# java -jar /data/logstash/logstash-1.2.1-flatjar.jar agent -f /etc/logstash/agent/config/rsyslogs2redis-shipper.conf
Using milestone 1 input plugin 'syslog'. This plugin should work, but would benefit from use by folks like you. Please let us know if you find bugs or have suggestions on how to improve this plugin.
For more information on plugin milestones, see http://logstash.net/docs/1.2.1/plugin-milestones {:level=>:warn}
Using milestone 2 output plugin 'redis'. This plugin should be stable, but if you see strange behavior, please let us know! For more information on plugin milestones, see http://logstash.net/docs/1.2
.1/plugin-milestones {:level=>:warn}
Grok regexp threw exception {:exception=>"invalid byte sequence in UTF-8", :field=>"message", :grok_pile=>#<Grok::Pile:0x1077a833 @patterns={"NETSCREENSESSIONLOG"=>
[...]
92, 48, 48, 52, 124, 200, 62, 62, 32, 40, 115, 104, 111, 114, 116, 101, 110, 101, 100, 41, 32, 91, 110, 111, 32, 116, 114, 97, 99
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import sys | |
class HashTable: | |
def __init__(self): | |
self.fill = 8 # Active + # Dummy | |
self.list = [0] * self.fill | |
self.used = 0 # Active | |
def __getitem__(self, slot): | |
return self.list[slot] | |
def insert(self, slot, key): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
*** Segmentation fault | |
Register dump: | |
EAX: 6e616863 EBX: b6f34000 ECX: 00000000 EDX: 08fe0628 | |
ESI: bf9aa210 EDI: 08fa1540 EBP: bf9aa140 ESP: bf9aa09c | |
EIP: b6daa188 EFLAGS: 00210206 | |
CS: 0073 DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# puppetd -t | |
err: Checksumfile /var/lib/puppet/state/state.yaml is corrupt (syntax error on line 41, col 12: ` !binary ? "RmlsZVsvdmFyL2xpYi9wdXBwZXQvY29uY2F0L19ldGNfbW90ZC9mcmFnbWVu\ndHMvOTk1X21vdGRfZnJhZ21lbnRfG1swMW1TeXN0ZW0tRG9rdSA6ICAbWzBt\naHR0cDpfX3dpa2kuaW50cmFuZXQuMWFuZDEuY29tX2Jpbl92aWV3X0lUQ0Ff\nU2VydmVyQnNwcHRkZXZfXQ==\n"'); replacing | |
irb(main):002:0> YAML.load(::File.read('/var/lib/puppet/state/state.yaml')) | |
ArgumentError: syntax error on line 41, col 12: ` !binary ? "RmlsZVsvdmFyL2xpYi9wdXBwZXQvY29uY2F0L19ldGNfbW90ZC9mcmFnbWVu\ndHMvOTk1X21vdGRfZnJhZ21lbnRfG1swMW1TeXN0ZW0tRG9rdSA6ICAbWzBt\naHR0cDpfX3dpa2kuaW50cmFuZXQuMWFuZDEuY29tX2Jpbl92aWV3X0lUQ0Ff\nU2VydmVyQnNwcHRkZXZfXQ==\n"' | |
from /usr/lib/ruby/1.8/yaml.rb:133:in `load' | |
from /usr/lib/ruby/1.8/yaml.rb:133:in `load' | |
from (irb):2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<14>Aug 26 15:09:38 foobarmw02 foobar-middleware[17051]: security - [pid=17051,port=3000,mem=375520] > mis requested /services | |
/55192027 [no trace] | |
I want to extract security as a custom field | |
grok { | |
type => "syslog" | |
pattern => "%{SYSLOGBASE2} %{WORD:logcategory} - %{GREEDYDATA:message}" | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/usr/share/foreman# su - foreman -s /bin/bash -c /usr/share/foreman/extras/dbmigrate | |
rake aborted! | |
cannot load such file -- puppet | |
Tasks: TOP => db:migrate => environment | |
(See full trace by running task with --trace) | |
/usr/share/foreman# RAILS_ENV=production bundle exec rake db:migrate | |
rake aborted! | |
cannot load such file -- puppet |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Setting up foreman (1.2.2+debian1) ... | |
dpkg: error processing foreman (--configure): | |
subprocess installed post-installation script returned error exit status 7 | |
dpkg: dependency problems prevent configuration of foreman-assets: | |
foreman-assets depends on foreman; however: | |
Package foreman is not configured yet. | |
dpkg: error processing foreman-assets (--configure): | |
dependency problems - leaving unconfigured | |
dpkg: dependency problems prevent configuration of foreman-compute: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dak@server:/srv/dak/queue/unchecked$ dak import foobar main cassandra_1.2.8_all.deb | |
Traceback (most recent call last): | |
File "/usr/local/bin/dak", line 239, in <module> | |
main() | |
File "/usr/local/bin/dak", line 219, in main | |
module.main() | |
File "/tmp/dak/dak/import.py", line 235, in main | |
add_overrides=add_overrides) | |
File "/tmp/dak/dak/import.py", line 112, in import_file | |
fingerprint=fingerprint, add_overrides=add_overrides) |
Logstash 1.2.1 config
Should add the log events to different elasticsearch indices based on the logsource field
output {
if [fields][logsource] =~ /^foobar/ {
# only server foobar01 and foobar1338
elasticsearch {
host => "<%= elasticsearch_host %>"
You need to point the kibana config.js to this vHost with the correct port! In this case
$ grep elas config.js
elasticsearch: "http://elasticsearch",
Then have ES only listen on localhost, so that everyone need to go though this Host:
OlderNewer