|
|
vim /etc/filebeat/filebeat.yml + r3 h p# U8 P& P3 _9 Q/ f3 H% e3 }
9 `- y+ q% Z' s m% F( F- c% \! a9 [) b _1 y- E
$ Y, }! y* V8 J" ~* nfilebeat.inputs:
' u- s. [+ z; E6 A4 @8 @* Y - type: log* `/ N3 j1 X. c8 m
enabled: true
6 U( Y# Q7 F+ |9 p paths:
/ w2 P# @& J$ } - /var/log/messages
# d5 Q% z) G d4 V& F% ?5 \ tags: ["messages"]
( u @; b& S( l( | fields_under_root: true
. e1 g4 q. t6 ^* j* W4 h1 N8 v9 |. g2 B. w* X7 }
- type: log& P* `; [# i# p+ ]% U
enabled: true
6 M. e( ?1 B0 b: a paths:
3 L' }/ J8 K4 K - /var/log/nova/nova-compute.log8 r; @1 N, l+ f* Q2 p w
tags: ["nova-compute"]
5 Z e5 Z; B) p7 R4 d& x fields_under_root: true
6 P d% J- N6 r2 X* q- Y( s" W
$ A: h$ }1 l- A4 c2 g( s1 b - type: log
* c3 H2 R$ C3 g0 J7 |& Y enabled: true
8 }( H3 l' G1 u* W' u6 ^ @1 J paths:8 [+ Y5 j+ P: b" l# f# ~- y) i" h; l
- /var/log/nova/nova-manage.log% c0 f9 T/ D* Q4 y+ Z$ K
tags: ["nova-manage"]
0 `) |4 y; M$ C$ ~3 b- ]1 V) p fields_under_root: true1 I; F9 S3 @ n3 b; z) }
. j& u0 i2 P4 s$ Q
- type: log
6 @2 a5 l7 n, r; D2 U Q+ e9 b enabled: true
' j, d0 \2 N9 P1 g @ paths:% C' ]3 r+ _5 _' w2 C8 w7 P% G
- /var/log/nova/scheduler.log
1 l6 d4 [0 u: f9 t& F' u tags: ["scheduler"]
& w3 ~+ x+ @4 e5 w! U9 X fields_under_root: true( V/ R' B. v C9 w, {4 u! `
5 n9 _9 c% F% c- U, A7 _3 W - type: log
1 J7 S0 m- z$ V6 Y: S* d1 l4 g enabled: true
1 c; C+ Z3 ]: |" L+ q m+ o paths:+ F- M, B& V& x/ m" Z2 D
- /var/log/nova/conductor.log3 k6 B3 N+ T' d- d8 R
tags: ["conductor"]
, X7 ~- f0 o" \7 i fields_under_root: true- W& r9 g' z- U3 w* p* o/ w
% ^4 V: k* Z! U! o - type: log: ^& u) M# s3 b
enabled: true
" \# ?3 }6 G0 E( v paths:$ C+ O$ X( B% i$ \) d
- /var/log/nova/cert.log
) ^7 }7 H% v* D3 ?7 e tags: ["cert"]
: a! {3 w( u5 q: H3 [' C% O1 o fields_under_root: true
& T% U" m: ?! ?3 m( F3 b% X2 L2 z2 T
- type: log
% z5 B5 e5 Z% |+ G) n0 p enabled: true
3 N. V. [/ q( v; Y7 ~3 Z2 \4 [2 P paths:- W$ h: G" @- U* u, e/ M
- /var/log/nova/consoleauth.log 2 P; D2 L; {( u. n6 p
tags: ["consoleauth"]) v% F0 q$ C" @7 D! F/ w
