|
|
vim /etc/filebeat/filebeat.yml
/ o# { Q. c2 W. {) H
" @- W. n2 _; B! ?& B: N$ w+ z/ e x
* g& p, l8 b$ w9 o$ s, l2 ~0 [3 j1 ~5 C9 M" D
filebeat.inputs:2 o2 f4 m6 w) S' |+ @, O$ K
- type: log; G- a- [+ `9 q( ~( i. d
enabled: true, D) n/ U7 c X7 N
paths:
- g5 k" X2 c8 f' `% y - /var/log/messages
/ y2 v5 [/ D! A tags: ["messages"]
& M( b' o& S/ o4 r# \1 i fields_under_root: true' K( q2 u2 i% K! \
, K0 T$ k: d- S7 C3 U% o9 J% G - type: log
- o" N0 C* N; ` enabled: true
% Z$ _. f4 [( {. }/ q; C9 X paths:5 N# I9 V1 ]4 s* \* v+ `
- /var/log/nova/nova-compute.log
8 z& h) ]) q5 D2 e tags: ["nova-compute"]
; w) s7 t6 m) N; q5 Y$ B+ w2 U; t% s fields_under_root: true% i5 D0 Q4 u# o/ p* V) }
2 g* _1 c0 y& U+ Z
- type: log
, F1 ]7 K, U* r- _ [0 b enabled: true* b' w3 k8 X3 L
paths:
- q# S) Q9 e. a, n) |: p# g - /var/log/nova/nova-manage.log( r7 q! K9 T. _! [+ \ U
tags: ["nova-manage"]7 t( A$ y% r+ n
fields_under_root: true
& F. x$ [0 y( Y& H5 e( j
9 Q$ `5 b9 R2 F9 C - type: log
% E. l; v7 ^2 L4 {7 G. K enabled: true
8 A7 ~# U7 ^, C4 k: q7 \$ [# { paths:
5 M% u( S% \' I/ P9 o - /var/log/nova/scheduler.log
" r1 r: d$ R- T tags: ["scheduler"], B* n+ ~ H/ u* c
fields_under_root: true
' }' ]5 ~+ T9 u9 ?% ^
4 C( t- t e, F; {: T - type: log+ H) n; O5 ^1 Y- Z% Q; \ Z; |% j7 M4 r
enabled: true% m/ g2 W, @2 S* l! @/ @% ?2 j" O2 p
paths:$ W- v5 D+ H* [- v3 }
- /var/log/nova/conductor.log0 W* a4 N* V' c L/ Z2 A
tags: ["conductor"]
: F9 T7 t# {* e! ~ fields_under_root: true
0 _4 C" S, R" |, |2 L% z; E9 z+ _4 P" o
6 {* @* w+ m- {5 B# G - type: log: g& q! U! ~) n9 ^- k! i
enabled: true/ f. ~/ p3 |) }) p7 l
paths:
1 Q+ ~ x% G9 g# i9 P - /var/log/nova/cert.log
5 c4 j, L3 k3 K- {; ?7 n tags: ["cert"]1 K; L c' _* S. V
fields_under_root: true. n2 K+ u5 v' D" ?7 Z6 _+ f, e
/ j2 S0 v; _5 t Y
- type: log
1 P/ s# J8 g S; p8 d1 A; I enabled: true7 H9 o5 E+ O0 `0 A
paths:* S3 m L- E5 r
- /var/log/nova/consoleauth.log 1 a/ o5 S, u/ e
tags: ["consoleauth"]
p, t# B. g* F- O; n" C; a7 |' Z; |$ z fields_under_root: true6 u+ P! p0 x/ {9 z! R6 T
0 M: g5 x4 e1 }6 ~8 R0 v$ l3 t2 m
- type: log7 q# n- g3 M$ h7 @
enabled: true
- }6 |# w. E# X paths:
2 q+ e! Q$ c- O& g" c- x - /var/log/nova/nova-novncproxy.log1 \7 U9 E$ D1 ?+ } `
tags: ["nova-novncproxy"]) }! O5 i) R, y
