Untitled

input {

    redis {

        key  => "logstash"

        data_type => "list"

        host => "127.0.0.1"

        port => 6379

  }

}

 

filter {

 

  if [type] == "maillog"

   {

      grok {

 

        match => [ "message", "(?<log_timestamp>%{MONTH:Month} %{MONTHDAY:Day} %{TIME:time}) %{HOST:sourcehost} %{SYSLOGPROG}: (?<queue_id>[0-9A-F]{10,15}): to=<(?<reciepient_id>%{GREEDYDATA:receipient_name}@%{JAVACLASS:receipient_domain})>, relay=%{GREEDYDATA:relay}, delay=%{NUMBER:delay}, delays=%{GREEDYDATA:delays}, dsn=%{NOTSPACE:dsn} status=%{WORD:status} %{GREEDYDATA}" ]

 

        match => [ "message", "(?<log_timestamp>%{MONTH:Month} %{MONTHDAY:Day} %{TIME:time}) %{HOST:sourcehost} %{SYSLOGPROG}: (?<queue_id>[0-9A-F]{10,15}): from=<%{GREEDYDATA:sent_to}>, status=%{WORD:status}, %{GREEDYDATA}" ]

 

        match => [ "message", "(?<log_timestamp>%{MONTH:Month} %{MONTHDAY:Day} %{TIME:time}) %{HOST:sourcehost} %{SYSLOGPROG}: %{GREEDYDATA}" ]

        named_captures_only => true

 

      }

      multiline {

        pattern => "^\/"

        what => "previous"

     }

     date {

        match => [ "log_timestamp", "MMM dd HH:mm:ss", "MMM  d YYY HH:mm:ss", "ISO8601" ]

     }

  }

 

  if [type] == "puppet"

    {

       drop {}

    }

}

output {

     stdout {}

     elasticsearch {

           embedded => true

     }

}