From 0984df066b83e0a926cd8ce2de44789feb17436d Mon Sep 17 00:00:00 2001 From: Fredrik Kjellman Date: Tue, 10 May 2022 13:08:28 +0200 Subject: [PATCH] Add config for sending proxy log to influxdb. --- .../overlay/etc/rsyslog.d/99-audit.conf | 3 ++- .../telegraf.conf.d/50-json-input.conf | 26 +++++++++++++++++++ .../overlay/etc/rsyslog.d/99-audit.conf | 3 ++- .../telegraf.conf.d/50-json-input.conf | 26 +++++++++++++++++++ 4 files changed, 56 insertions(+), 2 deletions(-) diff --git a/log-1.sveidas.se/overlay/etc/rsyslog.d/99-audit.conf b/log-1.sveidas.se/overlay/etc/rsyslog.d/99-audit.conf index 35a34468..c5d2664e 100644 --- a/log-1.sveidas.se/overlay/etc/rsyslog.d/99-audit.conf +++ b/log-1.sveidas.se/overlay/etc/rsyslog.d/99-audit.conf @@ -1,6 +1,7 @@ local0.* -/var/log/eidas_audit.log local1.* -/var/log/eidas_fticks.log local2.* -/var/log/eidas_process.log -local3.* -/var/log/eidas_proxy.log +$template messageOnlyProxy,"%msg%\n" +local3.* -/var/log/eidas_proxy.log; messageOnlyProxy $template messageOnly,"{\"type\":%msg%\n" local4.* -/var/log/eidas_stats.log; messageOnly diff --git a/log-1.sveidas.se/overlay/etc/telegraf/telegraf.conf.d/50-json-input.conf b/log-1.sveidas.se/overlay/etc/telegraf/telegraf.conf.d/50-json-input.conf index 09ab4dcf..7fbe249d 100644 --- a/log-1.sveidas.se/overlay/etc/telegraf/telegraf.conf.d/50-json-input.conf +++ b/log-1.sveidas.se/overlay/etc/telegraf/telegraf.conf.d/50-json-input.conf @@ -6,3 +6,29 @@ json_time_key = "timestamp" json_time_format = "unix_ms" json_timezone = "Local" + files = ["/var/log/eidas_proxy.log"] + data_format = "json" + tag_keys = ["type", + "timestamp", + "connectorEntityId", + "requesterId", + "loaMatching", + "connectorCuntry", + "spType", + "requestedLoa", + "eidasResponseLoA", + "eidasRequestId", + "eidasResponseId", + "principal", + "nationalAssertionId", + "nationalRequestId", + "nationalIdP", + "eIDASAssertionIssueTime", + "eidasAssertionId"] + json_time_key = "timestamp" + json_time_format = "unix_ms" + json_timezone = "Local" +[[processors.parser]] + parse_fields = ["message"] + merge = "override" + data_format = "json" diff --git a/log-2.sveidas.se/overlay/etc/rsyslog.d/99-audit.conf b/log-2.sveidas.se/overlay/etc/rsyslog.d/99-audit.conf index 56e9b454..c5d2664e 100644 --- a/log-2.sveidas.se/overlay/etc/rsyslog.d/99-audit.conf +++ b/log-2.sveidas.se/overlay/etc/rsyslog.d/99-audit.conf @@ -1,6 +1,7 @@ local0.* -/var/log/eidas_audit.log local1.* -/var/log/eidas_fticks.log local2.* -/var/log/eidas_process.log -local3.* -/var/log/eidas_proxy.log +$template messageOnlyProxy,"%msg%\n" +local3.* -/var/log/eidas_proxy.log; messageOnlyProxy $template messageOnly,"{\"type\":%msg%\n" local4.* -/var/log/eidas_stats.log; messageOnly diff --git a/log-2.sveidas.se/overlay/etc/telegraf/telegraf.conf.d/50-json-input.conf b/log-2.sveidas.se/overlay/etc/telegraf/telegraf.conf.d/50-json-input.conf index 09ab4dcf..7fbe249d 100644 --- a/log-2.sveidas.se/overlay/etc/telegraf/telegraf.conf.d/50-json-input.conf +++ b/log-2.sveidas.se/overlay/etc/telegraf/telegraf.conf.d/50-json-input.conf @@ -6,3 +6,29 @@ json_time_key = "timestamp" json_time_format = "unix_ms" json_timezone = "Local" + files = ["/var/log/eidas_proxy.log"] + data_format = "json" + tag_keys = ["type", + "timestamp", + "connectorEntityId", + "requesterId", + "loaMatching", + "connectorCuntry", + "spType", + "requestedLoa", + "eidasResponseLoA", + "eidasRequestId", + "eidasResponseId", + "principal", + "nationalAssertionId", + "nationalRequestId", + "nationalIdP", + "eIDASAssertionIssueTime", + "eidasAssertionId"] + json_time_key = "timestamp" + json_time_format = "unix_ms" + json_timezone = "Local" +[[processors.parser]] + parse_fields = ["message"] + merge = "override" + data_format = "json"