2017-08-10 19:36:11 +00:00
|
|
|
// +build !solaris
|
|
|
|
|
2016-06-02 17:47:15 +00:00
|
|
|
package logparser
|
|
|
|
|
|
|
|
import (
|
|
|
|
"log"
|
2017-06-16 20:16:48 +00:00
|
|
|
"strings"
|
2016-06-02 17:47:15 +00:00
|
|
|
"sync"
|
|
|
|
|
2017-03-29 21:25:33 +00:00
|
|
|
"github.com/influxdata/tail"
|
2016-06-02 17:47:15 +00:00
|
|
|
"github.com/influxdata/telegraf"
|
|
|
|
"github.com/influxdata/telegraf/internal/globpath"
|
|
|
|
"github.com/influxdata/telegraf/plugins/inputs"
|
2018-07-14 06:22:59 +00:00
|
|
|
"github.com/influxdata/telegraf/plugins/parsers"
|
2016-06-02 17:47:15 +00:00
|
|
|
// Parsers
|
|
|
|
)
|
|
|
|
|
2017-09-11 18:56:04 +00:00
|
|
|
const (
|
|
|
|
defaultWatchMethod = "inotify"
|
|
|
|
)
|
|
|
|
|
2017-06-05 21:45:11 +00:00
|
|
|
// LogParser in the primary interface for the plugin
|
2018-07-14 06:22:59 +00:00
|
|
|
type GrokConfig struct {
|
|
|
|
MeasurementName string `toml:"measurement"`
|
|
|
|
Patterns []string
|
|
|
|
NamedPatterns []string
|
|
|
|
CustomPatterns string
|
|
|
|
CustomPatternFiles []string
|
2018-10-03 19:58:21 +00:00
|
|
|
Timezone string
|
2019-02-27 02:04:45 +00:00
|
|
|
UniqueTimestamp string
|
2016-06-02 17:47:15 +00:00
|
|
|
}
|
|
|
|
|
2017-08-07 23:16:31 +00:00
|
|
|
type logEntry struct {
|
|
|
|
path string
|
|
|
|
line string
|
|
|
|
}
|
|
|
|
|
2017-06-05 21:45:11 +00:00
|
|
|
// LogParserPlugin is the primary struct to implement the interface for logparser plugin
|
2016-06-02 17:47:15 +00:00
|
|
|
type LogParserPlugin struct {
|
|
|
|
Files []string
|
|
|
|
FromBeginning bool
|
2017-09-11 18:56:04 +00:00
|
|
|
WatchMethod string
|
2016-06-02 17:47:15 +00:00
|
|
|
|
2017-02-01 14:11:39 +00:00
|
|
|
tailers map[string]*tail.Tail
|
2017-08-07 23:16:31 +00:00
|
|
|
lines chan logEntry
|
2016-06-02 17:47:15 +00:00
|
|
|
done chan struct{}
|
|
|
|
wg sync.WaitGroup
|
|
|
|
acc telegraf.Accumulator
|
|
|
|
|
|
|
|
sync.Mutex
|
|
|
|
|
2018-07-14 06:22:59 +00:00
|
|
|
GrokParser parsers.Parser
|
|
|
|
GrokConfig GrokConfig `toml:"grok"`
|
2016-06-02 17:47:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
const sampleConfig = `
|
|
|
|
## Log files to parse.
|
|
|
|
## These accept standard unix glob matching rules, but with the addition of
|
|
|
|
## ** as a "super asterisk". ie:
|
|
|
|
## /var/log/**.log -> recursively find all .log files in /var/log
|
|
|
|
## /var/log/*/*.log -> find all .log files with a parent dir in /var/log
|
|
|
|
## /var/log/apache.log -> only tail the apache log file
|
2016-08-04 15:25:35 +00:00
|
|
|
files = ["/var/log/apache/access.log"]
|
2017-06-16 20:16:48 +00:00
|
|
|
|
2017-02-01 14:11:39 +00:00
|
|
|
## Read files that currently exist from the beginning. Files that are created
|
|
|
|
## while telegraf is running (and that match the "files" globs) will always
|
|
|
|
## be read from the beginning.
|
2016-06-02 17:47:15 +00:00
|
|
|
from_beginning = false
|
|
|
|
|
2017-09-11 18:56:04 +00:00
|
|
|
## Method used to watch for file updates. Can be either "inotify" or "poll".
|
|
|
|
# watch_method = "inotify"
|
|
|
|
|
2016-06-02 17:47:15 +00:00
|
|
|
## Parse logstash-style "grok" patterns:
|
|
|
|
[inputs.logparser.grok]
