-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathdocker-entrypoint.sh
executable file
·213 lines (201 loc) · 5.8 KB
/
docker-entrypoint.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
#!/bin/bash
# This creates filebeat configuration file based on environment variables
# set -x
# set -e
# These are the env vars
# FIDC_ORIGIN
# FIDC_API_KEY_ID
# FIDC_API_KEY_SECRET
# FIDC_LOG_SOURCE
# FIDC_LOG_START_TIME
# FIDC_LOG_END_TIME
# FIDC_PULL_INTERVAL
# FIDC_LOG_REQUEST_TIMEOUT
cd /opt/filebeat
TEMPLATE_FILE="filebeat.yml.template"
CONFIG_FILE="filebeat.yml"
if [[ -z "${FIDC_LOG_START_TIME}" ]]; then
cat >$TEMPLATE_FILE <<EOF
filebeat.inputs:
- type: httpjson
interval: ##FIDC_PULL_INTERVAL##
config_version: 2
request:
timeout: ##FIDC_LOG_REQUEST_TIMEOUT##
url: ##ORIGIN##/monitoring/logs/tail
transforms:
- set:
target: url.params.source
value: '##LOG_SOURCE##'
- set:
target: header.x-api-key
value: '##API_KEY_ID##'
- set:
target: header.x-api-secret
value: '##API_KEY_SECRET##'
EOF
else
cat >$TEMPLATE_FILE <<EOF
filebeat.inputs:
- type: httpjson
interval: ##FIDC_PULL_INTERVAL##
config_version: 2
auth.basic:
user: ##API_KEY_ID##
password: ##API_KEY_SECRET##
request:
timeout: ##FIDC_LOG_REQUEST_TIMEOUT##
url: ##ORIGIN##/monitoring/logs
transforms:
- set:
target: url.params.source
value: '##LOG_SOURCE##'
- set:
target: url.params.beginTime
value: '##LOG_START_TIME##'
EOF
if [[ ! -z "${FIDC_LOG_END_TIME}" ]]; then
cat >>$TEMPLATE_FILE <<EOF
- set:
target: url.params.endTime
value: '##LOG_END_TIME##'
EOF
fi
fi
cat >>$TEMPLATE_FILE <<EOF
- set:
target: url.params._pagedResultsCookie
value: '[[.last_response.body.pagedResultsCookie]]'
rate_limit:
limit: '[[.last_response.header.Get "x-ratelimit-limit"]]'
remaining: '[[.last_response.header.Get "x-ratelimit-remaining"]]'
reset: '[[.last_response.header.Get "x-ratelimit-reset"]]'
response.split:
target: body.result
type: array
transforms:
- set:
target: body.tenant
value: '##ORIGIN##'
processors:
- decode_json_fields:
fields: ["message"]
process_array: true
max_depth: 5
target: ""
overwrite_keys: true
add_error_key: true
- timestamp:
field: timestamp
ignore_failure: false
layouts:
- '2006-01-02T15:04:05.999999999Z'
test:
- '2021-03-16T16:39:40.410894588Z'
- drop_fields:
fields: ["timestamp"]
- if:
contains:
type: "text"
then:
- rename:
fields:
- from: "payload"
to: "text_payload"
- from: "source"
to: "fidc_source"
ignore_missing: false
fail_on_error: true
else:
- drop_event:
when:
equals:
payload.userId: "id=amadmin,ou=user,ou=am-config"
- extract_array:
when:
has_fields: ['payload.http.request.headers.x-forwarded-for']
field: payload.http.request.headers.x-forwarded-for
fail_on_error: false
ignore_missing: true
mappings:
payload.http.request.headers.x-forwarded-for-extracted: 0
- dissect:
when:
has_fields: ['payload.http.request.headers.x-forwarded-for-extracted']
tokenizer: "%{payload.http.request.client_ip}, %{ip2}, %{ip3}"
field: "payload.http.request.headers.x-forwarded-for-extracted"
target_prefix: ""
ignore_failure: true
trim_values: all
- extract_array:
when:
has_fields: ['payload.http.request.headers.user-agent']
field: payload.http.request.headers.user-agent
fail_on_error: false
ignore_missing: true
mappings:
payload.http.request.headers.user-agent-extracted: 0
- drop_fields:
fields: ["ip2", "ip3", "payload.http.request.headers.x-forwarded-for", "payload.http.request.headers.user-agent"]
ignore_missing: true
- rename:
fields:
- from: "payload.response.detail"
to: "payload.response.message"
ignore_missing: true
fail_on_error: false
- rename:
fields:
- from: "payload"
to: "json_payload"
- from: "source"
to: "fidc_source"
ignore_missing: false
fail_on_error: true
output.elasticsearch:
hosts: ["http://elk:9200"]
pipeline: geoip-and-useragent
allow_older_versions: true
setup.template:
type: "index"
append_fields:
- name: json_payload
type: object
- name: text_payload
type: text
- name: geoip.location
type: geo_point
EOF
# set values in config file from env vars
sed \
-e "s@##FIDC_LOG_REQUEST_TIMEOUT##@${FIDC_LOG_REQUEST_TIMEOUT:-1m}@g" \
-e "s@##FIDC_PULL_INTERVAL##@${FIDC_PULL_INTERVAL:-10s}@g" \
-e "s@##ORIGIN##@$FIDC_ORIGIN@g" \
-e "s@##API_KEY_ID##@$FIDC_API_KEY_ID@g" \
-e "s@##API_KEY_SECRET##@$FIDC_API_KEY_SECRET@g" \
-e "s@##LOG_SOURCE##@$FIDC_LOG_SOURCE@g" \
-e "s@##LOG_START_TIME##@$FIDC_LOG_START_TIME@g" \
-e "s@##LOG_END_TIME##@$FIDC_LOG_END_TIME@g" \
$TEMPLATE_FILE >$CONFIG_FILE
#./filebeat -e -c $CONFIG_FILE
#rm -f $CONFIG_FILE
# wait for Kibana
if [ -z "$KIBANA_URL" ]; then
KIBANA_URL=http://elk:5601
fi
counter=0
echo "Will wait for 60s for Kibana to start ..."
while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' ${KIBANA_URL}/api/status)" != "200" && $counter -lt 180 ]]; do
sleep 1
((counter++))
echo "waiting for Kibana to respond ($counter/180)"
done
if [[ "$(curl -s -o /dev/null -w ''%{http_code}'' ${KIBANA_URL}/api/status)" != "200" ]]; then
echo "Timed out waiting for Kibana to respond. Exiting."
exit 1
fi
# Add filebeat as command if needed
if [ "${1:0:1}" = '-' ]; then
set -- filebeat "$@"
fi
exec "$@"