From 96c3b6ed9a22604f262dc1f81deac45fb9534787 Mon Sep 17 00:00:00 2001 From: RouxAntoine Date: Sun, 19 Feb 2023 20:49:47 +0100 Subject: [PATCH] migrate nginx filter from docker configuration to kubernetes one --- Makefile | 2 +- filebeat-docker.yml | 25 ------------------------- filebeat-kubernetes.yml | 27 +++++++++++++++++++++++++++ 3 files changed, 28 insertions(+), 26 deletions(-) diff --git a/Makefile b/Makefile index ca75a4d..4c30bad 100644 --- a/Makefile +++ b/Makefile @@ -12,7 +12,7 @@ VERBOSITY=debug ## build build: - docker manifest rm docker.registry:5000/filebeat:latest + docker manifest rm docker.registry:5000/filebeat:latest || true docker-multi-arch-builder build -n filebeat --platforms $(PLATFORM) -v $(VERBOSITY) ## management diff --git a/filebeat-docker.yml b/filebeat-docker.yml index 7eb604c..e7c4253 100644 --- a/filebeat-docker.yml +++ b/filebeat-docker.yml @@ -20,31 +20,6 @@ processors: - add_docker_metadata: host: "unix:///var/run/docker.sock" - add_host_metadata: ~ - - dissect: - tokenizer: '%{nginx.remote_addr} - %{nginx.remote_user} [%{nginx.time}] %{nginx.host} "%{nginx.request}" %{nginx.status|integer} %{nginx.http_referer} "%{nginx.http_user_agent}" %{nginx.http_x_real_ip} %{nginx.http_x_forwarded_for} %{nginx.request_id} "%{nginx.geoip_country_name}" %{nginx.geoip_country_code} "%{nginx.geoip_asn_name}" %{nginx.geoip_asn_number|integer} location:"%{nginx.geoip.lat|double}" "%{nginx.geoip.lon|double}" req_header:"%{nginx.header.req}" resp_header:"%{nginx.header.resp}"' - trim_values: all - target_prefix: "" - field: "message" - when: - equals: - container.name: nginxfront - - dissect: - tokenizer: '%{php.time} [%{php.status}] %{php.info}: %{php.message}, client: %{php.client}, server: %{php.server}, request: "%{php.request}", host: "%{php.host}"' - target_prefix: "" - field: "message" - when: - equals: - container.name: nginxfront - - timestamp: - field: nginx.time - target_field: nginx.time - layouts: - - '02/Jan/2006:15:04:05 -0700' - test: - - '27/May/2022:21:41:02 +0000' - when: - equals: - container.name: nginxfront - drop_event: when: equals: diff --git a/filebeat-kubernetes.yml b/filebeat-kubernetes.yml index 0d99b1a..d86c93c 100644 --- a/filebeat-kubernetes.yml +++ b/filebeat-kubernetes.yml @@ -47,6 +47,31 @@ processors: to: "container.name" ignore_missing: true fail_on_error: false + - dissect: + tokenizer: '%{nginx.remote_addr} - %{nginx.remote_user} [%{nginx.time}] %{nginx.host} "%{nginx.request}" %{nginx.status|integer} %{nginx.http_referer} "%{nginx.http_user_agent}" %{nginx.http_x_real_ip} %{nginx.http_x_forwarded_for} %{nginx.request_id} "%{nginx.geoip_country_name}" %{nginx.geoip_country_code} "%{nginx.geoip_asn_name}" %{nginx.geoip_asn_number|integer} location:"%{nginx.geoip.lat|double}" "%{nginx.geoip.lon|double}" req_header:"%{nginx.header.req}" resp_header:"%{nginx.header.resp}"' + trim_values: all + target_prefix: "" + field: "message" + when: + equals: + container.name: nginxfront + - dissect: + tokenizer: '%{php.time} [%{php.status}] %{php.info}: %{php.message}, client: %{php.client}, server: %{php.server}, request: "%{php.request}", host: "%{php.host}"' + target_prefix: "" + field: "message" + when: + equals: + container.name: nginxfront + - timestamp: + field: nginx.time + target_field: nginx.time + layouts: + - '02/Jan/2006:15:04:05 -0700' + test: + - '27/May/2022:21:41:02 +0000' + when: + equals: + container.name: nginxfront - drop_event: when: equals: @@ -69,6 +94,8 @@ setup: type: keyword - name: kubernetes.container.name type: keyword + - name: nginx.geoip + type: geo_point dashboards: enabled: false