Closed NunzioArdi closed 4 years ago
https://pastebin.com/etkDfBAu https://grokdebug.herokuapp.com/
%{TIME:time} +%{LOGLEVEL:severity_text} +: (?
if "anaconda_old" in [tags] and "grokmatch" not in [tags] {
grok {
# Il n'y a que l'heure, pas de date, je ne l'utilise pas
match => [
"message",
"%{TIME} +%{LOGLEVEL:severity_text} +: +(?<message>(.)*)"
]
overwrite => [ "message" ]
add_tag => ["grokmatch", "nosyslog"]
add_field => { "facility" => 0} # Kernel (cf. doc)
}
ruby {
code => '
# Définit le nom du programe (anaconda seul ou anaconda_storage...)
path = event.get("[log][file][path]").to_s
prog = path[/(?<=anaconda\.).*(?=\.log)/]
if !prog.nil? then
event.set("process", "anaconda_".concat(prog))
else
event.set("process", "anaconda")
end
# Définit la severity
flag = event.get("severity_text")
if flag == "DEBUG" then
event.set("severity", 7)
elsif flag == "INFO" then
event.set("severity", 6)
elsif flag == "WARNING" then
event.set("severity", 4)
elsif flag == "ERR" then
event.set("severity", 3)
elsif flag == "CRIT" then
event.set("severity", 2)
end
priority = 0 * 8 + event.get("severity")
event.set("priority", priority)
'
}
}
Faire un filtre logstash pour les logs anacron qui ne sont pas syslogger (centos 6)
https://fedoraproject.org/wiki/Anaconda/Logging