From 06ae62b256421be7fb7c8696e0f5be75a1aab774 Mon Sep 17 00:00:00 2001 From: Clark Boylan Date: Thu, 30 May 2013 11:41:01 -0700 Subject: [PATCH] Add syslog logs to Logstash. * modules/openstack_project/files/logstash/logstash-worker1/jenkins-log-pusher.yaml: Add the syslog log file to the list of files to be processed by logstash-worker1. * modules/openstack_project/templates/logstash/indexer.conf.erb: Add Logstash filters for syslog format files. Change-Id: I0f8f58ab484949eb0506842bdb98385767a50333 Reviewed-on: https://review.openstack.org/31097 Reviewed-by: Clark Boylan Approved: James E. Blair Reviewed-by: James E. Blair Tested-by: Jenkins --- indexer.conf.erb | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/indexer.conf.erb b/indexer.conf.erb index 60f8739..bd651b9 100644 --- a/indexer.conf.erb +++ b/indexer.conf.erb @@ -84,12 +84,20 @@ filter { pattern => [ "(?m)^\(\b%{NOTSPACE:module}\b\):%{SPACE}%{DATESTAMP:logdate}%{SPACE}(?AUDIT|CRITICAL|DEBUG|INFO|TRACE|WARNING|ERROR)%{SPACE}%{GREEDYDATA:logmessage}" ] add_field => [ "received_at", "%{@timestamp}" ] } + grok { + type => "jenkins" + tags => ["syslog"] + # Syslog grok filter adapted from + # http://cookbook.logstash.net/recipes/syslog-pri/syslog.conf + pattern => [ "%{SYSLOGTIMESTAMP:logdate}%{SPACE}%{SYSLOGHOST:syslog_host}?%{SPACE}%{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?:? %{GREEDYDATA:logmessage}" ] + add_field => [ "received_at", "%{@timestamp}" ] + } # Filters below here should be consistent for all Jenkins log formats. date { type => "jenkins" exclude_tags => "_grokparsefailure" - match => [ "logdate", "yyyy-MM-dd HH:mm:ss.SSS", "yyyy-MM-dd HH:mm:ss,SSS", "yyyy-MM-dd HH:mm:ss" ] + match => [ "logdate", "yyyy-MM-dd HH:mm:ss.SSS", "yyyy-MM-dd HH:mm:ss,SSS", "yyyy-MM-dd HH:mm:ss", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ] } mutate { type => "jenkins"