|
|
vim /etc/filebeat/filebeat.yml
4 f! g; K7 G2 ]2 U% w0 ]$ z" _2 D) w' t9 i/ S6 E* g5 d
9 H5 Y0 O9 j; {# r1 k/ S! ^4 H
2 `6 u [) z7 ^9 z, m# G# S! Nfilebeat.inputs:
/ q2 a. x5 {7 D; w: _ - type: log- b+ Q# \; i% F7 M! T
enabled: true" H, Z. D. m; x
paths:
6 {3 c+ K1 o B1 d - /var/log/messages
" G; c& L6 i# t5 h1 d U tags: ["messages"]
9 H. h0 i2 f8 U1 D! o( u fields_under_root: true
# M* P/ Y% b. R; t' p3 V
' G5 R, c0 o2 @1 B( M - type: log4 P$ L; ~& Z$ f9 y' u# Q- F
enabled: true& m: z& ?: O9 m
paths:
3 y5 z k+ o0 |, K- ~, ` - /var/log/nova/nova-compute.log
9 G! ^1 E5 W3 G! R tags: ["nova-compute"], Y; u* Z9 x% R
fields_under_root: true
; C2 {+ E! E: x$ L% r3 l% j& t, h4 F6 t, h5 a S3 B
- type: log+ g N$ t Z, b6 c) \1 P2 D2 N
enabled: true* K! C7 t& f% V: f
paths:/ R" D$ A% e+ b; A; C
- /var/log/nova/nova-manage.log- W9 o2 j% d% ^6 w) ^
tags: ["nova-manage"]9 V4 y/ e- S# v3 ?( s" y6 e
fields_under_root: true, ?7 s+ E" Q& S; Q9 P5 @- P
' @/ g2 I/ L1 Z; R, v7 o8 m7 g2 H
- type: log7 A+ O& `9 @& k" o# m) y j8 n
enabled: true' k3 ]% d1 y8 ` R7 C$ ~! D
paths:
! B6 t7 d m6 h" Y; W5 P# ]- k - /var/log/nova/scheduler.log
! }* n0 n3 [7 l9 e tags: ["scheduler"]$ _, ~8 ^4 L, m9 \, s- e2 a& [
fields_under_root: true
% J% o" I# H& `
. d4 O/ t% q4 r - type: log
* C) U) u+ p, _- F+ x" a enabled: true
( f6 L8 s1 D* t# b paths: O |0 Z$ A$ J4 M5 C+ `# |
- /var/log/nova/conductor.log
, P, C, y. _* G* D0 @/ Y6 n, ]- ]. d' t tags: ["conductor"]
+ l. ?; @2 `: d, b fields_under_root: true4 t! F' z9 w e
% Q2 }; Q. f3 h- Z
- type: log
; G1 O# E( V$ Q' G' T: M2 q enabled: true
" E8 L7 n: R& R2 I% Z9 g: M paths:
6 @# R1 T5 ]. w' R1 \ - /var/log/nova/cert.log9 w- h: y5 z, z
tags: ["cert"]
- A+ g2 o8 F) t3 g0 G. Y! R/ E; d fields_under_root: true: M! ` ?& L2 v% J6 ]
) u# t' x1 T+ P - type: log
7 Z/ n* p2 ?$ H3 T! g3 } enabled: true
- |0 u: G& k3 N8 V, X paths:
9 T3 d; z8 t: X6 `* I1 o' ? - /var/log/nova/consoleauth.log
$ @7 p: d+ _% c) e3 G! M) q tags: ["consoleauth"]
6 m% N$ e( B, G% t# m5 |% }* M fields_under_root: true) [( t, X3 `" r) k, @; `
2 o& U6 \: N& B" \4 C
