blob: cd5959910a3611936d0c706ab38bea8ba421bd39 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
input {
file {
type => "syslog"
# path => [ "/var/log/*.log", "/var/log/messages", "/var/log/syslog" ]
path => "/var/log/messages"
start_position => "beginning"
}
}
filter {
# An filter may change the regular expression used to match a record or a field,
# alter the value of parsed fields, add or remove fields, etc.
#
# if [type] == "syslog" {
# grok {
# #patterns_dir => ["/usr/local/etc/logstash/patterns"]
# match => { "message" => "(<%{POSINT:syslog_pri}>)?%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} (%{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}|%{GREEDYDATA:syslog_message})" }
# }
# mutate {
# remove_field => [ "syslog_hostname", "syslog_message" ]
# }
# date {
# match => [ "syslog_timestamp","MMM d HH:mm:ss", "MMM dd HH:mm:ss", "ISO8601" ]
# }
# syslog_pri { }
# }
}
output {
# Emit events to stdout for easy debugging of what is going through
# logstash.
# stdout { codec => rubydebug }
# This will use elasticsearch to store your logs.
# elasticsearch { hosts => [ "localhost:9200" ] }
}
|
