Logstash Alerting Extension

AppDynamics Logstash - Alerting Extension

 

This alerting extension is only meant for on-premise controllers.

 

Use Case

The Logstash Alerting Extension enables AppDynamics to post custom notifications to Logstash in JSON format. Logstash is an open source tool which is part of the ElasticSearch family, used for managing events and logs. It comes with different plugins for collecting, parsing and outputting logs. It also comes with a web interface for searching and drilling into your logs. For more info, see http://logstash.net/.

 

Prerequisites

  1. You have a running instance of logstash.

  2. You have configured your logstash to use the tcp input plugin in server mode, see http://logstash.net/docs/1.4.2/inputs/tcp. For examples:

    Non-SSL TCP config:

    input {                                                                                                                                           
     tcp {
      host => "localhost"
      mode => "server"
      port => 3333
      type => "AppDynamics Alert"
     }
    }
    

    SSL TCP config with Self Signed Certificate:

    input {                                                                                                                                         
     tcp {
      host => "192.168.57.1"
      mode => "server"
      port => 3334
      ssl_enable => true
      ssl_key => "/my/path/to/ssl-key/privkey.pem"
      ssl_cert => "/my/path/to/ssl-cert/newcert.pem"
      ssl_key_passphrase => "nopassphrase"
      type => "AppDynamics Alert"
     }
    }
    

 

Installation Steps

 

  1. Download the zip file and unzip it into <CONTROLLER_HOME_DIR>/custom/actions/. You should have <CONTROLLER_HOME_DIR>/custom/actions/logstash-alert created.

  2. Check if you have custom.xml file in <CONTROLLER_HOME_DIR>/custom/actions/ directory. If yes, add the following xml to the <custom-actions> element.

      <action>
              <type>logstash-alert</type>
          <!-- For Linux/Unix *.sh -->
              <executable>logstash-alert.sh</executable>
          <!-- For windows *.bat -->
              <!--<executable>logstash-alert.bat</executable>-->
      </action>
    

    If you don't have custom.xml already, create one with the below xml content

      <custom-actions>
          <action>
              <type>logstash-alert</type>
            <!-- For Linux/Unix *.sh -->
              <executable>logstash-alert.sh</executable>
            <!-- For windows *.bat -->
              <!--<executable>logstash-alert.bat</executable>-->
            </action>
        </custom-actions>
    

    Uncomment the appropriate executable tag based on windows or linux/unix machine.

  3. Update the config.yaml file in <CONTROLLER_HOME_DIR>/custom/actions/logstash-alert/conf/.

Configuration

 

1. config.yml

Note: Please make sure to not use tab (\t) while editing yaml files. You may want to validate the yaml file using a yaml validator.

ParamDescription
hostThe TCP hostname, i.e. host value specified in logstash's tcp config
portThe TCP port number, i.e. port value specified in logstash's tcp config
showEvaluationDetailsIf set to true, the message posted will contain the evaluation details that triggered the alert
sslThis section includes all SSL related config
enableIf set to true, SSL connection is used - must provide all other SSL info below
allowSelfSignedCertIf set to true, Self Signed Certificate used by Logstash is accepted without the need to import the certificate in your truststore (no need to provide any details about keystore and truststore).
keystorePathThe keystore's path (absolute path and relative path from logstash-alert extension install dir are accepted)
keystorePasswordThe keystore password
keystorePathThe truststore's path (absolute path and relative path from logstash-alert extension install dir are accepted)
truststorePasswordThe truststore password

Below is an example config using SSL:

host: localhost

port: 3334

showEvaluationDetails: true

ssl:
  enable: true
  allowSelfSignedCert: false
  keystorePath: "conf/client_cert/keystore.jks" #example of relative path
  keystorePassword: "password"
  truststorePath: "/home/fsarmiento/AppDynamics/Controller/custom/actions/logstash-alert/conf/client_cert/keystore.jks" #example of absolute path
  truststorePassword: "password"

2. Creating Custom Actions:

  1. To create a Custom Action, first refer to the the following topics (requires login):

  2. Now you are ready to use this extension as a custom action. In the AppDynamics UI, go to Alert & Respond -> Actions. Click Create Action. Select Custom Action and click OK. In the drop-down menu you can find the action called 'logstash-alert'.

  3. You can now check the newly created event in Logstash web interface for example.

LogstashEventScreenshot.png

 

Contributing

Find out more in the AppDynamics Exchange

 

Support

For any questions or feature request, please contact AppDynamics Center of Excellence.

 

Version: 1.0.1 Controller Compatibility: 3.7+