Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Generalise Pixiu alerting and a couple of more fixes for it #24

Merged
merged 3 commits into from
Aug 14, 2024
Merged

Generalise Pixiu alerting and a couple of more fixes for it #24

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
9df4d9f
add general catch all for pixiu alarms
wpoely86 Aug 13, 2024
fc26c91
add quota account alerts for Pixiu
wpoely86 Aug 14, 2024
d6e44a5
fix nginx patterns for pixiu
wpoely86 Aug 14, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 7 additions & 3 deletions files/pixiu
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,11 @@ PIXIU_BASH \s*%{IPORHOST:syslog_hostname} \[%{PROG:program}\]: \[%{YEAR}-%{MONTH

PIXIU_APACHE \[%{HTTPDATE:timestamp}\] %{IPORHOST:clientip} %{HTTPDUSER:auth} %{WORD:verb} %{NOTSPACE:request} %{GREEDYDATA:other}

PIXIU_NGINX \s*%{IPORHOST:syslog_hostname} %{SYSLOGPROG} %{IPORHOST:clientip} - %{HTTPDUSER:auth}\s+\[%{HTTPDATE:timestamp}\] \"%{WORD:verb} %{NOTSPACE:request} HTTP/%{NUMBER:httpversion}\" %{NUMBER:response:int} %{GREEDYDATA:other}
PIXIU_NGINX \s*%{IPORHOST:syslog_hostname} %{SYSLOGPROG} %{IPORHOST:clientip} (?:- %{HTTPDUSER:auth}\s+)?\[%{HTTPDATE:timestamp}\] \"%{WORD:verb} %{NOTSPACE:request} HTTP/%{NUMBER:httpversion}\" %{NUMBER:response:int} %{GREEDYDATA:other}

PIXIU_TOMCAT \s*%{IPORHOST:syslog_hostname} %{SYSLOGPROG} \[%{HTTPDATE:timestamp}\]\^%{IPORHOST:clientip}\^%{HTTPDUSER:auth}\^%{WORD:verb} %{NOTSPACE:request} HTTP/%{NUMBER:httpversion}\^%{GREEDYDATA:other}

PIXIU_ALARM_PREFIX \s*%{IPORHOST:syslog_hostname} %{SYSLOGPROG}: .+%{IPORHOST} (?<alarm_object>OceanStor-Distributed-Storage)\s+%{NUMBER} (?<alarm_id>0x[A-F0-9]+) (?<alarm_severity>%{WORD}).*:
PIXIU_ALARM_PREFIX \s*%{IPORHOST:syslog_hostname} %{SYSLOGPROG}: .+%{IPORHOST} (?<alarm_object>OceanStor-Distributed-Storage)\s+%{NUMBER} (?<alarm_id>0x[A-F0-9]+) (?<alarm_severity>%{WORD})\(%{NUMBER:alarm_severity_level}\):

PIXIU_ALARM_USER_TYPE user name, owner name %{USERNAME:username}

Expand All @@ -23,7 +23,11 @@ PIXIU_USER_SPACE_ALARM %{PIXIU_ALARM_PREFIX} %{PIXIU_ALARM_COMMON} reaches (?:or
PIXIU_LOGIN_STATUS failed|succeeded
PIXIU_LOGIN_ACTION in|out

PIXIU_ACCOUNT_QUOTA %{PIXIU_ALARM_PREFIX} The used \((?<quota_used_type>%{WORD})\) quota \(%{NUMBER:quota_used}\) of account \(ID (?<account_id>%{NUMBER:int})\) reaches or approaches \(%{NUMBER:quota_limit}\) of the \(%{WORD} %{WORD} quota\)\..*

PIXIU_LOGIN_ALARM %{PIXIU_ALARM_PREFIX} User \(user name %{USERNAME:username}\) %{PIXIU_LOGIN_STATUS:state} (?:to log %{PIXIU_LOGIN_ACTION:action}|in logging %{PIXIU_LOGIN_ACTION:action})(?: upon timeout)? from source \(%{IPORHOST:source_ip}\)\..*

PIXIU_ALARM %{PIXIU_USER_INODE_ALARM}|%{PIXIU_USER_SPACE_ALARM}|%{PIXIU_LOGIN_ALARM}
PIXIU_ALARM_GENERAL %{PIXIU_ALARM_PREFIX} %{GREEDYDATA:alarm_message}

