Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- input {
- file {
- path => "/home/htpcguides/syslog/*.log"
- start_position => "beginning"
- type => "syslog"
- }
- }
- filter {
- if [type] == "syslog" {
- grok {
- break_on_match => false
- match => [
- "message", "%{TIMESTAMP_ISO8601:@timestamp} (?<message-body>(?<message_system_info>(?:\[%{DATA:message_thread_id} %{DATA:syslog_level} \'%{DATA:message_service}\'\ ?%{DATA:message_opID}])) \[%{DATA:message_service_info}]\ (?<message-syslog>(%{GREEDYDATA})))",
- "message", "%{TIMESTAMP_ISO8601:@timestamp} (?<message-body>(?<message_system_info>(?:\[%{DATA:message_thread_id} %{DATA:syslog_level} \'%{DATA:message_service}\'\ ?%{DATA:message_opID}])) (?<message-syslog>(%{GREEDYDATA})))",
- "message", "<%{POSINT:syslog_pri}>%{TIMESTAMP_ISO8601:@timestamp} %{GREEDYDATA:message-syslog}"
- ]}
- }
- }
- output {
- elasticsearch { hosts => ["localhost:9200"] }
- stdout { codec => rubydebug }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
