Using logstash-output-gelf can I print my own message that will describe the issue cause

sivaram · February 12, 2017, 6:50am

logFile

$ sudo vi /var/log/nova/nova-compute.log

2017-01-25 02:05:35.748 20820 CRITICAL nova [req-a5d425ae-b08e-450b-ac83-142733c35c99 - - - - -] AccessRefused: (0, 0): (403) ACCESS_REFUSED - Login was refused using authentication mechanism AMQPLAIN. For details see the broker logfile.
2017-01-25 02:05:35.748 20820 ERROR nova Traceback (most recent call last):
2017-01-25 02:05:35.748 20820 ERROR nova File "/usr/bin/nova-compute", line 10, in

2017-01-25 02:05:35.748 20820 ERROR nova AccessRefused: (0, 0): (403) ACCESS_REFUSED - Login was refused using authentication mechanism AMQPLAIN. For details see the broker logfile.
2017-01-25 02:05:35.748 20820 ERROR nova

$ vi logstash-simple.conf

input {

file {
type => "nova"
path => "/var/log/nova/*.log"
}
}

filter {

if [type] == "nova" {
grok {
match => { "message" =>"%{TIMESTAMP_ISO8601:timestamp} %{NUMBER:ProcessID} %{LOGLEVEL:loglevel} %{DATA:class} [(?:req-%{UUID} - - - - )?-] %{GREEDYDATA:Information}"}
match => { "message" =>"%{TIMESTAMP_ISO8601:timestamp} %{NUMBER:ProcessID} %{LOGLEVEL:loglevel} %{DATA:class} %{GREEDYDATA:Information}"}

}

mutate {

  remove_field => ["message"]

}
}
}

output {

if [type] == "nova" {

elasticsearch {
hosts => ["localhost:9200"]

}
if [loglevel] == "CRITICAL" {

  stdout {
     codec => rubydebug

}

}
if [loglevel] == "ERROR" {

  stdout {
     codec => rubydebug

}

if [Information] == "AccessRefused: (0, 0): (403) ACCESS_REFUSED - Login was refused using authentication mechanism AMQPLAIN. For details see the broker logfile." {

  gelf {

     host => "localhost"
     short_message => "Wrong RabbitMQ credentials"

}

Output

vedams@openstackaio:~/logstash-5.1.2$ bin/logstash -f logstash-simple.conf
Sending Logstash's logs to /home/vedams/logstash-5.1.2/logs which is now configured via log4j2.properties
[2017-01-25T23:12:02,261][INFO ][logstash.outputs.elasticsearch] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>["http://localhost:9200"]}}
[2017-01-25T23:12:02,268][INFO ][logstash.outputs.elasticsearch] Running health check to see if an Elasticsearch connection is working {:url=>#<URI::HTTP:0x62f989f7 URL:http://localhost:9200>, :healthcheck_path=>"/"}
[2017-01-25T23:12:02,601][WARN ][logstash.outputs.elasticsearch] Restored connection to ES instance {:url=>#<URI::HTTP:0x62f989f7 URL:http://localhost:9200>}
[2017-01-25T23:12:02,616][INFO ][logstash.outputs.elasticsearch] Using mapping template from {:path=>nil}
[2017-01-25T23:12:02,762][INFO ][logstash.outputs.elasticsearch] Attempting to install template {:manage_template=>{"template"=>"logstash-", "version"=>50001, "settings"=>{"index.refresh_interval"=>"5s"}, "mappings"=>{"default"=>{"_all"=>{"enabled"=>true, "norms"=>false}, "dynamic_templates"=>[{"message_field"=>{"path_match"=>"message", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false}}}, {"string_fields"=>{"match"=>"", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false, "fields"=>{"keyword"=>{"type"=>"keyword"}}}}}], "properties"=>{"@timestamp"=>{"type"=>"date", "include_in_all"=>false}, "@version"=>{"type"=>"keyword", "include_in_all"=>false}, "geoip"=>{"dynamic"=>true, "properties"=>{"ip"=>{"type"=>"ip"}, "location"=>{"type"=>"geo_point"}, "latitude"=>{"type"=>"half_float"}, "longitude"=>{"type"=>"half_float"}}}}}}}}
[2017-01-25T23:12:02,786][INFO ][logstash.outputs.elasticsearch] New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>["localhost:9200"]}
[2017-01-25T23:12:03,400][INFO ][logstash.pipeline ] Starting pipeline {"id"=>"main", "pipeline.workers"=>3, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>5, "pipeline.max_inflight"=>375}
[2017-01-25T23:12:03,478][INFO ][logstash.pipeline ] Pipeline main started
[2017-01-25T23:12:03,605][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}

