SHARE
TWEET

Logstash.conf

a guest Nov 20th, 2014 425 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. input {
  2.       tcp {
  3.         port => 8333
  4.         MODE => "server"
  5.       }
  6. }
  7.  
  8. filter {
  9.  json {
  10.    source => "message"
  11.  }
  12.  IF [type] =="syslog" {
  13.      grok {
  14.         patterns_dir => "/opt/logstash/patterns"
  15.         match => { "message" => "^(?:<%{POSINT:syslog_pri}>)?%{SYSLOGTIMESTAMP:timestamp} %{IPORHOST:org} (?:%{PROG:program}(?:\[%{POSINT:pid}\])?: )?%{GREEDYDATA:payload}"
  16.           overwrite => "message"
  17.         }
  18.       }
  19.     syslog_pri {
  20.     }
  21.   }
  22.   IF [type] == "nginx" {
  23.     grok {
  24.       patterns_dir => "/opt/logstash/patterns"
  25.       match => { "message" => "%{INT:pid} %{IPORHOST:remote_addr} \[%{HTTPDATE:time_local}\] \[%{NUMBER:req_time}\] %{QS:request} %{INT:status} %{INT:body_bytes_sent} %{IPORHOST:host_header} %{NUMBER:connection} %{QS:http_referer} %{QS:http_user_agent}"
  26.         overwrite => "message"
  27.       }
  28.     }
  29.   }
  30.   IF [type] == "php-fpm" {
  31.     mutate {
  32.       add_field => { "facility" => "php-fpm" }
  33.     }
  34.     grok {
  35.       patterns_dir => "/opt/logstash/patterns/"
  36.       match => { "message" => "%{PHPFPMERRORLOG}"
  37.         overwrite => "path"
  38.       }
  39.     }
  40.     grok {
  41.       patterns_dir => "/etc/logstash/patterns/"
  42.       match => { "path" => "%{PHPNOTCOLON}:%{NUMBER:line}"
  43.         overwrite => "line"
  44.       }
  45.     }
  46.     date {
  47.         match => ["timestamp", "dd-MMM-yyyy HH:mm:ss Z", "dd-MMM-yyyy HH:mm:ss", "yyyy-MM-dd'T'HH:mm:ss", "yyyy-MM-dd HH:mm:ss", "MMM dd HH:mm:ss yyyy" ]
  48.     }
  49.   }
  50. }
  51.  
  52. OUTPUT {
  53.       stdout {
  54.         codec => rubydebug
  55.      }
  56.       elasticsearch {
  57.         host => "localhost"
  58.         protocol => "http"
  59.       }
  60. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top