# PIXIU_ALARM_GENERAL must be last
PIXIU_ALARM %{PIXIU_USER_INODE_ALARM}|%{PIXIU_USER_SPACE_ALARM}|%{PIXIU_LOGIN_ALARM}|%{PIXIU_ACCOUNT_QUOTA}|%{PIXIU_ALARM_GENERAL}
54 changes: 54 additions & 0 deletions tests/data/pixiu
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -303,4 +303,58 @@ data = [
"used_space": 6108000000,
},
},
{
"raw": "<190>Aug 12 14:05:08 C4STO01-Node1 alarm[4162768]: <189>2024-08-12 14:05:08 DST 172.19.104.10 OceanStor-Distributed-Storage 1478853 0x200FEA670009 Informational(8): adm_wpoelmans:172.18.252.110 succeeded in setting alarm severity (alarm ID: 0xFEA6A000C, severity: warning).",
"expected": {
"program": "alarm",
"alarm_severity": "Informational",
"alarm_object": "OceanStor-Distributed-Storage",
"alarm_id": "0x200FEA670009",
"alarm_message": "adm_wpoelmans:172.18.252.110 succeeded in setting alarm severity (alarm ID: 0xFEA6A000C, severity: warning).",
},
},
{
"raw": "<190>Aug 13 15:04:36 HKSTO03-Node1 alarm[2003199]: <189>2024-08-13 15:04:34 DST 172.19.96.130 OceanStor-Distributed-Storage 1253732 0x200FEA6A009F Informational(8): objectrest:134.184.143.132 succeeded in creating namespace snapshot (name SNAP_2024_08_13_130433, namespace ID 702, namespace name sarl -auditlog, dtree ID --, dtree name --, whether it is a secure snapshot no, secure snapshot retention period - -, whether automatic deletion is supported no).",
"expected": {
"program": "alarm",
"alarm_severity": "Informational",
"alarm_severity_level": "8",
"alarm_object": "OceanStor-Distributed-Storage",
"alarm_id": "0x200FEA6A009F",
"alarm_message": "objectrest:134.184.143.132 succeeded in creating namespace snapshot (name SNAP_2024_08_13_130433, namespace ID 702, namespace name sarl -auditlog, dtree ID --, dtree name --, whether it is a secure snapshot no, secure snapshot retention period - -, whether automatic deletion is supported no).",
},
},
{
"raw": "<187>Aug 13 14:26:28 HKSTO03-Node1 alarm[2003199]: <186>2024-08-13 14:26:26 DST 172.19.96.130 OceanStor-Distributed-Storage 1253626 0xFEA6A001A Major(1): The used (space) quota (549755813888000) of account (ID 319307833) reaches or approaches (549755813888000) of the (space hard quota). Data writing is about to be rejected.",
"expected": {
"program": "alarm",
"alarm_severity": "Major",
"alarm_object": "OceanStor-Distributed-Storage",
},
},
{
"raw": "<187>Aug 13 14:27:19 HKSTO03-Node1 alarm[2003199]: <186>2024-08-13 14:26:26 DST 2024-08-13 14:27:17 DST 172.19.96.130 OceanStor-Distributed-Storage 1253626 0xFEA6A001A Major(2): The used (space) quota (549755813888000) of account (ID 319307833) reaches or approaches (549755813888000) of the (space hard quota). Data writing is about to be rejected.",
"expected": {
"program": "alarm",
"alarm_severity": "Major",
"alarm_object": "OceanStor-Distributed-Storage",
"account_id": 319307833,
"quota_used_type": "space",
"quota_used": 549755813888000,
"quota_limit": 549755813888000,
},
},
{
# "raw": '<174>Oct 17 12:50:42 HKSTO03-Node1 nginx 127.0.0.1 - - [17/Oct/2022:12:50:42 +0200] "GET /dsware/service/cluster/storagepool/query*** HTTP/1.1" 200 "0.062" 924 "-" "Apache-HttpClient/5.1 (Java/1.8.0_322)" "-" 127.0.0.1:9527 200 "0.064" "********" "********" "********" "127.0.0.1" "application/json;charset=UTF-8" "-" "-" "gzip, x-gzip, deflate"',

"raw": '<174>Aug 14 09:15:16 C4STO01-Node1 nginx 127.0.0.1 [14/Aug/2024:09:15:16 +0200] "GET /api/v2/cluster/se*** HTTP/1.1" 200 "0.046" 3072 "Apache-HttpClient/5.1 (Java/1.8.0_372)" "-" 127.0.0.1:8099 200 "0.046" "********" "********" "********" "127.0.0.1" "application/json;charset=UTF-8" "-" ',
"expected": {
"@source_host": "C4STO01-Node1",
"program": "nginx",
"clientip": "127.0.0.1",
"verb": "GET",
"request": "/api/v2/cluster/se***",
"response": 200,
},
},
]
3 changes: 3 additions & 0 deletions tests/logstash_7.6.2.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -76,10 +76,13 @@ filter {
"actread" => "integer"
"dtree_id" => "integer"
"namespace_id" => "integer"
"account_id" => "integer"
"used_files" => "integer"
"used_space" => "integer"
"quota_files_limit" => "integer"
"quota_space_limit" => "integer"
"quota_used" => "integer"
"quota_limit" => "integer"
}
}
}
Expand Down