fields_under_root: true: ?& y; m8 r* s A! E8 p
1 X4 \- T0 w% H4 F1 r9 j
- type: log1 T' k7 T0 ]: b, x8 M( \9 j0 k
enabled: true
" k% E) v. i s/ d9 I1 k+ y paths:
2 s3 k3 c/ u: k" X - /var/log/nova/nova-novncproxy.log
$ L+ K/ F! ~5 w W2 s8 ~; ~ tags: ["nova-novncproxy"]
. U. `$ H0 J' z fields_under_root: true5 }* k- g9 ~# N6 P, T1 t
# L% k% n; t" r$ r/ ] - type: log
# r/ E) j( { k* U6 v: L enabled: true+ T( R- m7 [( w( q
paths:, q. y& X& R) ^
- /var/log/rabbitmq/rabbit*.log4 ?0 i! k* F7 j. @' m
tags: ["rabbit"]. W: h, \( K+ U, i4 C: V0 m
fields_under_root: true
5 Y4 o: l. z/ [& M! V' l. v7 _5 B. W: t/ T4 @0 v; j
- type: log
# l9 l7 \, o& ~ h enabled: true0 H( ?; A3 g8 w3 k
paths:
0 N4 b& } B9 Q2 X" v6 n - /var/log/glance/*.log( t) i+ h- V7 V, V# m$ { d
tags: ["glance"]
/ z; c7 ~& G6 L7 Q fields_under_root: true
# t& J7 W% W/ z$ ]) U1 I |: ^- [6 P' V; [
- type: log
* r. V5 n& F; H# m; m( t5 A enabled: true
6 @, \% d5 U2 Q paths:
' F' K9 Q* t7 K8 X; o3 w1 G - /var/log/neutron/openvswitch-agent.log
- p s' \) S" b! P$ M* d tags: ["openvswitch-agent"]
# z( T# D2 i6 E7 ] fields_under_root: true: ^, `) P7 x# t D! u
/ l9 k5 C! V% V* @8 D - type: log
5 W, M' D/ R/ L' b+ f" ` enabled: true' f s& m9 h: Z
paths:
+ q7 Z) b* l( M& u+ d1 p; t - /var/log/kuryr/kuryr-controller.log
+ I0 o. d* X/ c1 c. @# z tags: ["kuryr-controller"]7 K5 E' y$ w! v: q/ ^
fields_under_root: true
1 f+ T8 C1 ^8 x! @7 d/ y; a/ L2 T2 V" k7 t
4 A a: Q. x9 n+ M1 P8 v2 q - type: log& D" e' W) _' [/ a0 X$ \1 r& L8 v
enabled: true
. {2 H, w' j* B7 ~ paths:
$ L) e1 e4 L' j1 B( y4 S - /var/log/keystone/keystone.log5 L5 i& D7 w% K0 o( H
tags: ["keystone"]
) ^2 u! v2 P* m @% k- L0 W% @2 ?% t fields_under_root: true. X: C9 l# F$ c
& h+ B# r2 f* R
output.elasticsearch:
" o0 u9 L( E( n% b# T& T0 v hosts: ["172.24.110.125:9200", "172.24.110.127:9200"]7 P/ S7 w3 o4 W' A, P
& h3 L7 H9 @* w: g username: elastic/ x: o+ j' {0 }1 u" f$ W
password: Cxxxx! H. ]# u. D! {: F' C+ u; u; i0 K
indices:
3 \8 {3 F) C) G. U! \6 l; M+ } - index: "compute_messages-error-%{[agent.version]}-%{+yyyy.MM.dd}"6 C8 u3 o: V4 Y# f n
when:; b3 G8 c. t) S
or:
; s, X5 Y( C0 S - contains:7 b0 G) C! s3 l
tags: "messages"
D3 D7 D- m2 F# h' O message: "err". J, V+ r) F% F. u' A' G$ X
- contains:& z0 b; W1 t+ h; m
tags: "messages"
; D% h- E. n" } K+ b! l! t message: "ERR"
+ v X: A. {! J' Z4 Y2 ?' [ - contains:$ G3 N" P; e* }$ X7 H' J/ e# Q1 g9 a
tags: "messages"* T& q) _; k" P
message: "fail"
. m9 P9 z: m# Z& e; M - index: "compute_messages-%{[agent.version]}-%{+yyyy.MM.dd}"
# {9 H' R' n& u$ r+ A- M0 h when.contains:! R4 p# c$ C H7 F
tags: "messages"
& L% O7 b5 d) Y( |/ a - index: "compute_nova-compute-error-%{[agent.version]}-%{+yyyy.MM.dd}"! }3 M1 E9 r; @, o$ }6 G0 A+ z
when:# c$ {' N- r+ k" f" O
or:
) z) p$ y5 u& w+ w - contains:' e- R* b+ u6 _
tags: "nova-compute"
3 b7 ~" M9 B! |" L message: "err"
0 i- N0 \0 K6 P5 z/ H1 v/ ^1 G - contains:. l7 z. J& }- o% C4 y0 M5 R
tags: "nova-compute"
) e1 I3 k( ]* i message: "ERR"
/ d' W8 P* k# Q" Z4 H% r- @( y! { - contains:( V5 O, f$ s0 i
tags: "nova-compute"
/ O- {+ ^( P M/ r8 }( n message: "fail"
1 g- Z/ C Q) f4 E3 C0 { - index: "compute_nova-compute-%{[agent.version]}-%{+yyyy.MM.dd}"
) N3 h6 l5 Y. s l. X4 k% y when.contains:/ X- ^, P% k$ l4 f6 J
tags: "nova-compute"
6 ]3 Y# ]7 D s# x$ h0 ^' f" |
- index: "controller_nova-manage-error-%{[agent.version]}-%{+yyyy.MM.dd}"9 }) u" \# O* c/ m
when:
" z) o O" K& {0 h" C8 R8 W" }" J or:
; ~1 q4 q4 |) r2 K4 [! T! ] - contains:9 Q; G" a+ f" F6 C$ ~! e% l1 M
tags: "nova-manage"4 H U( X0 q* v3 D" D
message: "err" ?' J9 n5 ~, x: O9 H
- contains:
$ c6 h* r9 c3 q. Q+ M tags: "nova-manage"
- G6 a7 l; Y" ?+ A message: "ERR"
) ]8 D1 X8 P* D& F" x( J) Z - contains:8 c- N5 _0 b4 i. I+ ?* Z# X- L
tags: "nova-manage"
# A5 e$ c5 z* I& \ message: "fail"
2 B B/ U( W9 i9 n - index: "controller_nova-manage-%{[agent.version]}-%{+yyyy.MM.dd}"5 z' r' F8 ^" ^# ~" G+ e1 a# W
when.contains:
: o5 B e1 v j# _. M8 y tags: "nova-manage"
4 b5 B: P# _$ G4 s+ ?
