/
example.conf
115 lines (109 loc) · 4.01 KB
/
example.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
## It is a example to make a call when it goes to over 5 times 500_errors in a minutes.
##
## * Apache LogFormat (httpd.conf)
## LogFormat "%V %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined
##
## * Target Website
## www.example.com
##
## * required plugin
## fluent-plugin-rewrite-tag-filter
## fluent-plugin-datacounter
## fluent-plugin-notifier
## fluent-plugin-parser
## fluent-plugin-boundio
## following an access_log
<source>
type tail
path /var/log/httpd/access_log
format /^(?<domain>[^ ]*) (?<host>[^ ]*) [^ ]* (?<user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^ ]*) +\S*)?" (?<status>[^ ]*) (?<size>[^ ]*)(?: "(?<referer>[^\"]*)" "(?<agent>[^\"]*)" (?<response_time>[^ ]*))?$/
time_format %d/%b/%Y:%H:%M:%S %z
tag log.apache.access
pos_file /var/log/td-agent/apache_access.pos
</source>
## extract the target domain and rewrite tag name to site.ExampleWebSite
<match log.apache.access>
type rewrite_tag_filter
rewriterule1 domain ^www.example.com$ site.ExampleWebSite
</match>
## count values of "status" by each pattern
# Record Sample:
# site.ExampleWebSite: {"domain":"www.example.com","host":"127.0.0.1","user":"-","method":"GET","path":"/home","status":"200","size":"12121","referer":"-","agent":"Wget","response_time":"0"}
<match site.ExampleWebSite>
type copy
<store>
type stdout
</store>
<store>
type datacounter
unit minute
count_key status
tag count.responsecode.ExampleWebSite
aggregate all
pattern1 200 ^200$
pattern2 2xx ^2\d\d$
pattern3 301 ^301$
pattern4 302 ^302$
pattern5 3xx ^3\d\d$
pattern6 403 ^403$
pattern7 404 ^404$
pattern8 410 ^410$
pattern9 4xx ^4\d\d$
pattern10 500 ^5\d\d$
outcast_unmatched false
</store>
</match>
## output a record when the "status_500" value exceed threshold.
# Record Sample:
# count.responsecode.ExampleWebSite: {"unmatched_count":0,"unmatched_rate":0.0,"unmatched_percentage":0.0,"200_count":0,"200_rate":0.0,"200_percentage":0.0,"2xx_count":0,"2xx_rate":0.0,"2xx_percentage":0.0,"301_count":0,"301_rate":0.0,"301_percentage":0.0,"302_count":0,"302_rate":0.0,"302_percentage":0.0,"3xx_count":0,"3xx_rate":0.0,"3xx_percentage":0.0,"403_count":0,"403_rate":0.0,"403_percentage":0.0,"404_count":0,"404_rate":0.0,"404_percentage":0.0,"410_count":0,"410_rate":0.0,"410_percentage":0.0,"4xx_count":0,"4xx_rate":0.0,"4xx_percentage":0.0,"500_count":20,"500_rate":0.33,"500_percentage":100.0}
<match count.responsecode.ExampleWebSite>
type copy
<store>
type stdout
</store>
<store>
type notifier
input_tag_remove_prefix count.responsecode
<def>
pattern status_500
check numeric_upward
warn_threshold 5
crit_threshold 20
tag alert.http_500_error
target_key_pattern ^500_count$
</def>
</store>
</match>
## build an alert message
# Record Sample:
# alert.http_500_error: {"pattern":"status_500","target_tag":"ExampleWebSite","target_key":"500_count","check_type":"numeric_upward","level":"crit","threshold":20.0,"value":20.0,"message_time":"2012-10-18 20:08:52 +0900"}
<match alert.http_500_error>
type copy
<store>
type stdout
</store>
<store>
type deparser
tag notify.call
# format WebSite has down level %s. The service of %s %s is exceed %s times. This threshold is %s now. Thank you.
format サイトが落ちました。レベルは%s。%sの%sが%s回を超えました。しきい値は%sです。対応お願いします。
format_key_names level,target_tag,target_key,value,threshold
key_name message
reserve_data no
</store>
</match>
# make a call to 09012345678
<match notify.call>
type copy
<store>
type stdout
</store>
<store>
type boundio
user_serial_id YOUR_BOUNDIO_USER_SERIAL_ID
api_key YOUR_BOUNDIO_API_KEY
user_key YOUR_BOUNDIO_USER_KEY
default_number 09012345678
developer_tool yes
</store>
</match>