From d09254c6dee94f28774304de1ef7aad0ce41b0d0 Mon Sep 17 00:00:00 2001
From: Mike Pham <tp6510@att.com>
Date: Wed, 28 Nov 2018 17:14:48 -0500
Subject: [PATCH] Modify Fluentbit to add appropriate tags

Adding auth tags for the logs to support special filter
for openstack and application security logs

Change-Id: Ifbd2395e4268d8d8fc4a2a3ac4d351db3d3e0845
---
 fluent-logging/values.yaml | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/fluent-logging/values.yaml b/fluent-logging/values.yaml
index 056320d50..7b8212a70 100644
--- a/fluent-logging/values.yaml
+++ b/fluent-logging/values.yaml
@@ -288,6 +288,35 @@ conf:
               key: level
               pattern: CRITICAL
               tag: critical.${tag}
+      #NOTE(tp6510): This prefixes the tag for auth entries
+      # it allows for lookups on openstack logs with
+      # a particular auth log (ie: auth.openstack.keystone)
+    - tag_auth_log:
+        header: match
+        type: rewrite_tag_filter
+        expression: "*.openstack.**"
+        rule:
+          -
+            - header: rule
+              key: application
+              pattern: keystone
+              tag: auth.${tag}
+            - header: rule
+              key: application
+              pattern: horizon
+              tag: auth.${tag}
+            - header: rule
+              key: application
+              pattern: mariadb
+              tag: auth.${tag}
+            - header: rule
+              key: application
+              pattern: memcached
+              tag: auth.${tag}
+            - header: rule
+              key: application
+              pattern: rabbitmq
+              tag: auth.${tag}
     - journal_elasticsearch:
         header: match
         type: elasticsearch