- type: log* N( n3 V( b# F" n K0 _
enabled: true
& P4 B( K$ p( z2 R# h, c; P- u paths:
& W& } L; j# B - /var/log/nova/nova-novncproxy.log' i; u$ f# W- o. K2 \
tags: ["nova-novncproxy"]
; [+ {: R e8 J6 a% k fields_under_root: true3 }& |% Z" @2 R j, O
7 o& F- i2 J) p7 [+ ~ J4 Q9 b - type: log0 p" d' K: J; {$ S7 @$ Y0 I) N
enabled: true
" C$ V' d' }$ F+ b paths:
" ^# M# r# J7 _* ]# Y - /var/log/rabbitmq/rabbit*.log
1 u" X1 e- K9 R0 H$ C) ] tags: ["rabbit"]
& h/ b B/ }* B1 ]# x fields_under_root: true
& O5 V- Q6 a3 }3 q
4 C, B4 V" S W1 h. H7 H* G' Q$ O - type: log
# U$ G+ O* B2 r, i4 H- L5 E5 u3 Q* [ enabled: true- {8 I+ H; H4 g y( v: z
paths:) `! v: J6 f) F6 ]% ~" q5 i
- /var/log/glance/*.log7 r( e- c, U. w! f# L* K" E0 M
tags: ["glance"]. ^: U" W6 ^) _
fields_under_root: true [8 r5 B' [2 [. @6 C" o! Y
) W' i7 d# o$ _: M; a/ ^/ O - type: log
( V0 _# b$ W% r# g& Z" q enabled: true
& u& J: B3 x- `; s8 B& n! u paths:
# O7 E: [' ?+ M8 a3 \ - /var/log/neutron/openvswitch-agent.log7 ?% r5 ^+ N, J; v3 M2 X" U
tags: ["openvswitch-agent"]- F2 T' S$ E; P) r- J9 K {8 K
fields_under_root: true7 W7 |+ U; x$ m) W
0 h* A: x5 @( x4 T1 \' d) u
- type: log" A6 q8 j) q' y4 K" Q
enabled: true% f1 m; A- h: ?, r# [' x( g. ~
paths:
2 y9 f4 a) g0 H' j - /var/log/kuryr/kuryr-controller.log O9 P3 W% \- d7 _
tags: ["kuryr-controller"]
; I, T2 b/ a2 k! U# J fields_under_root: true3 E3 A$ v, Z% U5 S5 l+ H
# ]' o+ d! x _1 |; W" L
- type: log* s7 L. C7 t( D4 ]2 {/ L0 n( ^' j
enabled: true
' b4 }4 z/ p9 B" V3 I, ] paths:
B; J! w+ v* w3 E$ N; N - /var/log/keystone/keystone.log
6 V6 | S( R# e! G( d. r: K+ s' I tags: ["keystone"]
0 C; R3 a7 P5 q8 i% Y0 O6 R fields_under_root: true# g5 C7 @* a$ g- o
2 m5 w* m% B/ M) K9 B, j4 M! M- k
output.elasticsearch:
/ L7 T* F% {$ p7 v, b hosts: ["172.24.110.125:9200", "172.24.110.127:9200"]
( I) ^7 R) T, _' S' p# D
, H; i" |2 J0 J, G* x username: elastic" w" ?% I. O5 s" c
password: Cxxxx# g8 A- y! W+ n' B/ v$ R2 w1 a7 E
indices:- f; I5 {6 K4 I. U' K( k& |
- index: "compute_messages-error-%{[agent.version]}-%{+yyyy.MM.dd}"
7 H+ P* _3 S# k1 Y4 k% F when:
