Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ####Logstash Config
- input {
- beats {
- port => 5044
- }
- }
- filter {
- if [source] == "/var/log/syslog" {
- grok {
- match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
- }
- date {
- match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
- }
- }
- }
- output {
- elasticsearch {
- hosts => "localhost:9200"
- manage_template => false
- index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
- document_type => "%{[@metadata][type]}"
- }
- }
- ####Sample syslog line
- {"@timestamp":"2016-03-07T20:05:04.491Z","beat":{"hostname":"base","name":"base"},"count":1,"fields":null,"input_type":"log","message":"Mar 7 12:05:01 base CRON[15517]: (root) CMD (command -v debian-sa1 \u003e /dev/null \u0026\u0026 debian-sa1 1 1)","offset":119040,"source":"/var/log/syslog","type":"log"}
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
