summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSimon Pasquier <spasquier@mirantis.com>2017-03-07 09:03:31 +0100
committerSimon Pasquier <spasquier@mirantis.com>2017-03-07 09:08:18 +0100
commit6dbab5edb725def934e34bd6d4ec6a14933ea684 (patch)
treef3717b5b2c159f33b8d9b997bafcdd725af7f7eb
parent5f4cab904785e3e1b078bd90f4e9c0d29473da85 (diff)
Support CADF notifications
Notes
Notes (review): Code-Review+2: Swann Croiset <scroiset@mirantis.com> Workflow+1: Simon Pasquier <spasquier@mirantis.com> Verified+2: Jenkins Submitted-by: Jenkins Submitted-at: Thu, 09 Mar 2017 15:41:48 +0000 Reviewed-on: https://review.openstack.org/442307 Project: openstack/fuel-plugin-lma-collector Branch: refs/heads/master
-rw-r--r--deployment_scripts/puppet/modules/lma_collector/files/plugins/decoders/notification.lua92
-rw-r--r--deployment_scripts/puppet/modules/lma_collector/manifests/elasticsearch.pp2
2 files changed, 62 insertions, 32 deletions
diff --git a/deployment_scripts/puppet/modules/lma_collector/files/plugins/decoders/notification.lua b/deployment_scripts/puppet/modules/lma_collector/files/plugins/decoders/notification.lua
index 5b1195d..3f10e0d 100644
--- a/deployment_scripts/puppet/modules/lma_collector/files/plugins/decoders/notification.lua
+++ b/deployment_scripts/puppet/modules/lma_collector/files/plugins/decoders/notification.lua
@@ -17,13 +17,6 @@ require "cjson"
17local patt = require 'patterns' 17local patt = require 'patterns'
18local utils = require 'lma_utils' 18local utils = require 'lma_utils'
19 19
20local msg = {
21 Timestamp = nil,
22 Type = "notification",
23 Payload = nil,
24 Fields = nil
25}
26
27-- Mapping table from event_type prefixes to notification loggers 20-- Mapping table from event_type prefixes to notification loggers
28local logger_map = { 21local logger_map = {
29 --cinder 22 --cinder
@@ -108,35 +101,34 @@ local transform_functions = {
108 101
109local include_full_notification = read_config("include_full_notification") or false 102local include_full_notification = read_config("include_full_notification") or false
110 103
111function process_message () 104function process_cadf_event(notif, msg)
112 local data = read_message("Payload") 105 local cadf_event = notif.payload
113 local ok, notif = pcall(cjson.decode, data)
114 if not ok then
115 return -1, string.format("Failed to parse notification: %s: '%s'", notif, string.sub(data or 'N/A', 1, 64))
116 end
117 106
118 local oslo_version = notif['oslo.version'] 107 msg.Type = 'audit'
119 if oslo_version then 108 msg.Logger = notif.publisher_id
120 -- messagingv2 notifications 109 msg.Severity = utils.label_to_severity_map[notif.priority]
121 ok, notif = pcall(cjson.decode, notif['oslo.message']) 110 msg.Timestamp = patt.Timestamp:match(cadf_event.eventTime)
122 if not ok then
123 return -1, string.format("Failed to parse v%s notification: %s: '%s'", oslo_version, notif, string.sub(data or 'N/A', 1, 64))
124 end
125 end
126 111
127 if include_full_notification then 112 msg.Fields.action = cadf_event.action
128 msg.Payload = data 113 -- notif.event_type can be 'http.request' or 'http.response'
129 else 114 msg.Fields.notification_type = notif.event_type
130 msg.Payload = utils.safe_json_encode(notif.payload) or '{}' 115 -- cadf_event.eventType can be 'activity', 'monitor', ...
131 end 116 msg.Fields.event_type = cadf_event.eventType
117 msg.Fields.outcome = cadf_event.outcome
118 msg.Fields.severity_label = notif.priority
119end
132 120
133 msg.Fields = {} 121function process_notification(notif, msg)
122 local openstack_notif = notif.payload
123
124 msg.Type = 'notification'
134 msg.Logger = logger_map[string.match(notif.event_type, '([^.]+)')] 125 msg.Logger = logger_map[string.match(notif.event_type, '([^.]+)')]
135 msg.Severity = utils.label_to_severity_map[notif.priority] 126 msg.Severity = utils.label_to_severity_map[notif.priority]
136 msg.Timestamp = patt.Timestamp:match(notif.timestamp) 127 msg.Timestamp = patt.Timestamp:match(notif.timestamp)
128
137 msg.Fields.publisher, msg.Hostname = string.match(notif.publisher_id, '([^.]+)%.([%w_-]+)') 129 msg.Fields.publisher, msg.Hostname = string.match(notif.publisher_id, '([^.]+)%.([%w_-]+)')
138 if notif.payload.host ~= nil then 130 if openstack_notif.host ~= nil then
139 msg.Hostname = string.match(notif.payload.host, '([%w_-]+)') 131 msg.Hostname = string.match(openstack_notif.host, '([%w_-]+)')
140 end 132 end
141 133
142 msg.Fields.event_type = notif.event_type 134 msg.Fields.event_type = notif.event_type
@@ -144,7 +136,7 @@ function process_message ()
144 msg.Fields.hostname = msg.Hostname 136 msg.Fields.hostname = msg.Hostname
145 137
146 for k, v in pairs(payload_fields) do 138 for k, v in pairs(payload_fields) do
147 local val = notif.payload[k] 139 local val = openstack_notif[k]
148 if val ~= nil then 140 if val ~= nil then
149 local name = payload_fields[k] or k 141 local name = payload_fields[k] or k
150 local transform = transform_functions[k] 142 local transform = transform_functions[k]
@@ -155,7 +147,45 @@ function process_message ()
155 end 147 end
156 end 148 end
157 end 149 end
158 utils.inject_tags(msg) 150end
159 151
152function process_message()
153 local msg = {Fields={}}
154 local data = read_message("Payload")
155 local ok, notif = pcall(cjson.decode, data)
156 if not ok then
157 return -1, string.format("Failed to parse notification: %s: '%s'", notif, string.sub(data or 'N/A', 1, 64))
158 end
159
160 local oslo_version = notif['oslo.version']
161 if oslo_version then
162 -- messagingv2 notifications
163 ok, notif = pcall(cjson.decode, notif['oslo.message'])
164 if not ok then
165 return -1, string.format("Failed to parse v%s notification: %s: '%s'", oslo_version, notif, string.sub(data or 'N/A', 1, 64))
166 end
167 end
168
169 if include_full_notification then
170 msg.Payload = data
171 else
172 msg.Payload = utils.safe_json_encode(notif.payload) or '{}'
173 end
174
175 local ok, error_msg
176 if notif.payload.eventType and notif.payload.eventTime then
177 -- Payload of CADF event notifications always contain at least
178 -- eventType and eventTime fields
179 -- http://docs.openstack.org/developer/pycadf/specification/events.html
180 ok, error_msg = pcall(process_cadf_event, notif, msg)
181 else
182 ok, error_msg = pcall(process_notification, notif, msg)
183 end
184
185 if not ok then
186 return -1, error_msg
187 end
188
189 utils.inject_tags(msg)
160 return utils.safe_inject_message(msg) 190 return utils.safe_inject_message(msg)
161end 191end
diff --git a/deployment_scripts/puppet/modules/lma_collector/manifests/elasticsearch.pp b/deployment_scripts/puppet/modules/lma_collector/manifests/elasticsearch.pp
index 7204198..668cd40 100644
--- a/deployment_scripts/puppet/modules/lma_collector/manifests/elasticsearch.pp
+++ b/deployment_scripts/puppet/modules/lma_collector/manifests/elasticsearch.pp
@@ -37,7 +37,7 @@ class lma_collector::elasticsearch (
37 config_dir => $lma_collector::params::log_config_dir, 37 config_dir => $lma_collector::params::log_config_dir,
38 server => $server, 38 server => $server,
39 port => $port, 39 port => $port,
40 message_matcher => 'Type == \'log\' || Type == \'notification\'', 40 message_matcher => 'Type == \'log\' || Type == \'notification\' || Type == \'audit\'',
41 use_buffering => $lma_collector::params::buffering_enabled, 41 use_buffering => $lma_collector::params::buffering_enabled,
42 max_buffer_size => $lma_collector::params::buffering_max_buffer_size_for_log, 42 max_buffer_size => $lma_collector::params::buffering_max_buffer_size_for_log,
43 max_file_size => $lma_collector::params::buffering_max_file_size_for_log, 43 max_file_size => $lma_collector::params::buffering_max_file_size_for_log,