9 R5 i! z, H: p: Q or:9 E( I: r5 Z$ Q0 m
- contains:! B5 ]2 a/ _5 j) |* j
tags: "messages"* O8 d* }8 \; p; X& d% T9 ?; e
message: "err"
' V: u" O% {+ t0 ^6 ]' U: P0 e5 y - contains:3 q: u6 l& h7 `/ Q
tags: "messages"
8 e1 K/ y) M9 D. t message: "ERR"
8 s( Y( z3 u" N, ]1 t: x - contains:5 Q. _4 T( D8 a' [- A
tags: "messages"4 f9 ^" ^( s% m1 \
message: "fail"- k) Q7 }/ I; {) w9 O. J I
- index: "compute_messages-%{[agent.version]}-%{+yyyy.MM.dd}"% O0 f# o% a3 G" R ]& a
when.contains:$ E% T/ N K9 k3 Z
tags: "messages"% a r1 I5 h. L! c5 W2 K' O4 A
- index: "compute_nova-compute-error-%{[agent.version]}-%{+yyyy.MM.dd}"
, B3 ^( x8 u* h) E6 q! _ when:
+ ^! a/ Q) s) s7 q: c4 v or:
* [" ]* M% [5 o$ t6 v8 \) I - contains:
1 b/ V/ O& n! v3 U4 ~" B tags: "nova-compute"
- W" E/ V+ Y9 K+ B/ J message: "err"! ]. H. ]% ]3 N! B# r2 R" \: J' F
- contains:9 U- T! [; D" v
tags: "nova-compute"
0 `- s0 N+ ^0 u' v( u! `8 W message: "ERR"7 W" J; e# l: [) P8 H. z' c
- contains:
. {! h+ [( Z8 `8 p9 x5 O tags: "nova-compute"
- @& N& R5 }$ g Y) ]5 t) Q, J message: "fail"
# @2 Q8 z1 |1 B0 A7 d/ ?! r) s - index: "compute_nova-compute-%{[agent.version]}-%{+yyyy.MM.dd}"
- H! s. L% j4 V5 s when.contains:
J. M. }' c; T9 J( L tags: "nova-compute"* `9 Z1 m: E. J8 J& V$ i
+ Z/ I* H1 J. R4 {1 x2 y - index: "controller_nova-manage-error-%{[agent.version]}-%{+yyyy.MM.dd}"' ^9 T4 ?& c% a7 O2 D
when:9 K+ G; @, V& Q5 q1 _& r
or:7 D3 X X ] D" G9 z' `
- contains:- A3 G7 o% w) {' W- C/ j! P
tags: "nova-manage"
! I% y+ R" Z' x4 i+ s9 b message: "err"7 F) _! `3 D/ v1 x# k1 U
- contains:
6 M& ~/ x; O+ F* Y; O tags: "nova-manage"0 g R, r- @, I
message: "ERR"
& D4 t, f& {3 w/ t" u - contains:
3 R C8 M" i% \" ~- h* h tags: "nova-manage"0 c" a- V, E6 ~
message: "fail"+ `4 i% z- O! Z5 p
- index: "controller_nova-manage-%{[agent.version]}-%{+yyyy.MM.dd}"
" R+ @( F3 b' T4 r$ l& ^ when.contains:2 f' _) M6 _1 l$ ?$ x+ f8 I
tags: "nova-manage"
7 V X/ V$ {4 P* [% w0 ?
9 U3 s8 |; c \. ` - index: "controller_scheduler-error-%{[agent.version]}-%{+yyyy.MM.dd}"
! Z% H* z, l8 e8 S2 ` when:! |( P5 M9 m4 J1 T: x5 d4 a4 H$ ?
