Advertisement
Guest User

Untitled

a guest
Sep 30th, 2015
162
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.28 KB | None | 0 0
  1. input {
  2.  
  3. #################################### HEARTBEAT
  4.  
  5. heartbeat {
  6. interval => 300
  7. type => "heartbeat"
  8. }
  9.  
  10. ####################################Cisco
  11.  
  12. udp {
  13. port => 60606
  14. type => syslog
  15. }
  16.  
  17. #################################### sysLog
  18.  
  19. tcp {
  20. port => 10514
  21. type => syslog
  22. }
  23.  
  24. #################################### vmWare
  25.  
  26. tcp {
  27. port => 1514
  28. type => syslog
  29. }
  30.  
  31. ################################### GELF
  32.  
  33. gelf {
  34. codec => "plain"
  35. host => "0.0.0.0"
  36. port => 12201
  37. type => "gelf"
  38. }
  39.  
  40. ################################ ERLANG
  41. udp {
  42. codec => "json"
  43. host => "0.0.0.0"
  44. port => 12211
  45. type => "erlang"
  46. }
  47.  
  48.  
  49. }
  50.  
  51.  
  52. filter {
  53. if [type] == "syslog" {
  54. grok {
  55. match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
  56. add_field => [ "received_at", "%{@timestamp}" ]
  57. add_field => [ "received_from", "%{host}" ]
  58. }
  59. syslog_pri { }
  60. date {
  61. match => [ "syslog_timestamp", "ISO8601", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
  62. add_tag => "Syslog Timestamped"
  63. locale => "en"
  64.  
  65. }
  66. }
  67. }
  68.  
  69.  
  70. output {
  71.  
  72. elasticsearch {
  73. cluster => "cloud"
  74. }
  75.  
  76. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement