OVH is a decent host -- cheap, large-scale hardware. Around 1/5 the cost of the big guys, without the polished API or slick experience (and none of the live migration of bad instances).
Let's run DCOS on OVH!
You'll need 3 instances:
| [LogstreamerInput] | |
| log_directory = "/mnt/syslog-archive/all" | |
| file_match = 'cisco-(?P<Year>\d+).(?P<Month>\d+).(?P<Day>\d+).log' # works | |
| #file_match = 'cisco-2015.09.(?P<Day>\d+).log' # doesn't work | |
| priority = ["Year", "Month", "Day"] | |
| decoder = "MyCiscoDecoder" |
| local cjson = require('cjson') | |
| local fields = { | |
| Type = "cisco", | |
| Timestamp = nil, | |
| Payload = "to be filled in...", | |
| Logger = "logstreamer" | |
| } | |
| function process_message() |
| require 'pp' | |
| here = Dir.glob("logstash/conf.d/*") | |
| there = Dir.glob("../cookbooks/cookbooks/forwarder/templates/default/elasticsearch/*.erb") | |
| pp here.collect{|h| h = h.split("/").last; match = there.select{|t| t.include?(h); }; [h,match] }.collect{|h,t| "diff logstash/conf.d/#{h} #{t.first}"}.each{|x| puts x; system(x)}; nil |
| [ScampInput] | |
| Name = "logging" | |
| Listen = "0.0.0.0:30100" | |
| [ScampInput.handler.0] | |
| Action = "Logger.info" | |
| Type = "Logger" | |
| Decoder = "ACoolPayloadDecoder" | |
| Severity = 1 | |
| [ScampInput.handler.1] | |
| Action = "Logger.log" |
| #cloud-config | |
| users: | |
| - name: "core" | |
| groups: | |
| - "sudo" | |
| - "docker" | |
| - "wheel" | |
| - "systemd-journal" | |
| - "portage" |
| for _,maddr := range maddrs { | |
| scamp.Trace.Printf("maddr: `%s`", maddr) | |
| } | |
| udpAddr, err := net.ResolveUDPAddr("udp", multicastSpec) | |
| if err != nil { | |
| scamp.Trace.Printf("error resolving UDP address: `%s`", udpAddr) | |
| } | |
| multicastConn, err := net.DialUDP("udp", nil, udpAddr) |
| import base64, email, hmac, hashlib, urllib | |
| import httplib, logging | |
| logging.basicConfig() | |
| logging.getLogger().setLevel(logging.DEBUG) | |
| requests_log = logging.getLogger("requests.packages.urllib3") | |
| requests_log.setLevel(logging.DEBUG) | |
| requests_log.propagate = True |
| A plugin had an unrecoverable error. Will restart this plugin. | |
| Plugin: <LogStash::Inputs::Elasticsearch hosts=>["elk01.phx1.viasatcloud.com"], port=>9200, index=>"misc-2015.08.3*", query=>"syslogtag:Juniper AND FOUO", debug=>false, codec=><LogStash::Codecs::JSON charset=>"UTF-8">, scan=>true, size=>1000, scroll=>"1m", docinfo=>false, docinfo_target=>"@metadata", docinfo_fields=>["_index", "_type", "_id"], ssl=>false> | |
| Error: [400] {"error":"SearchPhaseExecutionException[Failed to execute phase [init_scan], all shards failed; shardFailures {[NxePVEcrTdSj2dvUDxd2Dw][misc-2015.08.30][0]: RemoteTransportException[[xle-elasticsearch-20][inet[/10.69.8.84:9300]][indices:data/read/search[phase/scan]]]; nested: SearchParseException[[misc-2015.08.30][0]: from[-1],size[-1]: Parse Failure [Failed to parse source [_na_]]]; nested: ElasticsearchParseException[Failed to derive xcontent from org.elasticsearch.common.bytes.BytesArray@37efd96d]; }{[ikvUCHa3Qv-hfS_e7s8bUw][misc-2015.08.31][0]: RemoteTransportException[[xle-e |
| package main | |
| import "fmt" | |
| import "encoding/base64" | |
| import "bytes" | |
| var suspiciousBase64 = []byte(`OSEeu8fWTcq+AliFG3PlZ0eYR8zFWWAdkCwb3XbPE96wvAsiF1W6v2Udg5KoDe7M2d0oQMmpoNeC | |
| ZQWRMBHarz5vHzfTSXXCjvoLfZJVA1FLiJ9RYk8ulFyEJF19nxd2GLArnWjiqsP9RslhFB3BvYnZ | |
| O9IsuyRqWKpa1nl5B68=`) |