logFile
$ sudo vi /var/log/nova/nova-compute.log
2017-01-25 02:05:35.748 20820 CRITICAL nova [req-a5d425ae-b08e-450b-ac83-142733c35c99 - - - - -] AccessRefused: (0, 0): (403) ACCESS_REFUSED - Login was refused using authentication mechanism AMQPLAIN. For details see the broker logfile.
2017-01-25 02:05:35.748 20820 ERROR nova Traceback (most recent call last):
2017-01-25 02:05:35.748 20820 ERROR nova File "/usr/bin/nova-compute", line 10, in
2017-01-25 02:05:35.748 20820 ERROR nova AccessRefused: (0, 0): (403) ACCESS_REFUSED - Login was refused using authentication mechanism AMQPLAIN. For details see the broker logfile.
2017-01-25 02:05:35.748 20820 ERROR nova
$ vi logstash-simple.conf
input {
file {
type => "nova"
path => "/var/log/nova/*.log"
}
}
filter {
if [type] == "nova" {
grok {
match => { "message" =>"%{TIMESTAMP_ISO8601:timestamp} %{NUMBER:ProcessID} %{LOGLEVEL:loglevel} %{DATA:class} [(?:req-%{UUID} - - - - )?-] %{GREEDYDATA:Information}"}
match => { "message" =>"%{TIMESTAMP_ISO8601:timestamp} %{NUMBER:ProcessID} %{LOGLEVEL:loglevel} %{DATA:class} %{GREEDYDATA:Information}"}
}
mutate {
remove_field => ["message"]
}
}
}
output {
if [type] == "nova" {
elasticsearch {
hosts => ["localhost:9200"]
}
if [loglevel] == "CRITICAL" {
stdout {
codec => rubydebug
}
}
if [loglevel] == "ERROR" {
stdout {
codec => rubydebug
}
}
if [Information] == "AccessRefused: (0, 0): (403) ACCESS_REFUSED - Login was refused using authentication mechanism AMQPLAIN. For details see the broker logfile." {
gelf {
host => "localhost"
short_message => "Wrong RabbitMQ credentials"
}
}
}
Output
vedams@openstackaio:~/logstash-5.1.2$ bin/logstash -f logstash-simple.conf
Sending Logstash's logs to /home/vedams/logstash-5.1.2/logs which is now configured via log4j2.properties
[2017-01-25T23:12:02,261][INFO ][logstash.outputs.elasticsearch] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>["http://localhost:9200"]}}
[2017-01-25T23:12:02,268][INFO ][logstash.outputs.elasticsearch] Running health check to see if an Elasticsearch connection is working {:url=>#<URI::HTTP:0x62f989f7 URL:http://localhost:9200>, :healthcheck_path=>"/"}
[2017-01-25T23:12:02,601][WARN ][logstash.outputs.elasticsearch] Restored connection to ES instance {:url=>#<URI::HTTP:0x62f989f7 URL:http://localhost:9200>}
[2017-01-25T23:12:02,616][INFO ][logstash.outputs.elasticsearch] Using mapping template from {:path=>nil}
[2017-01-25T23:12:02,762][INFO ][logstash.outputs.elasticsearch] Attempting to install template {:manage_template=>{"template"=>"logstash-", "version"=>50001, "settings"=>{"index.refresh_interval"=>"5s"}, "mappings"=>{"default"=>{"_all"=>{"enabled"=>true, "norms"=>false}, "dynamic_templates"=>[{"message_field"=>{"path_match"=>"message", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false}}}, {"string_fields"=>{"match"=>"", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false, "fields"=>{"keyword"=>{"type"=>"keyword"}}}}}], "properties"=>{"@timestamp"=>{"type"=>"date", "include_in_all"=>false}, "@version"=>{"type"=>"keyword", "include_in_all"=>false}, "geoip"=>{"dynamic"=>true, "properties"=>{"ip"=>{"type"=>"ip"}, "location"=>{"type"=>"geo_point"}, "latitude"=>{"type"=>"half_float"}, "longitude"=>{"type"=>"half_float"}}}}}}}}
