Change level when executing `itamae`.

This commit is contained in:
Kazuhiro MUSASHI 2020-09-21 00:25:39 +09:00
parent b1ea22a262
commit 39a4b22867
1 changed files with 35 additions and 2 deletions

View File

@ -25,12 +25,11 @@ scrape_configs:
labels: labels:
job: sudo job: sudo
hostname: <%= @HOSTNAME %> hostname: <%= @HOSTNAME %>
level: notice
__path__: /var/log/auth.log __path__: /var/log/auth.log
pipeline_stages: pipeline_stages:
- match: - match:
selector: '{job="sudo"}' selector: '{job="sudo"} |~ "/bin/sh"'
stages: stages:
- drop: - drop:
expression: (CRON|sshd|session) expression: (CRON|sshd|session)
@ -46,6 +45,40 @@ scrape_configs:
source: message source: message
template: 'USER={{ .user }} PWD={{ .pwd }} CMD={{ .cmd }}' template: 'USER={{ .user }} PWD={{ .pwd }} CMD={{ .cmd }}'
- template:
source: level
template: 'info'
- labels:
level:
- output:
source: message
- match:
selector: '{job="sudo"} !~ "/bin/sh"'
stages:
- drop:
expression: (CRON|sshd|session)
- regex:
expression: '^(?P<timestamp>\w+ +[0-9]+ [0-9]+:[0-9]+:[0-9]+) [^ ]+ sudo: +(?P<user>[^ ]+) : TTY=(?P<tty>[^ ]+) ; PWD=(?P<pwd>[^ ]+) ; USER=(?P<foo>[^ ]+) ; COMMAND=(?P<cmd>.+)$'
- timestamp:
source: timestamp
format: Jan 2 15:04:05
location: Asia/Tokyo
- template:
source: message
template: 'USER={{ .user }} PWD={{ .pwd }} CMD={{ .cmd }}'
- template:
source: level
template: 'notice'
- labels:
level:
- output: - output:
source: message source: message