├── .gitignore
├── README.md
├── Vagrantfile
├── ansible.sh
├── ansible
├── ansible.cfg
├── docker-node.yml
├── group_vars
│ └── all
├── monitoring.yml
└── roles
│ ├── bdd
│ └── tasks
│ │ └── main.yml
│ ├── docker
│ ├── files
│ │ └── docker
│ └── tasks
│ │ └── main.yml
│ ├── elasticsearch
│ └── tasks
│ │ └── main.yml
│ ├── kibana
│ ├── defaults
│ │ └── main.yml
│ ├── files
│ │ └── es-kibana.json
│ └── tasks
│ │ └── main.yml
│ ├── logstash
│ ├── defaults
│ │ └── main.yml
│ ├── files
│ │ └── syslog.conf
│ └── tasks
│ │ └── main.yml
│ └── rsyslog
│ ├── defaults
│ └── main.yml
│ ├── tasks
│ └── main.yml
│ └── templates
│ └── 10-logstash.conf.j2
├── conf
├── 10-logstash.conf
├── collectd.conf
├── collectd.conf.orig
├── es-kibana-collectd.json
├── es-kibana.json
├── logstash_collectd.conf
└── syslog.conf
├── img
└── kibana.png
└── kibana
├── Dockerfile
├── README.md
└── start.sh
/.gitignore:
--------------------------------------------------------------------------------
1 | *.iml
2 | .idea
3 | /.vagrant
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | To create the VM with all ELK stack:
2 |
3 | ```bash
4 | vagrant up elk
5 | ```
6 |
7 | To output Docker logs to syslog and from there to LogStash:
8 |
9 | ```bash
10 | vagrant up docker-node
11 | ```
12 |
13 | ElasticSearch: [http://localhost:9200/_search?pretty](http://localhost:9200/_search?pretty)
14 | Kibana: [http://localhost:5601/](http://localhost:5601/)
15 |
16 | TODO
17 | ====
18 |
19 | * Create collectd container
20 | * Write collectd + ELK article
21 | * Link to the ELK article
22 |
23 |
24 | ```bash
25 | ## collectd ##
26 | sudo apt-get update
27 | sudo apt-get install -y collectd collectd-utils
28 |
29 | ## elasticsearch ##
30 | sudo mkdir -p /data/elasticsearch
31 | sudo docker run -d --name elasticsearch -p 9200:9200 -v /data/elasticsearch:/usr/share/elasticsearch/data elasticsearch
32 |
33 | ## logstash ##
34 | sudo docker run -d --name logstash --expose 25826 -p 25826:25826 -p 25826:25826/udp -v $PWD/conf:/conf --link elasticsearch:db logstash logstash -f /conf/logstash_collectd.conf
35 |
36 | ## restart collectd ##
37 | sudo cp /vagrant/conf/collectd.conf /etc/collectd/collectd.conf
38 | sudo service collectd restart
39 |
40 | ## kibana ##
41 | sudo docker run -d --name kibana -p 5601:5601 --link elasticsearch:elasticsearch kibana
42 | ```
--------------------------------------------------------------------------------
/Vagrantfile:
--------------------------------------------------------------------------------
1 | # -*- mode: ruby -*-
2 | # vi: set ft=ruby :
3 |
4 | VAGRANTFILE_API_VERSION = "2"
5 |
6 | Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
7 | config.vm.box = "ubuntu/trusty64"
8 | config.vm.synced_folder ".", "/vagrant"
9 | config.vm.define "monitoring" do |node|
10 | node.vm.hostname = "monitoring"
11 | node.vm.network "private_network", ip: "10.100.199.202"
12 | node.vm.network "forwarded_port", guest: 5601, host: 5601
13 | node.vm.network "forwarded_port", guest: 9000, host: 9000
14 | node.vm.network "forwarded_port", guest: 9200, host: 9200
15 | node.vm.network "forwarded_port", guest: 25826, host: 25826
16 | node.vm.provision :shell, inline: "wget -qO- https://get.docker.com/ | sh"
17 | node.vm.provision :shell, inline: "ln -s /vagrant/conf conf"
18 | node.vm.provider "virtualbox" do |v|
19 | v.memory = 1024
20 | end
21 | end
22 | config.vm.define "elk" do |node|
23 | node.vm.hostname = "elk"
24 | node.vm.network "private_network", ip: "10.100.199.200"
25 | node.vm.network "forwarded_port", guest: 5601, host: 5601
26 | node.vm.network "forwarded_port", guest: 9200, host: 9200
27 | node.vm.network "forwarded_port", guest: 25826, host: 25826
28 | node.vm.provision :shell, path: "ansible.sh"
29 | node.vm.provision :shell, inline: 'ansible-playbook /vagrant/ansible/monitoring.yml -c local -v'
30 | node.vm.provider "virtualbox" do |v|
31 | v.memory = 2048
32 | end
33 | end
34 | config.vm.define "docker-node" do |node|
35 | node.vm.hostname = "docker-node"
36 | node.vm.network "private_network", ip: "10.100.199.201"
37 | node.vm.network "forwarded_port", guest: 9000, host: 9000
38 | node.vm.provision :shell, path: "ansible.sh"
39 | node.vm.provision :shell, inline: 'ansible-playbook /vagrant/ansible/docker-node.yml -c local -v'
40 | node.vm.provider "virtualbox" do |v|
41 | v.memory = 2048
42 | end
43 | end
44 | end
45 |
--------------------------------------------------------------------------------
/ansible.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | echo "Installing Ansible..."
4 | apt-get install -y software-properties-common
5 | apt-add-repository ppa:ansible/ansible
6 | apt-get update
7 | apt-get install -y --force-yes ansible
8 | cp /vagrant/ansible/ansible.cfg /etc/ansible/ansible.cfg
--------------------------------------------------------------------------------
/ansible/ansible.cfg:
--------------------------------------------------------------------------------
1 | [defaults]
2 | callback_plugins=/etc/ansible/callback_plugins/
3 | host_key_checking=False
4 | deprecation_warnings=False
5 |
6 | [privilege_escalation]
7 | become=True
8 | become_method=sudo
9 | become_user=root
10 |
--------------------------------------------------------------------------------
/ansible/docker-node.yml:
--------------------------------------------------------------------------------
1 | - hosts: localhost
2 | sudo: yes
3 | vars:
4 | - docker_syslog: true
5 | roles:
6 | - rsyslog
7 | - docker
8 | - bdd
--------------------------------------------------------------------------------
/ansible/group_vars/all:
--------------------------------------------------------------------------------
1 | elk_ip: 10.100.199.200
2 | es_port: 9200
3 | docker_syslog: false
--------------------------------------------------------------------------------
/ansible/monitoring.yml:
--------------------------------------------------------------------------------
1 | - hosts: localhost
2 | sudo: yes
3 | roles:
4 | - docker
5 | - elasticsearch
6 | - logstash
7 | - rsyslog
8 | - kibana
--------------------------------------------------------------------------------
/ansible/roles/bdd/tasks/main.yml:
--------------------------------------------------------------------------------
1 | - name: Container is running
2 | docker:
3 | image: vfarcic/bdd
4 | name: bdd
5 | ports:
6 | - 9000:9000
7 | tags: [logstash]
--------------------------------------------------------------------------------
/ansible/roles/docker/files/docker:
--------------------------------------------------------------------------------
1 | DOCKER_OPTS="$DOCKER_OPTS --log-driver=syslog"
--------------------------------------------------------------------------------
/ansible/roles/docker/tasks/main.yml:
--------------------------------------------------------------------------------
1 | - name: Debian add Docker repository and update apt cache
2 | apt_repository:
3 | repo: deb https://apt.dockerproject.org/repo ubuntu-trusty main
4 | update_cache: yes
5 | state: present
6 | tags: [docker]
7 |
8 | - name: Debian Docker is present
9 | apt:
10 | name: docker-engine
11 | state: latest
12 | force: yes
13 | tags: [docker]
14 |
15 | - name: Debian python-pip is present
16 | apt:
17 | name: python-pip
18 | state: present
19 | force: yes
20 | tags: [docker]
21 |
22 | - name: Debian docker-py is present
23 | pip:
24 | name: docker-py
25 | version: 1.6.0
26 | state: present
27 | tags: [docker]
28 |
29 | - name: Files are present
30 | copy:
31 | src: docker
32 | dest: /etc/default/docker
33 | when: docker_syslog
34 | register: copy_result
35 | tags: [docker]
36 |
37 | - name: Docker service is restarted
38 | shell: service docker restart
39 | when: copy_result|changed
40 | tags: [docker]
--------------------------------------------------------------------------------
/ansible/roles/elasticsearch/tasks/main.yml:
--------------------------------------------------------------------------------
1 | - name: Container is running
2 | docker:
3 | image: elasticsearch
4 | name: elasticsearch
5 | ports:
6 | - "{{ es_port }}:9200"
7 | volumes:
8 | - /data/elasticsearch:/usr/share/elasticsearch/data
9 | tags: [elasticsearch]
--------------------------------------------------------------------------------
/ansible/roles/kibana/defaults/main.yml:
--------------------------------------------------------------------------------
1 | backup_dir: /data/kibana/backup
2 |
3 | directories:
4 | - /data
5 | - /data/kibana
6 | - "{{ backup_dir }}"
--------------------------------------------------------------------------------
/ansible/roles/kibana/files/es-kibana.json:
--------------------------------------------------------------------------------
1 | [
2 | {"_index":".kibana","_type":"config","_id":"4.0.2","_score":0,"_source":{"buildNum":6004,"defaultIndex":"logstash-*"}}
3 | ,{"_index":".kibana","_type":"search","_id":"syslog","_score":0,"_source":{"title":"syslog","description":"","hits":0,"columns":["_source"],"sort":["@timestamp","desc"],"version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-*\",\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}}},\"filter\":[],\"query\":{\"query_string\":{\"query\":\"type:syslog\",\"analyze_wildcard\":true}}}"}}}
4 | ,{"_index":".kibana","_type":"search","_id":"docker","_score":0,"_source":{"title":"docker","description":"","hits":0,"columns":["container_id","message"],"sort":["@timestamp","desc"],"version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-*\",\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}}},\"filter\":[],\"query\":{\"query_string\":{\"query\":\"program:docker\",\"analyze_wildcard\":true}}}"}}}
5 | ,{"_index":".kibana","_type":"visualization","_id":"error-number","_score":0,"_source":{"title":"error-number","visState":"{\"type\":\"metric\",\"params\":{\"fontSize\":60},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}","description":"","savedSearchId":"error","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"}}}
6 | ,{"_index":".kibana","_type":"visualization","_id":"error","_score":0,"_source":{"title":"error-graph","visState":"{\n \"type\": \"histogram\",\n \"params\": {\n \"shareYAxis\": true,\n \"addTooltip\": true,\n \"addLegend\": true,\n \"mode\": \"stacked\",\n \"defaultYExtents\": false\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"type\": \"date_histogram\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"@timestamp\",\n \"interval\": \"auto\",\n \"min_doc_count\": 1,\n \"extended_bounds\": {}\n }\n }\n ],\n \"listeners\": {}\n}","description":"","savedSearchId":"error","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\n \"filter\": []\n}"}}}
7 | ,{"_index":".kibana","_type":"index-pattern","_id":"logstash-*","_score":0,"_source":{"title":"logstash-*","timeFieldName":"@timestamp","customFormats":"{}","fields":"[{\"type\":\"string\",\"indexed\":true,\"analyzed\":false,\"doc_values\":false,\"name\":\"container_id.raw\",\"count\":0,\"scripted\":false},{\"type\":\"string\",\"indexed\":true,\"analyzed\":true,\"doc_values\":false,\"name\":\"logsource\",\"count\":0,\"scripted\":false},{\"type\":\"string\",\"indexed\":false,\"analyzed\":false,\"name\":\"_source\",\"count\":1,\"scripted\":false},{\"type\":\"string\",\"indexed\":true,\"analyzed\":true,\"doc_values\":false,\"name\":\"type\",\"count\":2,\"scripted\":false},{\"type\":\"string\",\"indexed\":true,\"analyzed\":true,\"doc_values\":false,\"name\":\"severity_label\",\"count\":0,\"scripted\":false},{\"type\":\"string\",\"indexed\":true,\"analyzed\":false,\"doc_values\":false,\"name\":\"@version\",\"count\":0,\"scripted\":false},{\"type\":\"string\",\"indexed\":true,\"analyzed\":true,\"doc_values\":false,\"name\":\"timestamp\",\"count\":0,\"scripted\":false},{\"type\":\"string\",\"indexed\":true,\"analyzed\":false,\"name\":\"_type\",\"count\":1,\"scripted\":false},{\"type\":\"string\",\"indexed\":true,\"analyzed\":false,\"doc_values\":false,\"name\":\"pid.raw\",\"count\":0,\"scripted\":false},{\"type\":\"number\",\"indexed\":true,\"analyzed\":false,\"doc_values\":false,\"name\":\"facility\",\"count\":1,\"scripted\":false},{\"type\":\"string\",\"indexed\":false,\"analyzed\":false,\"name\":\"_id\",\"count\":0,\"scripted\":false},{\"type\":\"string\",\"indexed\":true,\"analyzed\":false,\"doc_values\":false,\"name\":\"host.raw\",\"count\":0,\"scripted\":false},{\"type\":\"number\",\"indexed\":true,\"analyzed\":false,\"doc_values\":false,\"name\":\"priority\",\"count\":1,\"scripted\":false},{\"type\":\"string\",\"indexed\":true,\"analyzed\":false,\"doc_values\":false,\"name\":\"facility_label.raw\",\"count\":0,\"scripted\":false},{\"type\":\"string\",\"indexed\":true,\"analyzed\":true,\"doc_values\":false,\"name\":\"host\",\"count\":1,\"scripted\":false},{\"type\":\"string\",\"indexed\":true,\"analyzed\":false,\"doc_values\":false,\"name\":\"program.raw\",\"count\":0,\"scripted\":false},{\"type\":\"string\",\"indexed\":true,\"analyzed\":false,\"doc_values\":false,\"name\":\"timestamp.raw\",\"count\":0,\"scripted\":false},{\"type\":\"string\",\"indexed\":false,\"analyzed\":false,\"name\":\"_index\",\"count\":0,\"scripted\":false},{\"type\":\"string\",\"indexed\":true,\"analyzed\":true,\"doc_values\":false,\"name\":\"pid\",\"count\":0,\"scripted\":false},{\"type\":\"number\",\"indexed\":true,\"analyzed\":false,\"doc_values\":false,\"name\":\"severity\",\"count\":0,\"scripted\":false},{\"type\":\"string\",\"indexed\":true,\"analyzed\":false,\"doc_values\":false,\"name\":\"logsource.raw\",\"count\":0,\"scripted\":false},{\"type\":\"string\",\"indexed\":true,\"analyzed\":false,\"doc_values\":false,\"name\":\"type.raw\",\"count\":0,\"scripted\":false},{\"type\":\"string\",\"indexed\":true,\"analyzed\":true,\"doc_values\":false,\"name\":\"message\",\"count\":3,\"scripted\":false},{\"type\":\"date\",\"indexed\":true,\"analyzed\":false,\"doc_values\":false,\"name\":\"@timestamp\",\"count\":0,\"scripted\":false},{\"type\":\"string\",\"indexed\":true,\"analyzed\":true,\"doc_values\":false,\"name\":\"program\",\"count\":1,\"scripted\":false},{\"type\":\"string\",\"indexed\":true,\"analyzed\":false,\"doc_values\":false,\"name\":\"severity_label.raw\",\"count\":0,\"scripted\":false},{\"type\":\"string\",\"indexed\":true,\"analyzed\":true,\"doc_values\":false,\"name\":\"facility_label\",\"count\":0,\"scripted\":false},{\"type\":\"string\",\"indexed\":true,\"analyzed\":true,\"doc_values\":false,\"name\":\"container_id\",\"count\":1,\"scripted\":false},{\"type\":\"geo_point\",\"indexed\":true,\"analyzed\":false,\"doc_values\":false,\"name\":\"geoip.location\",\"count\":0,\"scripted\":false}]"}}
8 | ,{"_index":".kibana","_type":"search","_id":"error","_score":0,"_source":{"title":"error","description":"","hits":0,"columns":["host","program","message"],"sort":["@timestamp","desc"],"version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-*\",\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}}},\"filter\":[],\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"error\"}}}"}}}
9 | ,{"_index":".kibana","_type":"dashboard","_id":"error","_score":0,"_source":{"title":"error","hits":0,"description":"","panelsJSON":"[{\"col\":1,\"id\":\"error\",\"row\":1,\"size_x\":10,\"size_y\":2,\"type\":\"visualization\"},{\"col\":11,\"id\":\"error-number\",\"row\":1,\"size_x\":2,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"error\",\"row\":3,\"size_x\":12,\"size_y\":4,\"type\":\"search\"}]","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}]}"}}}
10 | ]
11 |
--------------------------------------------------------------------------------
/ansible/roles/kibana/tasks/main.yml:
--------------------------------------------------------------------------------
1 | - name: Container is running
2 | docker:
3 | image: kibana
4 | name: kibana
5 | ports:
6 | - 5601:5601
7 | links:
8 | - elasticsearch:db
9 | register: kibana_result
10 | tags: [kibana]
11 |
12 | - name: Directories are present
13 | file:
14 | dest: "{{ item }}"
15 | state: directory
16 | with_items: directories
17 | tags: [kibana]
18 |
19 | - name: Backup is present
20 | copy:
21 | src: es-kibana.json
22 | dest: "{{ backup_dir }}/es-kibana.json"
23 | tags: [kibana]
24 |
25 | - name: Backup is restored
26 | docker:
27 | volumes:
28 | - "{{ backup_dir }}:/data"
29 | image: vfarcic/elastic-dump
30 | command: --input=/data/es-kibana.json --output=http://{{ elk_ip }}:{{ es_port }}/.kibana --type=data
31 | when: kibana_result.changed
32 | tags: [kibana]
--------------------------------------------------------------------------------
/ansible/roles/logstash/defaults/main.yml:
--------------------------------------------------------------------------------
1 | conf_dir: /data/logstash/config
2 |
3 | directories:
4 | - /data
5 | - /data/logstash
6 | - "{{ conf_dir }}"
--------------------------------------------------------------------------------
/ansible/roles/logstash/files/syslog.conf:
--------------------------------------------------------------------------------
1 | input {
2 | syslog {
3 | type => syslog
4 | port => 25826
5 | }
6 | }
7 |
8 | filter {
9 | if "docker/" in [program] {
10 | mutate {
11 | add_field => {
12 | "container_id" => "%{program}"
13 | }
14 | }
15 | mutate {
16 | gsub => [
17 | "container_id", "docker/", ""
18 | ]
19 | }
20 | mutate {
21 | update => [
22 | "program", "docker"
23 | ]
24 | }
25 | }
26 | }
27 |
28 | output {
29 | stdout {
30 | codec => rubydebug
31 | }
32 | elasticsearch {
33 | hosts => [db]
34 | }
35 | }
--------------------------------------------------------------------------------
/ansible/roles/logstash/tasks/main.yml:
--------------------------------------------------------------------------------
1 | - name: Directories are present
2 | file:
3 | path: "{{ item }}"
4 | state: directory
5 | with_items: directories
6 | tags: [logstash]
7 |
8 | - name: Config file is present
9 | copy:
10 | src: syslog.conf
11 | dest: "{{ conf_dir }}/syslog.conf"
12 | tags: [logstash]
13 |
14 | - name: Container is running
15 | docker:
16 | image: logstash
17 | name: logstash
18 | volumes:
19 | - "{{ conf_dir }}:/conf"
20 | expose:
21 | - 25826
22 | ports:
23 | - 25826:25826
24 | - 25826:25826/udp
25 | links:
26 | - elasticsearch:db
27 | command: "logstash -f /conf/syslog.conf"
28 | tags: [logstash]
--------------------------------------------------------------------------------
/ansible/roles/rsyslog/defaults/main.yml:
--------------------------------------------------------------------------------
1 | packages:
2 | - rsyslog
3 | - logrotate
--------------------------------------------------------------------------------
/ansible/roles/rsyslog/tasks/main.yml:
--------------------------------------------------------------------------------
1 | - name: Packages are present
2 | apt:
3 | name: "{{ item }}"
4 | state: latest
5 | install_recommends: no
6 | with_items: packages
7 | tags: [rsyslog]
8 |
9 | - name: Config file is present
10 | template:
11 | src: 10-logstash.conf.j2
12 | dest: /etc/rsyslog.d/10-logstash.conf
13 | register: config_result
14 | tags: [rsyslog]
15 |
16 | - name: Service is restarted
17 | shell: service rsyslog restart
18 | when: config_result.changed
19 | tags: [rsyslog]
--------------------------------------------------------------------------------
/ansible/roles/rsyslog/templates/10-logstash.conf.j2:
--------------------------------------------------------------------------------
1 | *.* @@{{ elk_ip }}:25826
--------------------------------------------------------------------------------
/conf/10-logstash.conf:
--------------------------------------------------------------------------------
1 | *.* @@10.100.199.202:25826
--------------------------------------------------------------------------------
/conf/collectd.conf:
--------------------------------------------------------------------------------
1 | Hostname "monitoring"
2 | FQDNLookup false
3 |
4 | LoadPlugin cpu
5 | LoadPlugin df
6 | LoadPlugin interface
7 | LoadPlugin memory
8 | LoadPlugin network
9 | LoadPlugin swap
10 |
11 |
12 | Device "/dev/sda1"
13 | MountPoint "/"
14 | FSType "ext4"
15 | ReportReserved "true"
16 |
17 |
18 |
19 | Interface "eth0"
20 | IgnoreSelected false
21 |
22 |
23 |
24 | Server "10.100.199.202" "25826"
25 |
26 |
27 | #
28 | # LogLevel info
29 | #
30 |
31 |
32 | Filter ".conf"
33 |
34 |
--------------------------------------------------------------------------------
/conf/collectd.conf.orig:
--------------------------------------------------------------------------------
1 | # Config file for collectd(1).
2 | #
3 | # Some plugins need additional configuration and are disabled by default.
4 | # Please read collectd.conf(5) for details.
5 | #
6 | # You should also read /usr/share/doc/collectd-core/README.Debian.plugins
7 | # before enabling any more plugins.
8 |
9 | ##############################################################################
10 | # Global #
11 | #----------------------------------------------------------------------------#
12 | # Global settings for the daemon. #
13 | ##############################################################################
14 |
15 | #Hostname "localhost"
16 | FQDNLookup true
17 | #BaseDir "/var/lib/collectd"
18 | #PluginDir "/usr/lib/collectd"
19 | #TypesDB "/usr/share/collectd/types.db" "/etc/collectd/my_types.db"
20 |
21 | #----------------------------------------------------------------------------#
22 | # When enabled, plugins are loaded automatically with the default options #
23 | # when an appropriate block is encountered. #
24 | # Disabled by default. #
25 | #----------------------------------------------------------------------------#
26 | #AutoLoadPlugin false
27 |
28 | #----------------------------------------------------------------------------#
29 | # Interval at which to query values. This may be overwritten on a per-plugin #
30 | # base by using the 'Interval' option of the LoadPlugin block: #
31 | # #
32 | # Interval 60 #
33 | # #
34 | #----------------------------------------------------------------------------#
35 | #Interval 10
36 |
37 | #Timeout 2
38 | #ReadThreads 5
39 | #WriteThreads 5
40 |
41 | # Limit the size of the write queue. Default is no limit. Setting up a limit
42 | # is recommended for servers handling a high volume of traffic.
43 | #WriteQueueLimitHigh 1000000
44 | #WriteQueueLimitLow 800000
45 |
46 | ##############################################################################
47 | # Logging #
48 | #----------------------------------------------------------------------------#
49 | # Plugins which provide logging functions should be loaded first, so log #
50 | # messages generated when loading or configuring other plugins can be #
51 | # accessed. #
52 | ##############################################################################
53 |
54 | #LoadPlugin logfile
55 | LoadPlugin syslog
56 |
57 | #
58 | # LogLevel "info"
59 | # File STDOUT
60 | # Timestamp true
61 | # PrintSeverity false
62 | #
63 |
64 |
65 | LogLevel info
66 |
67 |
68 | ##############################################################################
69 | # LoadPlugin section #
70 | #----------------------------------------------------------------------------#
71 | # Specify what features to activate. #
72 | ##############################################################################
73 |
74 | #LoadPlugin aggregation
75 | #LoadPlugin amqp
76 | #LoadPlugin apache
77 | #LoadPlugin apcups
78 | #LoadPlugin ascent
79 | LoadPlugin battery
80 | #LoadPlugin bind
81 | #LoadPlugin cgroups
82 | #LoadPlugin conntrack
83 | #LoadPlugin contextswitch
84 | LoadPlugin cpu
85 | #LoadPlugin cpufreq
86 | #LoadPlugin csv
87 | #LoadPlugin curl
88 | #LoadPlugin curl_json
89 | #LoadPlugin curl_xml
90 | #LoadPlugin dbi
91 | LoadPlugin df
92 | LoadPlugin disk
93 | #LoadPlugin dns
94 | #LoadPlugin email
95 | LoadPlugin entropy
96 | #LoadPlugin ethstat
97 | #LoadPlugin exec
98 | #LoadPlugin filecount
99 | #LoadPlugin fscache
100 | #LoadPlugin gmond
101 | #LoadPlugin hddtemp
102 | LoadPlugin interface
103 | #LoadPlugin ipmi
104 | #LoadPlugin iptables
105 | #LoadPlugin ipvs
106 | LoadPlugin irq
107 | #LoadPlugin java
108 | #LoadPlugin libvirt
109 | LoadPlugin load
110 | #LoadPlugin lvm
111 | #LoadPlugin madwifi
112 | #LoadPlugin mbmon
113 | #LoadPlugin md
114 | #LoadPlugin memcachec
115 | #LoadPlugin memcached
116 | LoadPlugin memory
117 | #LoadPlugin modbus
118 | #LoadPlugin multimeter
119 | #LoadPlugin mysql
120 | #LoadPlugin netlink
121 | #LoadPlugin network
122 | #LoadPlugin nfs
123 | #LoadPlugin nginx
124 | #LoadPlugin notify_desktop
125 | #LoadPlugin notify_email
126 | #LoadPlugin ntpd
127 | #LoadPlugin numa
128 | #LoadPlugin nut
129 | #LoadPlugin olsrd
130 | #LoadPlugin openvpn
131 | #
132 | # Globals true
133 | #
134 | #LoadPlugin pinba
135 | #LoadPlugin ping
136 | #LoadPlugin postgresql
137 | #LoadPlugin powerdns
138 | LoadPlugin processes
139 | #LoadPlugin protocols
140 | #
141 | # Globals true
142 | #
143 | #LoadPlugin rrdcached
144 | LoadPlugin rrdtool
145 | #LoadPlugin sensors
146 | #LoadPlugin serial
147 | #LoadPlugin snmp
148 | #LoadPlugin statsd
149 | LoadPlugin swap
150 | #LoadPlugin table
151 | #LoadPlugin tail
152 | #LoadPlugin tail_csv
153 | #LoadPlugin tcpconns
154 | #LoadPlugin teamspeak2
155 | #LoadPlugin ted
156 | #LoadPlugin thermal
157 | #LoadPlugin tokyotyrant
158 | #LoadPlugin unixsock
159 | #LoadPlugin uptime
160 | LoadPlugin users
161 | #LoadPlugin uuid
162 | #LoadPlugin varnish
163 | #LoadPlugin vmem
164 | #LoadPlugin vserver
165 | #LoadPlugin wireless
166 | #LoadPlugin write_graphite
167 | #LoadPlugin write_http
168 | #LoadPlugin write_riemann
169 |
170 | ##############################################################################
171 | # Plugin configuration #
172 | #----------------------------------------------------------------------------#
173 | # In this section configuration stubs for each plugin are provided. A desc- #
174 | # ription of those options is available in the collectd.conf(5) manual page. #
175 | ##############################################################################
176 |
177 | #
178 | #
179 | # #Host "unspecified"
180 | # Plugin "cpu"
181 | # PluginInstance "/[0,2,4,6,8]$/"
182 | # Type "cpu"
183 | # #TypeInstance "unspecified"
184 | #
185 | # SetPlugin "cpu"
186 | # SetPluginInstance "even-%{aggregation}"
187 | #
188 | # GroupBy "Host"
189 | # GroupBy "TypeInstance"
190 | #
191 | # CalculateNum false
192 | # CalculateSum false
193 | # CalculateAverage true
194 | # CalculateMinimum false
195 | # CalculateMaximum false
196 | # CalculateStddev false
197 | #
198 | #
199 |
200 | #
201 | #
202 | # Host "localhost"
203 | # Port "5672"
204 | # VHost "/"
205 | # User "guest"
206 | # Password "guest"
207 | # Exchange "amq.fanout"
208 | # RoutingKey "collectd"
209 | # Persistent false
210 | # StoreRates false
211 | #
212 | #
213 |
214 | #
215 | #
216 | # URL "http://localhost/server-status?auto"
217 | # User "www-user"
218 | # Password "secret"
219 | # VerifyPeer false
220 | # VerifyHost false
221 | # CACert "/etc/ssl/ca.crt"
222 | # Server "apache"
223 | #
224 | #
225 | #
226 | # URL "http://some.domain.tld/status?auto"
227 | # Host "some.domain.tld"
228 | # Server "lighttpd"
229 | #
230 | #
231 |
232 | #
233 | # Host "localhost"
234 | # Port "3551"
235 | # ReportSeconds true
236 | #
237 |
238 | #
239 | # URL "http://localhost/ascent/status/"
240 | # User "www-user"
241 | # Password "secret"
242 | # VerifyPeer false
243 | # VerifyHost false
244 | # CACert "/etc/ssl/ca.crt"
245 | #
246 |
247 | #
248 | # URL "http://localhost:8053/"
249 | #
250 | # ParseTime false
251 | #
252 | # OpCodes true
253 | # QTypes true
254 | # ServerStats true
255 | # ZoneMaintStats true
256 | # ResolverStats false
257 | # MemoryStats true
258 | #
259 | #
260 | # QTypes true
261 | # ResolverStats true
262 | # CacheRRSets true
263 | #
264 | # Zone "127.in-addr.arpa/IN"
265 | #
266 | #
267 |
268 | #
269 | # CGroup "libvirt"
270 | # IgnoreSelected false
271 | #
272 |
273 | #
274 | # DataDir "/var/lib/collectd/csv"
275 | # StoreRates false
276 | #
277 |
278 | #
279 | #
280 | # URL "http://finance.google.com/finance?q=NYSE%3AAMD"
281 | # User "foo"
282 | # Password "bar"
283 | # VerifyPeer false
284 | # VerifyHost false
285 | # CACert "/etc/ssl/ca.crt"
286 | # MeasureResponseTime false
287 | #
288 | # Regex "]*> *([0-9]*\\.[0-9]+) *"
289 | # DSType "GaugeAverage"
290 | # Type "stock_value"
291 | # Instance "AMD"
292 | #
293 | #
294 | #
295 |
296 | #
297 | ## See: http://wiki.apache.org/couchdb/Runtime_Statistics
298 | #
299 | # Instance "httpd"
300 | #
301 | # Type "http_requests"
302 | #
303 | #
304 | #
305 | # Type "http_request_methods"
306 | #
307 | #
308 | #
309 | # Type "http_response_codes"
310 | #
311 | #
312 | ## Database status metrics:
313 | #
314 | # Instance "dbs"
315 | #
316 | # Type "gauge"
317 | #
318 | #
319 | # Type "counter"
320 | #
321 | #
322 | # Type "bytes"
323 | #
324 | #
325 | #
326 |
327 | #
328 | #
329 | # Host "my_host"
330 | # Instance "some_instance"
331 | # User "collectd"
332 | # Password "thaiNg0I"
333 | # VerifyPeer true
334 | # VerifyHost true
335 | # CACert "/path/to/ca.crt"
336 | #
337 | #
338 | # Type "magic_level"
339 | # InstancePrefix "prefix-"
340 | # InstanceFrom "td[1]"
341 | # ValuesFrom "td[2]/span[@class=\"level\"]"
342 | #
343 | #
344 | #
345 |
346 | #
347 | #
348 | # Statement "SELECT 'customers' AS c_key, COUNT(*) AS c_value \
349 | # FROM customers_tbl"
350 | # MinVersion 40102
351 | # MaxVersion 50042
352 | #
353 | # Type "gauge"
354 | # InstancePrefix "customer"
355 | # InstancesFrom "c_key"
356 | # ValuesFrom "c_value"
357 | #
358 | #
359 | #
360 | #
361 | # Driver "mysql"
362 | # DriverOption "host" "localhost"
363 | # DriverOption "username" "collectd"
364 | # DriverOption "password" "secret"
365 | # DriverOption "dbname" "custdb0"
366 | # SelectDB "custdb0"
367 | # Query "num_of_customers"
368 | # Query "..."
369 | # Host "..."
370 | #
371 | #
372 |
373 |
374 | # Device "/dev/sda1"
375 | # Device "192.168.0.2:/mnt/nfs"
376 | # MountPoint "/home"
377 | # FSType "ext3"
378 |
379 | # ignore rootfs; else, the root file-system would appear twice, causing
380 | # one of the updates to fail and spam the log
381 | FSType rootfs
382 | # ignore the usual virtual / temporary file-systems
383 | FSType sysfs
384 | FSType proc
385 | FSType devtmpfs
386 | FSType devpts
387 | FSType tmpfs
388 | FSType fusectl
389 | FSType cgroup
390 | IgnoreSelected true
391 |
392 | # ReportByDevice false
393 | # ReportReserved false
394 | # ReportInodes false
395 |
396 | # ValuesAbsolute true
397 | # ValuesPercentage false
398 |
399 |
400 | #
401 | # Disk "hda"
402 | # Disk "/sda[23]/"
403 | # IgnoreSelected false
404 | #
405 |
406 | #
407 | # Interface "eth0"
408 | # IgnoreSource "192.168.0.1"
409 | # SelectNumericQueryTypes false
410 | #
411 |
412 | #
413 | # SocketFile "/var/run/collectd-email"
414 | # SocketGroup "collectd"
415 | # SocketPerms "0770"
416 | # MaxConns 5
417 | #
418 |
419 | #
420 | # Interface "eth0"
421 | # Map "rx_csum_offload_errors" "if_rx_errors" "checksum_offload"
422 | # Map "multicast" "if_multicast"
423 | # MappedOnly false
424 | #
425 |
426 | #
427 | # Exec user "/path/to/exec"
428 | # Exec "user:group" "/path/to/exec"
429 | # NotificationExec user "/path/to/exec"
430 | #
431 |
432 | #
433 | #
434 | # Instance "foodir"
435 | # Name "*.conf"
436 | # MTime "-5m"
437 | # Size "+10k"
438 | # Recursive true
439 | # IncludeHidden false
440 | #
441 | #
442 |
443 | #
444 | # MCReceiveFrom "239.2.11.71" "8649"
445 | #
446 | #
447 | # Type "swap"
448 | # TypeInstance "total"
449 | # DataSource "value"
450 | #
451 | #
452 | #
453 | # Type "swap"
454 | # TypeInstance "free"
455 | # DataSource "value"
456 | #
457 | #
458 |
459 | #
460 | # Host "127.0.0.1"
461 | # Port 7634
462 | #
463 |
464 | #
465 | # Interface "eth0"
466 | # IgnoreSelected false
467 | #
468 |
469 | #
470 | # Sensor "some_sensor"
471 | # Sensor "another_one"
472 | # IgnoreSelected false
473 | # NotifySensorAdd false
474 | # NotifySensorRemove true
475 | # NotifySensorNotPresent false
476 | #
477 |
478 | #
479 | # Chain "table" "chain"
480 | #
481 |
482 | #
483 | # Irq 7
484 | # Irq 8
485 | # Irq 9
486 | # IgnoreSelected true
487 | #
488 |
489 | #
490 | # JVMArg "-verbose:jni"
491 | # JVMArg "-Djava.class.path=/usr/share/collectd/java/collectd-api.jar"
492 | #
493 | # LoadPlugin "org.collectd.java.GenericJMX"
494 | #
495 | # # See /usr/share/doc/collectd/examples/GenericJMX.conf
496 | # # for an example config.
497 | #
498 | #
499 |
500 | #
501 | # Connection "xen:///"
502 | # RefreshInterval 60
503 | # Domain "name"
504 | # BlockDevice "name:device"
505 | # InterfaceDevice "name:device"
506 | # IgnoreSelected false
507 | # HostnameFormat name
508 | # InterfaceFormat name
509 | #
510 |
511 | #
512 | # Interface "wlan0"
513 | # IgnoreSelected false
514 | # Source "SysFS"
515 | # WatchSet "None"
516 | # WatchAdd "node_octets"
517 | # WatchAdd "node_rssi"
518 | # WatchAdd "is_rx_acl"
519 | # WatchAdd "is_scan_active"
520 | #
521 |
522 | #
523 | # Host "127.0.0.1"
524 | # Port 411
525 | #
526 |
527 | #
528 | # Device "/dev/md0"
529 | # IgnoreSelected false
530 | #
531 |
532 | #
533 | #
534 | # Server "localhost"
535 | # Key "page_key"
536 | #
537 | # Regex "(\\d+) bytes sent"
538 | # ExcludeRegex ""
539 | # DSType CounterAdd
540 | # Type "ipt_octets"
541 | # Instance "type_instance"
542 | #
543 | #
544 | #
545 |
546 | #
547 | #
548 | # Socket "/var/run/memcached.sock"
549 | # or:
550 | # Host "127.0.0.1"
551 | # Port "11211"
552 | #
553 | #
554 |
555 | #
556 | #
557 | # RegisterBase 1234
558 | # RegisterType float
559 | # Type gauge
560 | # Instance "..."
561 | #
562 | #
563 | #
564 | # Address "addr"
565 | # Port "1234"
566 | # Interval 60
567 | #
568 | #
569 | # Instance "foobar" # optional
570 | # Collect "data_name"
571 | #
572 | #
573 | #
574 |
575 | #
576 | #
577 | # Host "database.serv.er"
578 | # Port "3306"
579 | # User "db_user"
580 | # Password "secret"
581 | # Database "db_name"
582 | # MasterStats true
583 | #
584 | #
585 | #
586 | # Host "localhost"
587 | # Socket "/var/run/mysql/mysqld.sock"
588 | # SlaveStats true
589 | # SlaveNotifications true
590 | #
591 | #
592 |
593 | #
594 | # Interface "All"
595 | # VerboseInterface "All"
596 | # QDisc "eth0" "pfifo_fast-1:0"
597 | # Class "ppp0" "htb-1:10"
598 | # Filter "ppp0" "u32-1:0"
599 | # IgnoreSelected false
600 | #
601 |
602 | #
603 | # # client setup:
604 | # Server "ff18::efc0:4a42" "25826"
605 | #
606 | # SecurityLevel Encrypt
607 | # Username "user"
608 | # Password "secret"
609 | # Interface "eth0"
610 | #
611 | # TimeToLive "128"
612 | #
613 | # # server setup:
614 | # Listen "ff18::efc0:4a42" "25826"
615 | #
616 | # SecurityLevel Sign
617 | # AuthFile "/etc/collectd/passwd"
618 | # Interface "eth0"
619 | #
620 | # MaxPacketSize 1024
621 | #
622 | # # proxy setup (client and server as above):
623 | # Forward true
624 | #
625 | # # statistics about the network plugin itself
626 | # ReportStats false
627 | #
628 | # # "garbage collection"
629 | # CacheFlush 1800
630 | #
631 |
632 | #
633 | # URL "http://localhost/status?auto"
634 | # User "www-user"
635 | # Password "secret"
636 | # VerifyPeer false
637 | # VerifyHost false
638 | # CACert "/etc/ssl/ca.crt"
639 | #
640 |
641 | #
642 | # OkayTimeout 1000
643 | # WarningTimeout 5000
644 | # FailureTimeout 0
645 | #
646 |
647 | #
648 | # SMTPServer "localhost"
649 | # SMTPPort 25
650 | # SMTPUser "my-username"
651 | # SMTPPassword "my-password"
652 | # From "collectd@main0server.com"
653 | # # on .
654 | # # Beware! Do not use not more than two placeholders (%)!
655 | # Subject "[collectd] %s on %s!"
656 | # Recipient "email1@domain1.net"
657 | # Recipient "email2@domain2.com"
658 | #
659 |
660 | #
661 | # Host "localhost"
662 | # Port 123
663 | # ReverseLookups false
664 | # IncludeUnitID true
665 | #
666 |
667 | #
668 | # UPS "upsname@hostname:port"
669 | #
670 |
671 | #
672 | # Host "127.0.0.1"
673 | # Port "2006"
674 | # CollectLinks "Summary"
675 | # CollectRoutes "Summary"
676 | # CollectTopology "Summary"
677 | #
678 |
679 | #
680 | # StatusFile "/etc/openvpn/openvpn-status.log"
681 | # ImprovedNamingSchema false
682 | # CollectCompression true
683 | # CollectIndividualUsers true
684 | # CollectUserCount false
685 | #
686 |
687 | #
688 | # IncludeDir "/my/include/path"
689 | # BaseName "Collectd::Plugins"
690 | # EnableDebugger ""
691 | # LoadPlugin Monitorus
692 | # LoadPlugin OpenVZ
693 | #
694 | #
695 | # Foo "Bar"
696 | # Qux "Baz"
697 | #
698 | #
699 |
700 | #
701 | # Address "::0"
702 | # Port "30002"
703 | #
704 | # Host "host name"
705 | # Server "server name"
706 | # Script "script name"
707 | #
708 | #
709 |
710 | #
711 | # Host "host.foo.bar"
712 | # Host "host.baz.qux"
713 | # Interval 1.0
714 | # Timeout 0.9
715 | # TTL 255
716 | # SourceAddress "1.2.3.4"
717 | # Device "eth0"
718 | # MaxMissed -1
719 | #
720 |
721 | #
722 | #
723 | # Statement "SELECT magic FROM wizard WHERE host = $1;"
724 | # Param hostname
725 | #
726 | #
727 | # Type gauge
728 | # InstancePrefix "magic"
729 | # ValuesFrom "magic"
730 | #
731 | #
732 | #
733 | #
734 | # Statement "SELECT COUNT(type) AS count, type \
735 | # FROM (SELECT CASE \
736 | # WHEN resolved = 'epoch' THEN 'open' \
737 | # ELSE 'resolved' END AS type \
738 | # FROM tickets) type \
739 | # GROUP BY type;"
740 | #
741 | #
742 | # Type counter
743 | # InstancePrefix "rt36_tickets"
744 | # InstancesFrom "type"
745 | # ValuesFrom "count"
746 | #
747 | #
748 | #
749 | #
750 | # # See /usr/share/doc/collectd-core/examples/postgresql/collectd_insert.sql for details
751 | # Statement "SELECT collectd_insert($1, $2, $3, $4, $5, $6, $7, $8, $9);"
752 | # StoreRates true
753 | #
754 | #
755 | #
756 | # Host "hostname"
757 | # Port 5432
758 | # User "username"
759 | # Password "secret"
760 | #
761 | # SSLMode "prefer"
762 | # KRBSrvName "kerberos_service_name"
763 | #
764 | # Query magic
765 | #
766 | #
767 | #
768 | # Interval 60
769 | # Service "service_name"
770 | #
771 | # Query backend # predefined
772 | # Query rt36_tickets
773 | #
774 | #
775 | #
776 | # Service "collectd_store"
777 | # Writer sqlstore
778 | # # see collectd.conf(5) for details
779 | # CommitInterval 30
780 | #
781 | #
782 |
783 | #
784 | #
785 | # Collect "latency"
786 | # Collect "udp-answers" "udp-queries"
787 | # Socket "/var/run/pdns.controlsocket"
788 | #
789 | #
790 | # Collect "questions"
791 | # Collect "cache-hits" "cache-misses"
792 | # Socket "/var/run/pdns_recursor.controlsocket"
793 | #
794 | # LocalSocket "/opt/collectd/var/run/collectd-powerdns"
795 | #
796 |
797 | #
798 | # Process "name"
799 | # ProcessMatch "foobar" "/usr/bin/perl foobar\\.pl.*"
800 | #
801 |
802 | #
803 | # Value "/^Tcp:/"
804 | # IgnoreSelected false
805 | #
806 |
807 | #
808 | # ModulePath "/path/to/your/python/modules"
809 | # LogTraces true
810 | # Interactive true
811 | # Import "spam"
812 | #
813 | #
814 | # spam "wonderful" "lovely"
815 | #
816 | #
817 |
818 | #
819 | # DaemonAddress "unix:/var/run/rrdcached.sock"
820 | # DataDir "/var/lib/rrdcached/db/collectd"
821 | # CreateFiles true
822 | # CreateFilesAsync false
823 | # CollectStatistics true
824 | #
825 | # The following settings are rather advanced
826 | # and should usually not be touched:
827 | # StepSize 10
828 | # HeartBeat 20
829 | # RRARows 1200
830 | # RRATimespan 158112000
831 | # XFF 0.1
832 | #
833 |
834 |
835 | DataDir "/var/lib/collectd/rrd"
836 | # CacheTimeout 120
837 | # CacheFlush 900
838 | # WritesPerSecond 30
839 | # CreateFilesAsync false
840 | # RandomTimeout 0
841 | #
842 | # The following settings are rather advanced
843 | # and should usually not be touched:
844 | # StepSize 10
845 | # HeartBeat 20
846 | # RRARows 1200
847 | # RRATimespan 158112000
848 | # XFF 0.1
849 |
850 |
851 | #
852 | # SensorConfigFile "/etc/sensors3.conf"
853 | # Sensor "it8712-isa-0290/temperature-temp1"
854 | # Sensor "it8712-isa-0290/fanspeed-fan3"
855 | # Sensor "it8712-isa-0290/voltage-in8"
856 | # IgnoreSelected false
857 | #
858 |
859 | # See /usr/share/doc/collectd/examples/snmp-data.conf.gz for a
860 | # comprehensive sample configuration.
861 | #
862 | #
863 | # Type "voltage"
864 | # Table false
865 | # Instance "input_line1"
866 | # Scale 0.1
867 | # Values "SNMPv2-SMI::enterprises.6050.5.4.1.1.2.1"
868 | #
869 | #
870 | # Type "users"
871 | # Table false
872 | # Instance ""
873 | # Shift -1
874 | # Values "HOST-RESOURCES-MIB::hrSystemNumUsers.0"
875 | #
876 | #
877 | # Type "if_octets"
878 | # Table true
879 | # InstancePrefix "traffic"
880 | # Instance "IF-MIB::ifDescr"
881 | # Values "IF-MIB::ifInOctets" "IF-MIB::ifOutOctets"
882 | #
883 | #
884 | #
885 | # Address "192.168.0.2"
886 | # Version 1
887 | # Community "community_string"
888 | # Collect "std_traffic"
889 | # Inverval 120
890 | #
891 | #
892 | # Address "192.168.0.42"
893 | # Version 2
894 | # Community "another_string"
895 | # Collect "std_traffic" "hr_users"
896 | #
897 | #
898 | # Address "192.168.0.3"
899 | # Version 1
900 | # Community "more_communities"
901 | # Collect "powerplus_voltge_input"
902 | # Interval 300
903 | #
904 | #
905 |
906 | #
907 | # Host "::"
908 | # Port "8125"
909 | # DeleteCounters false
910 | # DeleteTimers false
911 | # DeleteGauges false
912 | # DeleteSets false
913 | # TimerPercentile 90.0
914 | #
915 |
916 | #
917 | # ReportByDevice false
918 | # ReportBytes true
919 | #
920 |
921 | #
922 | #
923 | # Instance "slabinfo"
924 | # Separator " "
925 | #
926 | # Type gauge
927 | # InstancePrefix "active_objs"
928 | # InstancesFrom 0
929 | # ValuesFrom 1
930 | #
931 | #
932 | # Type gauge
933 | # InstancePrefix "objperslab"
934 | # InstancesFrom 0
935 | # ValuesFrom 4
936 | #
937 | #
938 | #
939 |
940 | #
941 | #
942 | # Instance "exim"
943 | #
944 | # Regex "S=([1-9][0-9]*)"
945 | # DSType "CounterAdd"
946 | # Type "ipt_bytes"
947 | # Instance "total"
948 | #
949 | #
950 | # Regex "\\"
951 | # ExcludeRegex "\\.*mail_spool defer"
952 | # DSType "CounterInc"
953 | # Type "counter"
954 | # Instance "local_user"
955 | #
956 | #
957 | #
958 |
959 | #
960 | #
961 | # Type "percent"
962 | # Instance "dropped"
963 | # ValueFrom 1
964 | #
965 | #
966 | # Type "bytes"
967 | # Instance "wire-realtime"
968 | # ValueFrom 2
969 | #
970 | #
971 | # Type "alerts_per_second"
972 | # ValueFrom 3
973 | #
974 | #
975 | # Type "kpackets_wire_per_sec.realtime"
976 | # ValueFrom 4
977 | #
978 | #
979 | # Instance "snort-eth0"
980 | # Interval 600
981 | # Collect "dropped" "mbps" "alerts" "kpps"
982 | # TimeFrom 0
983 | #
984 | #
985 |
986 | #
987 | # ListeningPorts false
988 | # LocalPort "25"
989 | # RemotePort "25"
990 | #
991 |
992 | #
993 | # Host "127.0.0.1"
994 | # Port "51234"
995 | # Server "8767"
996 | #
997 |
998 | #
999 | # Device "/dev/ttyUSB0"
1000 | # Retries 0
1001 | #
1002 |
1003 | #
1004 | # ForceUseProcfs false
1005 | # Device "THRM"
1006 | # IgnoreSelected false
1007 | #
1008 |
1009 | #
1010 | # Host "localhost"
1011 | # Port "1978"
1012 | #
1013 |
1014 | #
1015 | # SocketFile "/var/run/collectd-unixsock"
1016 | # SocketGroup "collectd"
1017 | # SocketPerms "0660"
1018 | # DeleteSocket false
1019 | #
1020 |
1021 | #
1022 | # UUIDFile "/etc/uuid"
1023 | #
1024 |
1025 | #
1026 | #
1027 | # CollectCache true
1028 | # CollectBackend true
1029 | # CollectBan false # Varnish 3 only
1030 | # CollectConnections true
1031 | # CollectDirectorDNS false # Varnish 3 only
1032 | # CollectSHM true
1033 | # CollectESI false
1034 | # CollectFetch false
1035 | # CollectHCB false
1036 | # CollectObjects false
1037 | # CollectPurge false # Varnish 2 only
1038 | # CollectSession false
1039 | # CollectSMA false # Varnish 2 only
1040 | # CollectSMS false
1041 | # CollectSM false # Varnish 2 only
1042 | # CollectStruct false
1043 | # CollectTotals false
1044 | # CollectUptime false
1045 | # CollectdVCL false
1046 | # CollectWorkers false
1047 | #
1048 | #
1049 | #
1050 | # CollectCache true
1051 | #
1052 | #
1053 |
1054 | #
1055 | # Verbose false
1056 | #
1057 |
1058 | #
1059 | #
1060 | # Host "localhost"
1061 | # Port "2003"
1062 | # Protocol "udp"
1063 | # LogSendErrors true
1064 | # Prefix "collectd"
1065 | # Postfix "collectd"
1066 | # StoreRates true
1067 | # AlwaysAppendDS false
1068 | # EscapeCharacter "_"
1069 | #
1070 | #
1071 |
1072 | #
1073 | #
1074 | # User "collectd"
1075 | # Password "secret"
1076 | # VerifyPeer true
1077 | # VerifyHost true
1078 | # CACert "/etc/ssl/ca.crt"
1079 | # Format "Command"
1080 | # StoreRates false
1081 | #
1082 | #
1083 |
1084 | #
1085 | #
1086 | # Host "localhost"
1087 | # Port 5555
1088 | # Protocol UDP
1089 | # StoreRates true
1090 | # AlwaysAppendDS false
1091 | # TTLFactor 2.0
1092 | #
1093 | # Tag "foobar"
1094 | #
1095 |
1096 |
1097 | Filter "*.conf"
1098 |
1099 |
1100 |
--------------------------------------------------------------------------------
/conf/es-kibana-collectd.json:
--------------------------------------------------------------------------------
1 | [
2 | {"_index":".kibana","_type":"visualization","_id":"cpu","_score":0,"_source":{"title":"cpu","visState":"{\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"defaultYExtents\":false,\"isDonut\":false,\"shareYAxis\":true,\"spyPerPage\":10},\"aggs\":[{\"id\":\"1\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"value\"}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"type_instance.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"custom\",\"orderAgg\":{\"id\":\"2-orderAgg\",\"type\":\"avg\",\"schema\":\"orderAgg\",\"params\":{\"field\":\"value\"}}}}],\"listeners\":{}}","description":"","savedSearchId":"cpu","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"}}}
3 | ,{"_index":".kibana","_type":"search","_id":"memory","_score":0,"_source":{"title":"memory","description":"","hits":0,"columns":["_source"],"sort":["@timestamp","desc"],"version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-*\",\"query\":{\"query_string\":{\"query\":\"plugin: \\\"memory\\\"\",\"analyze_wildcard\":true}},\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}}},\"filter\":[]}"}}}
4 | ,{"_index":".kibana","_type":"config","_id":"4.0.2","_score":0,"_source":{"buildNum":6004,"defaultIndex":"logstash-*"}}
5 | ,{"_index":".kibana","_type":"visualization","_id":"memory","_score":0,"_source":{"title":"memory","visState":"{\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"defaultYExtents\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"value\"}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"type_instance\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","savedSearchId":"memory","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"}}}
6 | ,{"_index":".kibana","_type":"visualization","_id":"swap","_score":0,"_source":{"title":"swap","visState":"{\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"defaultYExtents\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"value\"}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"type_instance.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","savedSearchId":"swap","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"}}}
7 | ,{"_index":".kibana","_type":"visualization","_id":"New-Visualization","_score":0,"_source":{"title":"New Visualization","visState":"{\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"value\"}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"type_instance.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"custom\",\"orderAgg\":{\"id\":\"2-orderAgg\",\"type\":\"avg\",\"schema\":\"orderAgg\",\"params\":{\"field\":\"value\"}}}}],\"listeners\":{}}","description":"","savedSearchId":"df","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"}}}
8 | ,{"_index":".kibana","_type":"visualization","_id":"df","_score":0,"_source":{"title":"df","visState":"{\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"value\"}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"type_instance.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"custom\",\"orderAgg\":{\"id\":\"2-orderAgg\",\"type\":\"avg\",\"schema\":\"orderAgg\",\"params\":{\"field\":\"value\"}}}}],\"listeners\":{}}","description":"","savedSearchId":"df","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"}}}
9 | ,{"_index":".kibana","_type":"search","_id":"swap","_score":0,"_source":{"title":"swap","description":"","hits":0,"columns":["_source"],"sort":["@timestamp","desc"],"version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-*\",\"query\":{\"query_string\":{\"query\":\"plugin: \\\"swap\\\"\",\"analyze_wildcard\":true}},\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}}},\"filter\":[]}"}}}
10 | ,{"_index":".kibana","_type":"search","_id":"cpu","_score":0,"_source":{"title":"cpu","description":"","hits":0,"columns":["_source"],"sort":["@timestamp","desc"],"version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-*\",\"query\":{\"query_string\":{\"query\":\"plugin: \\\"cpu\\\"\",\"analyze_wildcard\":true}},\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}}},\"filter\":[]}"}}}
11 | ,{"_index":".kibana","_type":"search","_id":"df","_score":0,"_source":{"title":"df","description":"","hits":0,"columns":["_source"],"sort":["@timestamp","desc"],"version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-*\",\"query\":{\"query_string\":{\"query\":\"plugin: \\\"df\\\"\",\"analyze_wildcard\":true}},\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}}},\"filter\":[]}"}}}
12 | ,{"_index":".kibana","_type":"index-pattern","_id":"logstash-*","_score":0,"_source":{"title":"logstash-*","timeFieldName":"@timestamp","customFormats":"{}","fields":"[{\"type\":\"string\",\"indexed\":false,\"analyzed\":false,\"name\":\"_index\",\"count\":0,\"scripted\":false},{\"type\":\"string\",\"indexed\":true,\"analyzed\":false,\"name\":\"_type\",\"count\":0,\"scripted\":false},{\"type\":\"geo_point\",\"indexed\":true,\"analyzed\":false,\"doc_values\":false,\"name\":\"geoip.location\",\"count\":0,\"scripted\":false},{\"type\":\"string\",\"indexed\":true,\"analyzed\":false,\"doc_values\":false,\"name\":\"@version\",\"count\":0,\"scripted\":false},{\"type\":\"string\",\"indexed\":false,\"analyzed\":false,\"name\":\"_source\",\"count\":0,\"scripted\":false},{\"type\":\"string\",\"indexed\":false,\"analyzed\":false,\"name\":\"_id\",\"count\":0,\"scripted\":false},{\"type\":\"number\",\"indexed\":true,\"analyzed\":false,\"doc_values\":false,\"name\":\"tx\",\"count\":0,\"scripted\":false},{\"type\":\"number\",\"indexed\":true,\"analyzed\":false,\"doc_values\":false,\"name\":\"rx\",\"count\":0,\"scripted\":false},{\"type\":\"string\",\"indexed\":true,\"analyzed\":false,\"doc_values\":false,\"name\":\"type_instance.raw\",\"count\":0,\"scripted\":false},{\"type\":\"string\",\"indexed\":true,\"analyzed\":true,\"doc_values\":false,\"name\":\"type\",\"count\":6,\"scripted\":false},{\"type\":\"string\",\"indexed\":true,\"analyzed\":false,\"doc_values\":false,\"name\":\"plugin_instance.raw\",\"count\":0,\"scripted\":false},{\"type\":\"string\",\"indexed\":true,\"analyzed\":false,\"doc_values\":false,\"name\":\"collectd_type.raw\",\"count\":0,\"scripted\":false},{\"type\":\"string\",\"indexed\":true,\"analyzed\":true,\"doc_values\":false,\"name\":\"host\",\"count\":0,\"scripted\":false},{\"type\":\"number\",\"indexed\":true,\"analyzed\":false,\"doc_values\":false,\"name\":\"value\",\"count\":0,\"scripted\":false},{\"type\":\"string\",\"indexed\":true,\"analyzed\":true,\"doc_values\":false,\"name\":\"plugin_instance\",\"count\":9,\"scripted\":false},{\"type\":\"string\",\"indexed\":true,\"analyzed\":true,\"doc_values\":false,\"name\":\"type_instance\",\"count\":7,\"scripted\":false},{\"type\":\"string\",\"indexed\":true,\"analyzed\":false,\"doc_values\":false,\"name\":\"host.raw\",\"count\":0,\"scripted\":false},{\"type\":\"string\",\"indexed\":true,\"analyzed\":false,\"doc_values\":false,\"name\":\"type.raw\",\"count\":0,\"scripted\":false},{\"type\":\"string\",\"indexed\":true,\"analyzed\":false,\"doc_values\":false,\"name\":\"plugin.raw\",\"count\":0,\"scripted\":false},{\"type\":\"date\",\"indexed\":true,\"analyzed\":false,\"doc_values\":false,\"name\":\"@timestamp\",\"count\":0,\"scripted\":false},{\"type\":\"string\",\"indexed\":true,\"analyzed\":true,\"doc_values\":false,\"name\":\"plugin\",\"count\":3,\"scripted\":false},{\"type\":\"string\",\"indexed\":true,\"analyzed\":true,\"doc_values\":false,\"name\":\"collectd_type\",\"count\":5,\"scripted\":false}]"}}
13 | ,{"_index":".kibana","_type":"search","_id":"interface","_score":0,"_source":{"title":"interface","description":"","hits":0,"columns":["_source"],"sort":["@timestamp","desc"],"version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-*\",\"query\":{\"query_string\":{\"query\":\"plugin: \\\"interface\\\" AND plugin_instance: \\\"eth0\\\"\",\"analyze_wildcard\":true}},\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}}},\"filter\":[]}"}}}
14 | ,{"_index":".kibana","_type":"dashboard","_id":"hardware","_score":0,"_source":{"title":"hardware","hits":0,"description":"","panelsJSON":"[{\"col\":1,\"id\":\"cpu\",\"row\":4,\"size_x\":3,\"size_y\":3,\"type\":\"visualization\"},{\"col\":4,\"id\":\"memory\",\"row\":1,\"size_x\":9,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"df\",\"row\":1,\"size_x\":3,\"size_y\":3,\"type\":\"visualization\"},{\"col\":4,\"id\":\"swap\",\"row\":4,\"size_x\":9,\"size_y\":3,\"type\":\"visualization\"}]","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}]}"}}}
15 | ]
16 |
--------------------------------------------------------------------------------
/conf/es-kibana.json:
--------------------------------------------------------------------------------
1 | [
2 | {"_index":".kibana","_type":"config","_id":"4.0.2","_score":0,"_source":{"buildNum":6004,"defaultIndex":"logstash-*"}}
3 | ,{"_index":".kibana","_type":"search","_id":"syslog","_score":0,"_source":{"title":"syslog","description":"","hits":0,"columns":["_source"],"sort":["@timestamp","desc"],"version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-*\",\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}}},\"filter\":[],\"query\":{\"query_string\":{\"query\":\"type:syslog\",\"analyze_wildcard\":true}}}"}}}
4 | ,{"_index":".kibana","_type":"search","_id":"docker","_score":0,"_source":{"title":"docker","description":"","hits":0,"columns":["container_id","message"],"sort":["@timestamp","desc"],"version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-*\",\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}}},\"filter\":[],\"query\":{\"query_string\":{\"query\":\"container_id:*\",\"analyze_wildcard\":true}}}"}}}
5 | ,{"_index":".kibana","_type":"visualization","_id":"error-number","_score":0,"_source":{"title":"error-number","visState":"{\"type\":\"metric\",\"params\":{\"fontSize\":60},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}","description":"","savedSearchId":"error","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"}}}
6 | ,{"_index":".kibana","_type":"visualization","_id":"error","_score":0,"_source":{"title":"error-graph","visState":"{\n \"type\": \"histogram\",\n \"params\": {\n \"shareYAxis\": true,\n \"addTooltip\": true,\n \"addLegend\": true,\n \"mode\": \"stacked\",\n \"defaultYExtents\": false\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"type\": \"date_histogram\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"@timestamp\",\n \"interval\": \"auto\",\n \"min_doc_count\": 1,\n \"extended_bounds\": {}\n }\n }\n ],\n \"listeners\": {}\n}","description":"","savedSearchId":"error","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\n \"filter\": []\n}"}}}
7 | ,{"_index":".kibana","_type":"index-pattern","_id":"logstash-*","_score":0,"_source":{"title":"logstash-*","timeFieldName":"@timestamp","customFormats":"{}","fields":"[{\"type\":\"string\",\"indexed\":true,\"analyzed\":false,\"doc_values\":false,\"name\":\"container_id.raw\",\"count\":0,\"scripted\":false},{\"type\":\"string\",\"indexed\":true,\"analyzed\":true,\"doc_values\":false,\"name\":\"logsource\",\"count\":0,\"scripted\":false},{\"type\":\"string\",\"indexed\":false,\"analyzed\":false,\"name\":\"_source\",\"count\":1,\"scripted\":false},{\"type\":\"string\",\"indexed\":true,\"analyzed\":true,\"doc_values\":false,\"name\":\"type\",\"count\":2,\"scripted\":false},{\"type\":\"string\",\"indexed\":true,\"analyzed\":true,\"doc_values\":false,\"name\":\"severity_label\",\"count\":0,\"scripted\":false},{\"type\":\"string\",\"indexed\":true,\"analyzed\":false,\"doc_values\":false,\"name\":\"@version\",\"count\":0,\"scripted\":false},{\"type\":\"string\",\"indexed\":true,\"analyzed\":true,\"doc_values\":false,\"name\":\"timestamp\",\"count\":0,\"scripted\":false},{\"type\":\"string\",\"indexed\":true,\"analyzed\":false,\"name\":\"_type\",\"count\":1,\"scripted\":false},{\"type\":\"string\",\"indexed\":true,\"analyzed\":false,\"doc_values\":false,\"name\":\"pid.raw\",\"count\":0,\"scripted\":false},{\"type\":\"number\",\"indexed\":true,\"analyzed\":false,\"doc_values\":false,\"name\":\"facility\",\"count\":1,\"scripted\":false},{\"type\":\"string\",\"indexed\":false,\"analyzed\":false,\"name\":\"_id\",\"count\":0,\"scripted\":false},{\"type\":\"string\",\"indexed\":true,\"analyzed\":false,\"doc_values\":false,\"name\":\"host.raw\",\"count\":0,\"scripted\":false},{\"type\":\"number\",\"indexed\":true,\"analyzed\":false,\"doc_values\":false,\"name\":\"priority\",\"count\":1,\"scripted\":false},{\"type\":\"string\",\"indexed\":true,\"analyzed\":false,\"doc_values\":false,\"name\":\"facility_label.raw\",\"count\":0,\"scripted\":false},{\"type\":\"string\",\"indexed\":true,\"analyzed\":true,\"doc_values\":false,\"name\":\"host\",\"count\":1,\"scripted\":false},{\"type\":\"string\",\"indexed\":true,\"analyzed\":false,\"doc_values\":false,\"name\":\"program.raw\",\"count\":0,\"scripted\":false},{\"type\":\"string\",\"indexed\":true,\"analyzed\":false,\"doc_values\":false,\"name\":\"timestamp.raw\",\"count\":0,\"scripted\":false},{\"type\":\"string\",\"indexed\":false,\"analyzed\":false,\"name\":\"_index\",\"count\":0,\"scripted\":false},{\"type\":\"string\",\"indexed\":true,\"analyzed\":true,\"doc_values\":false,\"name\":\"pid\",\"count\":0,\"scripted\":false},{\"type\":\"number\",\"indexed\":true,\"analyzed\":false,\"doc_values\":false,\"name\":\"severity\",\"count\":0,\"scripted\":false},{\"type\":\"string\",\"indexed\":true,\"analyzed\":false,\"doc_values\":false,\"name\":\"logsource.raw\",\"count\":0,\"scripted\":false},{\"type\":\"string\",\"indexed\":true,\"analyzed\":false,\"doc_values\":false,\"name\":\"type.raw\",\"count\":0,\"scripted\":false},{\"type\":\"string\",\"indexed\":true,\"analyzed\":true,\"doc_values\":false,\"name\":\"message\",\"count\":3,\"scripted\":false},{\"type\":\"date\",\"indexed\":true,\"analyzed\":false,\"doc_values\":false,\"name\":\"@timestamp\",\"count\":0,\"scripted\":false},{\"type\":\"string\",\"indexed\":true,\"analyzed\":true,\"doc_values\":false,\"name\":\"program\",\"count\":1,\"scripted\":false},{\"type\":\"string\",\"indexed\":true,\"analyzed\":false,\"doc_values\":false,\"name\":\"severity_label.raw\",\"count\":0,\"scripted\":false},{\"type\":\"string\",\"indexed\":true,\"analyzed\":true,\"doc_values\":false,\"name\":\"facility_label\",\"count\":0,\"scripted\":false},{\"type\":\"string\",\"indexed\":true,\"analyzed\":true,\"doc_values\":false,\"name\":\"container_id\",\"count\":1,\"scripted\":false},{\"type\":\"geo_point\",\"indexed\":true,\"analyzed\":false,\"doc_values\":false,\"name\":\"geoip.location\",\"count\":0,\"scripted\":false}]"}}
8 | ,{"_index":".kibana","_type":"search","_id":"error","_score":0,"_source":{"title":"error","description":"","hits":0,"columns":["host","program","message"],"sort":["@timestamp","desc"],"version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-*\",\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}}},\"filter\":[],\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"error\"}}}"}}}
9 | ,{"_index":".kibana","_type":"dashboard","_id":"error","_score":0,"_source":{"title":"error","hits":0,"description":"","panelsJSON":"[{\"col\":1,\"id\":\"error\",\"row\":1,\"size_x\":10,\"size_y\":2,\"type\":\"visualization\"},{\"col\":11,\"id\":\"error-number\",\"row\":1,\"size_x\":2,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"error\",\"row\":3,\"size_x\":12,\"size_y\":4,\"type\":\"search\"}]","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}]}"}}}
10 | ]
11 |
--------------------------------------------------------------------------------
/conf/logstash_collectd.conf:
--------------------------------------------------------------------------------
1 | input {
2 | udp {
3 | port => 25826 # 25826 matches port specified in collectd.conf
4 | buffer_size => 1452 # 1452 is the default buffer size for Collectd
5 | codec => collectd { } # specific Collectd codec to invoke
6 | type => collectd
7 | }
8 | }
9 | output {
10 | stdout {
11 | codec => rubydebug
12 | }
13 | elasticsearch {
14 | hosts => db
15 | }
16 | }
17 |
--------------------------------------------------------------------------------
/conf/syslog.conf:
--------------------------------------------------------------------------------
1 | input {
2 | syslog {
3 | type => syslog
4 | port => 25826
5 | }
6 | }
7 |
8 | filter {
9 | if "docker/" in [program] {
10 | mutate {
11 | add_field => {
12 | "container_id" => "%{program}"
13 | }
14 | }
15 | mutate {
16 | gsub => [
17 | "container_id", "docker/", ""
18 | ]
19 | }
20 | mutate {
21 | update => [
22 | "program", "docker"
23 | ]
24 | }
25 | }
26 | }
27 |
28 | output {
29 | stdout {
30 | codec => rubydebug
31 | }
32 | elasticsearch {
33 | hosts => db
34 | }
35 | }
36 |
--------------------------------------------------------------------------------
/img/kibana.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vfarcic/docker-logging-elk/001fe9f03f0bc23cc12d3a6797eec2b2e855b87a/img/kibana.png
--------------------------------------------------------------------------------
/kibana/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM ubuntu:14.04
2 | MAINTAINER Viktor Farcic "viktor@farcic.com"
3 |
4 | RUN apt-get update
5 | RUN apt-get -y upgrade
6 | RUN apt-get -y install wget && \
7 | apt-get -y autoremove && \
8 | apt-get clean all
9 |
10 | ENV VERSION 4.0.2
11 | RUN wget https://download.elastic.co/kibana/kibana/kibana-$VERSION-linux-x64.tar.gz && \
12 | tar zxvf kibana-$VERSION-linux-x64.tar.gz && \
13 | rm kibana-$VERSION-linux-x64.tar.gz && \
14 | mkdir /kibana && \
15 | mv kibana-$VERSION-linux-x64/* /kibana/.
16 |
17 | ADD start.sh /kibana/start.sh
18 |
19 | EXPOSE 5601
20 | CMD ["/kibana/start.sh"]
21 |
--------------------------------------------------------------------------------
/kibana/README.md:
--------------------------------------------------------------------------------
1 | LogSTash
2 | ========
3 |
4 | To run Kibana linked to the ElasticSearch container:
5 |
6 | ```bash
7 | export PORT=9201
8 | sudo docker run -d --name kibana \
9 | -p $PORT:5601 \
10 | --link elasticsearch:db \
11 | vfarcic/kibana
12 | ```
--------------------------------------------------------------------------------
/kibana/start.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 |
3 | export ADDR=${DB_PORT_9200_TCP_ADDR:-elasticsearch}
4 | export PORT=${DB_PORT_9200_TCP_PORT:-9200}
5 |
6 | sed -i "s/^elasticsearch_url: .*$/elasticsearch_url: \"http:\/\/${ADDR}:${PORT}\"/g" /kibana/config/kibana.yml
7 |
8 | /kibana/bin/kibana
9 |
--------------------------------------------------------------------------------