mirror of
https://repository.entgra.net/community/entgra-elk.git
synced 2025-09-16 23:32:20 +00:00
39 lines
1.1 KiB
Plaintext
39 lines
1.1 KiB
Plaintext
|
input {
|
||
|
|
beats {
|
||
|
|
port => 5044
|
||
|
|
}
|
||
|
|
}
|
||
|
|
filter {
|
||
|
|
|
||
|
|
grok {
|
||
|
|
match => {
|
||
|
|
"message" => "\[%{GREEDYDATA:LogLevel}]\ \[%{TIMESTAMP_ISO8601:logdate}\] \[%{DATA:EventCategory}\] \[%{DATA:InitiatedBy}\] \[%{DATA:SgId}\] \[%{DATA:CbSerial}\] \[%{DATA:OcSerial}\] \[%{DATA:IpAddress}\] \[%{DATA:State}\] - %{GREEDYDATA:Description}"
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
if [log][file][path] =~ "/var/log/auth.log" {
|
||
|
|
drop { }
|
||
|
|
}
|
||
|
|
if [fileset][name] =~ "syslog" {
|
||
|
|
drop { }
|
||
|
|
}
|
||
|
|
date {
|
||
|
|
match => [ "logdate", "MMM D, YYYY @ HH:mm:ss.SSS", "ISO8601"]
|
||
|
|
target => "@timestamp"
|
||
|
|
}
|
||
|
|
}
|
||
|
|
output {
|
||
|
|
|
||
|
|
if "SwitchGearLogs" in [tags] {
|
||
|
|
elasticsearch {
|
||
|
|
hosts => ["elasticsearch:9200"]
|
||
|
|
index => "switchgearlogs-%{+YYYY.MM.dd}"
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
# elasticsearch{
|
||
|
|
# hosts => ["elasticsearch:9200"]
|
||
|
|
# index => "lecologs-%{+YYYY.MM.dd}"
|
||
|
|
# }
|
||
|
|
|
||
|
|
}
|