fields_under_root: true& ^# k- k* {3 f+ x; w
# b9 p E8 V; U5 b6 q; e - type: log
* L; p* y/ ]4 s: J$ Y7 j enabled: true
9 v6 X2 Y$ Q- T; E+ \ paths:# }& B/ H) ^1 r, z/ t, b/ X
- /var/log/rabbitmq/rabbit*.log
5 a7 p) D$ a8 l( ^+ d tags: ["rabbit"]2 a' p" u- o/ `" D- }
fields_under_root: true) i6 v& X, S5 C% N. Q6 c# h
6 {( G1 f( x: y7 m0 t1 O
- type: log
! T/ ^6 ^ }) |* c3 ^! N5 d enabled: true
7 n" c; U1 S/ D" X5 d1 G paths:
7 p2 S: z$ i# F4 n; p. h6 X - /var/log/glance/*.log5 h9 }( i0 u0 |& r
tags: ["glance"]
! P% N9 r; s7 m, c fields_under_root: true
& b7 z; s" X) d# o, O/ i- }3 j8 Q- n: y) S+ \3 B- t0 q
- type: log. d) A7 |/ Z% x2 c. `6 X
enabled: true
- j3 }8 y! V4 R7 | paths:
' \. d1 i+ [7 R* ~4 M) N - /var/log/neutron/openvswitch-agent.log, Q) i# B2 f& b1 B) ~0 k
tags: ["openvswitch-agent"]
4 v& z) e. c0 Z) T: V7 O- U/ B3 G4 u( A fields_under_root: true* l7 d, h7 s+ A7 u' K
% ]5 }3 n6 \# B: c' P/ V( p - type: log; @( q- K9 ~" ^
enabled: true/ I$ H I. T/ W5 t8 q, Q
paths:
6 e; W( D& s# D7 l, v& p( I. T9 e - /var/log/kuryr/kuryr-controller.log. g. d5 [ x! c5 G0 d, j
tags: ["kuryr-controller"]
0 e4 V# N7 K) S7 C fields_under_root: true
: K# ?0 r+ R. {+ s4 ?/ |4 R% J! y* X, U3 x9 [
- type: log
; Z) c3 Z8 d/ j enabled: true
4 n: Y9 g& v8 v6 T) a9 O0 p paths:
2 f" b. L: K6 ]1 B. S - /var/log/keystone/keystone.log2 ?: F g5 H L1 L- ^+ \1 G
tags: ["keystone"]+ Q. e( a" `% z: E
fields_under_root: true7 C% D) ^; L6 w4 i( }
1 C7 c" U& G, H- _ r; A! U+ K
output.elasticsearch:! G0 Y) K! O+ k3 O
hosts: ["172.24.110.125:9200", "172.24.110.127:9200"]
4 Z1 F0 \- E' Q" l- @5 `% y
! g$ T$ d+ B1 T1 J X& D) _9 k username: elastic
0 a; L, X* i" x password: Cxxxx) }; W" L3 F, Q I' ?+ }% N/ _- w9 e
indices:
& C/ f' j+ J" H) ~% ^& ] - index: "compute_messages-error-%{[agent.version]}-%{+yyyy.MM.dd}"
: ~/ g9 |1 s2 Z8 g8 \* m' o6 E2 f when:% p+ ^& ]$ h, [- p( `& S3 h
or:: r& K( g8 W! C; \
- contains:& I0 F( T# v& A T( b9 V
tags: "messages"3 w1 K& N! |: h7 v
message: "err"
/ E0 ~$ t0 U' N1 t' J - contains:
/ c: C$ U* n( {4 d: r& w; G tags: "messages"0 {! F& |; n5 B5 p. A9 s; \
message: "ERR"' `: o j9 p8 s7 ^& O$ R
- contains:
5 h6 i7 H: R5 q tags: "messages"/ @+ {, |* R) q+ k
message: "fail"2 H: y1 |+ s# R0 H* m, j8 K( _
