add rules for tcpsocket

Icinga · May 28, 2019 · 7fbc30d · 7fbc30d
1 parent f3f2ad6
commit 7fbc30d
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 1 deletion.
diff --git a/doc/30-namingscheme.md b/doc/30-namingscheme.md
@@ -82,4 +82,4 @@ grep -Pho "\[icinga\]\[[^\[]*?\]" filter-* | sort -u | sed -e "s@\[icinga\]\[@@;
 
 These are all fieldnames in use for filter-50-configs to date:
 
-*agent, bytes, checkablespending, checkablesrate, checkinterval, checknext, checkoriginal, checktime, clientendpoint, clienthost, clientport, component, configfilecount, connectedendpoints, currentepoch, currentmaster, dbinstance, detail, direction, epochcurrent, epochreceived, errorcode, eventtype, facility, filecount, filterversion, hostname, hostport, httpclientip, httpclientport, idlecheckables, items01min, items05min, items15min, itemscount, itemsrate, listenerhost, logposition, message, messagecount, messagetype, metriclist, name, nomessageduration, notification, notificationcount, notificationtype, object, objectdetails, objectname, objecttype, path, pid, plugin, port, pugin, receivedepoch, remainingclients, severity, signal, sslerrorcode, sslerrordetails, statefile, tbd, timestamp, user, username, workerdetail, workerfacility, workerid, zone*
+*agent, bytes, checkablespending, checkablesrate, checkinterval, checknext, checkoriginal, checktime, clientendpoint, clienthost, clientport, code, component, configfilecount, connectedendpoints, currentepoch, currentmaster, dbinstance, detail, direction, epochcurrent, epochreceived, errorcode, eventtype, facility, filecount, filterversion, hostname, hostport, httpclientip, httpclientport, idlecheckables, items01min, items05min, items15min, itemscount, itemsrate, listenerhost, logposition, message, messagecount, messagetype, metriclist, name, nomessageduration, notification, notificationcount, notificationtype, object, objectdetails, objectname, objecttype, path, pid, plugin, port, pugin, receivedepoch, remainingclients, severity, signal, sslerrorcode, sslerrordetails, statefile, tbd, timestamp, user, username, workerdetail, workerfacility, workerid, zone*
diff --git a/filter-50-tcpsocket.conf b/filter-50-tcpsocket.conf
@@ -0,0 +1,15 @@
+filter {
+  if [icinga][facility] == "TcpSocket" {
+    if [message] =~ /^getaddrinfo\(\) failed with error code .+, ".+"\nContext:\n\t\(0\) Reconnecting to Graphite '.+'/ {
+      grok {
+        match => ["message","getaddrinfo\(\) failed with error code %{NUMBER:[icinga][code]}, \"%{DATA:[icinga][message]}\"\nContext:\n\t\(0\) Reconnecting to Graphite '%{DATA:[icinga][name]}'"]
+        id => "icinga_getaddrinfofailed"
+        add_tag => "icinga_getaddrinfofailed"
+        tag_on_failure => ["_grokparsefailure","icinga_getaddrinfofailed_failed"]
+        add_field => {
+          "[icinga][eventtype]" => "getaddrinfo_failed"
+        }
+      }
+    }
+  }
+}