Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- input {
- #################################### HEARTBEAT
- heartbeat {
- interval => 300
- type => "heartbeat"
- }
- ####################################Cisco
- udp {
- port => 60606
- type => syslog
- }
- #################################### sysLog
- tcp {
- port => 10514
- type => syslog
- }
- #################################### vmWare
- tcp {
- port => 1514
- type => syslog
- }
- ################################### GELF
- gelf {
- codec => "plain"
- host => "0.0.0.0"
- port => 12201
- type => "gelf"
- }
- ################################ ERLANG
- udp {
- codec => "json"
- host => "0.0.0.0"
- port => 12211
- type => "erlang"
- }
- }
- filter {
- if [type] == "syslog" {
- grok {
- match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
- add_field => [ "received_at", "%{@timestamp}" ]
- add_field => [ "received_from", "%{host}" ]
- }
- syslog_pri { }
- date {
- match => [ "syslog_timestamp", "ISO8601", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
- add_tag => "Syslog Timestamped"
- locale => "en"
- }
- }
- }
- output {
- elasticsearch {
- cluster => "cloud"
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