or:- _. O- y) V/ u
- contains:* L- n' W$ S2 g4 m6 g! X8 Z# L3 z
tags: "scheduler"
; b' V& w" K: g+ l8 ]: ]" A message: "err"
$ {1 z$ b, {( u' [ - contains:
3 |/ c, N- `- n: V- J# R& P ^ tags: "scheduler"
3 q) k/ g7 g/ M message: "ERR"% A* K9 z- \4 z( [! f4 y( Y
- contains:
' a' W# y- l' ^( H$ ^3 V$ Q tags: "scheduler"9 L8 K5 I- e7 A" g5 c2 [
message: "fail"
. b6 Y. h5 r2 R* B - index: "controller_scheduler-%{[agent.version]}-%{+yyyy.MM.dd}"
% G* W! \( ~% ^8 E9 T5 J; `5 M' d when.contains:- P% Q2 j4 ^/ J$ Z% a# @
tags: "scheduler". G) T4 A( m9 D6 l5 {% V, g( v+ p% z
5 Z! E, V7 L2 |' w - index: "controller_conductor-error-%{[agent.version]}-%{+yyyy.MM.dd}"
2 }) N3 Z! h4 K* f0 S when:) T# R! x- v. l1 v
or:
# S0 J4 A% `0 Q; P, { h+ K' e3 P - contains:, N ]% g0 l G: u# B+ `1 d
tags: "conductor"! o' [/ q/ n& N1 ?7 d4 g- w
message: "err"' \0 D2 R# G j
- contains:
$ J! {- B! {3 s. K/ M tags: "conductor"
' N' k E4 o: e5 k5 ^1 A message: "ERR"
6 [, e+ i7 o. x- V - contains:
9 o' r; T' O7 Y7 } tags: "conductor"
$ c2 T Y! n+ Z; S* o2 N) H message: "fail"9 Z: ~- o8 D' u2 a
- index: "controller_conductor-%{[agent.version]}-%{+yyyy.MM.dd}"3 p# l% C6 N! X3 y1 l
when.contains:7 k$ j' b6 f# m/ @* }
tags: "conductor"
8 u3 A( q/ |" B8 H4 K+ j
% r$ F! k% v8 N+ ?( _+ x/ _ - index: "controller_cert-error-%{[agent.version]}-%{+yyyy.MM.dd}"
" R4 |0 a) k$ }) d, ^ when:& _& p# x% A8 e2 e! \, w
or:
( H: Z. A+ R/ b+ a) N - contains:% F6 v& c, S" r) n; @/ k
tags: "cert"
/ `9 H5 p; ~8 U4 y1 g3 ` message: "err"/ W: ]5 p# h' Q" ]! l1 {
- contains:
4 I# u8 v2 E2 d, n8 m1 e5 s/ P# L tags: "cert"2 s' |* L6 j- o% \4 r
message: "ERR"/ R* o( W" c! Y% ~4 F9 p
- contains:
5 q. R, v$ K( i4 E% U4 g* j tags: "cert"
3 K& v+ m9 H1 I& V5 v$ A message: "fail". T+ s* a5 ?& C+ r4 z6 u( d; T
- index: "controller_cert-%{[agent.version]}-%{+yyyy.MM.dd}"
# t u0 l& f" m0 R when.contains:
9 |/ v. S j; I$ \9 n tags: "cert"
7 u! S3 \ z7 [7 }8 m' G* t) {/ F* f. i+ P' v
- index: "controller_consoleauth-error-%{[agent.version]}-%{+yyyy.MM.dd}"
5 F; D* g+ U6 Z5 p' k+ S when:
+ h8 n- V0 Q: L% ^# M; f or:! t4 j: ?3 O2 O M; @, X
- contains:. j; b! S T* q( o5 m6 P$ P/ V
tags: "consoleauth"0 ?! ]. y3 @+ A( S0 t# p6 r
message: "err"% @: p/ H; n7 a, o% X) j
- contains:! v/ y: B& O; ~
tags: "consoleauth"& f0 Z5 E9 X& |# s. m2 R' S
message: "ERR"
7 E) X* |7 d0 f+ h4 t& P - contains:
! f. X/ Q" r5 l/ C' \8 Y; a tags: "consoleauth". c- `) p) T+ c% E U
