SHOW:
|
|
- or go back to the newest paste.
1 | # Where to get input | |
2 | input { | |
3 | - | # syslog inputs |
3 | + | |
4 | - | tcp { |
4 | + | |
5 | - | port => 5000 |
5 | + | |
6 | - | type => "syslog" |
6 | + | |
7 | tags => ["nagios"] | |
8 | - | udp { |
8 | + | |
9 | - | port => 5000 |
9 | + | |
10 | - | type => "syslog" |
10 | + | |
11 | ||
12 | # Some Filtering | |
13 | filter { | |
14 | #Nagios filter | |
15 | if [type] == "nagios" { | |
16 | grok { | |
17 | match => { "message" => "%{NAGIOSLOGLINE}" } | |
18 | } | |
19 | } | |
20 | } | |
21 | - | # Logspout input |
21 | + | |
22 | - | tcp { |
22 | + | |
23 | - | codec => "json_lines" |
23 | + | |
24 | - | port => 5006 |
24 | + | |
25 | - | tags => ["docker"] |
25 | + | |
26 | - | type => "logspout" |
26 | + | |
27 | } | |
28 | ||
29 | - | # Log4j application input |
29 | + | |
30 | - | log4j { |
30 | + | |
31 | - | codec => "json_lines" |
31 | + | |
32 | - | port => 4560 |
32 | + | |
33 | - | tags => ["applogs"] |
33 | + | |
34 | - | type => "log4j" |
34 | + | |
35 | protocol => "http" | |
36 | user => logstash | |
37 | password => logstash | |
38 | } | |
39 | } | |
40 | - | # syslog filter |
40 | + | |
41 | - | if [type] == "syslog" { |
41 | + | |
42 | elasticsearch { | |
43 | - | match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" } |
43 | + | |
44 | - | add_field => [ "received_at", "%{@timestamp}" ] |
44 | + | |
45 | - | add_field => [ "received_from", "%{host}" ] |
45 | + | |
46 | protocol => "http" | |
47 | - | syslog_pri { } |
47 | + | |
48 | - | date { |
48 | + | |
49 | - | match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ] |
49 | + | |
50 | } |