Add Icinga module to Filebeat

CHANGELOG.asciidoc

@@ -27,6 +27,7 @@ https://github.com/elastic/beats/compare/v5.1.1...master[Check the HEAD diff]
 - Remove code to convert states from 1.x. {pull}3767[3767]
 - Remove deprecated config options force_close_files and close_older. {pull}3768[3768]
 - Change clean_removed behaviour to also remove states for files which cannot be found anymore under the same name. {pull}3827[3827]
+- Add Icinga module. {pull}3904[3904]
 
 *Heartbeat*
 

filebeat/docs/fields.asciidoc

@@ -16,6 +16,7 @@ grouped in the following categories:
 * <<exported-fields-auditd>>
 * <<exported-fields-beat>>
 * <<exported-fields-cloud>>
+* <<exported-fields-icinga>>
 * <<exported-fields-log>>
 * <<exported-fields-mysql>>
 * <<exported-fields-nginx>>
@@ -575,6 +576,112 @@ Name of the project in Google Cloud.
 Region in which this host is running.
 
 
+[[exported-fields-icinga]]
+== Icinga Fields
+
+Icinga Module
+
+
+
+[float]
+== icinga Fields
+
+
+
+
+[float]
+== debug Fields
+
+Contains fields for the Icinga debug logs.
+
+
+
+[float]
+=== icinga.debug.facility
+
+type: keyword
+
+Specifies what component of Icinga logged the message.
+
+
+[float]
+=== icinga.debug.severity
+
+type: keyword
+
+Possible values are "debug", "notice", "information", "warning" or "critical".
+
+
+[float]
+=== icinga.debug.message
+
+type: text
+
+The logged message.
+
+
+[float]
+== main Fields
+
+Contains fields for the Icinga main logs.
+
+
+
+[float]
+=== icinga.main.facility
+
+type: keyword
+
+Specifies what component of Icinga logged the message.
+
+
+[float]
+=== icinga.main.severity
+
+type: keyword
+
+Possible values are "debug", "notice", "information", "warning" or "critical".
+
+
+[float]
+=== icinga.main.message
+
+type: text
+
+The logged message.
+
+
+[float]
+== startup Fields
+
+Contains fields for the Icinga startup logs.
+
+
+
+[float]
+=== icinga.startup.facility
+
+type: keyword
+
+Specifies what component of Icinga logged the message.
+
+
+[float]
+=== icinga.startup.severity
+
+type: keyword
+
+Possible values are "debug", "notice", "information", "warning" or "critical".
+
+
+[float]
+=== icinga.startup.message
+
+type: text
+
+The logged message.
+
+
 [[exported-fields-log]]
 == Log File Content Fields
 

filebeat/docs/modules/icinga.asciidoc

@@ -0,0 +1,33 @@
+////
+This file is generated! See scripts/docs_collector.py
+////
+
+[[filebeat-module-icinga]]
+== Icinga module
+
+This module parses the main, debug and startup log of https://www.icinga.com/products/icinga-2/[Icinga].
+
+[float]
+=== Compatibility
+
+The Icinga module was tested with Icinga >= 2.x on various Linux and Windows
+systems.
+
+This module is not available for macOS
+
+[float]
+=== Icinga fileset settings
+
+[float]
+==== var.paths
+
+An array of paths where to look for the log files. If left empty, Filebeat
+will choose the paths depending on your operating systems.
+
+
+[float]
+=== Fields
+
+For a description of each field in the metricset, see the
+<<exported-fields-icinga,exported fields>> section.
+

filebeat/docs/modules_list.asciidoc

@@ -5,6 +5,7 @@ This file is generated! See scripts/docs_collector.py
   * <<filebeat-modules-overview>>
   * <<filebeat-module-apache2>>
   * <<filebeat-module-auditd>>
+  * <<filebeat-module-icinga>>
   * <<filebeat-module-mysql>>
   * <<filebeat-module-nginx>>
   * <<filebeat-module-system>>
@@ -15,6 +16,7 @@ This file is generated! See scripts/docs_collector.py
 include::modules-overview.asciidoc[]
 include::modules/apache2.asciidoc[]
 include::modules/auditd.asciidoc[]
+include::modules/icinga.asciidoc[]
 include::modules/mysql.asciidoc[]
 include::modules/nginx.asciidoc[]
 include::modules/system.asciidoc[]

filebeat/filebeat.full.yml

@@ -69,6 +69,44 @@ filebeat.modules:
     # can be added under this section.
     #prospector:
 
+#------------------------------- Icinga Module -------------------------------
+#- module: icinga
+  # Main logs
+  #main:
+    #enabled: true
+
+    # Set custom paths for the log files. If left empty,
+    # Filebeat will choose the paths depending on your OS.
+    #var.paths:
+
+    # Prospector configuration (advanced). Any prospector configuration option
+    # can be added under this section.
+    #prospector:
+
+  # Debug logs
+  #debug:
+    #enabled: true
+
+    # Set custom paths for the log files. If left empty,
+    # Filebeat will choose the paths depending on your OS.
+    #var.paths:
+
+    # Prospector configuration (advanced). Any prospector configuration option
+    # can be added under this section.
+    #prospector:
+
+  # Startup logs
+  #startup:
+    #enabled: true
+
+    # Set custom paths for the log files. If left empty,
+    # Filebeat will choose the paths depending on your OS.
+    #var.paths:
+
+    # Prospector configuration (advanced). Any prospector configuration option
+    # can be added under this section.
+    #prospector:
+
 #-------------------------------- MySQL Module -------------------------------
 #- module: mysql
   # Error logs

filebeat/module/icinga/_meta/config.full.yml

@@ -0,0 +1,36 @@
+#- module: icinga
+  # Main logs
+  #main:
+    #enabled: true
+
+    # Set custom paths for the log files. If left empty,
+    # Filebeat will choose the paths depending on your OS.
+    #var.paths:
+
+    # Prospector configuration (advanced). Any prospector configuration option
+    # can be added under this section.
+    #prospector:
+
+  # Debug logs
+  #debug:
+    #enabled: true
+
+    # Set custom paths for the log files. If left empty,
+    # Filebeat will choose the paths depending on your OS.
+    #var.paths:
+
+    # Prospector configuration (advanced). Any prospector configuration option
+    # can be added under this section.
+    #prospector:
+
+  # Startup logs
+  #startup:
+    #enabled: true
+
+    # Set custom paths for the log files. If left empty,
+    # Filebeat will choose the paths depending on your OS.
+    #var.paths:
+
+    # Prospector configuration (advanced). Any prospector configuration option
+    # can be added under this section.
+    #prospector:

filebeat/module/icinga/_meta/config.yml

@@ -0,0 +1 @@
+#- module: icinga

filebeat/module/icinga/_meta/docs.asciidoc

@@ -0,0 +1,20 @@
+== Icinga module
+
+This module parses the main, debug and startup log of https://www.icinga.com/products/icinga-2/[Icinga].
+
+[float]
+=== Compatibility
+
+The Icinga module was tested with Icinga >= 2.x on various Linux and Windows
+systems.
+
+This module is not available for macOS
+
+[float]
+=== Icinga fileset settings
+
+[float]
+==== var.paths
+
+An array of paths where to look for the log files. If left empty, Filebeat
+will choose the paths depending on your operating systems.

filebeat/module/icinga/_meta/fields.yml

@@ -0,0 +1,9 @@
+- key: icinga
+  title: "Icinga"
+  description: >
+    Icinga Module
+  fields:
+    - name: icinga
+      type: group
+      description: >
+      fields:

filebeat/module/icinga/_meta/kibana/dashboard/26309570-2419-11e7-a83b-d5f4cebac9ff.json

@@ -0,0 +1,13 @@
+{
+  "hits": 0, 
+  "timeRestore": false, 
+  "description": "", 
+  "title": "Icinga Debug Log", 
+  "uiStateJSON": "{}", 
+  "panelsJSON": "[{\"size_x\":6,\"size_y\":3,\"panelIndex\":1,\"type\":\"visualization\",\"id\":\"0bc34b60-2419-11e7-a83b-d5f4cebac9ff\",\"col\":1,\"row\":1},{\"size_x\":6,\"size_y\":3,\"panelIndex\":2,\"type\":\"visualization\",\"id\":\"fb09d4b0-2418-11e7-a83b-d5f4cebac9ff\",\"col\":7,\"row\":1},{\"size_x\":12,\"size_y\":29,\"panelIndex\":3,\"type\":\"search\",\"id\":\"c876e6a0-2418-11e7-a83b-d5f4cebac9ff\",\"col\":1,\"row\":4,\"columns\":[\"icinga.debug.facility\",\"icinga.debug.severity\",\"icinga.debug.message\"],\"sort\":[\"@timestamp\",\"desc\"]}]", 
+  "optionsJSON": "{\"darkTheme\":false}", 
+  "version": 1, 
+  "kibanaSavedObjectMeta": {
+    "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}}}]}"
+  }
+}

filebeat/module/icinga/_meta/kibana/dashboard/b9163ea0-2417-11e7-a83b-d5f4cebac9ff.json