message: "fail"9 E, i* T' s; s3 b2 S J
- index: "controller_consoleauth-%{[agent.version]}-%{+yyyy.MM.dd}"9 Q. \6 q$ q8 V0 Y% A
when.contains:
/ I- o$ \0 I' t6 \3 E8 ]9 x tags: "consoleauth"
, m0 I9 \- p# L; b
. j S7 N- q" X2 F [9 \+ H$ s- T - index: "controller_nova-novncproxy-error-%{[agent.version]}-%{+yyyy.MM.dd}"
! @4 n" ]& Y, v7 m: U; Y; w when:
( p: _, B* B$ N or:) a# j1 Z* D& M$ S7 c2 U0 p; K1 w
- contains:
: U |% L1 i5 K d$ ?9 o tags: "nova-novncproxy"
) S: X& k% U( U0 T message: "err"
# M7 ^! p: \4 v. } - contains:
# b+ ~; C. `- W tags: "nova-novncproxy"$ ?4 }9 D) j) R; Z4 X% w
message: "ERR"
$ B0 m% X2 G0 H; q+ C - contains:9 |4 ?, d1 L# c" o2 o, v. D% K+ o K
tags: "nova-novncproxy"+ @( z4 l5 |' y
message: "fail"
9 \# t8 o% {4 z5 T: ]5 |4 I/ Z - index: "controller_nova-novncproxy-%{[agent.version]}-%{+yyyy.MM.dd}"1 e1 d5 K3 ^2 \
when.contains:( m# W. k( m" v( f1 z3 j/ v* N1 F
tags: "nova-novncproxy"
* J; F7 @" @# X" F g+ }+ M4 b( ~+ }3 |8 h
- index: "controller_rabbit-error-%{[agent.version]}-%{+yyyy.MM.dd}"
2 z' r2 z3 K! y( q when:7 m ]2 ^1 ^* O4 B* v+ l
or:
( f j: ]0 V4 |9 i4 _5 _9 L - contains:+ z( ] L6 E2 A6 {) Y4 O U* u! I
tags: "rabbit"
. V; Y# B; h) \ message: "err"
+ ^8 i* l# e% j - contains:# D# Y4 D0 r; f% f+ i) h! t
tags: "rabbit"
# x+ I( l6 S3 H, w# E- W message: "ERR"
5 }$ U/ i8 ?5 j o. d% \" S. R - contains:* s3 g8 w. v( _7 r$ D0 Q2 m- t
tags: "rabbit"
: o% S0 X: q( V& Z# m" C$ d message: "fail") z- O- K8 d: ?1 b/ m
- index: "controller_rabbit-%{[agent.version]}-%{+yyyy.MM.dd}"( a! H$ d5 w6 _2 e
when.contains:
+ [! X; H9 a, `, T9 ]; V tags: "rabbit"
6 L/ s) ^# J" g# Z' c) g' A: ]- `) ?' H7 x9 v4 i
- index: "controller_glance-error-%{[agent.version]}-%{+yyyy.MM.dd}"
( |4 Z+ [& [7 A" Y/ b* n6 [6 ` F when:
7 K: \9 _, o: i6 L; n: t1 ` or:" y/ @9 X# F: t
- contains:
3 @1 h2 b) o" N+ F0 S tags: "glance"# q) |7 ~, d, r7 B9 d9 g6 O
message: "err"
3 {0 M$ Q( Z ]! I% H) C - contains:
- Y* h3 p6 B& d' v tags: "glance"
. i* I9 N% p$ D% X: f) F message: "ERR"; f% t& \* X$ N* O3 o
- contains:
9 d. s0 c& c2 t B3 ?. P tags: "glance"
! A* e7 ?' U- V7 w' ` message: "fail"
& M5 {* O: X" j7 a" S b+ i - index: "controller_glance-%{[agent.version]}-%{+yyyy.MM.dd}"
# `# N3 H9 h( g: k1 X( W when.contains:. n- c$ D8 [6 e o2 p, _4 V% K
tags: "glance"
/ Q$ {- J9 i# ?& K: t* k: _
- ~* U% a* i2 G - index: "controller_openvswitch-agent-error-%{[agent.version]}-%{+yyyy.MM.dd}"0 B) r \& S @6 W% i; s- f) P3 p
