Graylog2
Graylog2 is an open source log management solution that stores your logs in ElasticSearch.
Clean up DB
http://wiki.hackspherelabs.com/index.php?title=Graylog2#Clean_Out_Graylog2_DB
"Cure" for high CPU usage:
- service graylog2 stop
- cd /opt/elasticsearch-0.19.9/data/graylog2
- rm * -rf
- /opt/mongo/bin/mongo
- use graylog2
- db.message_counts.remove()
- db.hosts.remove()
- exit
- service graylog2 start
Send log from python to graylog2 through GELF
See details in https://pypi.python.org/pypi/graypy
Install with easy_install graypy .
1 #file name testGelf.py
2 import logging
3 import graypy
4
5 my_logger = logging.getLogger('test_logger')
6 my_logger.setLevel(logging.DEBUG)
7
8 handler = graypy.GELFHandler('192.168.1.123', 12201)
9 my_logger.addHandler(handler)
10
11 my_logger.debug('Hello Graylog2.')
12 my_logger.debug('Hello Graylog2, %s.'%(datetime.datetime.now() ))
13 my_logger.info('Inf hello Graylog2, %s.'%(datetime.datetime.now() ))
On graylog2 the following columns are used:
- From: hostx
- Date: Tue Dec 10 13:14:50 +0000 2013
- Severity: Debug
- Facility: test_logger
- File: testGelf.py:10
thread_name: MainThread
function: <module>
process_name: MainProcess
- pid: 27663
Drools example .drl
rule "IMEI"
when
m : GELFMessage( shortMessage matches ".*\\s\\d{15}\\s.*" )
then
Matcher matcher = Pattern.compile("\\s(\\d{15})\\s").matcher(m.getShortMessage());
if (matcher.find()) {
m.addAdditionalData("_imei", matcher.group(1) );
}
end
rule "IP Port"
when
m : GELFMessage( shortMessage matches "^.*\\s\\d+.\\d+.\\d+.\\d+:\\d+\\s.*" )
then
Matcher matcher = Pattern.compile("\\s(\\d+.\\d+.\\d+.\\d+):(\\d+)\\s").matcher(m.getShortMessage());
if (matcher.find()) {
m.addAdditionalData("_ipaddr", matcher.group(1) );
m.addAdditionalData("_port", matcher.group(2) );
}
end