- index: "compute_messages-%{[agent.version]}-%{+yyyy.MM.dd}"
+ h* `! s8 L d7 U when.contains:
( f: L/ m( A% P tags: "messages"% _6 U. R2 B/ i; S$ `$ U
- index: "compute_nova-compute-error-%{[agent.version]}-%{+yyyy.MM.dd}"
! X! u7 y) f6 p+ F) y when:
4 b* q7 D: r% m; f! Y, M- O/ @ j or:- Y. E" F" x9 U6 m- U
- contains:
# a$ e9 H' Z% P$ O+ S( K' q tags: "nova-compute"
2 q: @( d! G+ A \ message: "err"8 K3 H6 Y7 U5 x5 e
- contains:) a$ W8 ~) `8 C4 u( ~
tags: "nova-compute"
( ]5 r7 O: y* _- Q message: "ERR"$ H# S" b/ b4 h0 [' S
- contains:
. @3 Z/ o- S; B) H& F. d9 ^9 ]8 K tags: "nova-compute"
/ }; l8 _0 j/ d3 P; g {* W message: "fail"3 I& q" ~7 L8 j; o$ a) N* A
- index: "compute_nova-compute-%{[agent.version]}-%{+yyyy.MM.dd}"4 H O: v4 ^7 T
when.contains:
2 D; G. R0 N: K/ R tags: "nova-compute"4 \9 P# i: p( o9 ?- j
& l% ?" Y: [. r% m, q4 _4 I
- index: "controller_nova-manage-error-%{[agent.version]}-%{+yyyy.MM.dd}"3 W+ A. `5 F* }8 d) Z
when:
6 }* _* R: E( m' _8 e( S1 ` or:
. O4 ]5 a! ?* r$ u" ] - contains:7 \- w- s4 l& `& p" q# T& U6 G5 z
tags: "nova-manage"( }4 E' y2 [. P( W
message: "err"
5 `, t7 V* b* f( t - contains:( x+ V' s: @6 d5 a7 O
tags: "nova-manage": [5 d+ U1 q9 q/ D; O* |* y
message: "ERR"7 s' @& c) W. C; \3 X& O
- contains:
) j4 `% C# o* n) t J4 b tags: "nova-manage"# b2 b1 B {3 f- U! {' r
message: "fail"6 ]$ B. Q8 A8 M/ c
- index: "controller_nova-manage-%{[agent.version]}-%{+yyyy.MM.dd}"& ^' v( v% x8 J, O& g
when.contains:* J4 [/ ?: Y) D
tags: "nova-manage", [. ?: \5 w) i! P1 V" f" f% B7 _. H
: {' @5 r) @$ M5 t, Z1 S6 [9 t
- index: "controller_scheduler-error-%{[agent.version]}-%{+yyyy.MM.dd}"
* g9 v1 @5 O6 W# c9 N* U8 z* E when:
' Z6 b9 ~# O, c% P; R/ P9 h6 [4 v or:
: m' ^$ F4 X/ H: F; K - contains:: ~# D! U" o5 C* \7 f! O* d( r3 _
tags: "scheduler"* u, Z$ p, O$ H' t4 h2 t
message: "err"
3 t* Z! ~$ l/ X. \3 b( R0 d - contains:
5 A# S& Y# P* U4 ]$ h" N tags: "scheduler"
. R% g, s8 Y) B$ A { message: "ERR"0 b7 v; B9 M- g, _5 Y, k# U
- contains:
+ J! q Q' l( d2 Z" Q3 S$ [ tags: "scheduler"
- t( `9 X' {- x, Q, ~6 T2 U message: "fail"
) @' a) U) Z9 g3 K# q - index: "controller_scheduler-%{[agent.version]}-%{+yyyy.MM.dd}"
0 ~0 Z5 G2 J2 p- G when.contains:
