forked from elastic/beats
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[Filebeat] Create ActiveMQ module (elastic#14840)
* Enable audit logs in ActiveMQ module * Generate module stub * Update configuration * Add log files * Add sample exception to ActiveMQ log * Define ingest pipeline for ActiveMQ audit logs * Define ingest pipeline for ActiveMQ logs * Adjust ingest pipelines, bugfixing * Do not check timestamp for audit logs * Refactor fields * Fix: mage fmt update * Adjust fields after review * Rename action to message to properly present logs in Kibana * Refactor fields according to the review
- Loading branch information
Showing
25 changed files
with
722 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,69 @@ | ||
//// | ||
This file is generated! See scripts/docs_collector.py | ||
//// | ||
|
||
[[filebeat-module-activemq]] | ||
:modulename: activemq | ||
:has-dashboards: false | ||
|
||
== ActiveMQ module | ||
|
||
This module parses Apache ActiveMQ logs. It supports application and audit logs. | ||
|
||
include::../include/what-happens.asciidoc[] | ||
|
||
[float] | ||
=== Compatibility | ||
|
||
The module has been tested with ActiveMQ 5.13.0 and 5.15.9. Other versions are expected to work. | ||
|
||
include::../include/running-modules.asciidoc[] | ||
|
||
include::../include/configuring-intro.asciidoc[] | ||
|
||
:fileset_ex: log | ||
|
||
include::../include/config-option-intro.asciidoc[] | ||
|
||
The following example shows how to set paths in the +modules.d/{modulename}.yml+ | ||
file to override the default paths for ActiveMQ logs: | ||
|
||
["source","yaml",subs="attributes"] | ||
----- | ||
- module: activemq | ||
audit: | ||
enabled: true | ||
var.paths: ["/path/to/log/activemq/data/audit.log*"] | ||
log: | ||
enabled: true | ||
var.paths: ["/path/to/log/activemq/data/activemq.log*"] | ||
----- | ||
|
||
To specify the same settings at the command line, you use: | ||
|
||
["source","sh",subs="attributes"] | ||
----- | ||
-M "activemq.audit.var.paths=[/path/to/log/activemq/data/audit.log*]" | ||
-M "activemq.log.var.paths=[/path/to/log/activemq/data/activemq.log*]" | ||
----- | ||
|
||
[float] | ||
==== `log` log fileset settings | ||
|
||
include::../include/var-paths.asciidoc[] | ||
|
||
include::../include/timezone-support.asciidoc[] | ||
|
||
:has-dashboards!: | ||
|
||
:fileset_ex!: | ||
|
||
:modulename!: | ||
|
||
|
||
[float] | ||
=== Fields | ||
|
||
For a description of each field in the module, see the | ||
<<exported-fields-activemq,exported fields>> section. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
- module: activemq | ||
# Audit logs | ||
audit: | ||
enabled: true | ||
|
||
# Set custom paths for the log files. If left empty, | ||
# Filebeat will choose the paths depending on your OS. | ||
#var.paths: | ||
|
||
# Application logs | ||
log: | ||
enabled: true | ||
|
||
# Set custom paths for the log files. If left empty, | ||
# Filebeat will choose the paths depending on your OS. | ||
#var.paths: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,56 @@ | ||
:modulename: activemq | ||
:has-dashboards: false | ||
|
||
== ActiveMQ module | ||
|
||
This module parses Apache ActiveMQ logs. It supports application and audit logs. | ||
|
||
include::../include/what-happens.asciidoc[] | ||
|
||
[float] | ||
=== Compatibility | ||
|
||
The module has been tested with ActiveMQ 5.13.0 and 5.15.9. Other versions are expected to work. | ||
|
||
include::../include/running-modules.asciidoc[] | ||
|
||
include::../include/configuring-intro.asciidoc[] | ||
|
||
:fileset_ex: log | ||
|
||
include::../include/config-option-intro.asciidoc[] | ||
|
||
The following example shows how to set paths in the +modules.d/{modulename}.yml+ | ||
file to override the default paths for ActiveMQ logs: | ||
|
||
["source","yaml",subs="attributes"] | ||
----- | ||
- module: activemq | ||
audit: | ||
enabled: true | ||
var.paths: ["/path/to/log/activemq/data/audit.log*"] | ||
log: | ||
enabled: true | ||
var.paths: ["/path/to/log/activemq/data/activemq.log*"] | ||
----- | ||
|
||
To specify the same settings at the command line, you use: | ||
|
||
["source","sh",subs="attributes"] | ||
----- | ||
-M "activemq.audit.var.paths=[/path/to/log/activemq/data/audit.log*]" | ||
-M "activemq.log.var.paths=[/path/to/log/activemq/data/activemq.log*]" | ||
----- | ||
|
||
[float] | ||
==== `log` log fileset settings | ||
|
||
include::../include/var-paths.asciidoc[] | ||
|
||
include::../include/timezone-support.asciidoc[] | ||
|
||
:has-dashboards!: | ||
|
||
:fileset_ex!: | ||
|
||
:modulename!: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
- key: activemq | ||
title: "activemq" | ||
description: > | ||
Module for parsing ActiveMQ log files. | ||
fields: | ||
- name: activemq | ||
type: group | ||
description: > | ||
fields: | ||
- name: caller | ||
type: keyword | ||
description: > | ||
Name of the caller issuing the logging request (class or resource). | ||
- name: thread | ||
type: keyword | ||
description: > | ||
Thread that generated the logging event. | ||
- name: user | ||
type: keyword | ||
description: > | ||
User that generated the logging event. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
- name: audit | ||
type: group | ||
description: > | ||
Fields from ActiveMQ audit logs. | ||
fields: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
type: log | ||
paths: | ||
{{ range $i, $path := .paths }} | ||
- {{$path}} | ||
{{ end }} | ||
exclude_files: [".gz$"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
--- | ||
description: Pipeline for parsing ActiveMQ audit logs. | ||
processors: | ||
- grok: | ||
field: message | ||
pattern_definitions: | ||
NOPIPEGREEDYDATA: "((?! \\|).)*" | ||
THREAD_NAME: "((?! \n).)*" | ||
patterns: | ||
- "%{LOGLEVEL:log.level}%{SPACE}\\|%{SPACE}%{WORD:activemq.user}%{SPACE}%{NOPIPEGREEDYDATA:message}%{SPACE}\\|%{SPACE}%{THREAD_NAME:activemq.thread}" | ||
ignore_missing: true | ||
on_failure: | ||
- set: | ||
field: error.message | ||
value: "{{ _ingest.on_failure_message }}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
module_version: 1.0 | ||
|
||
var: | ||
- name: paths | ||
default: | ||
- /opt/apache-activemq-*/data/audit.log* | ||
os.darwin: | ||
- /usr/local/apache-activemq-*/data/audit.log* | ||
os.windows: | ||
- c:/apache-activemq-*/data/audit.log* | ||
|
||
ingest_pipeline: ingest/pipeline.yml | ||
input: config/audit.yml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
INFO | anonymous called org.apache.activemq.broker.jmx.QueueView.retryMessages[] at 27-11-2019 08:45:57,213 | qtp443290224-47 | ||
INFO | admin called org.apache.activemq.broker.jmx.QueueView.retryMessages[] at 27-11-2019 08:45:57,229 | qtp443290224-45 | ||
WARN | admin requested /admin/createDestination.action [JMSDestination='test' JMSDestinationType='queue' secret='4eb0bc3e-9d7a-4256-844c-24f40fda98f1' ] from 127.0.0.1 | qtp12205619-39 | ||
INFO | guest requested /admin/purgeDestination.action [JMSDestination='test' JMSDestinationType='queue' secret='eff6a932-1b58-45da-a64a-1b30b246cfc9' ] from 127.0.0.1 | qtp12205619-36 |
Oops, something went wrong.