kazu634
/
itamae
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Set up `vector` for `syslog`.

This commit is contained in:
Kazuhiro MUSASHI 2020-10-31 16:53:32 +09:00
parent 9d1d6018bd
commit 1b6b3bb0a5
7 changed files with 263 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
cookbooks/vector/files/etc/logrotate.d/vector-syslog Normal file
View File

@ -0,0 +1,14 @@
/var/log/vector/syslog.log {
ifempty
dateformat .%Y%m%d
missingok
compress
daily
rotate 10
prerotate
/bin/systemctl stop vector-syslog.service
endscript
postrotate
/bin/systemctl start vector-syslog.service
endscript
}

12
cookbooks/vector/files/etc/systemd/system/promtail-vector-syslog.service Normal file
View File

@ -0,0 +1,12 @@
[Unit]
Description=Grafana Promtail
Documentation=https://github.com/grafana/loki
After=network-online.target
[Service]
User=root
Restart=always
ExecStart=/usr/local/bin/promtail --config.file=/etc/promtail/syslog.yaml
[Install]
WantedBy=multi-user.target

16
cookbooks/vector/files/etc/systemd/system/vector-syslog.service Normal file
View File

@ -0,0 +1,16 @@
[Unit]
Description=Vector
Documentation=https://vector.dev
After=network-online.target
Requires=network-online.target
[Service]
ExecStart=/usr/bin/vector --config /etc/vector/syslog.toml
ExecReload=/bin/kill -HUP $MAINPID
Restart=always
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=vector
[Install]
WantedBy=multi-user.target

16
cookbooks/vector/files/etc/vector/syslog.toml Normal file
View File

@ -0,0 +1,16 @@
data_dir = "/var/lib/vector"
[sources.syslog]
address = "0.0.0.0:514" # required, required when mode = "tcp" or mode = "udp"
mode = "tcp" # required
type = "syslog" # required
[sinks.syslog-file]
# General
type = "file" # required
inputs = ["syslog"] # required
healthcheck = true # optional, default
path = "/var/log/vector/syslog.log" # required
# Encoding
encoding.codec = "ndjson" # required

89
cookbooks/vector/syslog_setup.rb Normal file
View File

@ -0,0 +1,89 @@
# Create `/var/log/vector`:
%w( /var/log/vector ).each do |d|
directory d do
owner 'root'
group 'root'
mode '0755'
end
end
# Deploy `vector` configuration for `syslog`:
remote_file '/etc/vector/syslog.toml' do
owner 'root'
group 'root'
mode '644'
notifies :restart, 'service[vector-syslog]'
end
# Deploy `systemd` configuration for `prometheus`:
remote_file '/etc/systemd/system/vector-syslog.service' do
owner 'root'
group 'root'
mode '644'
notifies :restart, 'service[vector-syslog]'
end
# Service setting:
service 'vector-syslog' do
action [ :enable, :restart ]
end
# Firewall settings here:
%w( 514/tcp ).each do |p|
execute "ufw allow #{p}" do
user 'root'
not_if "LANG=c ufw status | grep #{p}"
notifies :run, 'execute[ufw reload-or-enable]'
end
end
execute 'ufw reload-or-enable' do
user 'root'
command 'LANG=C ufw reload | grep skipping && ufw --force enable || exit 0'
action :nothing
end
# Depoy `consul` service configuration for `loki`:
template '/etc/consul.d/service-vector-syslog.json' do
owner 'root'
group 'root'
mode '644'
variables(ipaddr: node['vector']['ipaddr'])
notifies :restart, 'service[supervisor]'
end
template '/etc/promtail/syslog.yaml' do
owner 'root'
group 'root'
mode '644'
variables(LOKIENDPOINT: node['promtail']['lokiendpoint'])
notifies :restart, 'service[promtail-vector-syslog]'
end
# Deploy `systemd` configuration for `promtail-loki`:
remote_file '/etc/systemd/system/promtail-vector-syslog.service' do
owner 'root'
group 'root'
mode '644'
end
# Service setting:
service 'promtail-vector-syslog' do
action [ :enable, :restart ]
end
# Deploy the `logrotated` configuration:
remote_file '/etc/logrotate.d/vector-syslog' do
owner 'root'
group 'root'
mode '644'
end

12
cookbooks/vector/templates/etc/consul.d/service-vector-syslog.json Normal file
View File

@ -0,0 +1,12 @@
{
"service": {
"name": "vector-syslog",
"port": 514,
"check":{
"tcp": "<%= @ipaddr %>:514",
"interval": "60s",
"timeout": "1s",
"success_before_passing": 3
}
}
}

104
cookbooks/vector/templates/etc/promtail/syslog.yaml Normal file
View File

@ -0,0 +1,104 @@
server:
disable: true
positions:
filename: /var/opt/promtail/promtail_syslog_position.yaml
clients:
- url: http://<%= @LOKIENDPOINT %>/loki/api/v1/push
scrape_configs:
- job_name: syslog
static_configs:
- targets:
- localhost
labels:
job: syslog
__path__: /var/log/vector/*.log
pipeline_stages:
- json:
expressions:
appname:
hostname:
level: severity
message:
timestamp:
- labels:
appname:
hostname:
level:
- match:
selector: '{job="syslog", level=~"(debug|DEBUG)"}'
action: drop
- match:
selector: '{job="syslog", hostname="esxi-new", appname=~"(storageRM|sdrsInjector)"} |= "getting state for"'
action: drop
- match:
selector: '{job="syslog", hostname="esxi-new", appname="Hostd"} |~ "(->|IpmiIfcOpenIpmiOpen|LikewiseGetDomainJoinInfo)"'
action: drop
- match:
selector: '{job="syslog", hostname="esxi-new", appname="smartd"} |~ "(REALLOCATED SECTOR CT below threshold)"'
action: drop
- match:
selector: '{job="syslog", hostname="esxi-new", appname="backup.sh"} |~ "(esx.conf|Creating archive)"'
action: drop
- match:
selector: '{job="syslog", hostname="esxi-new", appname="Rhttpproxy"} |~ "(warning rhttpproxy)"'
action: drop
- match:
selector: '{job="syslog", hostname="esxi-new"}'
stages:
- timestamp:
source: timestamp
format: 2006-01-02T15:04:05.999Z
location: Etc/GMT
- template:
source: level
template: '{{ regexReplaceAllLiteral "err" .Value "error" }}'
- labeldrop:
- appname
- output:
source: message
- match:
selector: '{job="syslog", hostname="ubnt", appname="openvpn", level="notice"}'
action: drop
- match:
selector: '{job="syslog", hostname="ubnt", appname="sudo", level="info"}'
action: drop
- match:
selector: '{job="syslog", hostname="ubnt"}'
stages:
- timestamp:
source: timestamp
format: 2006-01-02T15:04:05.999Z
location: Asia/Bangkok
- template:
source: level
template: '{{ regexReplaceAllLiteral "err" .Value "error" }}'
- labels:
level:
hostname:
- labeldrop:
- appname
- output:
source: message