View gist:5cbc8e3f267084e278ded2385aa6673e
%{IPORHOST:s_ip} ?(%{IPORHOST:c_ip}|%{NOTSPACE:c_ip}) %{NOTSPACE:remote_logname} %{NOTSPACE:remote_user} \[%{MONTHDAY:day}/%{MONTH:month}/%{YEAR:year}:%{HOUR:hour}:%{MINUTE:minute}:%{SECOND:second} %{ISO8601_TIMEZONE:timezone}\] %{WORD:request} %{NOTSPACE:file_path} ?(%{NOTSPACE:http_version}| ) %{WORD:status} %{INT:bytes} %{NOTSPACE:referer} %{GREEDYDATA:user_agent} %{NOTSPACE:data} %{BASE16FLOAT:time_taken}
View gist:d56cc051d8bffc2f3c93e3ecd103d044
https://download.elasticsearch.org/kibana/kibana/kibana-4.6.1-x86_64.rpm
View gist:00e9601ab56db92d9b629dd6d9a615f2
output {
if [type] == "apache" {
if [status] =~ /^5\d\d/ {
nagios { ... }
} else if [status] =~ /^4\d\d/ {
elasticsearch { ... }
}
statsd { increment => "apache.%{status}" }
}
}
View gist:06c757125cc420c0d94ec1fa08a7205f
[Wed Nov 23 14:54:49 2016] [error] [client 61.148.244.54] (70007)The timeout specified has expired: proxy: error reading status line from remote server 84.239.199.210
[Sun Dec 04 03:42:01.878346 2016] [mpm_prefork:notice] [pid 30011] AH00171: Graceful restart requested, doing restart\nAH00557: httpd: apr_sockaddr_info_get() failed for NOVPLLOG01\nAH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
[Wed Nov 23 15:06:13 2016] [notice] mpmstats: bsy: 3 in mod_proxy.c
\[%{DAY} (?<timestamp>%{MONTH} %{MONTHDAY} %{TIME} %{YEAR})\] \[(?:%{WORD:logtarget}\:){0,1}%{LOGLEVEL:loglevel}\] (?:\[pid %{NUMBER:pid}\] ){0,1}(?:\[client %{IP:clientip}\] ){0,1}%{GREEDYDATA:errormsg}
View axa-error-log.conf
input {
file {
path => [ "/diskZ/elklog/axa/ssm*/error_log*" ]
start_position => beginning
type => "axa-apache-error"
sincedb_path => "/dev/null"
ignore_older => 0
}
}
View gist:335ccd66deafd809d2dbde8fbd41f6c7
[mwang@ELKServer02-tw elasticsearch]$ ls
elasticsearch.yml logging.yml scripts
[mwang@ELKServer02-tw elasticsearch]$ vi elasticsearch.yml
[mwang@ELKServer02-tw elasticsearch]$ cat *yml
index.number_of_shards: 3
index.number_of_replicas: 1
threadpool.search.queue_size: 10000
network.host: 0.0.0.0
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# THIS FILE IS MANAGED BY CHEF, DO NOT EDIT MANUALLY, YOUR CHANGES WILL BE OVERWRITTEN!
View gist:632920ef88abe19e67d964acb862d5e9
mwang@es2  ~/amdgpu-pro-16.40-348864  sudo lspci -v -s 01:00.0
01:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] Tonga PRO [Radeon R9 285/380] (rev f1) (prog-if 00 [VGA controller])
Subsystem: Tul Corporation / PowerColor Tonga PRO [Radeon R9 285/380]
Flags: bus master, fast devsel, latency 0, IRQ 26
Memory at d0000000 (64-bit, prefetchable) [size=256M]
Memory at cfe00000 (64-bit, prefetchable) [size=2M]
I/O ports at d000 [size=256]
Memory at feac0000 (32-bit, non-prefetchable) [size=256K]
Expansion ROM at feaa0000 [disabled] [size=128K]
Capabilities: [48] Vendor Specific Information: Len=08 <?>
View gist:632209af1b8591ada5d9
➜ keycloak cat /etc/*release
CentOS release 6.7 (Final)
CentOS release 6.7 (Final)
CentOS release 6.7 (Final)
➜ keycloak rpm -iUvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
Retrieving http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
error: can't create transaction lock on /var/lib/rpm/.rpm.lock (Permission denied)
➜ keycloak
➜ keycloak sudo !!
➜ keycloak sudo rpm -iUvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
View gist:006671f954ca8469d311
<ROOT>
<source>
type syslog
port 5140
tag system
</source>
<match system.*.*>
type record_reformer
tag elasticsearch
facility ${tag_parts[1]}