filter {
if [logsource] =~ /^foo(fe|mw)/ {
grok {
match => [ "message", "%{SYSLOGBASE} %{WORD:logcategory} - %{GREEDYDATA:message}" ]
overwrite => [ "message" ]
}
}
}
Andreas Paul xorpaul
xorpaul
/ logstashConfigLogsourceConditions.md
Created
October 10, 2013 14:09
xorpaul
/ fact_cache_template.rb
Created
October 4, 2013 14:47
Basic custom puppet fact caching based on http://puppetlabs.com/blog/facter-part-3-caching-and-ttl
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /usr/bin/env ruby | |
| require 'facter' | |
| require 'yaml' | |
| $debug = true | |
| # facts cache directory/file on puppet agent: | |
| facts_cache_file = '/tmp/foobar.yaml' | |
| # facts cache time to live in seconds | |
| facts_cache_ttl = 10 |
xorpaul
/ puppet_template_based_on_variable.md
Last active
December 24, 2015 01:59
if $::include_info {
$content = template('motd/info.erb') # is this valid? Do I need "?
} else {
$content = ''
}
file { '/etc/motd.':
owner => 'root',
group => 'root',
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| RuntimeError | |
| Unknown string: "16436"! | |
| lib/core_extensions.rb:91:in `rescue in to_gb' | |
| lib/core_extensions.rb:80:in `to_gb' | |
| app/models/fact_value.rb:78:in `block in to_gb' | |
| app/models/fact_value.rb:77:in `map' | |
| app/models/fact_value.rb:77:in `to_gb' | |
| app/models/fact_value.rb:43:in `mem_average' | |
| app/controllers/statistics_controller.rb:10:in `index' | |
| lib/foreman/thread_session.rb:31:in `clear_thread' |
xorpaul
/ KibanaUserAuth.md
Created
September 20, 2013 14:50
First try to enable user authentication for different Elasticsearch indices
You need to point the kibana config.js to this vHost with the correct port! In this case
$ grep elas config.js
elasticsearch: "http://elasticsearch",
Then have ES only listen on localhost, so that everyone need to go though this Host:
xorpaul
/ logstash_conditional_logosource.md
Last active
December 23, 2015 08:39
logstash conditional on logsource
Logstash 1.2.1 config
Should add the log events to different elasticsearch indices based on the logsource field
output {
if [fields][logsource] =~ /^foobar/ {
# only server foobar01 and foobar1338
elasticsearch {
host => "<%= elasticsearch_host %>"
xorpaul
/ dak_import
Created
September 10, 2013 13:00
dak Debian package import error message: missing "source_suites"
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| dak@server:/srv/dak/queue/unchecked$ dak import foobar main cassandra_1.2.8_all.deb | |
| Traceback (most recent call last): | |
| File "/usr/local/bin/dak", line 239, in <module> | |
| main() | |
| File "/usr/local/bin/dak", line 219, in main | |
| module.main() | |
| File "/tmp/dak/dak/import.py", line 235, in main | |
| add_overrides=add_overrides) | |
| File "/tmp/dak/dak/import.py", line 112, in import_file | |
| fingerprint=fingerprint, add_overrides=add_overrides) |
# java -jar /data/logstash/logstash-1.2.1-flatjar.jar agent -f /etc/logstash/agent/config/rsyslogs2redis-shipper.conf
Using milestone 1 input plugin 'syslog'. This plugin should work, but would benefit from use by folks like you. Please let us know if you find bugs or have suggestions on how to improve this plugin.
For more information on plugin milestones, see http://logstash.net/docs/1.2.1/plugin-milestones {:level=>:warn}
Using milestone 2 output plugin 'redis'. This plugin should be stable, but if you see strange behavior, please let us know! For more information on plugin milestones, see http://logstash.net/docs/1.2
.1/plugin-milestones {:level=>:warn}
Grok regexp threw exception {:exception=>"invalid byte sequence in UTF-8", :field=>"message", :grok_pile=>#<Grok::Pile:0x1077a833 @patterns={"NETSCREENSESSIONLOG"=>
[...]
92, 48, 48, 52, 124, 200, 62, 62, 32, 40, 115, 104, 111, 114, 116, 101, 110, 101, 100, 41, 32, 91, 110, 111, 32, 116, 114, 97, 99
xorpaul
/ foreman deb packages
Created
September 9, 2013 10:04
error configuring foreman Debian package
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Setting up foreman (1.2.2+debian1) ... | |
| dpkg: error processing foreman (--configure): | |
| subprocess installed post-installation script returned error exit status 7 | |
| dpkg: dependency problems prevent configuration of foreman-assets: | |
| foreman-assets depends on foreman; however: | |
| Package foreman is not configured yet. | |
| dpkg: error processing foreman-assets (--configure): | |
| dependency problems - leaving unconfigured | |
| dpkg: dependency problems prevent configuration of foreman-compute: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /usr/share/foreman# su - foreman -s /bin/bash -c /usr/share/foreman/extras/dbmigrate | |
| rake aborted! | |
| cannot load such file -- puppet | |
| Tasks: TOP => db:migrate => environment | |
| (See full trace by running task with --trace) | |
| /usr/share/foreman# RAILS_ENV=production bundle exec rake db:migrate | |
| rake aborted! | |
| cannot load such file -- puppet |