x
/
fuel-plugin-lma-collector
Code Issues Proposed changes

Fix parsing of Pacemaker logs 

This changes fixes the parsing of the Pacemaker logs. Pacemaker logs
via Syslog (for NOTICE and higher messages) and directly to a file for
other messages. Unfortunately since all messages end up in the same
/var/log/pacemaker.log, we need a special decoder that can handle both
formats.

Change-Id: I7389b4fd17d8f5e1b14bc17a2edeece579e1f4e7
Related-Bug: #1450045
This commit is contained in:
Simon Pasquier 2015-05-28 12:05:40 +02:00
parent 50acac551e
commit d430793712
2 changed files with 79 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

77
deployment_scripts/puppet/modules/lma_collector/files/plugins/decoders/pacemaker_log.lua Normal file
View File

@ -0,0 +1,77 @@
-- Copyright 2015 Mirantis, Inc.
--
-- Licensed under the Apache License, Version 2.0 (the "License");
-- you may not use this file except in compliance with the License.
-- You may obtain a copy of the License at
--
-- http://www.apache.org/licenses/LICENSE-2.0
--
-- Unless required by applicable law or agreed to in writing, software
-- distributed under the License is distributed on an "AS IS" BASIS,
-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-- See the License for the specific language governing permissions and
-- limitations under the License.
require "string"
local l = require 'lpeg'
l.locale(l)
local dt = require "date_time"
local patt = require "patterns"
local syslog = require "syslog"
local utils = require 'lma_utils'
local msg = {
Timestamp = nil,
Type = 'log',
Hostname = nil,
Payload = nil,
Pid = nil,
Fields = nil,
Severity = nil,
}
local syslog_pattern = read_config("syslog_pattern") or error("syslog_pattern configuration must be specified")
local syslog_grammar = syslog.build_rsyslog_grammar(syslog_pattern)
-- This grammar is intended for debug and info messages which aren't emitted
-- through Syslog. For example:
-- Apr 29 13:23:46 [13545] node-32.domain.tld pacemakerd: INFO: get_cluster_type: Detected an active 'corosync' cluster
local sp = l.space
local colon = l.P":"
local timestamp = l.Cg(dt.rfc3164_timestamp / dt.time_to_ns, "Timestamp")
local pid = l.Cg(patt.Pid, "Pid")
local severity = l.Cg((l.R"AZ" + l.R"az")^1 / string.lower, "SeverityLabel")
local programname = l.Cg(patt.programname, "programname")
local message = l.Cg(patt.Message, "Message")
local fallback_grammar = l.Ct(timestamp * sp^1 * l.P'[' * pid * l.P']' * sp^1 *
(l.P(1) - sp)^0 * sp^1 * programname * colon * sp^1 * severity * colon *
sp^1 * message)
function process_message ()
local log = read_message("Payload")
if utils.parse_syslog_message(syslog_grammar, log, msg) then
inject_message(msg)
return 0
else
local m = fallback_grammar:match(log)
if m then
msg.Timestamp = m.Timestamp
msg.Payload = m.Message
msg.Pid = m.Pid
msg.Severity = utils.label_to_severity_map[m.SeverityLabel] or 7
msg.Fields = {}
msg.Fields.severity_label = utils.severity_to_label_map[msg.Severity]
msg.Fields.programname = m.programname
utils.inject_tags(msg)
inject_message(msg)
return 0
end
end
return -1
end

5
deployment_scripts/puppet/modules/lma_collector/manifests/logs/pacemaker.pp
View File

@ -18,16 +18,15 @@ class lma_collector::logs::pacemaker {
heka::decoder::sandbox { 'pacemaker':
config_dir => $lma_collector::params::config_dir,
filename => "${lma_collector::params::plugins_dir}/decoders/generic_syslog.lua" ,
filename => "${lma_collector::params::plugins_dir}/decoders/pacemaker_log.lua" ,
config => {
syslog_pattern => $lma_collector::params::syslog_pattern,
fallback_syslog_pattern => $lma_collector::params::fallback_syslog_pattern
},
notify => Class['lma_collector::service'],
}
# Use the default splitter 'TokenSplitter' with 'newline' delimiter,
# because Pacemaker may log messages with and without <PRI> preambule.
# because Pacemaker may log messages with and without the <PRI> preamble.
heka::input::logstreamer { 'pacemaker':
config_dir => $lma_collector::params::config_dir,
decoder => 'pacemaker',