|
|
|
|
## This is a list of patterns to check the given log file(s) for.
|
|
|
|
## Note that adding patterns here increases processing time. The most
|
|
|
|
## efficient configuration is to have one pattern per logparser.
|
|
|
|
## Other common built-in patterns are:
|
|
|
|
## %{COMMON_LOG_FORMAT} (plain apache & nginx access logs)
|
|
|
|
## %{COMBINED_LOG_FORMAT} (access logs + referrer & agent)
|
2016-08-04 15:25:35 +00:00
|
|
|
patterns = ["%{COMBINED_LOG_FORMAT}"]
|
2017-06-16 20:16:48 +00:00
|
|
|
|
2016-07-18 11:27:46 +00:00
|
|
|
## Name of the outputted measurement name.
|
2016-08-04 15:25:35 +00:00
|
|
|
measurement = "apache_access_log"
|
2017-06-16 20:16:48 +00:00
|
|
|
|
2016-06-02 17:47:15 +00:00
|
|
|
## Full path(s) to custom pattern files.
|
|
|
|
custom_pattern_files = []
|
2017-06-16 20:16:48 +00:00
|
|
|
|
2016-06-02 17:47:15 +00:00
|
|
|
## Custom patterns can also be defined here. Put one pattern per line.
|
|
|
|
custom_patterns = '''
|
2018-10-19 06:26:42 +00:00
|
|
|
'''
|
2017-06-16 20:16:48 +00:00
|
|
|
|
|
|
|
## Timezone allows you to provide an override for timestamps that
|
2017-06-05 21:45:11 +00:00
|
|
|
## don't already include an offset
|
|
|
|
## e.g. 04/06/2016 12:41:45 data one two 5.43µs
|
|
|
|
##
|
|
|
|
## Default: "" which renders UTC
|
|
|
|
## Options are as follows:
|
|
|
|
## 1. Local -- interpret based on machine localtime
|
|
|
|
## 2. "Canada/Eastern" -- Unix TZ values like those found in https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
|
|
|
|
## 3. UTC -- or blank/unspecified, will return timestamp in UTC
|
2018-10-19 06:26:42 +00:00
|
|
|
# timezone = "Canada/Eastern"
|
2019-02-27 02:04:45 +00:00
|
|
|
|
|
|
|
## When set to "disable", timestamp will not incremented if there is a
|
|
|
|
## duplicate.
|
|
|
|
# unique_timestamp = "auto"
|
2016-06-02 17:47:15 +00:00
|
|
|
`
|
|
|
|
|
2017-06-05 21:45:11 +00:00
|
|
|
// SampleConfig returns the sample configuration for the plugin
|
2016-06-02 17:47:15 +00:00
|
|
|
func (l *LogParserPlugin) SampleConfig() string {
|
|
|
|
return sampleConfig
|
|
|
|
}
|
|
|
|
|
2017-06-05 21:45:11 +00:00
|
|
|
// Description returns the human readable description for the plugin
|
2016-06-02 17:47:15 +00:00
|
|
|
func (l *LogParserPlugin) Description() string {
|
|
|
|
return "Stream and parse log file(s)."
|
|
|
|
}
|
|
|
|
|
2017-06-05 21:45:11 +00:00
|
|
|
// Gather is the primary function to collect the metrics for the plugin
|
2016-06-02 17:47:15 +00:00
|
|
|
func (l *LogParserPlugin) Gather(acc telegraf.Accumulator) error {
|
2017-02-01 14:11:39 +00:00
|
|
|
l.Lock()
|
|
|
|
defer l.Unlock()
|
|
|
|
|
|
|
|
// always start from the beginning of files that appear while we're running
|
|
|
|
return l.tailNewfiles(true)
|
2016-06-02 17:47:15 +00:00
|
|
|
}
|
|
|
|
|
2017-06-05 21:45:11 +00:00
|
|
|
// Start kicks off collection of stats for the plugin
|
2016-06-02 17:47:15 +00:00
|
|
|
func (l *LogParserPlugin) Start(acc telegraf.Accumulator) error {
|
|
|
|
l.Lock()
|
|
|
|
defer l.Unlock()
|
|
|
|
|
|
|
|
l.acc = acc
|
2017-08-07 23:16:31 +00:00
|
|
|
l.lines = make(chan logEntry, 1000)
|
2016-06-02 17:47:15 +00:00
|
|
|
l.done = make(chan struct{})
|
2017-02-01 14:11:39 +00:00
|
|
|
l.tailers = make(map[string]*tail.Tail)
|
2016-06-02 17:47:15 +00:00
|
|
|
|
2018-10-17 18:43:58 +00:00
|
|
|
mName := "logparser"
|
|
|
|
if l.GrokConfig.MeasurementName != "" {
|
|
|
|
mName = l.GrokConfig.MeasurementName
|
|
|
|
}
|
|
|
|
|
2016-06-02 17:47:15 +00:00
|
|
|
// Looks for fields which implement LogParser interface
|
2018-07-14 06:22:59 +00:00
|
|
|
config := &parsers.Config{
|
2018-10-17 18:43:58 +00:00
|
|
|
MetricName: mName,
|
2018-07-14 06:22:59 +00:00
|
|
|
GrokPatterns: l.GrokConfig.Patterns,
|
|
|
|
GrokNamedPatterns: l.GrokConfig.NamedPatterns,
|
|
|
|
GrokCustomPatterns: l.GrokConfig.CustomPatterns,
|
|
|
|
GrokCustomPatternFiles: l.GrokConfig.CustomPatternFiles,
|
2018-10-03 19:58:21 +00:00
|
|
|
GrokTimezone: l.GrokConfig.Timezone,
|
2019-02-27 02:04:45 +00:00
|
|
|
GrokUniqueTimestamp: l.GrokConfig.UniqueTimestamp,
|
2018-07-14 06:22:59 +00:00
|
|
|
DataFormat: "grok",
|
2016-06-02 17:47:15 +00:00
|
|
|
}
|
|
|
|
|
2018-07-14 06:22:59 +00:00
|
|
|
var err error
|
|
|
|
l.GrokParser, err = parsers.NewParser(config)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
2016-06-02 17:47:15 +00:00
|
|
|
}
|
|
|
|
|
2017-02-01 14:11:39 +00:00
|
|
|
l.wg.Add(1)
|
|
|
|
go l.parser()
|
|
|
|
|
|
|
|
return l.tailNewfiles(l.FromBeginning)
|
|
|
|
}
|
|
|
|
|
|
|
|
// check the globs against files on disk, and start tailing any new files.
|
|
|
|
// Assumes l's lock is held!
|
|
|
|
func (l *LogParserPlugin) tailNewfiles(fromBeginning bool) error {
|
2016-06-02 17:47:15 +00:00
|
|
|
var seek tail.SeekInfo
|
2017-02-01 14:11:39 +00:00
|
|
|
if !fromBeginning {
|
2016-06-02 17:47:15 +00:00
|
|
|
seek.Whence = 2
|
|
|
|
seek.Offset = 0
|
|
|
|
}
|
|
|
|
|
2017-09-11 18:56:04 +00:00
|
|
|
var poll bool
|
|
|
|
if l.WatchMethod == "poll" {
|
|
|
|
poll = true
|
|
|
|
}
|
|
|
|
|
2016-06-02 17:47:15 +00:00
|
|
|
// Create a "tailer" for each file
|
|
|
|
for _, filepath := range l.Files {
|
|
|
|
g, err := globpath.Compile(filepath)
|
|
|
|
if err != nil {
|
2016-09-30 21:37:56 +00:00
|
|
|
log.Printf("E! Error Glob %s failed to compile, %s", filepath, err)
|
2016-07-18 13:44:25 +00:00
|
|
|
continue
|
2016-06-02 17:47:15 +00:00
|
|
|
}
|
2016-07-18 13:44:25 +00:00
|
|
|
files := g.Match()
|
2017-02-01 14:11:39 +00:00
|
|
|
|
2018-12-18 22:23:25 +00:00
|
|
|
for _, file := range files {
|
2017-02-01 14:11:39 +00:00
|
|
|
if _, ok := l.tailers[file]; ok {
|
|
|
|
// we're already tailing this file
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
2016-06-02 17:47:15 +00:00
|
|
|
tailer, err := tail.TailFile(file,
|
|
|
|
tail.Config{
|
2016-07-18 13:44:25 +00:00
|
|
|
ReOpen: true,
|
|
|
|
Follow: true,
|
|
|
|
Location: &seek,
|
|
|
|
MustExist: true,
|
2017-09-11 18:56:04 +00:00
|
|
|
Poll: poll,
|
2017-08-16 19:06:07 +00:00
|
|
|
Logger: tail.DiscardingLogger,
|
2016-06-02 17:47:15 +00:00
|
|
|
})
|
2017-07-26 00:08:03 +00:00
|
|
|
if err != nil {
|
|
|
|
l.acc.AddError(err)
|
|
|
|
continue
|
|
|
|
}
|
2016-07-18 13:44:25 +00:00
|
|
|
|
2018-09-18 16:23:45 +00:00
|
|
|
log.Printf("D! [inputs.logparser] tail added for file: %v", file)
|
|
|
|
|
2016-06-02 17:47:15 +00:00
|
|
|
// create a goroutine for each "tailer"
|
|
|
|
l.wg.Add(1)
|
|
|
|
go l.receiver(tailer)
|
2017-02-01 14:11:39 +00:00
|
|
|
l.tailers[file] = tailer
|
2016-06-02 17:47:15 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-04-24 18:13:26 +00:00
|
|
|
return nil
|
2016-06-02 17:47:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// receiver is launched as a goroutine to continuously watch a tailed logfile
|
|
|
|
// for changes and send any log lines down the l.lines channel.
|
|
|
|
func (l *LogParserPlugin) receiver(tailer *tail.Tail) {
|
|
|
|
defer l.wg.Done()
|
|
|
|
|
|
|
|
var line *tail.Line
|
|
|
|
for line = range tailer.Lines {
|
2017-02-01 14:11:39 +00:00
|
|
|
|
2016-06-02 17:47:15 +00:00
|
|
|
if line.Err != nil {
|
2016-09-30 21:37:56 +00:00
|
|
|
log.Printf("E! Error tailing file %s, Error: %s\n",
|
2016-06-02 17:47:15 +00:00
|
|
|
tailer.Filename, line.Err)
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
2017-06-16 20:16:48 +00:00
|
|
|
// Fix up files with Windows line endings.
|
|
|
|
text := strings.TrimRight(line.Text, "\r")
|
|
|
|
|
2017-08-07 23:16:31 +00:00
|
|
|
entry := logEntry{
|
|
|
|
path: tailer.Filename,
|
|
|
|
line: text,
|
|
|
|
}
|
|
|
|
|
2016-06-02 17:47:15 +00:00
|
|
|
select {
|
|
|
|
case <-l.done:
|
2017-08-07 23:16:31 +00:00
|
|
|
case l.lines <- entry:
|
2016-06-02 17:47:15 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-07-14 06:22:59 +00:00
|
|
|
// parse is launched as a goroutine to watch the l.lines channel.
|
|
|
|
// when a line is available, parse parses it and adds the metric(s) to the
|
2016-06-02 17:47:15 +00:00
|
|
|
// accumulator.
|
|
|
|
func (l *LogParserPlugin) parser() {
|
|
|
|
defer l.wg.Done()
|
|
|
|
|
|
|
|
var m telegraf.Metric
|
|
|
|
var err error
|
2017-08-07 23:16:31 +00:00
|
|
|
var entry logEntry
|
2016-06-02 17:47:15 +00:00
|
|
|
for {
|
|
|
|
select {
|
|
|
|
case <-l.done:
|
|
|
|
return
|
2017-08-07 23:16:31 +00:00
|
|
|
case entry = <-l.lines:
|
|
|
|
if entry.line == "" || entry.line == "\n" {
|
2016-06-02 17:47:15 +00:00
|
|
|
continue
|
|
|
|
}
|
|
|
|
}
|
2018-07-14 06:22:59 +00:00
|
|
|
m, err = l.GrokParser.ParseLine(entry.line)
|
|
|
|
if err == nil {
|
|
|
|
if m != nil {
|
|
|
|
tags := m.Tags()
|
|
|
|
tags["path"] = entry.path
|
2018-10-17 18:43:58 +00:00
|
|
|
l.acc.AddFields(m.Name(), m.Fields(), tags, m.Time())
|
2016-06-02 17:47:15 +00:00
|
|
|
}
|
2018-07-14 06:22:59 +00:00
|
|
|
} else {
|
|
|
|
log.Println("E! Error parsing log line: " + err.Error())
|
2016-06-02 17:47:15 +00:00
|
|
|
}
|
2018-07-14 06:22:59 +00:00
|
|
|
|
2016-06-02 17:47:15 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-06-05 21:45:11 +00:00
|
|
|
// Stop will end the metrics collection process on file tailers
|
2016-06-02 17:47:15 +00:00
|
|
|
func (l *LogParserPlugin) Stop() {
|
|
|
|
l.Lock()
|
|
|
|
defer l.Unlock()
|
|
|
|
|
|
|
|
for _, t := range l.tailers {
|
|
|
|
err := t.Stop()
|
2018-06-29 23:15:33 +00:00
|
|
|
|
|
|
|
//message for a stopped tailer
|
|
|
|
log.Printf("D! tail dropped for file: %v", t.Filename)
|
|
|
|
|
2016-06-02 17:47:15 +00:00
|
|
|
if err != nil {
|
2016-09-30 21:37:56 +00:00
|
|
|
log.Printf("E! Error stopping tail on file %s\n", t.Filename)
|
2016-06-02 17:47:15 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
close(l.done)
|
|
|
|
l.wg.Wait()
|
|
|
|
}
|
|
|
|
|
|
|
|
func init() {
|
|
|
|
inputs.Add("logparser", func() telegraf.Input {
|
2017-09-11 18:56:04 +00:00
|
|
|
return &LogParserPlugin{
|
|
|
|
WatchMethod: defaultWatchMethod,
|
|
|
|
}
|
2016-06-02 17:47:15 +00:00
|
|
|
})
|
|
|
|
}
|