If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

marketplace-dev, -altdev, -stage and -prod are missing CEF configuration for metlog

RESOLVED FIXED

Status

Marketplace
General
RESOLVED FIXED
5 years ago
5 years ago

People

(Reporter: vng, Assigned: vng)

Tracking

x86_64
Linux
Points:
---
Dependency tree / graph

Details

(Assignee)

Description

5 years ago
Marketplace in all enviroments is missing sufficient configuration for metlog-cef

The metlog_cef plugin should look like this:

'plugins': {'cef': ('metlog_cef_cef_plugin:config_plugin', {
  'syslog_facility': 'LOCAL4',
  'syslog_ident': CEF_PRODUCT,
  'syslog_priority': 'INFO',
})}

The production configuration works properly because it is still using logstash which puts in a default facility of LOCAL4 if one is not found and applies the default facility to create a valid syslog priority.

heka-0.1.1-2 currently doesn't use a default, and doesn't try to decode the client supplied facility - thus it creates an invalid syslog priority value.
(Assignee)

Updated

5 years ago
Blocks: 848876
(Assignee)

Comment 1

5 years ago
:jason- I've updated the configuration for marketplace-altdev, can we get a push out to -altdev after the new hekad has been pushed out to logstash1, logstash2 (bug 849915).
Depends on: 849915
(Assignee)

Comment 2

5 years ago
marketplace-altdev is routing messages correctly into arcsight now.  

If you need to view the messages yourself, you need to be provisioned in arcsight with the "Phx Logger - Marketplace group" setting.
Assignee: nobody → vng
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
(Assignee)

Comment 3

5 years ago
final patch for zamboni production landed in f2e2b361c499837d3710e2b61e5318e6e5dfb812
You need to log in before you can comment on or make changes to this bug.