SHOW:
|
|
- or go back to the newest paste.
| 1 | input {
| |
| 2 | # relp {
| |
| 3 | # type => "relp" | |
| 4 | # port => 2514 | |
| 5 | # } | |
| 6 | syslog {
| |
| 7 | type => "syslog" | |
| 8 | - | port => 20514 |
| 8 | + | port => 514 |
| 9 | } | |
| 10 | } | |
| 11 | ||
| 12 | # From http://cookbook.logstash.net/recipes/syslog-pri/ | |
| 13 | filter {
| |
| 14 | grok {
| |
| 15 | type => "syslog" | |
| 16 | pattern => [ "<%{POSINT:syslog_pri}>%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{PROG:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" ]
| |
| 17 | add_field => [ "received_at", "%{@timestamp}" ]
| |
| 18 | add_field => [ "received_from", "%{@source_host}" ]
| |
| 19 | } | |
| 20 | syslog_pri {
| |
| 21 | type => "syslog" | |
| 22 | } | |
| 23 | date {
| |
| 24 | type => "syslog" | |
| 25 | syslog_timestamp => [ "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ] | |
| 26 | } | |
| 27 | mutate {
| |
| 28 | type => "syslog" | |
| 29 | exclude_tags => "_grokparsefailure" | |
| 30 | replace => [ "@source_host", "%{syslog_hostname}" ]
| |
| 31 | replace => [ "@message", "%{syslog_message}" ]
| |
| 32 | } | |
| 33 | mutate {
| |
| 34 | type => "syslog" | |
| 35 | remove => [ "syslog_hostname", "syslog_message", "syslog_timestamp" ] | |
| 36 | } | |
| 37 | } | |
| 38 | ||
| 39 | output {
| |
| 40 | #stdout { debug => true debug_format => "json" }
| |
| 41 | elasticsearch {
| |
| 42 | embedded => true | |
| 43 | } | |
| 44 | } |
