Skip to content

Instantly share code, notes, and snippets.

@AdrianRossouw

AdrianRossouw/logstash.config

Last active August 29, 2015 14:14
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save AdrianRossouw/f1d56196ed1ce56f4d3f to your computer and use it in GitHub Desktop.
Save AdrianRossouw/f1d56196ed1ce56f4d3f to your computer and use it in GitHub Desktop.
Download ZIP
logstash config
Raw
logstash.config
input {
tcp {
port => 5514
}
udp {
port => 5514
}
}
filter {
grok {
match => { "message" => "%{COMBINEDAPACHELOG}" }
}
}
output {
if [type] == "syslog" and "_grokparsefailure" in [tags] {
file { path => "/var/log/failed_syslog_events-%{+YYYY-MM-dd}" }
}
elasticsearch {
embedded => true
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment