SHOW:
|
|
- or go back to the newest paste.
1 | input { | |
2 | # relp { | |
3 | # type => "relp" | |
4 | # port => 2514 | |
5 | # } | |
6 | syslog { | |
7 | type => "syslog" | |
8 | - | port => 20514 |
8 | + | port => 514 |
9 | } | |
10 | } | |
11 | ||
12 | # From http://cookbook.logstash.net/recipes/syslog-pri/ | |
13 | filter { | |
14 | grok { | |
15 | type => "syslog" | |
16 | pattern => [ "<%{POSINT:syslog_pri}>%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{PROG:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" ] | |
17 | add_field => [ "received_at", "%{@timestamp}" ] | |
18 | add_field => [ "received_from", "%{@source_host}" ] | |
19 | } | |
20 | syslog_pri { | |
21 | type => "syslog" | |
22 | } | |
23 | date { | |
24 | type => "syslog" | |
25 | syslog_timestamp => [ "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ] | |
26 | } | |
27 | mutate { | |
28 | type => "syslog" | |
29 | exclude_tags => "_grokparsefailure" | |
30 | replace => [ "@source_host", "%{syslog_hostname}" ] | |
31 | replace => [ "@message", "%{syslog_message}" ] | |
32 | } | |
33 | mutate { | |
34 | type => "syslog" | |
35 | remove => [ "syslog_hostname", "syslog_message", "syslog_timestamp" ] | |
36 | } | |
37 | } | |
38 | ||
39 | output { | |
40 | #stdout { debug => true debug_format => "json" } | |
41 | elasticsearch { | |
42 | embedded => true | |
43 | } | |
44 | } |