@@ -0,0 +1,13 @@
+{
+  "hits": 0, 
+  "timeRestore": false, 
+  "description": "", 
+  "title": "Icinga Startup Errors", 
+  "uiStateJSON": "{}", 
+  "panelsJSON": "[{\"size_x\":12,\"size_y\":2,\"panelIndex\":1,\"type\":\"visualization\",\"id\":\"a59b5e00-2417-11e7-a83b-d5f4cebac9ff\",\"col\":1,\"row\":1},{\"size_x\":12,\"size_y\":13,\"panelIndex\":2,\"type\":\"search\",\"id\":\"710043e0-2417-11e7-a83b-d5f4cebac9ff\",\"col\":1,\"row\":3,\"columns\":[\"icinga.startup.facility\",\"icinga.startup.severity\",\"icinga.startup.message\"],\"sort\":[\"@timestamp\",\"desc\"]}]", 
+  "optionsJSON": "{\"darkTheme\":false}", 
+  "version": 1, 
+  "kibanaSavedObjectMeta": {
+    "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}}}]}"
+  }
+}

filebeat/module/icinga/_meta/kibana/dashboard/f693d260-2417-11e7-a83b-d5f4cebac9ff.json

@@ -0,0 +1,13 @@
+{
+  "hits": 0, 
+  "timeRestore": false, 
+  "description": "", 
+  "title": "Icinga Main Log", 
+  "uiStateJSON": "{}", 
+  "panelsJSON": "[{\"col\":7,\"id\":\"d8e5dc40-2417-11e7-a83b-d5f4cebac9ff\",\"panelIndex\":1,\"row\":1,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"columns\":[\"icinga.main.facility\",\"icinga.main.severity\",\"icinga.main.message\"],\"id\":\"ffaf5a30-2413-11e7-a0d9-39604d45ca7f\",\"panelIndex\":2,\"row\":4,\"size_x\":12,\"size_y\":25,\"sort\":[\"@timestamp\",\"desc\"],\"type\":\"search\"},{\"size_x\":6,\"size_y\":3,\"panelIndex\":3,\"type\":\"visualization\",\"id\":\"2cf77780-2418-11e7-a83b-d5f4cebac9ff\",\"col\":1,\"row\":1}]", 
+  "optionsJSON": "{\"darkTheme\":false}", 
+  "version": 1, 
+  "kibanaSavedObjectMeta": {
+    "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}]}"
+  }
+}

filebeat/module/icinga/_meta/kibana/search/710043e0-2417-11e7-a83b-d5f4cebac9ff.json

@@ -0,0 +1,18 @@
+{
+  "sort": [
+    "@timestamp", 
+    "desc"
+  ], 
+  "hits": 0, 
+  "description": "", 
+  "title": "Icinga Startup Errors", 
+  "version": 1, 
+  "kibanaSavedObjectMeta": {
+    "searchSourceJSON": "{\"index\":\"filebeat-*\",\"highlightAll\":true,\"query\":{\"query_string\":{\"query\":\"icinga.startup.severity:critical\",\"analyze_wildcard\":true}},\"filter\":[]}"
+  }, 
+  "columns": [
+    "icinga.startup.facility", 
+    "icinga.startup.severity", 
+    "icinga.startup.message"
+  ]
+}

filebeat/module/icinga/_meta/kibana/search/c876e6a0-2418-11e7-a83b-d5f4cebac9ff.json

@@ -0,0 +1,18 @@
+{
+  "sort": [
+    "@timestamp", 
+    "desc"
+  ], 
+  "hits": 0, 
+  "description": "", 
+  "title": "Icinga Debug Log", 
+  "version": 1, 
+  "kibanaSavedObjectMeta": {
+    "searchSourceJSON": "{\"index\":\"filebeat-*\",\"highlightAll\":true,\"query\":{\"query_string\":{\"query\":\"source:*icinga2\\\\/debug.log\",\"analyze_wildcard\":true}},\"filter\":[]}"
+  }, 
+  "columns": [
+    "icinga.debug.facility", 
+    "icinga.debug.severity", 
+    "icinga.debug.message"
+  ]
+}

filebeat/module/icinga/_meta/kibana/search/ffaf5a30-2413-11e7-a0d9-39604d45ca7f.json

@@ -0,0 +1,18 @@
+{
+  "sort": [
+    "@timestamp", 
+    "desc"
+  ], 
+  "hits": 0, 
+  "description": "", 
+  "title": "Icinga Main Log", 
+  "version": 1, 
+  "kibanaSavedObjectMeta": {
+    "searchSourceJSON": "{\"index\":\"filebeat-*\",\"highlightAll\":true,\"query\":{\"query_string\":{\"query\":\"source:*icinga2.log\",\"analyze_wildcard\":true}},\"filter\":[]}"
+  }, 
+  "columns": [
+    "icinga.main.facility", 
+    "icinga.main.severity", 
+    "icinga.main.message"
+  ]
+}