Anaconda - Githubissues

NunzioArdi commented 4 years ago

Faire un filtre logstash pour les logs anacron qui ne sont pas syslogger (centos 6)

[x] règle grok
[x] get nom prog anaconda (storage, program...) dans le path
[x] ajouter severity
[x] priority
[x] multiligne

https://fedoraproject.org/wiki/Anaconda/Logging

NunzioArdi commented 4 years ago

https://pastebin.com/etkDfBAu https://grokdebug.herokuapp.com/

%{TIME:time} +%{LOGLEVEL:severity_text} +: (?(.)*)

NunzioArdi commented 4 years ago

  if "anaconda_old" in [tags] and "grokmatch" not in [tags] {
      grok {
         # Il n'y a que l'heure, pas de date, je ne l'utilise pas
         match => [
            "message", 
            "%{TIME} +%{LOGLEVEL:severity_text} +: +(?<message>(.)*)"
         ]
         overwrite => [ "message" ]
         add_tag => ["grokmatch", "nosyslog"]
         add_field => { "facility" => 0} # Kernel (cf. doc)
      }

      ruby {
         code => '
            # Définit le nom du programe (anaconda seul ou anaconda_storage...)
            path = event.get("[log][file][path]").to_s
            prog = path[/(?<=anaconda\.).*(?=\.log)/]
            if !prog.nil? then
               event.set("process", "anaconda_".concat(prog))
            else
               event.set("process", "anaconda")
            end

            # Définit la severity 
            flag = event.get("severity_text")
            if flag == "DEBUG" then
               event.set("severity", 7)
            elsif flag == "INFO" then
               event.set("severity", 6)
            elsif flag == "WARNING" then
               event.set("severity", 4)
            elsif flag == "ERR" then
               event.set("severity", 3)
            elsif flag == "CRIT" then
               event.set("severity", 2)
            end

            priority = 0 * 8 +  event.get("severity")
            event.set("priority", priority)
            '
      }
   }

NunzioArdi / Centralisation-des-logs

Anaconda #6