& g1 _2 l5 o/ o7 @/ D9 j+ }1 W - index: "controller_scheduler-error-%{[agent.version]}-%{+yyyy.MM.dd}"
" L3 L6 H- h- D N1 @ when:" L- o# j7 i1 z' n
or:
$ m6 A% j% Z% E( Z5 I r. N. x# @ - contains:
$ _) w4 M8 W5 M$ n4 ^3 B) \ tags: "scheduler"
R. t( f& d8 x. I" e6 w$ H+ X% L+ z message: "err"
9 z+ v1 f( {' A& ^ - contains:3 g( v3 T1 T' C
tags: "scheduler"
, I$ {0 h9 j0 u6 `5 N! {6 Z message: "ERR"
: A" X# ~' {6 q+ i$ @ k7 G2 K - contains:
. q1 ]! Q- b" I! _$ w" O1 s/ z tags: "scheduler"; d" p5 S( i9 h' ^0 I
message: "fail"5 |9 H( g/ {$ h. O6 G! w
- index: "controller_scheduler-%{[agent.version]}-%{+yyyy.MM.dd}"
5 Z$ ~- K& K7 w4 u9 p. O when.contains:& y, R' R; w; _0 V
tags: "scheduler"
# F; A+ H/ j s8 ]
2 I: Z* i+ u; N4 D8 h - index: "controller_conductor-error-%{[agent.version]}-%{+yyyy.MM.dd}"4 ` s l/ G7 x; ~5 s4 j. y) ~6 H: A% t
when:
! j( d# Y; X1 A1 Q or:4 Y; U/ n ^% k. g' ?5 K! [
- contains:
% j7 w, Z y' x# |5 n% ] tags: "conductor"/ c1 K9 n W6 l! V
message: "err"
# C9 a9 d6 H' c- j& ]/ q, m - contains:
5 A3 f1 z( b9 [( n2 Z3 H tags: "conductor") m& u& l8 x. {
message: "ERR"
z* A3 v0 v' q( ? - contains:
' ]* ?0 J: `" H5 b( w: X- L tags: "conductor"# l% z/ p) P) i ]1 Q2 V, `
message: "fail"
+ \! r* `" m2 o! ]) } - index: "controller_conductor-%{[agent.version]}-%{+yyyy.MM.dd}"
. K: t E Z7 p s9 s" w when.contains:) v% G& T' w" s* R3 j: [7 b
tags: "conductor") x, g: x1 h) p& E6 [/ r
6 ~/ K" Q5 N, ^, {
- index: "controller_cert-error-%{[agent.version]}-%{+yyyy.MM.dd}"( ~0 D1 \5 C: U- N
when:0 q/ P# M* s' t8 g' {- m! G
or:
1 n1 j& z" ~1 T& P: K - contains:9 _* K" _5 l4 x' A; O- W( v+ o* L; q
tags: "cert"6 }8 [$ ?2 i7 u* ?
message: "err"* F7 N0 i/ {( K' a, U% I% t7 e8 [
- contains:9 K: Q& `8 l- J& u
tags: "cert"
1 z, T1 C) l1 L2 J, S message: "ERR"! M; a( ^/ A; Y2 W
- contains:
, H' v2 ]* c+ y tags: "cert", T2 b( L2 W8 x. ^
message: "fail"
6 o! R+ V( G* s+ K% j4 ` - index: "controller_cert-%{[agent.version]}-%{+yyyy.MM.dd}"- m2 s2 y- V% I% W) m, {' t/ H
when.contains:! }# u ~+ \& G2 x- b& ~
tags: "cert"! O! }; v# z, x. b& m
8 v6 E% [5 z% j1 J# x1 a
- index: "controller_consoleauth-error-%{[agent.version]}-%{+yyyy.MM.dd}"
4 n8 V3 N* B* ^' @3 c; P when:
0 K t7 d! b, g5 B9 q or:$ [1 G* h% k, T/ `) S0 a$ _
- contains:* Z7 N% O+ Z4 R7 M. h
tags: "consoleauth"7 d1 z; V3 {. a7 x% j6 T% A6 D
message: "err"5 j2 |) ~4 U& [8 y4 u/ v
- contains:
# G5 C# M7 a: @" C tags: "consoleauth"6 e2 n3 x5 f$ g
message: "ERR"
