Fabien Wernli faxm0dem

## syslog-ng.conf
template t_logformat {
    template("$ISODATE $HOST <$FACILITY.$PRIORITY> $LEGACY_MSGHDR$MSG\n");
    template_escape(no);
};

destination d_remote_by_host {
    file("/var/syslog-ng/remote/$YEAR/$MONTH/$DAY/by-host/${HOST}" template(t_logformat));
};


## warn-expire.clj
      (where (service "riemann streams rate")
        (where (expired? event)
          (with {:state "warning" :ttl 3600}
            indexer)))

## syslog_ng-exec.sh
#!/bin/ksh

INTERVAL=10
HOSTNAME="${COLLECTD_HOSTNAME:-$(/bin/hostname)}"
HOSTNAME=${HOSTNAME%%.in2p3.fr}.in2p3.fr
SUDO=sudo
SYSLOG_NG_CTL="/sbin/syslog-ng-ctl"
[ -x $SYSLOG_NG_CTL ] || SYSLOG_NG_CTL="/usr$SYSLOG_NG_CTL"
AWK="/bin/awk"
[ -x $AWK ] || AWK="awk"

## riemann.config.clj
;; watchdog-cfg is just a hash with host, port, etc.
(streams
  ;; irrelevant code ommited :)
 (where (service #"riemann server")
    (let [send-watchdog (forward (riemann.client/tcp-client watchdog-cfg))]
      (fn watchdog-sending [event]
       (try (send-watchdog event)
         (catch Exception exc
            (tell-ops (utils/exception->event exc))))))))

## hiera-data.yaml
---
syslog_ng::rewrite:
  r_sdata_facter:
    params:
      - set:
        - '"%{productname}"'
        - value: '".SDATA.facter.productname"'
      - set:
        - '"%{osfamily}"'
        - value: '".SDATA.facter.osfamily"'

## setup.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                faxm0dem
                / setup.md
            
            
              Last active
              October 18, 2015 15:22
            
              
                Elasticsearch logs in JSON
              
          
    Elasticsearch logs in JSON format

Build

cd /tmp
wget -O- http://wwwftp.ciril.fr/pub/apache/maven/maven-3/3.3.3/binaries/apache-maven-3.3.3-bin.tar.gz | tar xfz -
export PATH=/tmp/apache-maven-3.3.3/bin:$PATH
git clone https://github.com/logstash/log4j-jsonevent-layout
cd log4j-jsonevent-layout
mvn assembly:assembly


## keybase.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                faxm0dem
                / keybase.md
            
            
              Created
              September 24, 2015 20:46
            
              
                keybase
              
          
    Keybase proof

I hereby claim:

I am faxm0dem on github.
I am faxmodem (https://keybase.io/faxmodem) on keybase.
I have a public key whose fingerprint is FC13 3209 34C3 4562 35EE  C0E4 9108 5E13 86FE E825

To claim this, I am signing this object:

  
## collectd-jmx.conf
<Plugin "java">
JVMARG "-Djava.class.path=/usr/share/collectd/java/collectd-api.jar:/usr/share/collectd/java/generic-jmx.jar"
LoadPlugin "org.collectd.java.GenericJMX"
<Plugin "GenericJMX">
  <MBean "gc-count">
    ObjectName "java.lang:type=GarbageCollector,*"
    InstancePrefix "gc-"
    InstanceFrom "name"
    <Value>
      Type "derive"

## doc_values_template.json
{
   "mappings" : {
      "_default_" : {
         "dynamic_templates" : [
            {
               "string_fields" : {
                  "match" : "*",
                  "match_mapping_type" : "string",
                  "mapping" : {
                     "index" : "not_analyzed",

## gist:e1befcc33123256e96d7
(let [
      index (default {:state "ok" :ttl 60} (index))
      indexer (default {:state "ok" :ttl 60}
       index
       (where (not (expired? event))
         (changed-state {:init "ok"}
           (tag "changed-state"
             index))))
]
(streams
	template t_logformat {
	template("$ISODATE $HOST <$FACILITY.$PRIORITY> $LEGACY_MSGHDR$MSG\n");
	template_escape(no);
	};

	destination d_remote_by_host {
	file("/var/syslog-ng/remote/$YEAR/$MONTH/$DAY/by-host/${HOST}" template(t_logformat));
	};
	(where (service "riemann streams rate")
	(where (expired? event)
	(with {:state "warning" :ttl 3600}
	indexer)))
	#!/bin/ksh

	INTERVAL=10
	HOSTNAME="${COLLECTD_HOSTNAME:-$(/bin/hostname)}"
	HOSTNAME=${HOSTNAME%%.in2p3.fr}.in2p3.fr
	SUDO=sudo
	SYSLOG_NG_CTL="/sbin/syslog-ng-ctl"
	[ -x $SYSLOG_NG_CTL ] \|\| SYSLOG_NG_CTL="/usr$SYSLOG_NG_CTL"
	AWK="/bin/awk"
	[ -x $AWK ] \|\| AWK="awk"
	;; watchdog-cfg is just a hash with host, port, etc.
	(streams
	;; irrelevant code ommited :)
	(where (service #"riemann server")
	(let [send-watchdog (forward (riemann.client/tcp-client watchdog-cfg))]
	(fn watchdog-sending [event]
	(try (send-watchdog event)
	(catch Exception exc
	(tell-ops (utils/exception->event exc))))))))
	---
	syslog_ng::rewrite:
	r_sdata_facter:
	params:
	- set:
	- '"%{productname}"'
	- value: '".SDATA.facter.productname"'
	- set:
	- '"%{osfamily}"'
	- value: '".SDATA.facter.osfamily"'
	<Plugin "java">
	JVMARG "-Djava.class.path=/usr/share/collectd/java/collectd-api.jar:/usr/share/collectd/java/generic-jmx.jar"
	LoadPlugin "org.collectd.java.GenericJMX"
	<Plugin "GenericJMX">
	<MBean "gc-count">
	ObjectName "java.lang:type=GarbageCollector,*"
	InstancePrefix "gc-"
	InstanceFrom "name"
	<Value>
	Type "derive"
	{
	"mappings" : {
	"_default_" : {
	"dynamic_templates" : [
	{
	"string_fields" : {
	"match" : "*",
	"match_mapping_type" : "string",
	"mapping" : {
	"index" : "not_analyzed",
	(let [
	index (default {:state "ok" :ttl 60} (index))
	indexer (default {:state "ok" :ttl 60}
	index
	(where (not (expired? event))
	(changed-state {:init "ok"}
	(tag "changed-state"
	index))))
	]
	(streams