It is working for auth.log but not working for authcopy.log. There is no error message. There is no output.
This is working.
sudo /usr/share/logstash/bin/logstash -e 'input { file { path => "/var/log/auth.log" } }'
output:
{
"#version" => "1",
"host" => "removed",
"path" => "/var/log/auth.log",
"#timestamp" => 2018-01-10T23:51:39.912Z,
"message" => "Jan 10 20:17:55 removed sudo: pam_unix(sudo:session): session closed for user root"
}
...
This is not working.
sudo /usr/share/logstash/bin/logstash -e 'input { file { path => "/var/log/authcopy.log" } }'
There is no error message. There is no output.
Copied auth.log to authcopy.log
sudo cp /var/log/auth.log /var/log/authcopy.log
sudo chmod 777 /var/log/authcopy.log
ls -l /var/log/auth*.log
-rwxrwxrwx 1 root root 391617 Jan 10 19:30 /var/log/authcopy.log
-rw-r----- 1 syslog adm 395465 Jan 10 20:13 /var/log/auth.log
Related
there
I monitor remote Linux with Logstash and SNMP. When I try to get interfaces or ifSpeed, everthing is OK. But when I try to get sysDescr, CPU storage and memory storage, I cannot get any data back!
I dont know why. The logstash log seems normal, too.
The logstash.conf:
input {
snmp {
tables => [
{
"name" => "sysDescr"
"columns" => ["1.3.6.1.2.1.1.1.0"]
}
]
hosts => [{
host => "udp:192.168.131.125/161"
community => "laundry"
version => "2c"
}
]
interval => 5
type => "snmp"
}
beats {
port => 5044
add_field => {"type" => "beat"}
}
tcp {
port => 50000
}
}
## Add your filters / logstash plugins configuration here
output {
if [type] == "beat" {
elasticsearch {
hosts => ["${ELASTICSEARCH_HOST}:9200"]
index => "beat-logs"
}
}
if [type] == "snmp" {
elasticsearch {
hosts => ["${ELASTICSEARCH_HOST}:9200"]
index => "snmp-logs"
}
}
}
the logstash log is:
root#laundry:/opt/ground/management# docker logs -f -t -n=5 5ae67e146ab0
2023-02-03T02:35:04.639861138Z [2023-02-03T10:35:04,639][INFO ][logstash.inputs.beats ][main] Starting input listener {:address=>"0.0.0.0:5044"}
2023-02-03T02:35:04.873655686Z [2023-02-03T10:35:04,873][INFO ][logstash.javapipeline ][main] Pipeline started {"pipeline.id"=>"main"}
2023-02-03T02:35:04.885933029Z [2023-02-03T10:35:04,884][INFO ][logstash.inputs.tcp ][main][06f1d7ee5445cc0e11cda56012ef6767600f21acd6133e02e957f761d26bac84] Starting tcp input listener {:address=>"0.0.0.0:50000", :ssl_enable=>false}
2023-02-03T02:35:04.934224084Z [2023-02-03T10:35:04,933][INFO ][org.logstash.beats.Server][main][4b91981ecb09a5d2
the output of snmpwalk and snmpget:
root#laundry:/opt/ground/management# snmpwalk -v 2c -c laundry 192.168.131.125 1.3.6.1.2.1.1.1.0
iso.3.6.1.2.1.1.1.0 = STRING: "Linux laundry 5.15.0-58-generic #64-Ubuntu SMP Thu Jan 5 12:06:43 UTC 2023 aarch64"
root#laundry:/opt/ground/management# snmpget -v 2c -c laundry 192.168.131.125 1.3.6.1.2.1.1.1.0
iso.3.6.1.2.1.1.1.0 = STRING: "Linux laundry 5.15.0-58-generic #64-Ubuntu SMP Thu Jan 5 12:06:43 UTC 2023 aarch64"
I have configured filebeat to send different (VoIP/SMS) csv files to logstash. However, only VoIP .csv files get shipped to logstash.