0 ~7 D7 [- l% `& o) Z: t j8 C1 U - contains:& y) z C8 ^+ Q b% q2 C0 k
tags: "consoleauth"5 W8 n: y8 ?( K7 ~# K
message: "fail". E- h9 V; @. z& ^% s: X/ x0 e4 R
- index: "controller_consoleauth-%{[agent.version]}-%{+yyyy.MM.dd}"
3 _4 k# l% @# N, g7 Q: [ when.contains:9 s& m& |9 W- P8 x
tags: "consoleauth"
5 r5 e# b4 T/ I6 X) Z. B# G7 f! X% H- k. k
- index: "controller_nova-novncproxy-error-%{[agent.version]}-%{+yyyy.MM.dd}"
( [ j- u; H. F. A when:: c* L" V) q# Q. ]/ {
or:! E' g; X- g* t* M
- contains:2 A& z% n. V: L* y# {3 h( O- d' d
tags: "nova-novncproxy"
; q" |2 m3 L# n4 l J message: "err"' X1 g j4 M' P+ o( K/ M$ U" F- }; u
- contains:0 A4 c6 G9 Y4 T6 `3 i4 _
tags: "nova-novncproxy"
q' v. V0 f( ^1 w* u7 T: r message: "ERR"
|& v5 F, z T7 v! z9 y - contains:
' b; X. R7 W4 d* g tags: "nova-novncproxy"$ g) m. \; ?5 y
message: "fail"/ O* r: J, [$ d o b4 f! p6 G
- index: "controller_nova-novncproxy-%{[agent.version]}-%{+yyyy.MM.dd}"
4 x- e% @: ~ V- Q4 [& ]+ i0 F: Q when.contains:: s5 ]8 @2 |% e, N
tags: "nova-novncproxy"
_0 w' b2 d6 a* [6 A$ Y6 r# x) I" W/ }6 G: _! W
- index: "controller_rabbit-error-%{[agent.version]}-%{+yyyy.MM.dd}": Z( H8 _( f$ D {( l$ _- @( j
when:/ P7 h$ d9 c) h
or:
' E4 |6 l( Q2 c' C" ~3 W - contains:4 m0 d& d4 X& `; M) H, e
tags: "rabbit"# ~ j% [$ F6 @4 p
message: "err"
' |& \! J) s" S; w- ] - contains:
/ q- b# }2 ]- h, \ tags: "rabbit"
# \, S6 K3 F6 \ message: "ERR"( I! P. f9 d- j, Q' [+ V7 ~* S
- contains:
; P& s9 Q, w7 s4 t tags: "rabbit"
5 ?9 R' W3 y7 S) Q ]) Q message: "fail"& c) ^$ B' j1 [7 g( I/ F
- index: "controller_rabbit-%{[agent.version]}-%{+yyyy.MM.dd}"
( y9 z w' U* O- C when.contains:
- @& J. e C) K4 S: T tags: "rabbit"
1 E( s0 n* _# b% \0 u9 x' D
% Y% L. I3 k. t% V; u - index: "controller_glance-error-%{[agent.version]}-%{+yyyy.MM.dd}"
5 d; o: n) E# u! ~ when:2 \" p$ ]( _3 `- ^+ q* i6 M% J. ?
or:
7 V& _" V2 c j" Q, k' C - contains:2 Y1 O4 X8 @/ Q1 g* D
tags: "glance"' z8 k8 a7 ~+ E
message: "err"
: D6 |7 K/ E: a, ?" C% l8 c: }& j) ~ - contains:
) f2 m" J0 p7 v/ l# A" b, m+ T tags: "glance"( p; g* Y4 X$ E E
message: "ERR"$ ]* z# [: j+ N! R
- contains:- W0 c4 s3 Z$ n8 J
tags: "glance"/ K) o G1 D( e- F, n
message: "fail"
. i8 @3 L0 m2 ?3 G# K. ] - index: "controller_glance-%{[agent.version]}-%{+yyyy.MM.dd}"; n. S6 ?. X2 u: v2 w- l1 \
when.contains:
$ Y# j Y4 [% V9 T# R6 J, e. B tags: "glance"; l' p6 c6 h- {# ?0 x, Z
! W3 a9 e1 M+ Z9 E0 A - index: "controller_openvswitch-agent-error-%{[agent.version]}-%{+yyyy.MM.dd}"/ c, c; V- y$ ^# Q R6 i
