Adding new plugin for parsing ovn logs LOG-1377(WIP)

openshift / origin-aggregated-logging

139 stars 230 forks source link

Adding new plugin for parsing ovn logs LOG-1377(WIP) #2152

Closed ajaygupta978 closed 3 years ago

ajaygupta978 commented 3 years ago

Description

This plugin parses OVN logs and transform into json structure.

/cc @vimalk78 /assign @jcantrill

Links

Depending on PR(s):
Bugzilla:
Github issue:
JIRA: https://issues.redhat.com/browse/LOG-1377
Enhancement proposal:

ajaygupta978 commented 3 years ago

This plugin will take OVN as input and transform into json structure. Example Input:

2021-07-06T08:26:58.687Z|00004|acl_log(ovn_pinctrl0)|INFO|name="verify-audit-logging_deny-all", verdict=drop, severity=alert:icmp,vlan_tci=0x0000,dl_src=0a:58:0a:81:02:12,dl_dst=0a:58:0a:81:02:14,nw_src=10.129.2.18,nw_dst=10.129.2.20,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0

Output:

{"@timestamp":"2021-07-06T08:26:58.687Z",
"level":"info",
"structured":{
   "name":"\"verify-audit-logging_deny-all\"",
    "verdict":"drop",
    "severity":"alert:icmp",
    "vlan_tci":"0x0000",
    "dl_src":"0a:58:0a:81:02:12",
    "dl_dst":"0a:58:0a:81:02:14",
    "nw_src":"10.129.2.18",
    "nw_dst":"10.129.2.20",
    "nw_tos":"0",
    "nw_ecn":"0",
    "nw_ttl":"64",
    "icmp_type":"8",
    "icmp_code”:”0”
}, 
"hostname": "example.com"}

ajaygupta978 commented 3 years ago

/retest

openshift-ci[bot] commented 3 years ago

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: ajaygupta978 To complete the pull request process, please ask for approval from jcantrill after the PR has been reviewed.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files: - **[OWNERS](https://github.com/openshift/origin-aggregated-logging/blob/master/OWNERS)** Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment

ajaygupta978 commented 3 years ago

@vimalk78 added more tests. Please review.

openshift-ci[bot] commented 3 years ago

@ajaygupta978: The following test failed, say /retest to rerun all failed tests:

Test name	Commit	Details	Rerun command
ci/prow/elastic-operator-e2e	003aa3cf8b617cdbce4ce9a4129d26a4a0eeff81	link	`/test elastic-operator-e2e`

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository. I understand the commands that are listed [here](https://go.k8s.io/bot-commands).

jcantrill commented 3 years ago

Closing given @ajaygupta978 per the path we are on for this feature we determined it was not required