Csv files are under different folders.
logs/sms
logs/voip
I had another issue, described in this stack post. I managed to partially sort that out by creating tags in filebeat for these .csvs.
pwd
/usr/share/filebeat/logs
ls -ltr
drwxr-xr-x 2 root root 106496 Dec 4 03:39 sms
drwxr-xr-x 2 root root 131072 Dec 8 01:49 voip
ls -ltr voip | head -4
-rw-r--r-- 1 root root 7933 Dec 4 03:39 sms_cdr_1010.csv
-rw-r--r-- 1 root root 7974 Dec 4 03:39 sms_cdr_101.csv
-rw-r--r-- 1 root root 7949 Dec 4 03:39 sms_cdr_1009.csv
ls -ltr voip | head -4
-rw-r--r-- 1 root root 11616 Dec 4 03:39 voip_cdr_10.csv
-rw-r--r-- 1 root root 11533 Dec 4 03:39 voip_cdr_1.csv
-rw-r--r-- 1 root root 11368 Dec 4 03:39 voip_cdr_0.csv
Filebeat only starts harvesting voip .csvs
2019-12-08T02:37:18.872Z INFO crawler/crawler.go:72 Loading Inputs: 1
2019-12-08T02:37:18.872Z INFO log/input.go:138 Configured paths: [/usr/share/filebeat/logs/voip/*]
2019-12-08T02:37:18.872Z INFO input/input.go:114 Starting input of type: log; ID: 801046369164835837
2019-12-08T02:37:18.872Z INFO crawler/crawler.go:106 Loading and starting Inputs completed. Enabled inputs: 1
2019-12-08T02:37:18.977Z INFO log/harvester.go:255 Harvester started for file: /usr/share/filebeat/logs/voip/voip_cdr_185.csv
2019-12-08T02:37:18.978Z INFO log/harvester.go:255 Harvester started for file: /usr/share/filebeat/logs/voip/voip_cdr_2809.csv
2019-12-08T02:37:18.979Z INFO log/harvester.go:255 Harvester started for file: /usr/share/filebeat/logs/voip/voip_cdr_2847.csv
filebeat.yml
filebeat.inputs:
- type: log
enabled: true
paths:
- logs/sms/*
tags: ["sms"]
paths:
- logs/voip/*
tags: ["voip"]
output.logstash:
enabled: true
hosts: ["logstash:5044"]
logging.to_files: true
logging.files:
logstash.conf
input {
beats {
port => "5044"
}
}
filter {
if "sms" in [tags] {
csv {
columns => ['Date', 'Time', 'PLAN', 'CALL_TYPE', 'MSIDN', 'IMSI', 'IMEI']
separator => ","
skip_empty_columns => true
quote_char => "'"
}
}
if "voip" in [tags] {
csv {
columns => ['Record_Nb', 'Date', 'Time', 'PostDialDelay', 'Disconnect-Cause', 'Sip-Status','Session-Disposition', 'Calling-RTP-Packets-Lost','Called-RTP-Packets-Lost', 'Calling-RTP-Avg-Jitter','Called-RTP-Avg-Jitter', 'Calling-R-Factor', 'Called-R-Factor', 'Calling-MOS', 'Called-MOS', 'Ingress-SBC', 'Egress-SBC', 'Originating-Trunk-Group', 'Terminating-Trunk-Group']
separator => ","
skip_empty_columns => true
quote_char => "'"
}
}
}
output {
if "sms" in [tags] {
elasticsearch {
hosts => ["elasticsearch:9200"]
index => "smscdr_index"
}
stdout {
codec => rubydebug
}
}
if "voip" in [tags] {
elasticsearch {
hosts => ["elasticsearch:9200"]
index => "voipcdr_index"
}
stdout {
codec => rubydebug
}
}
}
try below configuration,
filebeat.inputs:
- type: log
enabled: true
paths:
- /usr/share/filebeat/logs/sms/*.csv
tags: ["sms"]
paths:
- /usr/share/filebeat/logs/voip/*.csv
tags: ["voip"]
output.logstash:
enabled: true
hosts: ["logstash:5044"]
logging.to_files: true
logging.files:
Hi I've installed mediawiki 1.26.2 with the extensión Visual Editor, nodejs and parsoid, the question is that when I start parsoid, it seems every process is working right but the the configuration of parsoid and visualeditor, I can't see any editor in my wiki.
I describe below all my configurations, how I start parsoid, the processes of parsoid involved and the configurations lines in localsettings of media wiki configuration file.
/etc/init.d/parsoid2 start-end script:
#!/bin/bash
#
# chkconfig: 35 90 12
# description: Foo server
#
# Get function from functions library
#. /etc/init.d/functions
# Start the service PARSOID
SCRIPT_PATH="/usr/lib/parsoid/src/bin/server.js"
DAEMON="/usr/bin/node $SCRIPT_PATH"
DAEMON_ARGS=""
start() {
#initlog -c "echo -n Starting PARSOID server: "
ulimit -n 64000
/usr/bin/node /usr/lib/parsoid/src/bin/server.js >> /var/log/parsoid/parsoid.log 2>&1 &
### Create the lock file ###
#touch /var/lock/subsys/parsoid
success $"PARSOID server startup"
echo
}
# Restart the service PARSOID
stop() {
#initlog -c "echo -n Stopping PARSOID server: "
pkill -f server.js
### Now, delete the lock file ###
rm -f /var/lock/subsys/parsoid
echo
}
### main logic ###
case "$1" in
start)
start
;;
stop)
stop
;;
status)
status parsoid_nodejs.sh
;;
restart|reload|condrestart)
stop
start
;;
*)
echo $"Usage: $0 {start|stop|restart|reload|status}"
exit 1
esac
exit 0
processes of parsoid involved after I run /etc/init.d/parsoid2 start
root#vscj016mlinuxserver:~# ps -ef | grep parsoid
root 2244 1 0 08:21 pts/0 00:00:00 /usr/bin/node /usr/lib/parsoid/src/bin/server.js
root 2251 2244 0 08:21 pts/0 00:00:00 /usr/bin/nodejs /usr/lib/parsoid/src/bin/server.js
root 2252 2244 0 08:21 pts/0 00:00:00 /usr/bin/nodejs /usr/lib/parsoid/src/bin/server.js
root 2258 2244 0 08:21 pts/0 00:00:00 /usr/bin/nodejs /usr/lib/parsoid/src/bin/server.js
root 2264 2244 0 08:21 pts/0 00:00:00 /usr/bin/nodejs /usr/lib/parsoid/src/bin/server.js
root 2437 2023 0 08:36 pts/0 00:00:00 grep --color=auto parsoid
root#vscj016mlinuxserver:~#
the Localsetting.js parsoid configuration file:
exports.setup = function(parsoidConfig) {
// Set your own user-agent string
// Otherwise, defaults to "Parsoid/<current-version-defined-in- package.json>"
//parsoidConfig.userAgent = "My-User-Agent-String";
// Configure Parsoid to point to your MediaWiki instance.
parsoidConfig.setMwApi({
// The "prefix" is the name given to this wiki configuration in the
// (deprecated) Parsoid v1 API.
prefix: 'localhost', // optional
// The "domain" is used for communication with Visual Editor
// and RESTBase. It defaults to the hostname portion of
// the `uri` property below, but you can manually set it
// to an arbitrary string.
domain: 'localhost', // optional
// This is the only required parameter:
// the URL of you MediaWiki API endpoint.
uri: 'http://localhost/mediawiki/api.php',
// To specify a proxy (or proxy headers) specific to this prefix
// (which overrides defaultAPIProxyURI). Alternatively, set `proxy`
// to `null` to override and force no proxying when a default proxy
// has been set.
/*
proxy: {
uri: 'http://my.proxy:1234/',
headers: { 'X-Forwarded-Proto': 'https' } // headers are optional
}
*/
});
The configuration for VisualEditor at /var/www/HTML/mediawiki/Localsettings.php:
require_once "$IP/extensions/VisualEditor/VisualEditor.php";
wfLoadExtension ( 'VisualEditor' );
$wgDefaultUserOptions['visualeditor-enable'] = 1;
$wgDefaultUserOptions['minordefault'] = 1;
$wgHiddenPrefs[] = 'visualeditor-enable';
$wgVisualEditorParsoidURL = 'http://localhost:8000';
$wgVirtualRestConfig['modules']['parsoid'] = array('url' => 'http://localhost:8000', 'domain' => 'localhost', 'prefix' => 'localhost');
$wgSessionsInObjectCache = true;
$wgVirtualRestConfig['modules']['parsoid']['forwardCookies'] = true;
Please ensure that your parsoid version match your Visual Editor version, there is a chance that you should use old-way to configure Visual Editor:
$wgVisualEditorParsoidURL = 'http://127.0.0.1:8000';
$wgVisualEditorParsoidPrefix = 'localhost';
If you see the button "Edit source" on your pages only, make sure the Visual Editor is enabled for some name spaces in `LocalSettings.phpExample:
$wgVisualEditorNamespaces = array(NS_MAIN, NS_USER);
Source: https://www.mediawiki.org/wiki/Extension:VisualEditor#Complete_list_of_configuration_options
Check if Visual Editor is enabled in the User Preferences and you see the enabled name spaces as well
I would like to send rsyslog message to my ELK stack but it does not work
rsyslog conf
*.* ##127.0.0.1:10514
local6.* /tmp/grenard.log
&~
logstash conf
input {
syslog {
port => 10514
type => "syslog"
}
stdin {}
}
output {
stdout { codec => rubydebug }
}
logstash listens really on 10514 (telnet localhost 10514
)(test with a localhost telent 10514 and I can see it in my stdout
root#VM-GUILLAUME /etc/logstash/conf.d # /opt/logstash/bin/logstash
-f /etc/logstash/conf.d Settings: Default filter workers: 4 Logstash startup completed {
"message" => "bonjour\r\n",
"#version" => "1",
"#timestamp" => "2016-03-01T10:55:41.488Z",
"type" => "syslog",
"host" => "0:0:0:0:0:0:0:1",
"tags" => [
[0] "_grokparsefailure_sysloginput"
Moreover, the logfile is fulfilled so I know my rsyslog conf is OK
logger -t apache -i -p local6.info $(date)
the log file
Mar 1 12:06:04 localhost apache[13700]: mar. mars 1 12:06:04 CET 2016
Problem was due to tcp (##). using udp (#) problem solved. Here my rsyslod.d/grenard.conf
*.* #127.0.0.1:10514
local6.* /tmp/grenard.log
&~
how can I configure a Exec to run only if another Exec ran?
I have a manifest like this:
file { $target:
ensure => directory
}
exec { "unzip foobar.zip -C ${target}":
unless => "file ${target}/some-file-form-archive"
}
exec { "chown -R $user ${target}":
onlyif => ???
}
I would like the chown to run only if unzip foobar.zip ran. Of course I could start checking whether some-file-from-archive is already owned by $user, but somehow it does not seem right.
There's an answer here already: http://ask.puppetlabs.com/question/14726/run-exec-only-if-another-exec-ran/
Changing the manifest like this fixes my problem:
exec { 'unpack file':
command => "unzip foobar.zip -C ${target}",
path => '/usr/bin',
creates => "${target}/some-file-form-archive",
require => File[$target, '<archive>'],
notify => Exec[fix archive],
}
exec { 'fix archive':
command => "chown -R ${user} ${target}",
path => '/bin',
refreshonly => true,
}
UPDATE 28.11.2014
motivated by Felix Frank's comment i tried out something else. instead of notify/refreshonly you can ensure all resource in a file-tree are owned by a user like this:
exec { 'fix archive':
command => "chown -R ${user} ${target}",
path => '/bin',
unless => "test 0 -eq $(find ${target} \\! -user ${user} | wc -l)"
}
this way owner is ensured to be $user even if it was changed after unpack file ran.