when:
7 d! n: ~5 \/ q+ H or: X: Q$ t" E: L( _9 D
- contains:
0 J/ H( Z; V& S: f: _3 k tags: "openvswitch-agent"5 p/ y6 `0 [& i E9 V& c: h
message: "err"2 G/ H6 V. ?7 T6 z
- contains:
8 [: _ K/ O! x) V" U% Z( ~ tags: "openvswitch-agent"
! m- u$ z s$ Z( o5 }$ l- x message: "ERR"
. a* C# P7 A: W7 _0 o* }# G - contains:. ]! {, X. q1 h# L, r
tags: "openvswitch-agent"
5 M: h& `9 l' |; O* M ?8 [ message: "fail"/ p' B$ |' i0 d/ l8 P1 w6 |
- index: "controller_openvswitch-agent-%{[agent.version]}-%{+yyyy.MM.dd}"* P, N1 Z6 d4 _, M; \1 c- U
when.contains:
7 s! K% u" W8 ? tags: "openvswitch-agent"7 i& R) L2 u+ ^
! ~! F4 s: h e! t$ i
- index: "controller_kuryr-controller-error-%{[agent.version]}-%{+yyyy.MM.dd}" f5 r1 W1 M! n% g# C( \
when:
+ f! h: a0 R5 m+ @3 a or:
* \" J! C% G, g% I2 E - contains:( H2 _" d" Y" Q; k ^: Z
tags: "kuryr-controller"0 ?) O W6 p/ p& O5 t
message: "err"" \& c( w6 e4 Q) p$ l
- contains:
- c% f) D% }6 k& f7 q1 l* b tags: "kuryr-controller"
( a) V4 j. U U: g6 m7 I message: "ERR"8 d0 d7 A0 x6 s% }, X$ i* N$ A
- contains:
2 {$ j7 B0 v& F& v tags: "kuryr-controller"
) |) P( r2 v1 K4 a2 C2 }+ V message: "fail"3 R7 S+ F; e( H, B" h; I( I
- index: "controller_kuryr-controller-%{[agent.version]}-%{+yyyy.MM.dd}"6 y& o+ ~" W, \, z0 I# A5 P
when.contains:
' q" h- p, w! O8 w, Z, v tags: "kuryr-controller"
9 Q+ L3 S9 F1 y3 r2 d1 w9 \9 `8 v" ?& c; _7 _
- index: "controller_keystone-error-%{[agent.version]}-%{+yyyy.MM.dd}"
( x5 n: o' u% c when: E. o$ U6 d$ l+ r* j
or:
/ A% N# b+ q" H! t. b2 d: {3 U1 w - contains:* x& [7 I- c* i0 B p7 F+ T2 [. S4 N
tags: "keystone"
: u* v( }& o$ P message: "err"
* C* B/ {3 u# F4 z - contains:$ B5 f! e* t2 a8 Z2 r0 v! P9 S G
tags: "keystone") v/ `# c! B" [$ J
message: "ERR"
4 c2 d" H9 d, w* m$ g1 ~. B; R1 v4 X' W - contains:
) A2 K/ X: T& x7 H: K; ^. T tags: "keystone"" V# P. x& n& y9 ^+ n" y
message: "fail"
* h: E' \. O" M+ E) ^ - index: "controller_keystone-%{[agent.version]}-%{+yyyy.MM.dd}"( f1 N( l5 m9 ~5 B: b
when.contains:
3 T$ t, Y$ b0 C }" H+ ]$ x8 V6 ^ tags: "keystone"# J6 w8 M' a3 h/ Q
$ @! n. V- {: n( X, Ksetup.ilm.enabled: false; M9 E* E9 U2 r9 q5 Z7 ?' ~# J+ b f" O
setup.template.name: system
+ z, i- A2 `, ^- K7 W9 A P" p+ bsetup.template.pattern: system-*
; z4 r6 q+ V8 j7 c3 j8 X, d& g" o
You have new mail in /var/spool/mail/root4 p( U3 z" P2 D* k7 W2 v. f$ Y1 u
% q1 {4 g9 C+ K. d/ X% ^' C" B8 t9 q: h& x' |
|
|
发表于 2024-10-31 17:23:37