mirror of
https://git.freebsd.org/ports.git
synced 2025-06-18 19:20:36 -04:00
294ab52f09
- all config files are now in ETCDIR - rc script is updated to use logsearch.yml to locate logging config (logstash.conf) This will not break existing setups that used the ETCDIR/logstash.conf file, as that is now part of the default logstash.yml file - added configtest to rc script - sample logstash.conf file no longer includes invalid syntax - pkg-message had historical messages removed
37 lines
1.1 KiB
Text
37 lines
1.1 KiB
Text
input {
|
|
|
|
file {
|
|
type => "syslog"
|
|
# path => [ "/var/log/*.log", "/var/log/messages", "/var/log/syslog" ]
|
|
path => "/var/log/messages"
|
|
start_position => "beginning"
|
|
}
|
|
}
|
|
|
|
filter {
|
|
# An filter may change the regular expression used to match a record or a field,
|
|
# alter the value of parsed fields, add or remove fields, etc.
|
|
#
|
|
# if [type] == "syslog" {
|
|
# grok {
|
|
# #patterns_dir => ["/usr/local/etc/logstash/patterns"]
|
|
# match => { "message" => "(<%{POSINT:syslog_pri}>)?%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} (%{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}|%{GREEDYDATA:syslog_message})" }
|
|
# }
|
|
# mutate {
|
|
# remove_field => [ "syslog_hostname", "syslog_message" ]
|
|
# }
|
|
# date {
|
|
# match => [ "syslog_timestamp","MMM d HH:mm:ss", "MMM dd HH:mm:ss", "ISO8601" ]
|
|
# }
|
|
# syslog_pri { }
|
|
# }
|
|
}
|
|
|
|
output {
|
|
# Emit events to stdout for easy debugging of what is going through
|
|
# logstash.
|
|
# stdout { codec => rubydebug }
|
|
|
|
# This will use elasticsearch to store your logs.
|
|
# elasticsearch { hosts => [ "localhost:9200" ] }
|
|
}
|