Fix for syslog timestamp pattern

HBPMedical · Nov 7, 2024 · e0d4da5 · e0d4da5
1 parent 15142c5
commit e0d4da5
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 6 deletions.
diff --git a/dev/docker-compose.yml b/dev/docker-compose.yml
@@ -13,6 +13,7 @@ services:
       interval: 30s
       timeout: 30s
       retries: 3
+
   exareme2_global_rabbitmq:
     image: madgik/exareme2_rabbitmq:${EXAREME2}
     ports:
@@ -193,13 +194,14 @@ services:
       ### LOGGER ###
       LOG_LEVEL: INFO
       LOG_LEVEL_FRAMEWORK: INFO
-      ALGORITHM_UPDATE_INTERVAL: 30     # seconds
+      FEDERATION: dementia
       ### Database ###
       PORTAL_DB_URL: jdbc:postgresql://portalbackend_db:5433/portal
       PORTAL_DB_SERVER: portalbackend_db:5433
       PORTAL_DB_USER: portal
       PORTAL_DB_PASSWORD: portalpwd
       ### Exareme2 ###
+      ALGORITHM_UPDATE_INTERVAL: 30     # seconds
       EXAREME2_URL: http://172.17.0.1:5000
       ### Keycloak ###
       AUTHENTICATION: 0
@@ -310,4 +312,5 @@ services:
 #      - '8443:8443'
 #    depends_on:
 #      - keycloak_db
-#    restart: unless-stopped
+#    restart: unless-stopped
+
diff --git a/elk_stack/logstash/pipeline/logstash.conf b/elk_stack/logstash/pipeline/logstash.conf
@@ -4,7 +4,7 @@ input
     port => 5010
     type => syslog
     codec => multiline {
-      pattern => "<%{NUMBER}>%{MONTH} %{MONTHDAY} %{TIME} %{DATA}: %{TIMESTAMP_ISO8601} %{GREEDYDATA}"
+      pattern => "<%{NUMBER}>%{MONTH}%{SPACE}%{MONTHDAY}%{SPACE}%{TIME}%{SPACE}%{DATA}: %{TIMESTAMP_ISO8601} %{GREEDYDATA}"
       negate => true
       what => "previous"
     }
@@ -20,13 +20,13 @@ filter {
     match => [      
 
       # ----- Match EXAREME2 logs -----
-      "message", "<%{NUMBER}>%{MONTH} %{MONTHDAY} %{TIME} %{DATA}: %{TIMESTAMP_ISO8601:log_timestamp} - %{LOGLEVEL:loglevel} - %{DATA:method} - \[%{DATA:federation}\] - \[%{DATA:service}\] - \[%{DATA:node_id}\] - \[%{DATA:request_id}\] - %{GREEDYDATA:log_message}",
+      "message", "<%{NUMBER}>%{MONTH}%{SPACE}%{MONTHDAY}%{SPACE}%{TIME}%{SPACE}%{DATA}: %{TIMESTAMP_ISO8601:log_timestamp} - %{LOGLEVEL:loglevel} - %{DATA:method} - \[%{DATA:federation}\] - \[%{DATA:service}\] - \[%{DATA:node_id}\] - \[%{DATA:request_id}\] - %{GREEDYDATA:log_message}",
 
       # ----- Match PORTAL-BACKEND user generated logs -----
-      "message", "<%{NUMBER}>%{MONTH} %{MONTHDAY} %{TIME} %{DATA}: %{TIMESTAMP_ISO8601:log_timestamp} - %{LOGLEVEL:loglevel}%{SPACE}- %{DATA:logger} - \[%{DATA:federation}\] - \[%{DATA:service}\] - User -> %{DATA:user} , Endpoint -> \(%{WORD:http_method}\) %{URIPATH:http_path} , Info -> %{GREEDYDATA:log_message}",
+      "message", "<%{NUMBER}>%{MONTH}%{SPACE}%{MONTHDAY}%{SPACE}%{TIME}%{SPACE}%{DATA}: %{TIMESTAMP_ISO8601:log_timestamp} - %{LOGLEVEL:loglevel}%{SPACE}- %{DATA:logger} - \[%{DATA:federation}\] - \[%{DATA:service}\] - User -> %{DATA:user} , Endpoint -> \(%{WORD:http_method}\) %{URIPATH:http_path} , Info -> %{GREEDYDATA:log_message}",
 
       # ----- Match PORTAL-BACKEND system generated logs -----
-      "message", "<%{NUMBER}>%{MONTH} %{MONTHDAY} %{TIME} %{DATA}: %{TIMESTAMP_ISO8601:log_timestamp} - %{LOGLEVEL:loglevel}%{SPACE}- %{DATA:logger} - \[%{DATA:federation}\] - \[%{DATA:service}\] - %{GREEDYDATA:log_message}"
+      "message", "<%{NUMBER}>%{MONTH}%{SPACE}%{MONTHDAY}%{SPACE}%{TIME}%{SPACE}%{DATA}: %{TIMESTAMP_ISO8601:log_timestamp} - %{LOGLEVEL:loglevel}%{SPACE}- %{DATA:logger} - \[%{DATA:federation}\] - \[%{DATA:service}\] - %{GREEDYDATA:log_message}"
     ]
 
     add_tag => [ "parsed" ]