[2017-01-25T23:12:02,786][INFO ][logstash.outputs.elasticsearch] New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>["localhost:9200"]}
[2017-01-25T23:12:03,400][INFO ][logstash.pipeline ] Starting pipeline {"id"=>"main", "pipeline.workers"=>3, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>5, "pipeline.max_inflight"=>375}
[2017-01-25T23:12:03,478][INFO ][logstash.pipeline ] Pipeline main started
[2017-01-25T23:12:03,605][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
{
"path" => "/var/log/nova/nova-compute.log",
"@timestamp" => 2017-01-25T17:42:31.017Z,
"loglevel" => "CRITICAL",
"@version" => "1",
"host" => "openstackaio",
"ProcessID" => "3006",
"type" => "nova",
"Information" => "AccessRefused: (0, 0): (403) ACCESS_REFUSED - Login was refused using authentication mechanism AMQPLAIN. For details see the broker logfile.",
"class" => "nova",
"timestamp" => "2017-01-25 23:12:30.357"
}
[2017-01-25T23:12:31,393][WARN ][logstash.outputs.gelf ] Trouble sending GELF event {:gelf_event=>{"short_message"=>nil, "full_message"=>"%{message}", "host"=>"openstackaio", "_path"=>"/var/log/nova/nova-compute.log", "_loglevel"=>"CRITICAL", "_ProcessID"=>"3006", "_type"=>"nova", "_Information"=>"AccessRefused: (0, 0): (403) ACCESS_REFUSED - Login was refused using authentication mechanism AMQPLAIN. For details see the broker logfile.", "_class"=>"nova", "_timestamp"=>"2017-01-25 23:12:30.357", "level"=>6}, :event=>2017-01-25T17:42:31.017Z openstackaio %{message}, :error=>#<ArgumentError: short_message is missing. Options version, short_message and host must be set.>}
{
"path" => "/var/log/nova/nova-compute.log",
"@timestamp" => 2017-01-25T17:42:31.020Z,
"loglevel" => "ERROR",
"@version" => "1",
"host" => "openstackaio",
"ProcessID" => "3006",
"type" => "nova",
"Information" => " File "/usr/lib/python2.7/dist-packages/nova/cmd/compute.py", line 74, in main",
"class" => "nova",
"timestamp" => "2017-01-25 23:12:30.357"
}
{
"path" => "/var/log/nova/nova-compute.log",
"@timestamp" => 2017-01-25T17:42:31.745Z,
"loglevel" => "ERROR",
"@version" => "1",
"host" => "openstackaio",
"ProcessID" => "3006",
"type" => "nova",
"Information" => "AccessRefused: (0, 0): (403) ACCESS_REFUSED - Login was refused using authentication mechanism AMQPLAIN. For details see the broker logfile.",
"class" => "nova",
"timestamp" => "2017-01-25 23:12:30.357"
}
[2017-01-25T23:12:31,393][WARN ][logstash.outputs.gelf ] Trouble sending GELF event {:gelf_event=>{"short_message"=>nil, "full_message"=>"%{message}", "host"=>"openstackaio", "_path"=>"/var/log/nova/nova-compute.log", "_loglevel"=>"CRITICAL", "_ProcessID"=>"3006", "_type"=>"nova", "_Information"=>"AccessRefused: (0, 0): (403) ACCESS_REFUSED - Login was refused using authentication mechanism AMQPLAIN. For details see the broker logfile.", "_class"=>"nova", "_timestamp"=>"2017-01-25 23:12:30.357", "level"=>6}, :event=>2017-01-25T17:42:31.017Z openstackaio %{message}, :error=>#<ArgumentError: short_message is missing. Options version, short_message and host must be set.>}