Index: /branches/amp_4_0/platform/config/syslog.conf =================================================================== --- /branches/amp_4_0/platform/config/syslog.conf (revision 2594) +++ /branches/amp_4_0/platform/config/syslog.conf (working copy) @@ -2,35 +2,340 @@ udp { port => 5514 type => "syslog" + codec => plain { + charset => "UTF-8" + } } tcp { port => 5514 type => "syslog" + codec => plain { + charset => "UTF-8" + } } } filter { - kv { - source => "message" - field_split => " " - value_split => "=" - remove_field => ["message"] + # Stage 1: Initial Cleaning + if [message] { + ruby { + code => ' + if event.get("message").is_a?(String) + event.set("message", event.get("message").gsub(/\\x00/, "")) + elsif event.get("message").is_a?(Array) + cleaned = event.get("message").map { |m| m.gsub(/\\x00/, "") if m } + event.set("message", cleaned.join(" ")) + end + ' + } } - date { - match => ["date", "YYYY-MM-dd"] - target => "@timestamp" - } + if [type] == "syslog" { + # Stage 2: Parsing Attempts (Cascading Grok) - if [time] { - mutate { - update => { "date" => "%{date} %{time}" } - remove_field => ["time"] + # Attempt 1: RFC 5424 + grok { + match => { + "message" => "^<%{NUMBER:syslog_pri}>%{NUMBER:syslog_protocol_version} %{TIMESTAMP_ISO8601:syslog_timestamp} %{HOSTNAME:syslog_hostname} %{DATA:syslog_appname} %{DATA:syslog_procid} %{DATA:syslog_msgid} (?-|\\[.*?\\])(?:\\s+)?%{GREEDYDATA:syslog_message}" + } + tag_on_failure => ["_grokparsefailure_rfc5424"] + add_tag => ["rfc5424_attempt"] } - date { - match => ["date", "YYYY-MM-dd HH:mm:ss"] - target => "@timestamp" + + # Parse syslog_message as AN_WELF_LOG + if !("_grokparsefailure_rfc5424" in [tags]) and [syslog_message] { + mutate { + strip => ["syslog_message"] + } + grok { + match => { + "syslog_message" => "^AN_WELF_LOG:id=%{WORD:log_id} time=\"%{TIMESTAMP_ISO8601:log_time}\" fw=%{IP:virtual_ip} pri=%{POSINT:priority} proto=%{WORD:protocol} src=%{IP:src_ip} dstname=%{IP:destination_name} arg=%{URIPATH:arg} op=%{WORD:operation} agent=\"%{DATA:user_agent}\" result=%{INT:http_result_code} sent=%{INT:bytes_sent} duration=%{NUMBER:duration_seconds} msg=\"%{GREEDYDATA:message_detail_raw}\"" + } + tag_on_failure => ["_grokparsefailure_an_welf_log_rfc5424"] + add_tag => ["an_welf_log_rfc5424_subparsed"] + } + if !("_grokparsefailure_an_welf_log_rfc5424" in [tags]) and [message_detail_raw] { + mutate { + gsub => ["message_detail_raw", "\\s+", " "] + } + grok { + match => { + "message_detail_raw" => "^cache:%{WORD:cache_status} peer:%{WORD:peer_type}/%{IP:peer_ip}$" + } + tag_on_failure => ["_grokparsefailure_msg"] + add_tag => ["msg_subparsed"] + } + } } + + # Attempt 2: AN_WELF_LOG (WITH SYSLOG HEADER) + if "_grokparsefailure_rfc5424" in [tags] { + grok { + match => { + "message" => "^<%{POSINT:syslog_pri}>%{POSINT:syslog_version} %{TIMESTAMP_ISO8601:syslog_timestamp} %{HOSTNAME:syslog_hostname} %{DATA:syslog_appname} %{DATA:syslog_procid} %{INT:event_id} - AN_WELF_LOG:id=%{WORD:log_id} time=\"%{YEAR:year}-%{MONTHNUM:month}-%{MONTHDAY:day} %{HOUR:hour}:%{MINUTE:minute}:%{SECOND:second}\" fw=%{IP:virtual_ip} pri=%{POSINT:priority} proto=%{WORD:protocol} src=%{IP:src_ip} dstname=%{IP:destination_name} arg=%{URIPATH:arg} op=%{WORD:operation} agent=\"%{DATA:user_agent}\" result=%{INT:http_result_code} sent=%{INT:bytes_sent} duration=%{NUMBER:duration_seconds} msg=\"%{GREEDYDATA:destination_data_raw}\"" + } + tag_on_failure => ["_grokparsefailure_an_welf_log"] + add_tag => ["an_welf_log_attempt"] + } + if !("_grokparsefailure_an_welf_log" in [tags]) { + mutate { + add_field => { "log_time" => "%{year}-%{month}-%{day} %{hour}:%{minute}:%{second}" } + remove_field => ["year", "month", "day", "hour", "minute", "second"] + } + mutate { + gsub => ["destination_data_raw", "\\s+", " "] + } + } + } + + # Attempt 3: AN_WELF_LOG (without SYSLOG HEADER) + if "_grokparsefailure_rfc5424" in [tags] and "_grokparsefailure_an_welf_log" in [tags] { + grok { + match => { + "message" => "^AN_WELF_LOG:id=%{WORD:log_id} time=\"%{YEAR:year}-%{MONTHNUM:month}-%{MONTHDAY:day} %{HOUR:hour}:%{MINUTE:minute}:%{SECOND:second}\" fw=%{IP:virtual_ip} pri=%{POSINT:priority} proto=%{WORD:protocol} src=%{IP:src_ip} dstname=%{IP:destination_name} arg=%{URIPATH:arg} op=%{WORD:operation} agent=\"%{DATA:user_agent}\" result=%{INT:http_result_code} sent=%{INT:bytes_sent} duration=%{NUMBER:duration_seconds} msg=\"%{GREEDYDATA:message_detail_raw}\"" + } + tag_on_failure => ["_grokparsefailure_an_welf_log_no_header"] + add_tag => ["an_welf_log_no_header_attempt"] + } + if !("_grokparsefailure_an_welf_log_no_header" in [tags]) { + mutate { + add_field => { "log_time" => "%{year}-%{month}-%{day} %{hour}:%{minute}:%{second}" } + remove_field => ["year", "month", "day", "hour", "minute", "second"] + } + mutate { + gsub => ["message_detail_raw", "\\s+", " "] + } + mutate { + add_field => { "syslog_priority" => "%{priority}" } + add_field => { "syslog_timestamp" => "%{log_time}" } + } + } + } + + # Attempt 4: Custom/Non-Standard + if "_grokparsefailure_rfc5424" in [tags] and "_grokparsefailure_an_welf_log" in [tags] and "_grokparsefailure_an_welf_log_no_header" in [tags] { + grok { + match => { + "message" => "^<%{POSINT:syslog_pri}>%{MONTH:syslog_month} +%{MONTHDAY:syslog_day} %{YEAR:syslog_year} %{TIME:syslog_time} %{IPORHOST:syslog_hostname} %{GREEDYDATA:syslog_content_kv}" + } + tag_on_failure => ["_grokparsefailure_custom_nonstandard"] + add_tag => ["custom_nonstandard_attempt"] + } + if !("_grokparsefailure_custom_nonstandard" in [tags]) { + date { + match => ["syslog_month syslog_day syslog_year syslog_time", "MMM ddYYYY HH:mm:ss"] + target => "syslog_timestamp" + add_tag => ["_dateparseok"] + tag_on_failure => ["_dateparsefailure"] + } + kv { + source => "syslog_content_kv" + field_split => " " + value_split => "=" + target => "syslog_kv_data" + } + mutate { + add_field => { "syslog_appname" => "%{[syslog_kv_data][id]}" } + add_field => { "syslog_msgid" => "%{[syslog_kv_data][type]}" } + add_field => { "syslog_message" => "%{[syslog_kv_data][msg]}" } + remove_field => ["syslog_month", "syslog_day", "syslog_year", "syslog_time", "syslog_content_kv"] + } + + # --- NEW ADDITIONS FOR CUSTOM/NON-STANDARD LOGS --- + # Map fields from syslog_kv_data to common field names + if [syslog_kv_data][fw] { + mutate { add_field => { "virtual_ip" => "%{[syslog_kv_data][fw]}" } } + } + if [syslog_kv_data][src] { + mutate { add_field => { "client_ip" => "%{[syslog_kv_data][src]}" } } + } + if [syslog_kv_data][dst] { + mutate { add_field => { "destination_ip" => "%{[syslog_kv_data][dst]}" } } + } + if [syslog_kv_data][dport] { + mutate { + add_field => { "destination_port" => "%{[syslog_kv_data][dport]}" } + convert => { "destination_port" => "integer" } + } + } + # Optional: Parse log_time and timezone from KV data if needed for @timestamp + if [syslog_kv_data][time] { + date { + match => ["syslog_kv_data.time", "YYYY-M-d HH:mm:ss"] + target => "log_message_timestamp" # Create a separate field for this specific timestamp + tag_on_failure => ["_kvtimeparsefailure"] + } + # You might want to use this timestamp for @timestamp if it's more accurate + # date { + # match => ["syslog_kv_data.time", "YYYY-M-d HH:mm:ss"] + # target => "@timestamp" + # timezone => "%{[syslog_kv_data][timezone]}" # This requires a valid IANA timezone name + # tag_on_failure => ["_kvtimestampfailure"] + # } + } + # --- END NEW ADDITIONS --- + } + } + + # Attempt 5: Traditional BSD Syslog + if "_grokparsefailure_rfc5424" in [tags] and "_grokparsefailure_an_welf_log" in [tags] and "_grokparsefailure_an_welf_log_no_header" in [tags] and "_grokparsefailure_custom_nonstandard" in [tags] { + grok { + match => { + "message" => "^<%{POSINT:syslog_pri}>%{SYSLOGTIMESTAMP:syslog_timestamp} %{IPORHOST:syslog_hostname} %{DATA:syslog_appname}(?:\\[%{POSINT:syslog_procid}\\])?:(?: %{DATA:syslog_msgid})? %{GREEDYDATA:syslog_message}" + } + tag_on_failure => ["_grokparsefailure_bsd"] + add_tag => ["bsd_attempt"] + } + } + + # Stage 3: Common Post-Parsing Processing + if !("_grokparsefailure_rfc5424" in [tags] and "_grokparsefailure_an_welf_log" in [tags] and "_grokparsefailure_an_welf_log_no_header" in [tags] and "_grokparsefailure_custom_nonstandard" in [tags] and "_grokparsefailure_bsd" in [tags]) { + # USERAGENT FILTER + if [user_agent] { + useragent { + source => "user_agent" + target => "useragent" + remove_field => ["user_agent"] + } + } + + if [syslog_appname] == "-" { mutate { remove_field => ["syslog_appname"] } } + if [syslog_procid] == "-" { mutate { remove_field => ["syslog_procid"] } } + if [syslog_structured_data] == "-" { + mutate { remove_field => ["syslog_structured_data"] } + } else if [syslog_structured_data] =~ /^\\[.+\\]$/ { + # Handle structured data parsing if needed + } + + mutate { + rename => { + "syslog_pri" => "syslog_priority" + "syslog_hostname" => "device_hostname" + "syslog_appname" => "application_name" + "syslog_procid" => "process_id" + "syslog_msgid" => "message_id" + } + rename => { "syslog_protocol_version" => "syslog_version" } + } + + ruby { + code => " + if event.get('syslog_priority') + level = event.get('syslog_priority').to_i % 8 + level_map = { + 0 => 'Emergency', 1 => 'Alert', 2 => 'Critical', 3 => 'Error', + 4 => 'Warning', 5 => 'Notice', 6 => 'Informational', 7 => 'Debug' + } + event.set('severity_numeric', level) + event.set('severity', level_map[level] || 'Unknown') + end + " + } + + ruby { + code => " + if event.get('syslog_priority') + facility = event.get('syslog_priority').to_i / 8 + facility_map = { + 0 => 'Kernel', 1 => 'User', 2 => 'Mail', 3 => 'System Daemons', + 4 => 'Security/Authorization', 5 => 'Syslog', 6 => 'LPR Subsystem', + 7 => 'NNTP Subsystem', 8 => 'UUCP Subsystem', 9 => 'Clock Daemon', + 10 => 'Security/Authorization', 11 => 'FTP Daemon', 12 => 'NTP Subsystem', + 13 => 'Log Audit', 14 => 'Log Alert', 15 => 'Clock Daemon', + 16 => 'Local0', 17 => 'Local1', 18 => 'Local2', 19 => 'Local3', + 20 => 'Local4', 21 => 'Local5', 22 => 'Local6', 23 => 'Local7' + } + event.set('log_facility_numeric', facility) + event.set('log_facility', facility_map[facility] || 'Unknown') + end + " + } + + # IP RENAMING LOGIC (applies to common fields) + mutate { + copy => { "[host][ip]" => "device_ip" } # IP of the Logstash host that received the log + } + + # Ensure client_ip is populated from src_ip if it exists (for other log types) + if [src_ip] { + mutate { + rename => { "src_ip" => "client_ip" } # Client IP from the log message (if not from kv_data) + } + } + + if [device_ip] { + jdbc_streaming { + jdbc_driver_library => "/etc/logstash/jdbc_drivers/postgresql-42.7.5.jar" + jdbc_driver_class => "org.postgresql.Driver" + jdbc_connection_string => "jdbc:postgresql://127.0.0.1:5432/cm" + jdbc_user => "amp_admin" + jdbc_password => "Array@123$" + statement => "SELECT name, type, device_group FROM device WHERE ip_address = :device_ip" + parameters => { "device_ip" => "device_ip" } + target => "device_info" + tag_on_failure => ["_device_lookup_failure"] + } + + if [device_info] { + ruby { + code => " + if event.get('device_info') && event.get('device_info')[0] + device = event.get('device_info')[0] + event.set('device_name', device['name']) + event.set('device_type', device['type']) + event.set('device_group', device['device_group']) + else + event.tag('_device_info_not_found') + end + event.remove('device_info') + " + } + } else { + mutate { + add_tag => ["_device_info_not_found"] + } + } + } + + if !("_grokparsefailure_rfc5424" in [tags]) { + mutate { + remove_tag => ["_grokparsefailure_an_welf_log", "_grokparsefailure_an_welf_log_no_header", "_grokparsefailure_custom_nonstandard", "_grokparsefailure_bsd"] + add_tag => ["syslog_parsed", "rfc5424"] + } + } else if !("_grokparsefailure_an_welf_log" in [tags]) { + mutate { + remove_tag => ["_grokparsefailure_rfc5424", "_grokparsefailure_an_welf_log_no_header", "_grokparsefailure_custom_nonstandard", "_grokparsefailure_bsd"] + add_tag => ["syslog_parsed", "an_welf_log_headered"] + } + } else if !("_grokparsefailure_an_welf_log_no_header" in [tags]) { + mutate { + remove_tag => ["_grokparsefailure_rfc5424", "_grokparsefailure_an_welf_log", "_grokparsefailure_custom_nonstandard", "_grokparsefailure_bsd"] + add_tag => ["syslog_parsed", "an_welf_log_no_header"] + } + } else if !("_grokparsefailure_custom_nonstandard" in [tags]) { + mutate { + remove_tag => ["_grokparsefailure_rfc5424", "_grokparsefailure_an_welf_log", "_grokparsefailure_an_welf_log_no_header", "_grokparsefailure_bsd"] + add_tag => ["syslog_parsed", "custom_nonstandard_log"] + } + } else if !("_grokparsefailure_bsd" in [tags]) { + mutate { + remove_tag => ["_grokparsefailure_rfc5424", "_grokparsefailure_an_welf_log", "_grokparsefailure_an_welf_log_no_header", "_grokparsefailure_custom_nonstandard"] + add_tag => ["syslog_parsed", "bsd_syslog"] + } + } + + mutate { + remove_tag => ["rfc5424_attempt", "an_welf_log_attempt", "an_welf_log_no_header_attempt", "custom_nonstandard_attempt", "bsd_attempt"] + } + } + + # Stage 4: Handle Unparsed Logs + if "_grokparsefailure_rfc5424" in [tags] and "_grokparsefailure_an_welf_log" in [tags] and "_grokparsefailure_an_welf_log_no_header" in [tags] and "_grokparsefailure_custom_nonstandard" in [tags] and "_grokparsefailure_bsd" in [tags] { + mutate { + add_tag => ["_parsefailure_syslog_unhandled"] + remove_tag => ["_grokparsefailure_rfc5424", "_grokparsefailure_an_welf_log", "_grokparsefailure_an_welf_log_no_header", "_grokparsefailure_custom_nonstandard", "_grokparsefailure_bsd"] + } + } } } Index: /branches/amp_4_0/platform/config/telegraf/ag.toml =================================================================== --- /branches/amp_4_0/platform/config/telegraf/ag.toml (nonexistent) +++ /branches/amp_4_0/platform/config/telegraf/ag.toml (working copy) @@ -0,0 +1,169 @@ +[[inputs.snmp]] +agents = [] +community = "$YTINUMMOC" +name = "an_device_metrics" +timeout = "2s" + +[[inputs.snmp.field]] +name = "cpu_usage" +oid = ".1.3.6.1.4.1.7564.30.1.0" + +[[inputs.snmp.field]] +name = "net_mem_usage" +oid = ".1.3.6.1.4.1.7564.30.4.0" + +[[inputs.snmp.field]] +name = "totalOpenSSLConns" +oid = ".1.3.6.1.4.1.7564.20.2.1.0" + +[[inputs.snmp.field]] +name = "connections" +oid = ".1.3.6.1.4.1.7564.30.2.0" + +[[inputs.snmp.field]] +name = "requests" +oid = ".1.3.6.1.4.1.7564.30.3.0" + +[[inputs.snmp.field]] +name = "total_in" +oid = ".1.3.6.1.4.1.7564.23.2.0" + +[[inputs.snmp.field]] +name = "total_out" +oid = ".1.3.6.1.4.1.7564.23.3.0" + + +[[inputs.snmp.table]] +name = "ag_virtual_site_stats" + +[[inputs.snmp.table.field]] +is_tag = true +name = "Id" +oid = ".1.3.6.1.4.1.7564.31.1.2.1.2" + +[[inputs.snmp.table.field]] +is_tag = true +name = "IP" +oid = ".1.3.6.1.4.1.7564.31.1.2.1.17" + +[[inputs.snmp.table.field]] +name = "ActiveSessions" +oid = ".1.3.6.1.4.1.7564.31.1.2.1.3" + +[[inputs.snmp.table.field]] +name = "SuccessLogin" +oid = ".1.3.6.1.4.1.7564.31.1.2.1.4" + +[[inputs.snmp.table.field]] +name = "FailureLogin" +oid = ".1.3.6.1.4.1.7564.31.1.2.1.5" + +[[inputs.snmp.table.field]] +name = "ErrorLogin" +oid = ".1.3.6.1.4.1.7564.31.1.2.1.6" + +[[inputs.snmp.table.field]] +name = "SuccessLogout" +oid = ".1.3.6.1.4.1.7564.31.1.2.1.7" + +[[inputs.snmp.table.field]] +name = "ClientBytesIn" +oid = ".1.3.6.1.4.1.7564.31.1.2.1.8" + +[[inputs.snmp.table.field]] +name = "ClientBytesOut" +oid = ".1.3.6.1.4.1.7564.31.1.2.1.9" + +[[inputs.snmp.table.field]] +name = "LockedLogin" +oid = ".1.3.6.1.4.1.7564.31.1.2.1.15" + +[[inputs.snmp.table.field]] +name = "RejectedLogin" +oid = ".1.3.6.1.4.1.7564.31.1.2.1.16" + +[[inputs.snmp.table.field]] +name = "ServerBytesIn" +oid = ".1.3.6.1.4.1.7564.31.1.2.1.19" + +[[inputs.snmp.table.field]] +name = "ServerBytesOut" +oid = ".1.3.6.1.4.1.7564.31.1.2.1.20" + + +[[inputs.snmp.table]] +name = "ag_vpn_stats" + +[[inputs.snmp.table.field]] +is_tag = true +name = "Id" +oid = ".1.3.6.1.4.1.7564.32.1.2.1.2" + +[[inputs.snmp.table.field]] +name = "TunnelsOpen" +oid = ".1.3.6.1.4.1.7564.32.1.2.1.3" + +[[inputs.snmp.table.field]] +name = "TunnelsEst" +oid = ".1.3.6.1.4.1.7564.32.1.2.1.4" + +[[inputs.snmp.table.field]] +name = "TunnelsRejected" +oid = ".1.3.6.1.4.1.7564.32.1.2.1.5" + +[[inputs.snmp.table.field]] +name = "TunnelsTerminated" +oid = ".1.3.6.1.4.1.7564.32.1.2.1.6" + +[[inputs.snmp.table.field]] +name = "BytesIn" +oid = ".1.3.6.1.4.1.7564.32.1.2.1.7" + +[[inputs.snmp.table.field]] +name = "BytesOut" +oid = ".1.3.6.1.4.1.7564.32.1.2.1.8" + +[[inputs.snmp.table.field]] +name = "UnauthPacketsIn" +oid = ".1.3.6.1.4.1.7564.32.1.2.1.9" + +[[inputs.snmp.table.field]] +name = "clientAppBytesIn" +oid = ".1.3.6.1.4.1.7564.32.1.2.1.10" + +[[inputs.snmp.table.field]] +name = "clientAppBytesOut" +oid = ".1.3.6.1.4.1.7564.32.1.2.1.11" + + +[[inputs.snmp.table]] +name = "ag_web_stats" + +[[inputs.snmp.table.field]] +is_tag = true +name = "Id" +oid = ".1.3.6.1.4.1.7564.33.1.2.1.2" + +[[inputs.snmp.table.field]] +name = "AuthorizedReq" +oid = ".1.3.6.1.4.1.7564.33.1.2.1.3" + +[[inputs.snmp.table.field]] +name = "UnauthorizedReq" +oid = ".1.3.6.1.4.1.7564.33.1.2.1.4" + +[[inputs.snmp.table.field]] +name = "ClientBytesIn" +oid = ".1.3.6.1.4.1.7564.33.1.2.1.5" + +[[inputs.snmp.table.field]] +name = "ClientBytesOut" +oid = ".1.3.6.1.4.1.7564.33.1.2.1.6" + +[[inputs.snmp.table.field]] +name = "ServerBytesIn" +oid = ".1.3.6.1.4.1.7564.33.1.2.1.7" + +[[inputs.snmp.table.field]] +name = "ServerBytesOut" +oid = ".1.3.6.1.4.1.7564.33.1.2.1.8" Index: /branches/amp_4_0/platform/config/telegraf/apv.toml =================================================================== --- /branches/amp_4_0/platform/config/telegraf/apv.toml (nonexistent) +++ /branches/amp_4_0/platform/config/telegraf/apv.toml (working copy) @@ -0,0 +1,324 @@ +[[inputs.snmp]] +agents = [] +community = "$YTINUMMOC" +name = "an_device_metrics" +timeout = "2s" + +[[inputs.snmp.field]] +name = "cpu_usage" +oid = ".1.3.6.1.4.1.7564.30.1.0" + +[[inputs.snmp.field]] +name = "mem_usage" +oid = ".1.3.6.1.4.1.7564.4.5.0" + +[[inputs.snmp.field]] +name = "net_mem_usage" +oid = ".1.3.6.1.4.1.7564.4.2.0" + +[[inputs.snmp.field]] +name = "totalOpenSSLConns" +oid = ".1.3.6.1.4.1.7564.20.2.1.0" + +[[inputs.snmp.field]] +name = "connections" +oid = ".1.3.6.1.4.1.7564.30.2.0" + +[[inputs.snmp.field]] +name = "requests" +oid = ".1.3.6.1.4.1.7564.30.3.0" + +[[inputs.snmp.field]] +name = "total_in" +oid = ".1.3.6.1.4.1.7564.23.2.0" + +[[inputs.snmp.field]] +name = "total_out" +oid = ".1.3.6.1.4.1.7564.23.3.0" + + +[[inputs.snmp]] +agents = [] +community = "$YTINUMMOC" +name = "an_device_performance" +timeout = "2s" + +[[inputs.snmp.field]] +name = "sslAECoreUtilization" +oid = ".1.3.6.1.4.1.7564.30.9.0" + +[[inputs.snmp.field]] +name = "sslSECoreUtilization" +oid = ".1.3.6.1.4.1.7564.30.10.0" + + +[[inputs.snmp.table]] +name = "an_device_storage" + +[[inputs.snmp.table.field]] +is_tag = true +name = "prefix" +oid = ".1.3.6.1.2.1.25.2.3.1.3" + +[[inputs.snmp.table.field]] +name = "size" +oid = ".1.3.6.1.2.1.25.2.3.1.5" + +[[inputs.snmp.table.field]] +name = "used" +oid = ".1.3.6.1.2.1.25.2.3.1.6" + +[[inputs.snmp.table]] +name = "apv_virtual_stats" + +[[inputs.snmp.table.field]] +is_tag = true +name = "ServerId" +oid = ".1.3.6.1.4.1.7564.19.2.2.1.1.2" + +[[inputs.snmp.table.field]] +is_tag = true +name = "Addr" +oid = ".1.3.6.1.4.1.7564.19.2.2.1.1.3" + +[[inputs.snmp.table.field]] +is_tag = true +name = "Port" +oid = ".1.3.6.1.4.1.7564.19.2.2.1.1.4" + +[[inputs.snmp.table.field]] +is_tag = true +name = "Protocol" +oid = ".1.3.6.1.4.1.7564.19.1.2.2.1.3" + +[[inputs.snmp.table.field]] +name = "URLHits" +oid = ".1.3.6.1.4.1.7564.19.2.2.1.1.5" + +[[inputs.snmp.table.field]] +name = "HostnameHits" +oid = ".1.3.6.1.4.1.7564.19.2.2.1.1.6" + +[[inputs.snmp.table.field]] +name = "PerstntCookieHits" +oid = ".1.3.6.1.4.1.7564.19.2.2.1.1.7" + +[[inputs.snmp.table.field]] +name = "QosCookieHits" +oid = ".1.3.6.1.4.1.7564.19.2.2.1.1.8" + +[[inputs.snmp.table.field]] +name = "DefaultHits" +oid = ".1.3.6.1.4.1.7564.19.2.2.1.1.9" + +[[inputs.snmp.table.field]] +name = "PerstntURLHits" +oid = ".1.3.6.1.4.1.7564.19.2.2.1.1.10" + +[[inputs.snmp.table.field]] +name = "StaticHits" +oid = ".1.3.6.1.4.1.7564.19.2.2.1.1.11" + +[[inputs.snmp.table.field]] +name = "QosNetworkHits" +oid = ".1.3.6.1.4.1.7564.19.2.2.1.1.12" + +[[inputs.snmp.table.field]] +name = "QosURLHits" +oid = ".1.3.6.1.4.1.7564.19.2.2.1.1.13" + +[[inputs.snmp.table.field]] +name = "BackupHits" +oid = ".1.3.6.1.4.1.7564.19.2.2.1.1.14" + +[[inputs.snmp.table.field]] +name = "CacheHits" +oid = ".1.3.6.1.4.1.7564.19.2.2.1.1.15" + +[[inputs.snmp.table.field]] +name = "RegexHits" +oid = ".1.3.6.1.4.1.7564.19.2.2.1.1.16" + +[[inputs.snmp.table.field]] +name = "RCookieHits" +oid = ".1.3.6.1.4.1.7564.19.2.2.1.1.17" + +[[inputs.snmp.table.field]] +name = "ICookieHits" +oid = ".1.3.6.1.4.1.7564.19.2.2.1.1.18" + +[[inputs.snmp.table.field]] +name = "ConnCnt" +oid = ".1.3.6.1.4.1.7564.19.2.2.1.1.19" + +[[inputs.snmp.table.field]] +name = "QosClientPortHits" +oid = ".1.3.6.1.4.1.7564.19.2.2.1.1.22" + +[[inputs.snmp.table.field]] +name = "QosBodyHits" +oid = ".1.3.6.1.4.1.7564.19.2.2.1.1.23" + +[[inputs.snmp.table.field]] +name = "HeaderHits" +oid = ".1.3.6.1.4.1.7564.19.2.2.1.1.24" + +[[inputs.snmp.table.field]] +name = "HashURLHits" +oid = ".1.3.6.1.4.1.7564.19.2.2.1.1.25" + +[[inputs.snmp.table.field]] +name = "RedirectHits" +oid = ".1.3.6.1.4.1.7564.19.2.2.1.1.26" + +[[inputs.snmp.table.field]] +name = "ConnPerSec" +oid = ".1.3.6.1.4.1.7564.19.2.2.1.1.31" + +[[inputs.snmp.table.field]] +name = "InBytePerSec" +oid = ".1.3.6.1.4.1.7564.19.2.2.1.1.32" + +[[inputs.snmp.table.field]] +name = "OutBytePerSec" +oid = ".1.3.6.1.4.1.7564.19.2.2.1.1.33" + +[[inputs.snmp.table.field]] +name = "InPacketPerSec" +oid = ".1.3.6.1.4.1.7564.19.2.2.1.1.34" + +[[inputs.snmp.table.field]] +name = "OutPacketPerSec" +oid = ".1.3.6.1.4.1.7564.19.2.2.1.1.35" + +[[inputs.snmp.table.field]] +is_tag = true +name = "HealthStatus" +oid = ".1.3.6.1.4.1.7564.19.2.2.1.1.36" + + +[[inputs.snmp.table]] +name = "apv_real_stats" + +[[inputs.snmp.table.field]] +is_tag = true +name = "realServerId" +oid = ".1.3.6.1.4.1.7564.19.2.1.1.1.2" + +[[inputs.snmp.table.field]] +is_tag = true +name = "Addr" +oid = ".1.3.6.1.4.1.7564.19.2.1.1.1.3" + +[[inputs.snmp.table.field]] +is_tag = true +name = "Port" +oid = ".1.3.6.1.4.1.7564.19.2.1.1.1.4" + +[[inputs.snmp.table.field]] +is_tag = true +name = "Protocol" +oid = ".1.3.6.1.4.1.7564.19.1.1.2.1.3" + +[[inputs.snmp.table.field]] +is_tag = true +name = "Status" +oid = ".1.3.6.1.4.1.7564.19.2.1.1.1.8" + +[[inputs.snmp.table.field]] +name = "rsCntOfReq" +oid = ".1.3.6.1.4.1.7564.19.2.1.1.1.5" + +[[inputs.snmp.table.field]] +name = "rsConnCnt" +oid = ".1.3.6.1.4.1.7564.19.2.1.1.1.6" + +[[inputs.snmp.table.field]] +name = "rsTotalHits" +oid = ".1.3.6.1.4.1.7564.19.2.1.1.1.7" + +[[inputs.snmp.table.field]] +name = "rsConnPerSec" +oid = ".1.3.6.1.4.1.7564.19.2.1.1.1.13" + +[[inputs.snmp.table.field]] +name = "rsInBytePerSec" +oid = ".1.3.6.1.4.1.7564.19.2.1.1.1.14" + +[[inputs.snmp.table.field]] +name = "rsOutBytePerSec" +oid = ".1.3.6.1.4.1.7564.19.2.1.1.1.15" + +[[inputs.snmp.table.field]] +name = "rsInPacketPerSec" +oid = ".1.3.6.1.4.1.7564.19.2.1.1.1.16" + +[[inputs.snmp.table.field]] +name = "rsOutPacketPerSec" +oid = ".1.3.6.1.4.1.7564.19.2.1.1.1.17" + +[[inputs.snmp.table]] +name = "apv_llb_stats" + +[[inputs.snmp.table.field]] +name = "linkIndex" +oid = ".1.3.6.1.4.1.7564.34.2.1.2.1.1" + +[[inputs.snmp.table.field]] +is_tag = true +name = "linkName" +oid = ".1.3.6.1.4.1.7564.34.2.1.2.1.2" + +[[inputs.snmp.table.field]] +name = "linkGateway" +oid = ".1.3.6.1.4.1.7564.34.2.1.2.1.3" + +[[inputs.snmp.table.field]] +is_tag = true +name = "linkStatus" +oid = ".1.3.6.1.4.1.7564.34.2.1.2.1.4" + +[[inputs.snmp.table.field]] +name = "linkRespTime" +oid = ".1.3.6.1.4.1.7564.34.2.1.2.1.5" + +[[inputs.snmp.table.field]] +name = "linkUpTime" +oid = ".1.3.6.1.4.1.7564.34.2.1.2.1.6" + +[[inputs.snmp.table.field]] +name = "linkDownTime" +oid = ".1.3.6.1.4.1.7564.34.2.1.2.1.7" + +[[inputs.snmp.table.field]] +name = "linkDownCount" +oid = ".1.3.6.1.4.1.7564.34.2.1.2.1.8" + +[[inputs.snmp.table.field]] +name = "linkDownEvent" +oid = ".1.3.6.1.4.1.7564.34.2.1.2.1.9" + +[[inputs.snmp.table.field]] +name = "linkBandwidIn" +oid = ".1.3.6.1.4.1.7564.34.2.1.2.1.10" + +[[inputs.snmp.table.field]] +name = "linkBandwidOut" +oid = ".1.3.6.1.4.1.7564.34.2.1.2.1.11" + +[[inputs.snmp.table.field]] +name = "linkThresh" +oid = ".1.3.6.1.4.1.7564.34.2.1.2.1.12" + +[[inputs.snmp.table.field]] +name = "linkHits" +oid = ".1.3.6.1.4.1.7564.34.2.1.2.1.13" + +[[inputs.snmp.table.field]] +name = "linkConn" +oid = ".1.3.6.1.4.1.7564.34.2.1.2.1.14" + +[[inputs.snmp.table.field]] +name = "linkUsage" +oid = ".1.3.6.1.4.1.7564.34.2.1.2.1.15" + Index: /branches/amp_4_0/platform/config/telegraf/asf.toml =================================================================== --- /branches/amp_4_0/platform/config/telegraf/asf.toml (nonexistent) +++ /branches/amp_4_0/platform/config/telegraf/asf.toml (working copy) @@ -0,0 +1,613 @@ +[[inputs.snmp]] +agents = [] +community = "$YTINUMMOC" +name = "an_device_metrics" +timeout = "2s" + +[[inputs.snmp.field]] +name = "cpu_usage" +oid = ".1.3.6.1.4.1.7564.30.1.0" + +[[inputs.snmp.field]] +name = "mem_usage" +oid = ".1.3.6.1.4.1.7564.4.5.0" + +[[inputs.snmp.field]] +name = "net_mem_usage" +oid = ".1.3.6.1.4.1.7564.4.2.0" + +[[inputs.snmp.field]] +name = "totalOpenSSLConns" +oid = ".1.3.6.1.4.1.7564.20.2.1.0" + +[[inputs.snmp.field]] +name = "connections" +oid = ".1.3.6.1.4.1.7564.30.2.0" + +[[inputs.snmp.field]] +name = "requests" +oid = ".1.3.6.1.4.1.7564.30.3.0" + +[[inputs.snmp.field]] +name = "total_in" +oid = ".1.3.6.1.4.1.7564.23.2.0" + +[[inputs.snmp.field]] +name = "total_out" +oid = ".1.3.6.1.4.1.7564.23.3.0" + + +[[inputs.snmp.table]] +name = "an_device_storage" + +[[inputs.snmp.table.field]] +is_tag = true +name = "prefix" +oid = ".1.3.6.1.2.1.25.2.3.1.3" + +[[inputs.snmp.table.field]] +name = "size" +oid = ".1.3.6.1.2.1.25.2.3.1.5" + +[[inputs.snmp.table.field]] +name = "used" +oid = ".1.3.6.1.2.1.25.2.3.1.6" + +[[inputs.snmp.table]] +name = "asf_ssl_statistics" + +[[inputs.snmp.table.field]] +name = "totalOpenSSLConns" +oid = ".1.3.6.1.4.1.7564.20.2.1" + +[[inputs.snmp.table.field]] +name = "totalAcceptedConns" +oid = ".1.3.6.1.4.1.7564.20.2.2" + +[[inputs.snmp.table.field]] +name = "totalRequestedConns" +oid = ".1.3.6.1.4.1.7564.20.2.3" + + +[[inputs.snmp.table]] +name = "asf_ssl_host_statistics" + +[[inputs.snmp.table.field]] +name = "sslIndex" +oid = ".1.3.6.1.4.1.7564.20.2.4.1.1" + +[[inputs.snmp.table.field]] +name = "vhostName" +oid = ".1.3.6.1.4.1.7564.20.2.4.1.2" + +[[inputs.snmp.table.field]] +name = "openSSLConns" +oid = ".1.3.6.1.4.1.7564.20.2.4.1.3" + +[[inputs.snmp.table.field]] +name = "acceptedConns" +oid = ".1.3.6.1.4.1.7564.20.2.4.1.4" + +[[inputs.snmp.table.field]] +name = "requestedConns" +oid = ".1.3.6.1.4.1.7564.20.2.4.1.5" + +[[inputs.snmp.table.field]] +name = "resumedSess" +oid = ".1.3.6.1.4.1.7564.20.2.4.1.6" + +[[inputs.snmp.table.field]] +name = "resumableSess" +oid = ".1.3.6.1.4.1.7564.20.2.4.1.7" + +[[inputs.snmp.table.field]] +name = "missSess" +oid = ".1.3.6.1.4.1.7564.20.2.4.1.8" + +[[inputs.snmp.table.field]] +name = "connsPerSec" +oid = ".1.3.6.1.4.1.7564.20.2.4.1.9" + +[[inputs.snmp.table]] +name = "asf_vip_group_statistics" + +[[inputs.snmp.table.field]] +name = "vipStatus" +oid = ".1.3.6.1.4.1.7564.22.1" + +[[inputs.snmp.table.field]] +name = "hostName" +oid = ".1.3.6.1.4.1.7564.22.2" + +[[inputs.snmp.table.field]] +name = "currentTime" +oid = ".1.3.6.1.4.1.7564.22.3" + +[[inputs.snmp.table.field]] +name = "totalIPPktsIn" +oid = ".1.3.6.1.4.1.7564.22.4" + +[[inputs.snmp.table.field]] +name = "totalIPPktsOut" +oid = ".1.3.6.1.4.1.7564.22.5" + +[[inputs.snmp.table.field]] +name = "totalIPBytesIn" +oid = ".1.3.6.1.4.1.7564.22.6" + +[[inputs.snmp.table.field]] +name = "totalIPBytesOut" +oid = ".1.3.6.1.4.1.7564.22.7" + +[[inputs.snmp.table]] +name = "asf_vip_statistics" + +[[inputs.snmp.table.field]] +name = "ipIndex" +oid = ".1.3.6.1.4.1.7564.22.8.1.1" + +[[inputs.snmp.table.field]] +name = "ipAddress" +oid = ".1.3.6.1.4.1.7564.22.8.1.2" + +[[inputs.snmp.table.field]] +name = "ipPktsIn" +oid = ".1.3.6.1.4.1.7564.22.8.1.3" + +[[inputs.snmp.table.field]] +name = "ipBytesIn" +oid = ".1.3.6.1.4.1.7564.22.8.1.4" + +[[inputs.snmp.table.field]] +name = "ipPktsOut" +oid = ".1.3.6.1.4.1.7564.22.8.1.5" + +[[inputs.snmp.table.field]] +name = "ipBytesOut" +oid = ".1.3.6.1.4.1.7564.22.8.1.6" + +[[inputs.snmp.table.field]] +name = "startTime" +oid = ".1.3.6.1.4.1.7564.22.8.1.7" + +[[inputs.snmp.table.field]] +name = "ipAddrType" +oid = ".1.3.6.1.4.1.7564.22.8.1.8" + +[[inputs.snmp.table]] +name = "asf_syslog_history" + +[[inputs.snmp.table.field]] +name = "index" +oid = ".1.3.6.1.4.1.7564.24.2.2.1.1" + +[[inputs.snmp.table.field]] +name = "severity" +oid = ".1.3.6.1.4.1.7564.24.2.2.1.2" + +[[inputs.snmp.table.field]] +name = "msgText" +oid = ".1.3.6.1.4.1.7564.24.2.2.1.3" + +[[inputs.snmp.table]] +name = "asf_performance_statistics" + +[[inputs.snmp.table.field]] +name = "cpuUtilization" +oid = ".1.3.6.1.4.1.7564.30.1" + +[[inputs.snmp.table.field]] +name = "connectionsPerSec" +oid = ".1.3.6.1.4.1.7564.30.2" + +[[inputs.snmp.table.field]] +name = "requestsPerSec" +oid = ".1.3.6.1.4.1.7564.30.3" + +[[inputs.snmp.table.field]] +name = "sslCoreUtilization" +oid = ".1.3.6.1.4.1.7564.30.4" + +[[inputs.snmp.table.field]] +name = "sslAECoreUtilization" +oid = ".1.3.6.1.4.1.7564.30.5" + +[[inputs.snmp.table.field]] +name = "sslSECoreUtilization" +oid = ".1.3.6.1.4.1.7564.30.6" + +[[inputs.snmp.table]] +name = "asf_http_service" + +[[inputs.snmp.table.field]] +name = "httpServiceIndex" +oid = ".1.3.6.1.4.1.7564.33.1.2.2.1.1" + +[[inputs.snmp.table.field]] +name = "httpServiceId" +oid = ".1.3.6.1.4.1.7564.33.1.2.2.1.2" + +[[inputs.snmp.table.field]] +name = "httpServiceCc" +oid = ".1.3.6.1.4.1.7564.33.1.2.2.1.3" + +[[inputs.snmp.table.field]] +name = "httpServiceCps" +oid = ".1.3.6.1.4.1.7564.33.1.2.2.1.4" + +[[inputs.snmp.table.field]] +name = "httpServiceRpsGet" +oid = ".1.3.6.1.4.1.7564.33.1.2.2.1.5" + +[[inputs.snmp.table.field]] +name = "httpServiceRpsPost" +oid = ".1.3.6.1.4.1.7564.33.1.2.2.1.6" + +[[inputs.snmp.table.field]] +name = "httpServiceRpsHead" +oid = ".1.3.6.1.4.1.7564.33.1.2.2.1.7" + +[[inputs.snmp.table.field]] +name = "httpServiceRpsPut" +oid = ".1.3.6.1.4.1.7564.33.1.2.2.1.8" + +[[inputs.snmp.table.field]] +name = "httpServiceRpsDelete" +oid = ".1.3.6.1.4.1.7564.33.1.2.2.1.9" + +[[inputs.snmp.table.field]] +name = "httpServiceRpsTotal" +oid = ".1.3.6.1.4.1.7564.33.1.2.2.1.10" + +[[inputs.snmp.table.field]] +name = "httpServiceAnomalyMethod" +oid = ".1.3.6.1.4.1.7564.33.1.2.2.1.11" + +[[inputs.snmp.table.field]] +name = "httpServiceAnomalyRequestline" +oid = ".1.3.6.1.4.1.7564.33.1.2.2.1.12" + +[[inputs.snmp.table.field]] +name = "httpServiceAnomalyHost" +oid = ".1.3.6.1.4.1.7564.33.1.2.2.1.13" + +[[inputs.snmp.table.field]] +name = "httpServiceAnomalyConnection" +oid = ".1.3.6.1.4.1.7564.33.1.2.2.1.14" + +[[inputs.snmp.table.field]] +name = "httpServiceAnomalyContentlength" +oid = ".1.3.6.1.4.1.7564.33.1.2.2.1.15" + +[[inputs.snmp.table.field]] +name = "httpServiceAnomalyRange" +oid = ".1.3.6.1.4.1.7564.33.1.2.2.1.16" + +[[inputs.snmp.table.field]] +name = "httpServiceTrafficInboundInByte" +oid = ".1.3.6.1.4.1.7564.33.1.2.2.1.17" + +[[inputs.snmp.table.field]] +name = "httpServiceTrafficInboundInPacket" +oid = ".1.3.6.1.4.1.7564.33.1.2.2.1.18" + +[[inputs.snmp.table.field]] +name = "httpServiceTrafficInboundOutByte" +oid = ".1.3.6.1.4.1.7564.33.1.2.2.1.19" + +[[inputs.snmp.table.field]] +name = "httpServiceTrafficInboundOutPacket" +oid = ".1.3.6.1.4.1.7564.33.1.2.2.1.20" + +[[inputs.snmp.table.field]] +name = "httpServiceTrafficOutboundInByte" +oid = ".1.3.6.1.4.1.7564.33.1.2.2.1.21" + +[[inputs.snmp.table.field]] +name = "httpServiceTrafficOutboundInPacket" +oid = ".1.3.6.1.4.1.7564.33.1.2.2.1.22" + +[[inputs.snmp.table.field]] +name = "httpServiceTrafficOutboundOutByte" +oid = ".1.3.6.1.4.1.7564.33.1.2.2.1.23" + +[[inputs.snmp.table.field]] +name = "httpServiceTrafficOutboundOutPacket" +oid = ".1.3.6.1.4.1.7564.33.1.2.2.1.24" + +[[inputs.snmp.table.field]] +name = "httpServiceDropTotal" +oid = ".1.3.6.1.4.1.7564.33.1.2.2.1.25" + +[[inputs.snmp.table.field]] +name = "httpServiceDropTypeSource" +oid = ".1.3.6.1.4.1.7564.33.1.2.2.1.26" + +[[inputs.snmp.table.field]] +name = "httpServiceDropTypeManBl" +oid = ".1.3.6.1.4.1.7564.33.1.2.2.1.27" + +[[inputs.snmp.table.field]] +name = "httpServiceDropTypeDynBl" +oid = ".1.3.6.1.4.1.7564.33.1.2.2.1.28" + +[[inputs.snmp.table.field]] +name = "httpServiceDropTypeAcl" +oid = ".1.3.6.1.4.1.7564.33.1.2.2.1.29" + +[[inputs.snmp.table.field]] +name = "httpServiceDropTypeDdos" +oid = ".1.3.6.1.4.1.7564.33.1.2.2.1.30" + +[[inputs.snmp.table.field]] +name = "httpServiceDropTypeWaf" +oid = ".1.3.6.1.4.1.7564.33.1.2.2.1.31" + +[[inputs.snmp.table.field]] +name = "httpServiceDropTypeFilter" +oid = ".1.3.6.1.4.1.7564.33.1.2.2.1.32" + +[[inputs.snmp.table.field]] +name = "httpServiceDropTypeAnormaly" +oid = ".1.3.6.1.4.1.7564.33.1.2.2.1.33" + +[[inputs.snmp.table.field]] +name = "httpServiceDropTypeParseFail" +oid = ".1.3.6.1.4.1.7564.33.1.2.2.1.34" + +[[inputs.snmp.table.field]] +name = "httpServiceDropTypeResource" +oid = ".1.3.6.1.4.1.7564.33.1.2.2.1.35" + +[[inputs.snmp.table.field]] +name = "httpServiceDropTypeProfile" +oid = ".1.3.6.1.4.1.7564.33.1.2.2.1.36" + +[[inputs.snmp.table]] +name = "asf_https_service" + +[[inputs.snmp.table.field]] +name = "httpsServiceIndex" +oid = ".1.3.6.1.4.1.7564.33.1.3.2.1.1" + +[[inputs.snmp.table.field]] +name = "httpsServiceId" +oid = ".1.3.6.1.4.1.7564.33.1.3.2.1.2" + +[[inputs.snmp.table.field]] +name = "httpsServiceCc" +oid = ".1.3.6.1.4.1.7564.33.1.3.2.1.3" + +[[inputs.snmp.table.field]] +name = "httpsServiceCps" +oid = ".1.3.6.1.4.1.7564.33.1.3.2.1.4" + +[[inputs.snmp.table.field]] +name = "httpsServiceRpsGet" +oid = ".1.3.6.1.4.1.7564.33.1.3.2.1.5" + +[[inputs.snmp.table.field]] +name = "httpsServiceRpsPost" +oid = ".1.3.6.1.4.1.7564.33.1.3.2.1.6" + +[[inputs.snmp.table.field]] +name = "httpsServiceRpsHead" +oid = ".1.3.6.1.4.1.7564.33.1.3.2.1.7" + +[[inputs.snmp.table.field]] +name = "httpsServiceRpsPut" +oid = ".1.3.6.1.4.1.7564.33.1.3.2.1.8" + +[[inputs.snmp.table.field]] +name = "httpsServiceRpsDelete" +oid = ".1.3.6.1.4.1.7564.33.1.3.2.1.9" + +[[inputs.snmp.table.field]] +name = "httpsServiceRpsTotal" +oid = ".1.3.6.1.4.1.7564.33.1.3.2.1.10" + +[[inputs.snmp.table.field]] +name = "httpsServiceAnormalyMethod" +oid = ".1.3.6.1.4.1.7564.33.1.3.2.1.11" + +[[inputs.snmp.table.field]] +name = "httpsServiceAnormalyRequestline" +oid = ".1.3.6.1.4.1.7564.33.1.3.2.1.12" + +[[inputs.snmp.table.field]] +name = "httpsServiceAnormalyHost" +oid = ".1.3.6.1.4.1.7564.33.1.3.2.1.13" + +[[inputs.snmp.table.field]] +name = "httpsServiceAnormalyConnection" +oid = ".1.3.6.1.4.1.7564.33.1.3.2.1.14" + +[[inputs.snmp.table.field]] +name = "httpsServiceAnormalyContentlength" +oid = ".1.3.6.1.4.1.7564.33.1.3.2.1.15" + +[[inputs.snmp.table.field]] +name = "httpsServiceAnormalyRange" +oid = ".1.3.6.1.4.1.7564.33.1.3.2.1.16" + +[[inputs.snmp.table.field]] +name = "httpsServiceTrafficInboundInByte" +oid = ".1.3.6.1.4.1.7564.33.1.3.2.1.17" + +[[inputs.snmp.table.field]] +name = "httpsServiceTrafficInboundInPackets" +oid = ".1.3.6.1.4.1.7564.33.1.3.2.1.18" + +[[inputs.snmp.table.field]] +name = "httpsServiceTrafficInboundOutByte" +oid = ".1.3.6.1.4.1.7564.33.1.3.2.1.19" + +[[inputs.snmp.table.field]] +name = "httpsServiceTrafficInboundOutPackets" +oid = ".1.3.6.1.4.1.7564.33.1.3.2.1.20" + +[[inputs.snmp.table.field]] +name = "httpsServiceTrafficOutboundInByte" +oid = ".1.3.6.1.4.1.7564.33.1.3.2.1.21" + +[[inputs.snmp.table.field]] +name = "httpsServiceTrafficOutboundInPackets" +oid = ".1.3.6.1.4.1.7564.33.1.3.2.1.22" + +[[inputs.snmp.table.field]] +name = "httpsServiceTrafficOutboundOutByte" +oid = ".1.3.6.1.4.1.7564.33.1.3.2.1.23" + +[[inputs.snmp.table.field]] +name = "httpsServiceTrafficOutboundOutPackets" +oid = ".1.3.6.1.4.1.7564.33.1.3.2.1.24" + +[[inputs.snmp.table.field]] +name = "httpsServiceSslTrafficInboundInByte" +oid = ".1.3.6.1.4.1.7564.33.1.3.2.1.25" + +[[inputs.snmp.table.field]] +name = "httpsServiceSslTrafficInboundInPackets" +oid = ".1.3.6.1.4.1.7564.33.1.3.2.1.26" + +[[inputs.snmp.table.field]] +name = "httpsServiceSslTrafficInboundOutByte" +oid = ".1.3.6.1.4.1.7564.33.1.3.2.1.27" + +[[inputs.snmp.table.field]] +name = "httpsServiceSslTrafficInboundOutPackets" +oid = ".1.3.6.1.4.1.7564.33.1.3.2.1.28" + +[[inputs.snmp.table.field]] +name = "httpsServiceSslTrafficOutboundInByte" +oid = ".1.3.6.1.4.1.7564.33.1.3.2.1.29" + +[[inputs.snmp.table.field]] +name = "httpsServiceSslTrafficOutboundInPackets" +oid = ".1.3.6.1.4.1.7564.33.1.3.2.1.30" + +[[inputs.snmp.table.field]] +name = "httpsServiceSslTrafficOutboundOutByte" +oid = ".1.3.6.1.4.1.7564.33.1.3.2.1.31" + +[[inputs.snmp.table.field]] +name = "httpsServiceSslTrafficOutboundOutPackets" +oid = ".1.3.6.1.4.1.7564.33.1.3.2.1.32" + +[[inputs.snmp.table.field]] +name = "httpsServiceHttpDropTotal" +oid = ".1.3.6.1.4.1.7564.33.1.3.2.1.33" + +[[inputs.snmp.table.field]] +name = "httpsServiceHttpDropTypeSource" +oid = ".1.3.6.1.4.1.7564.33.1.3.2.1.34" + +[[inputs.snmp.table.field]] +name = "httpsServiceHttpDropTypeManBl" +oid = ".1.3.6.1.4.1.7564.33.1.3.2.1.35" + +[[inputs.snmp.table.field]] +name = "httpsServiceHttpDropTypeDynBl" +oid = ".1.3.6.1.4.1.7564.33.1.3.2.1.36" + +[[inputs.snmp.table.field]] +name = "httpsServiceHttpDropTypeAcl" +oid = ".1.3.6.1.4.1.7564.33.1.3.2.1.37" + +[[inputs.snmp.table.field]] +name = "httpsServiceHttpDropTypeDdos" +oid = ".1.3.6.1.4.1.7564.33.1.3.2.1.38" + +[[inputs.snmp.table.field]] +name = "httpsServiceHttpDropTypeWaf" +oid = ".1.3.6.1.4.1.7564.33.1.3.2.1.39" + +[[inputs.snmp.table.field]] +name = "httpsServiceHttpDropTypeFilter" +oid = ".1.3.6.1.4.1.7564.33.1.3.2.1.40" + +[[inputs.snmp.table.field]] +name = "httpsServiceHttpDropTypeAnormaly" +oid = ".1.3.6.1.4.1.7564.33.1.3.2.1.41" + +[[inputs.snmp.table.field]] +name = "httpsServiceHttpDropTypeParseFail" +oid = ".1.3.6.1.4.1.7564.33.1.3.2.1.42" + +[[inputs.snmp.table.field]] +name = "httpsServiceHttpDropTypeResource" +oid = ".1.3.6.1.4.1.7564.33.1.3.2.1.43" + +[[inputs.snmp.table.field]] +name = "httpsServiceHttpDropTypeProfile" +oid = ".1.3.6.1.4.1.7564.33.1.3.2.1.44" + +[[inputs.snmp.table.field]] +name = "httpsServiceSslDropTotal" +oid = ".1.3.6.1.4.1.7564.33.1.3.2.1.45" + +[[inputs.snmp.table.field]] +name = "httpsServiceSslDropResource" +oid = ".1.3.6.1.4.1.7564.33.1.3.2.1.46" + +[[inputs.snmp.table.field]] +name = "httpsServiceSslDropDynBl" +oid = ".1.3.6.1.4.1.7564.33.1.3.2.1.47" + +[[inputs.snmp.table.field]] +name = "httpsServiceSslDropAnormalyTotal" +oid = ".1.3.6.1.4.1.7564.33.1.3.2.1.48" + +[[inputs.snmp.table.field]] +name = "httpsServiceSslDropMismatch" +oid = ".1.3.6.1.4.1.7564.33.1.3.2.1.49" + +[[inputs.snmp.table.field]] +name = "httpsServiceSslDropHandshakeVersionMismatch" +oid = ".1.3.6.1.4.1.7564.33.1.3.2.1.50" + +[[inputs.snmp.table.field]] +name = "httpsServiceSslDropRecordVersion" +oid = ".1.3.6.1.4.1.7564.33.1.3.2.1.51" + +[[inputs.snmp.table.field]] +name = "httpsServiceSslDropRecordType" +oid = ".1.3.6.1.4.1.7564.33.1.3.2.1.52" + +[[inputs.snmp.table.field]] +name = "httpsServiceSslDropHandshakeType" +oid = ".1.3.6.1.4.1.7564.33.1.3.2.1.53" + +[[inputs.snmp.table.field]] +name = "httpsServiceSslDropHandshakeLen" +oid = ".1.3.6.1.4.1.7564.33.1.3.2.1.54" + +[[inputs.snmp.table.field]] +name = "httpsServiceSslDropEncryptDecrypt" +oid = ".1.3.6.1.4.1.7564.33.1.3.2.1.55" + +[[inputs.snmp.table.field]] +name = "httpsServiceSslDropHostStop" +oid = ".1.3.6.1.4.1.7564.33.1.3.2.1.56" + +[[inputs.snmp.table.field]] +name = "httpsServiceSslDropSendData" +oid = ".1.3.6.1.4.1.7564.33.1.3.2.1.57" + +[[inputs.snmp.table.field]] +name = "httpsServiceSslDropBadCipher" +oid = ".1.3.6.1.4.1.7564.33.1.3.2.1.58" + +[[inputs.snmp.table.field]] +name = "httpsServiceSslDropSendCard" +oid = ".1.3.6.1.4.1.7564.33.1.3.2.1.59" + +[[inputs.snmp.table.field]] +name = "httpsServiceSslDropNoRandom" +oid = ".1.3.6.1.4.1.7564.33.1.3.2.1.60" + +[[inputs.snmp.table.field]] +name = "httpsServiceSslDropBigNumberOperationFailed" +oid = ".1.3.6.1.4.1.7564.33.1.3.2.1.61" + + Index: /branches/amp_4_0/platform/tools/configure_elk.sh =================================================================== --- /branches/amp_4_0/platform/tools/configure_elk.sh (revision 2594) +++ /branches/amp_4_0/platform/tools/configure_elk.sh (working copy) @@ -88,6 +88,37 @@ fi } +make_data_view_acm_default() { + CURL_AUTH_ARGS=(-u "${ELASTIC_SUPER_USER}:${ELASTIC_PASSWORD}") # Basic Auth for curl + CURL_COMMON_ARGS=(-H "kbn-xsrf: true" -H "Content-Type: application/json" --silent --fail --show-error) + + TARGET_DATAVIEW_NAME="acm-*" + TARGET_DATAVIEW_ID="acm-*" + + SET_DEFAULT_RESPONSE=$(curl -X POST "${KIBANA_HOST}/api/data_views/default" \ + "${CURL_AUTH_ARGS[@]}" \ + "${CURL_COMMON_ARGS[@]}" \ + -d '{ "data_view_id": "'"${TARGET_DATAVIEW_ID}"'", "force": true }') + + # Check if curl command itself failed + if [ $? -ne 0 ]; then + log_error "❌ Failed to set default data view. Check Kibana URL, credentials, and connectivity." >&2 + log_info "Response: ${SET_DEFAULT_RESPONSE}" >&2 + exit 1 + fi + + # Verify success from the response content using jq + ACKNOWLEDGED=$(echo "${SET_DEFAULT_RESPONSE}" | jq -r ".acknowledged") + + if [ "${ACKNOWLEDGED}" == "true" ]; then + log_info "Success: Default data view set to '${TARGET_DATAVIEW_NAME}' (ID: ${TARGET_DATAVIEW_ID})." + else + log_error "❌ Kibana API reported failure to set default data view." >&2 + log_info "Response: ${SET_DEFAULT_RESPONSE}" >&2 + exit 1 + fi +} + clean_start_filebeat() { log_info "Cleaning up and safely starting Filebeat..." @@ -143,6 +174,8 @@ create_data_view_logstash create_data_view_acm + + make_data_view_acm_default } configure_elk() { Index: /branches/amp_4_0/platform/tools/install_tools_dependencies.sh =================================================================== --- /branches/amp_4_0/platform/tools/install_tools_dependencies.sh (nonexistent) +++ /branches/amp_4_0/platform/tools/install_tools_dependencies.sh (working copy) @@ -0,0 +1,135 @@ +#!/bin/bash + +# Configuration +DOWNLOAD_DIR="/tmp" # Temporary directory for downloading the JAR +TARGET_DIR="/etc/logstash/jdbc_drivers" # Where Logstash expects the drivers +LOGSTASH_USER="admin" # User Logstash runs as +LOGSTASH_GROUP="admin" # Group Logstash runs as +# --- HARDCODED URL --- +# IMPORTANT: Manually update this URL to the latest PostgreSQL JDBC driver .jar file +# You can find it at: https://jdbc.postgresql.org/download/ +LATEST_DRIVER_URL="https://repo1.maven.org/maven2/org/postgresql/postgresql/42.7.5/postgresql-42.7.5.jar" # <--- UPDATE THIS LINK WHEN A NEW DRIVER IS RELEASED +# --- END HARDCODED URL --- +PG_JDBC_URL="https://jdbc.postgresql.org/download/" # Keep this for logging context if desired +LOG_FILE="/var/log/install_logstash_dependencies.log" # Log file for script output + +# Redirect all stdout and stderr to the log file +exec > >(tee -a "$LOG_FILE") 2>&1 + +# --- Functions --- + +log_info() { + echo "[INFO] $(date +'%Y-%m-%d %H:%M:%S') $1" +} + +log_error() { + echo "[ERROR] $(date +'%Y-%m-%d %H:%M:%S') $1" +} + +# --- Main Script --- + +log_info "Starting PostgreSQL JDBC driver setup script..." +log_info "All script output is being logged to: ${LOG_FILE}" + +# Check for required commands +if ! command -v curl &> /dev/null; then + log_error "Error: 'curl' is not installed. Please install it (e.g., sudo apt install curl or sudo yum install curl)." + exit 1 +fi +if ! command -v grep &> /dev/null; then # Grep is still needed for user/group check, even if not for URL parsing + log_error "Error: 'grep' is not installed. Please install it (e.g., sudo apt install grep or sudo yum install grep)." + exit 1 +fi + +# Check if the specified user and group exist +if ! id -u "$LOGSTASH_USER" &> /dev/null; then + log_error "User '$LOGSTASH_USER' does not exist. Please create it or adjust LOGSTASH_USER in the script." + exit 1 +fi +if ! getent group "$LOGSTASH_GROUP" &> /dev/null; then + log_error "Group '$LOGSTASH_GROUP' does not exist. Please create it or adjust LOGSTASH_GROUP in the script." + exit 1 +fi + +log_info "Direct download URL is used: ${LATEST_DRIVER_URL}" + +DRIVER_FILENAME=$(basename "$LATEST_DRIVER_URL") +TEMP_DRIVER_PATH="${DOWNLOAD_DIR}/${DRIVER_FILENAME}" + +log_info "Expected filename: ${DRIVER_FILENAME}" + +# 2. Download the driver +log_info "Downloading ${DRIVER_FILENAME} to ${DOWNLOAD_DIR}..." +curl -L -o "$TEMP_DRIVER_PATH" "$LATEST_DRIVER_URL" + +if [ $? -ne 0 ]; then + log_error "Failed to download the driver from ${LATEST_DRIVER_URL}." + log_error "Please check your internet connection or the URL." + exit 1 +fi + +if [ ! -f "$TEMP_DRIVER_PATH" ]; then + log_error "Downloaded file not found at ${TEMP_DRIVER_PATH}. Download might have failed silently." + exit 1 +fi + +log_info "Download complete." + +# 3. Create target directory +log_info "Ensuring target directory ${TARGET_DIR} exists..." +sudo mkdir -p "$TARGET_DIR" +if [ $? -ne 0 ]; then + log_error "Failed to create target directory ${TARGET_DIR}. Do you have sufficient permissions?" + exit 1 +fi +log_info "Target directory is ready." + +# 4. Copy the driver to the target directory +log_info "Copying ${DRIVER_FILENAME} to ${TARGET_DIR}..." +sudo cp "$TEMP_DRIVER_PATH" "$TARGET_DIR/" +if [ $? -ne 0 ]; then + log_error "Failed to copy the driver to ${TARGET_DIR}. Do you have sufficient permissions?" + exit 1 +fi +log_info "Driver copied successfully." + +# 5. Set permissions +FINAL_DRIVER_PATH="${TARGET_DIR}/${DRIVER_FILENAME}" +log_info "Setting ownership to ${LOGSTASH_USER}:${LOGSTASH_GROUP} for ${FINAL_DRIVER_PATH}..." +sudo chown "${LOGSTASH_USER}:${LOGSTASH_GROUP}" "$FINAL_DRIVER_PATH" +if [ $? -ne 0 ]; then + log_error "Failed to change ownership of ${FINAL_DRIVER_PATH}. Check if user/group '${LOGSTASH_USER}:${LOGSTASH_GROUP}' exist and you have permissions." + exit 1 +fi + +log_info "Setting permissions to 644 for ${FINAL_DRIVER_PATH}..." +sudo chmod 644 "$FINAL_DRIVER_PATH" +if [ $? -ne 0 ]; then + log_error "Failed to set permissions for ${FINAL_DRIVER_PATH}." + exit 1 +fi +log_info "Permissions set successfully." + +# 6. Clean up temporary file +log_info "Cleaning up temporary downloaded file ${TEMP_DRIVER_PATH}..." +rm "$TEMP_DRIVER_PATH" +log_info "Temporary file removed." + +log_info "PostgreSQL JDBC driver setup complete!" +log_info "Remember to update your Logstash configuration to use this path:" +log_info " jdbc_driver_library => \"${FINAL_DRIVER_PATH}\"" + +# 7. Restart Logstash Service (NEW STEP) +log_info "Restarting Logstash service..." +sudo systemctl restart logstash + +if [ $? -eq 0 ]; then + log_info "Logstash service restarted successfully." + log_info "Please check Logstash logs for any startup errors: sudo journalctl -u logstash -f" +else + log_error "Failed to restart Logstash service. Please check service status and logs manually." +fi + +log_info "Script finished." + +exit 0