mirror of
https://git.freebsd.org/ports.git
synced 2025-06-13 08:40:39 -04:00
16631a2ca6
Logstash is an open source, server-side data processing pipeline that ingests data from a multitude of sources simultaneously, transforms it, and then sends it to your favorite “stash.” WWW: https://www.elastic.co/products/logstash
45 lines
1.3 KiB
Text
45 lines
1.3 KiB
Text
input {
|
|
|
|
file {
|
|
type => "syslog"
|
|
# path => [ "/var/log/*.log", "/var/log/messages", "/var/log/syslog" ]
|
|
path => "/var/log/messages"
|
|
start_position => "beginning"
|
|
}
|
|
}
|
|
|
|
filter {
|
|
# An filter may change the regular expression used to match a record or a field,
|
|
# alter the value of parsed fields, add or remove fields, etc.
|
|
#
|
|
# if [type] == "syslog" {
|
|
# grok {
|
|
# match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} (%{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}|%{GREEDYDATA:syslog_message})" }
|
|
# add_field => [ "received_at", "%{@timestamp}" ]
|
|
# add_field => [ "received_from", "%{@source_host}" ]
|
|
# }
|
|
#
|
|
# if !("_grokparsefailure" in [tags]) {
|
|
# mutate {
|
|
# replace => [ "@source_host", "%{syslog_hostname}" ]
|
|
# replace => [ "@message", "%{syslog_message}" ]
|
|
# }
|
|
# }
|
|
# mutate {
|
|
# remove_field => [ "syslog_hostname", "syslog_message" ]
|
|
# }
|
|
# date {
|
|
# match => [ "syslog_timestamp","MMM d HH:mm:ss", "MMM dd HH:mm:ss", "ISO8601" ]
|
|
# }
|
|
# syslog_pri { }
|
|
# }
|
|
}
|
|
|
|
output {
|
|
# Emit events to stdout for easy debugging of what is going through
|
|
# logstash.
|
|
# stdout { codec => rubydebug }
|
|
|
|
# This will use elasticsearch to store your logs.
|
|
# elasticsearch { hosts => [ "localhost:9200" ] }
|
|
}
|