. L9 W' b T* W: s" A G5 U% p tags: "scheduler"7 C0 g+ j G! I1 _' a$ V6 k
6 W' J& E+ m9 U; L' v - index: "controller_conductor-error-%{[agent.version]}-%{+yyyy.MM.dd}"
J. }" X8 T( s" j when: c( C. L& Z9 M; O# }3 ~& N, a
or:- \0 U3 X0 U. f
- contains:
/ b% c$ N: e( M/ J tags: "conductor"
/ ^9 U8 I! p: ]: V message: "err") q- R1 B/ \# t
- contains:
6 U# U W" k. I3 y/ ?- |+ w tags: "conductor"; {; Q @* L$ {' ?2 h( V. F
message: "ERR"
3 u |+ O+ I; b$ ?+ b- Z - contains:3 `/ B8 K l! i7 S0 [* H; @
tags: "conductor"9 ]: T9 L8 Z h3 j7 J \9 @; B
message: "fail"
5 y4 ^8 k; {/ d& r' K - index: "controller_conductor-%{[agent.version]}-%{+yyyy.MM.dd}"
7 {, c8 z m. s3 s- I5 f when.contains:) V$ b8 o* ?5 |0 Y) C7 v
tags: "conductor"3 I) v: L K6 c% C
% I% t5 I/ g9 S* s! J N+ \ T) Q$ r$ q - index: "controller_cert-error-%{[agent.version]}-%{+yyyy.MM.dd}"
, Z; {# P, N2 Q4 [; S$ m" k% o when:8 L/ C% S6 h2 g( @$ K3 V) q
or:
1 M) P: H9 G' p - contains:$ Q7 ~6 ]3 q8 d Y2 R: ]" n
tags: "cert", T0 C' ^2 {5 D/ P, }; u5 j
message: "err"1 Z: ?1 E: r) N
- contains:
+ m* C" S5 k! V# o3 ^ tags: "cert"
! N' }; p9 d5 D9 P message: "ERR"
- G4 A2 b0 l' ?5 G8 ]/ P - contains:
8 H( i2 D; y4 d; l' x) N; r, I r tags: "cert"3 D1 b$ v: x4 e6 c0 a* A
message: "fail"7 V5 S5 ] }9 G% [
- index: "controller_cert-%{[agent.version]}-%{+yyyy.MM.dd}"0 l2 A/ z) L8 _( L. k
when.contains:
+ N5 A1 `1 V! q) w& ?, Y tags: "cert"
1 m% L7 V2 {, n& b5 f5 @; V; q5 H
- index: "controller_consoleauth-error-%{[agent.version]}-%{+yyyy.MM.dd}"
- C/ n0 ]/ w' j d) h0 j when:
% v7 q$ u( Y1 p" N# M" K or:
; h$ J; i, T; e& S! ~ - contains:0 G: H: ?( x( Z3 `3 m' E" X
tags: "consoleauth"
' v0 v6 I9 G4 _/ O( e4 y- y message: "err"* V6 ^3 ]! J" o7 g% s s) W8 {
- contains:# b# L' P0 Z, v! c
tags: "consoleauth"- [' [2 R) t" f0 J) P% B+ E
message: "ERR"
2 R+ S! W6 F) ]2 |8 j - contains:
' k; t7 j. n6 F( b4 A tags: "consoleauth"
: ?! A+ Y5 C& H( [8 r" V3 H message: "fail"
, Z, S) F/ N! w8 I, _* l% @0 f# \ - index: "controller_consoleauth-%{[agent.version]}-%{+yyyy.MM.dd}"
: D9 j) F6 P# W1 x; Q! A when.contains:
Y; p" g; E5 }/ r5 r! |$ N; \0 Q tags: "consoleauth"4 g" `0 e+ o8 g0 b
- A" G u/ x3 t* X- t# A- A
- index: "controller_nova-novncproxy-error-%{[agent.version]}-%{+yyyy.MM.dd}", ~7 y: n" H- P/ y' W- `/ T# i
