Skip to content

Commit

Permalink
start rules for notification logs
Browse files Browse the repository at this point in the history
helps with #15
  • Loading branch information
widhalmt committed May 10, 2019
1 parent 98db46f commit 263b18a
Showing 1 changed file with 26 additions and 0 deletions.
26 changes: 26 additions & 0 deletions filter-50-notification.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
filter {
if [icinga][facility] == "Notification" {
if [message] =~ /^Sending / {
grok {
match => ["message","Sending '%{WORD:[icinga][notificationtype]}' notification '%{DATA:[icinga][notification]}' for user '%{DATA:[icinga][username]}'"]
id => "icinga_sendingnotification"
add_tag => "icinga_sendingnotification"
tag_on_failure => ["_grokparsefailure","icinga_sendingnotification_failed"]
add_field => {
"[icinga][eventtype]" => "sendingnotification"
}
}
} else if [message] =~ /^Completed sending / {
grok {
match => ["message","Completed sending '%{WORD:[icinga][notificationtype]}' notification '%{DATA:[icinga][notification]}' for checkable '%{DATA:[icinga][object]}' and user '%{DATA:[icinga][username]}'."]
id => "icinga_completedsendingnotification"
add_tag => "icinga_completedsendingnotification"
tag_on_failure => ["_grokparsefailure","icinga_completedsendingnotification_failed"]
add_field => {
"[icinga][eventtype]" => "completedsendingnotification"
}
}
}
}
}

0 comments on commit 263b18a

Please sign in to comment.