when:. n& y7 K/ ?, f* t0 j5 N- }: x1 g/ x% ~
or:' C+ t. J' Q8 g
- contains:& k8 N; ]" D4 G+ M* w3 C
tags: "openvswitch-agent"4 k: p. R' x- W. S
message: "err"
' F4 `6 X0 ]1 `1 c0 B5 d" H - contains:
. ?- o5 Q* D' \- F, p4 i$ \" ]6 \ tags: "openvswitch-agent"
$ j! z' p. Q9 U3 Y% K( [7 Y message: "ERR"2 @" r, [/ I1 j' o4 B! R
- contains:
2 d3 ]+ \- [+ Y6 Q+ f% P tags: "openvswitch-agent"+ o: ~ Z$ ]% p8 m- w5 A
message: "fail"
0 u3 I6 c3 s& m - index: "controller_openvswitch-agent-%{[agent.version]}-%{+yyyy.MM.dd}"/ m, b$ Z; R N4 x
when.contains:7 P, c) B: b1 H4 i
tags: "openvswitch-agent"9 J( Y. E/ R) q( l4 M2 \
4 R5 C6 t) ]% o# q8 E% O* j& v - index: "controller_kuryr-controller-error-%{[agent.version]}-%{+yyyy.MM.dd}"
" ]- c0 u: n8 \ when:
7 P. ^1 m% \6 s/ p1 V) H3 n or:
! M+ A# l8 G& g& q1 } H# W. C - contains:1 a3 `6 l5 i( H' r4 K
tags: "kuryr-controller". e( {" t9 }, \* P2 a
message: "err"
! T- A: b8 r6 ~, Q* D - contains:
3 ]4 ~5 g% }9 E) c" d tags: "kuryr-controller"' t! E4 f8 o* Z, c! [
message: "ERR"
& S7 n1 S L- e0 ?9 a5 | - contains:! a+ h; G$ ^: y0 B
tags: "kuryr-controller"3 {/ O b) [6 B, g# e3 U; F7 M
message: "fail"
7 m7 x8 b2 d \3 @ - index: "controller_kuryr-controller-%{[agent.version]}-%{+yyyy.MM.dd}"3 V* B, Q( g2 I" m
when.contains:( X# `! l1 r' v) I- t
tags: "kuryr-controller"8 b; _) A9 h9 T6 B! H# }5 E' E
7 m/ y' \ M) m3 D - index: "controller_keystone-error-%{[agent.version]}-%{+yyyy.MM.dd}": V+ `( ~8 x, ]! H
when:% k4 v5 P" k+ S5 h' ]" e$ T3 }
or:
$ }/ Q7 A/ ?5 U# c6 e9 s - contains:
1 l3 M; @' n) }0 B- o0 K tags: "keystone"- ^; @; ]% ^* ~7 f4 N, T! e8 e
message: "err" ?4 V" a- H% e+ p Y& u
- contains:
% @6 M1 O3 w* Q2 l# t: [% U tags: "keystone"2 j0 W: y3 n* q0 y/ e( F/ c$ x
message: "ERR"
8 ]* h/ O& N- f+ d5 N - contains:! F4 j! o# M5 J/ ^+ t
tags: "keystone"2 l" h0 |' M) N3 N$ o. i; x
message: "fail"% B [4 ?/ ^ }, i# P! I
- index: "controller_keystone-%{[agent.version]}-%{+yyyy.MM.dd}"; f' `' A6 N% z. p' _5 Q: A& [8 ~
when.contains:
" v4 s! f0 f7 s6 i! N tags: "keystone"% u5 E$ p1 {1 j- i
3 d4 X) ]. k" r5 Q7 Z2 P6 zsetup.ilm.enabled: false* `2 F5 ]* y6 F- Q3 W
setup.template.name: system1 F! L% ~! [$ x; w# h0 j
setup.template.pattern: system-*
. `1 n' a& O" t8 _! e9 L1 T/ y2 |# H" k/ z i3 I" z# K
You have new mail in /var/spool/mail/root
5 l y1 A$ P8 C( R
% Y6 P: G$ G! h) b$ A n, z
$ e% O$ V: v" r9 ?9 _ C S7 | |
|
发表于 2024-10-31 17:23:37