{
"path" => "/var/log/nova/nova-compute.log",
"@timestamp" => 2017-01-25T17:42:31.017Z,
"loglevel" => "CRITICAL",
"@version" => "1",
"host" => "openstackaio",
"ProcessID" => "3006",
"type" => "nova",
"Information" => "AccessRefused: (0, 0): (403) ACCESS_REFUSED - Login was refused using authentication mechanism AMQPLAIN. For details see the broker logfile.",
"class" => "nova",
"timestamp" => "2017-01-25 23:12:30.357"
}
[2017-01-25T23:12:31,393][WARN ][logstash.outputs.gelf ] Trouble sending GELF event {:gelf_event=>{"short_message"=>nil, "full_message"=>"%{message}", "host"=>"openstackaio", "_path"=>"/var/log/nova/nova-compute.log", "_loglevel"=>"CRITICAL", "_ProcessID"=>"3006", "_type"=>"nova", "_Information"=>"AccessRefused: (0, 0): (403) ACCESS_REFUSED - Login was refused using authentication mechanism AMQPLAIN. For details see the broker logfile.", "_class"=>"nova", "_timestamp"=>"2017-01-25 23:12:30.357", "level"=>6}, :event=>2017-01-25T17:42:31.017Z openstackaio %{message}, :error=>#<ArgumentError: short_message is missing. Options version, short_message and host must be set.>}
{
"path" => "/var/log/nova/nova-compute.log",
"@timestamp" => 2017-01-25T17:42:31.020Z,
"loglevel" => "ERROR",
"@version" => "1",
"host" => "openstackaio",
"ProcessID" => "3006",
"type" => "nova",
"Information" => " File "/usr/lib/python2.7/dist-packages/nova/cmd/compute.py", line 74, in main",
"class" => "nova",
"timestamp" => "2017-01-25 23:12:30.357"
}

{
"path" => "/var/log/nova/nova-compute.log",
"@timestamp" => 2017-01-25T17:42:31.745Z,
"loglevel" => "ERROR",
"@version" => "1",
"host" => "openstackaio",
"ProcessID" => "3006",
"type" => "nova",
"Information" => "AccessRefused: (0, 0): (403) ACCESS_REFUSED - Login was refused using authentication mechanism AMQPLAIN. For details see the broker logfile.",
"class" => "nova",
"timestamp" => "2017-01-25 23:12:30.357"
}
[2017-01-25T23:12:31,393][WARN ][logstash.outputs.gelf ] Trouble sending GELF event {:gelf_event=>{"short_message"=>nil, "full_message"=>"%{message}", "host"=>"openstackaio", "_path"=>"/var/log/nova/nova-compute.log", "_loglevel"=>"CRITICAL", "_ProcessID"=>"3006", "_type"=>"nova", "_Information"=>"AccessRefused: (0, 0): (403) ACCESS_REFUSED - Login was refused using authentication mechanism AMQPLAIN. For details see the broker logfile.", "_class"=>"nova", "_timestamp"=>"2017-01-25 23:12:30.357", "level"=>6}, :event=>2017-01-25T17:42:31.017Z openstackaio %{message}, :error=>#<ArgumentError: short_message is missing. Options version, short_message and host must be set.>}

sivaram · February 12, 2017, 6:53am

I was getting errors. I just tried with Gelf. Is there any other alternative way to report the cause for the log issue.

system · March 12, 2017, 6:53am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.