Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- root@log01:~# cat /etc/logstash/logstash.conf
- input {
- redis {
- host => "10.81.168.151"
- type => "redis"
- data_type => "list"
- key => "logstash"
- }
- }
- filter {
- if [type] == "syslog" {
- grok {
- overwrite => "message"
- match => {
- "message" => "^(?:<%{POSINT:syslog_pri}>)?%{SYSLOGTIMESTAMP:timestamp} %{IPORHOST:hostname} (?:%{PROG:program}(?:\[%{POSINT:pid}\])?: )?%{GREEDYDATA:message}"
- }
- }
- mutate {
- remove_field => [ "hostname" ]
- }
- }
- }
- filter {
- grok {
- type => "nginxaccess"
- overwrite => "message"
- match => {
- "message" => "%{IPORHOST:proxy_addr} - %{USERNAME:remote_user} \[%{HTTPDATE:timestamp}\] %{GREEDYDATA:message}"
- }
- }
- mutate {
- type => "nginxaccess"
- add_field => [ "program", "Nginx" ]
- }
- }
- filter {
- grok {
- type => "nginxerror"
- overwrite => "message"
- match => {
- "message" => "%{DATESTAMP:timestamp} %{GREEDYDATA:message}"
- }
- }
- mutate {
- type => "nginxerror"
- add_field => [ "program", "Nginx" ]
- }
- }
- filter {
- json {
- type => "appmachine"
- source => "message"
- }
- grok {
- overwrite => "message"
- match => {
- "@message" => "%{GREEDYDATA:message}"
- }
- }
- mutate {
- remove_field => [ "@message" ]
- }
- }
- output {
- stdout { }
- elasticsearch {
- host => "127.0.0.1"
- cluster => "logstash"
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement