Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- input {
- syslog {
- type => "pfsense"
- }
- }
- filter {
- if [type] == "pfsense" {
- grok {
- patterns_dir => "/opt/logstash/patterns"
- match => [
- "message", "%{PFSENSE}" ]
- }
- if [prog] == "filterlog" {
- grok {
- patterns_dir => "/opt/logstash/patterns"
- match => [ "msg", "%{LOG_DATA}%{IP_SPECIFIC_DATA}%{IP_DATA}%{PROTOCOL_DATA}" ]
- }
- geoip {
- #database => "/opt/logstash/GeoLiteCity.dat"
- source => "src_ip"
- target => "geoip"
- add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ]
- add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}" ]
- }
- mutate {
- convert => [ "[geoip][coordinates]", "float" ]
- remove_tag => [ "_grokparsefailure" ]
- }
- }
- }
- }
- output {
- stdout { codec => dots }
- elasticsearch {
- protocol => "http"
- host => "elkserver"
- cluster => "mycluster"
- index => "pfsense-logs"
- }
- email {
- from => "myemail@gmail.com"
- to => "another-email@gmail.com"
- subject => "Logstash alert (TEST) "
- body => "This is email was send when the elkserver tries to get an IP "
- via => "smtp"
- options => [ "smtpIporHost" , "smtp.gmail.com",
- "port" , "465",
- "domain" , "smtp.gmail.com",
- "userName" , "myemail@gmail.com",
- "password" , "mypass",
- "authenticationType" , "plain",
- "starttls" , "true"
- ]
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
