openstack
/
ansible-role-collect-logs
Code Issues Proposed changes
ansible-role-collect-logs/roles/collect_logs/tasks/collect/system.yml

40 lines
1.6 KiB
YAML
Raw Blame History

---
- become: true
ignore_errors: "{{ artcl_ignore_errors }}"
block:
- name: Collect errors and rename if more than 10 MB
shell: >
grep -rE '^[-0-9]+ [0-9:\.]+ [0-9 ]*ERROR ' /var/log/ |
sed "s/\(.*\)\(20[0-9][0-9]-[0-9][0-9]-[0-9][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9]\.[0-9]\+\)\(.*\)/\2 ERROR \1\3/g" > /tmp/errors.txt;
if (( $(stat -c "%s" /tmp/errors.txt) > 10485760 )); then
ERR_NAME=big-errors.txt;
else
ERR_NAME=errors.txt;
fi;
mv /tmp/errors.txt /var/log/extra/${ERR_NAME}
# logstash.txt file format expects to follow a strict format (console) like:
# TIMESTAMP_ISO8601 | message
# If timestamp is missing on a line, previous value will be used.
# https://opendev.org/openstack/logstash-filters/src/branch/master/filters/openstack-filters.conf#L6-L20
# https://github.com/logstash-plugins/logstash-patterns-core/blob/master/patterns/grok-patterns#L71
# https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString
# Valid examples:
# 2011-10-05T14:48:00.000Z | foo
# 2011-10-05T14:48:00Z | foo
# 2011-10-05 14:48:00 | foo
- name: Create a index file for logstash
# This removes and regenerates timestamp suffix to a know valid formart,
# but we should improve the code to keep original when valid.
vars:
suffix: "{{ ansible_date_time.iso8601_micro }} | "
shell: >
find {{ artcl_logstash_files | default([]) | join(" ") }} 2>/dev/null |
xargs -r sed
-E "s/^[0-9[:space:].:TZ|-]+ //g; s/^/{{ suffix }}/"
>> /var/log/extra/logstash.txt
View Git Blame Copy Permalink