when:
* q8 ?4 K6 G2 r4 @: j9 V% a! t or:
3 R1 B7 o; r" f% Y/ p - contains:0 v+ _- h4 W* }) ~% [% `: p
tags: "nova-novncproxy"& P" E& G' c- l, F+ w% V
message: "err"1 V k6 i+ ]; ]' _0 k. d0 G4 q
- contains:" H; m" o$ ^3 W! K/ ]* F9 k4 M
tags: "nova-novncproxy"" {- B h1 E7 `2 d1 K; x
message: "ERR"! {- w: s+ I* y W- F- ^" j
- contains:) A4 W3 }# R4 ]
tags: "nova-novncproxy"8 c5 b7 z( r8 w8 {) t/ B: Q
message: "fail"
; E& ]. P0 R) p1 h* B - index: "controller_nova-novncproxy-%{[agent.version]}-%{+yyyy.MM.dd}"
% Z, ?$ `) o n6 c, r5 j3 J) q when.contains:. B2 ~1 c5 I7 R% M
tags: "nova-novncproxy"
4 O) u; S8 r2 u4 [( n+ k6 f) w4 X$ n/ ^
- index: "controller_rabbit-error-%{[agent.version]}-%{+yyyy.MM.dd}"# U1 r1 d/ _: _
when: {7 r" N" {, ~: [
or:* v6 c. `' y) L% u8 Y
- contains:
6 l4 d' s% }6 x. s& L tags: "rabbit"& J l& |7 e7 u% e a
message: "err"
' J' L" g7 w' `7 k$ C - contains:( @2 U h% V" d& A
tags: "rabbit"% |2 L3 s& H1 v/ Q6 |
message: "ERR"
9 I9 ?; \' e1 u' c! Q: X& d) P - contains:
# p: N Y9 a( g8 V* G tags: "rabbit"
4 s* V( n* q' o' R; [) v3 S# {% x message: "fail"
3 b# x M3 g9 F5 F0 ?) d6 Z% ~ - index: "controller_rabbit-%{[agent.version]}-%{+yyyy.MM.dd}"' O0 w9 O, m, J
when.contains:" \0 b, w' C) g4 B& f/ e1 `
tags: "rabbit"* q) k" H5 r9 G6 \4 Q/ a
0 N8 z8 o- u" V7 J; d# V* K - index: "controller_glance-error-%{[agent.version]}-%{+yyyy.MM.dd}"( t/ }7 |+ p# u, d$ {/ w# u
when:4 X w3 ]" Z v* p5 p
or:
1 Y; P; B" j. n) K. n5 z - contains:
) k4 ^: b& z' d8 [5 X tags: "glance"7 `' A: p n* S9 _4 c
message: "err"
& l2 s% e2 a; l: `# ^ - contains:5 K, d- T5 Y: z2 C
tags: "glance") w. \ M5 P1 L) K) J. d& |
message: "ERR"
' u: [7 I3 X0 j - contains:
1 x! n. I4 I3 W( N k$ K tags: "glance"# c: n( n* Y, I& a
message: "fail"/ t5 O# Y, E3 a3 G6 e4 t2 X
- index: "controller_glance-%{[agent.version]}-%{+yyyy.MM.dd}"
# w$ H; k* u! p1 f# U when.contains:/ ~$ }1 w3 l: ]+ X9 T$ ] b
tags: "glance"
- C3 ]3 a- x, [, P k
8 o0 q+ ~) P4 c0 ^ - index: "controller_openvswitch-agent-error-%{[agent.version]}-%{+yyyy.MM.dd}"- n% l9 P" c5 w9 A! b& {
when:
8 s& p7 C3 }* r9 m! o8 ^' Y or:. y3 S6 _# V4 \9 q. z- U3 O
- contains:
T7 o- R: \9 b. v tags: "openvswitch-agent"# p" p& {# Z& {* Q& h. |7 O8 O/ x4 I
message: "err"
; U( `! d( }9 \- `8 ~ - contains:
2 z2 {* q+ ]. X$ j. I3 s tags: "openvswitch-agent"
1 x2 {: \9 m) ^ D0 l3 L message: "ERR"1 w$ u" T; D1 r1 l' r8 H
- contains:
3 V' K4 I) ]. f2 y, F _4 Z; p7 V8 A tags: "openvswitch-agent"
- ^- n' ?* z4 w; F2 C, @ L# S message: "fail"% q, d8 }, X, \: M2 A3 {
- index: "controller_openvswitch-agent-%{[agent.version]}-%{+yyyy.MM.dd}") f) @! @% v7 e, n/ J$ ^2 h
when.contains:
$ w! B2 m9 Z, R: i1 [5 k0 v% @/ ~( n1 f tags: "openvswitch-agent"
& g1 E- ]# J" a
* S7 n; i9 m3 o7 z, X l4 g* |3 I - index: "controller_kuryr-controller-error-%{[agent.version]}-%{+yyyy.MM.dd}"
6 f3 ~+ G& a; [( f* ^ when:
, N& H; F- ?0 B K or:" k v' v# D; A- C
- contains:
7 E, t( g1 p3 ?' m- [5 E4 X& k( N tags: "kuryr-controller"2 Z$ T$ |9 ?; Z8 f1 ` K# E
message: "err"; F5 |% J7 B+ _: F2 _2 v* \
- contains:! J4 _% W e5 e, J5 U
tags: "kuryr-controller"8 f8 C6 k- u2 r3 g
message: "ERR": _0 t: Z! }; f
- contains:
; M9 \/ Q( l8 M) s' }+ S tags: "kuryr-controller"
6 ?' r8 {' @2 f, P0 \# l message: "fail"
# g+ F# L+ h1 h# e) n/ b' I - index: "controller_kuryr-controller-%{[agent.version]}-%{+yyyy.MM.dd}"
6 b% a6 z- x4 S& l2 S when.contains:9 Y' D6 _& ^# {6 N) J
tags: "kuryr-controller"
4 H* z, z" e5 S; I C1 _; x! g2 ^) h7 o. @7 O1 f1 J8 ~7 f' c
- index: "controller_keystone-error-%{[agent.version]}-%{+yyyy.MM.dd}"
- N0 S+ z3 J. [' U& K" f- L2 C when:
6 I8 q- d* W3 r5 M* }! E or:
$ c4 L0 o5 b ~: z - contains:
5 ^) v4 ]! G0 N! g tags: "keystone"
6 ~ W' ]! A `7 U8 [ message: "err"
4 R) S: N$ s. D - contains:2 G; _+ E; l! \ u
tags: "keystone"
- x; J4 o! Q: `( J X4 n7 S) S message: "ERR"0 h# t& y5 b, r' b' t, M
- contains:
5 ^; T9 H, e6 {9 Y4 T# U0 e tags: "keystone"
o7 v# E; K6 s$ `4 M/ y7 f8 F message: "fail", k8 i& ]2 Y2 X4 u7 Q" Q# L i: }
- index: "controller_keystone-%{[agent.version]}-%{+yyyy.MM.dd}"
3 w* A2 U/ M. s when.contains:
0 d1 {% @/ k8 C0 P1 O4 x tags: "keystone"
; A+ J+ ~& V$ f7 h
: w$ v( f: i' i! Fsetup.ilm.enabled: false6 x0 C! |6 T6 \! {
setup.template.name: system1 Q4 u7 T2 |: {) Q9 I7 B1 U2 h
setup.template.pattern: system-*+ l5 ?/ Z5 i9 z* m6 }0 V2 y
+ q! p$ r/ k' N, ^* B! C( a0 ?( ~You have new mail in /var/spool/mail/root+ H& e9 Q5 R4 i" s
0 H7 b% d0 P( D4 Y
7 v# Q! S( k5 f: {- k, C
|
|
发表于 2024-10-31 17:23:37