAME:openstack_hostname} %{TIMESTAMP_ISO8601:timestamp} %{POSINT:openstack_pid} %{OPENSTACK_LOGLEVEL:openstack_loglevel} %{OPENSTACK_PROG:openstack_program}%{REQ_LIST} %{GREEDYDATA:openstack_message}"]
  121. add_tag => "openstack_logs"
  122. add_tag => "unmatched_event"
  123. remove_tag => "_grokparsefailure"
  124. }
  125. }
  126. }
  127.  
  128. if "python" in [command] {
  129. drop{}
  130. }
  131. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!