Low351/logstash-forwarder.conf

## logstash-forwarder.conf
{
      "network": {
        "servers": [ "192.168.1.12:5043" ],
        "ssl certificate": "./logstash-forwarder.crt",
        "ssl key": "./logstash-forwarder.key",
        "ssl ca": "./logstash-forwarder.crt",
        "timeout": 15
      },

      "files": [
        {
          "paths": [ "-" ],
          "fields": { "type": "stdin" }
        }
      "files": [
        {
          "paths": [ "/var/log/messages" ],
          "fields": { "type": "syslog" }
        }
      "files": [
        {
          "paths": [ "/var/log/nginx/error.log" ],
          "fields": { "type": "nginx" }
        }
      "files": [
        {
          "paths": [ "/var/log/nginx/app2de.access.log" ],
          "fields": { "type": "nginx" }
        }
      "files": [
        {
          "paths": [ "/var/log/nginx/app2de.error.log" ],
          "fields": { "type": "nginx" }
        }
      "files": [
        {
          "paths": [ "/opt/jboss/server/aws/log/server.log" ],
          "fields": { "type": "log4j" }
        }

      ]
}

## logstash.conf
input {
  stdin {
    type => "remote_example"
  }
  file {
    path => "/var/log/messages"
    type => "syslog"
    start_position => "beginning"
  }
  file {
    path => "/var/log/nginx/error.log"
    type => "nginx"
    start_position => "beginning"
  }

  file {
    path => "/var/log/nginx/app2de.access.log"
    type => "nginx"
    start_position => "beginning"
  }

  file {
    path => "/var/log/nginx/app2de.error.log"
    type => "nginx"
    start_position => "beginning"
  }

  file {
    path => "/opt/jboss/server/aws/log/server.log"
    type => "log4j"
    start_position => "beginning"
  }
}

filter {
  multiline {
    type => "log4j"
    pattern => "^(?!20)"
    what => "previous"
  }

  grok {
    type => "log4j"
    match => [ "message", "%{TIMESTAMP_ISO8601:timestamp} %{WORD:severity}  %{GREEDYDATA:message}"]
  }

  mutate {
    type => "log4j"
    replace => [ "@message", "%{message}" ]
  }
}

output {
  stdout { codec => rubydebug }
  redis { host => "192.168.1.12" data_type => "list" key => "logstash" }
}
	{
	"network": {
	"servers": [ "192.168.1.12:5043" ],
	"ssl certificate": "./logstash-forwarder.crt",
	"ssl key": "./logstash-forwarder.key",
	"ssl ca": "./logstash-forwarder.crt",
	"timeout": 15
	},

	"files": [
	{
	"paths": [ "-" ],
	"fields": { "type": "stdin" }
	}
	"files": [
	{
	"paths": [ "/var/log/messages" ],
	"fields": { "type": "syslog" }
	}
	"files": [
	{
	"paths": [ "/var/log/nginx/error.log" ],
	"fields": { "type": "nginx" }
	}
	"files": [
	{
	"paths": [ "/var/log/nginx/app2de.access.log" ],
	"fields": { "type": "nginx" }
	}
	"files": [
	{
	"paths": [ "/var/log/nginx/app2de.error.log" ],
	"fields": { "type": "nginx" }
	}
	"files": [
	{
	"paths": [ "/opt/jboss/server/aws/log/server.log" ],
	"fields": { "type": "log4j" }
	}

	]
	}
	input {
	stdin {
	type => "remote_example"
	}
	file {
	path => "/var/log/messages"
	type => "syslog"
	start_position => "beginning"
	}
	file {
	path => "/var/log/nginx/error.log"
	type => "nginx"
	start_position => "beginning"
	}

	file {
	path => "/var/log/nginx/app2de.access.log"
	type => "nginx"
	start_position => "beginning"
	}

	file {
	path => "/var/log/nginx/app2de.error.log"
	type => "nginx"
	start_position => "beginning"
	}

	file {
	path => "/opt/jboss/server/aws/log/server.log"
	type => "log4j"
	start_position => "beginning"
	}
	}

	filter {
	multiline {
	type => "log4j"
	pattern => "^(?!20)"
	what => "previous"
	}

	grok {
	type => "log4j"
	match => [ "message", "%{TIMESTAMP_ISO8601:timestamp} %{WORD:severity} %{GREEDYDATA:message}"]
	}

	mutate {
	type => "log4j"
	replace => [ "@message", "%{message}" ]
	}
	}

	output {
	stdout { codec => rubydebug }
	redis { host => "192.168.1.12" data_type => "list" key => "logstash" }
	}