Created
June 14, 2014 20:29
-
-
Save acedrew/0e99748d487d9e90be88 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
### My patterns | |
MYSYSLOGBASE %{SYSLOGTIMESTAMP:timestamp} %{WORD:logsource_host} %{SYSLOGHOST:logsource} %{SYSLOGPROG}: %{GREEDYDATA:syslog_message} | |
MYSYSLOGNGINX <%{NUMBER:syslog_pri}>%{MYSYSLOGBASE} | |
###Logstash.conf | |
input { | |
syslog { | |
type => syslog | |
port => 5544 | |
} | |
stdin {} | |
} | |
filter { | |
grok { | |
break_on_match => false | |
patterns_dir => "../conf/logstash/patterns" | |
match => { "message" => "%{MYSYSLOGNGINX}"} | |
} | |
syslog_pri {} | |
date { | |
match => [ "timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ] | |
} | |
} | |
output { | |
elasticsearch { | |
host => "127.0.0.1" | |
} | |
} | |
### Raw output from kibana | |
{ | |
"_index": "logstash-2014.06.14", | |
"_type": "syslog", | |
"_id": "CIIHxTdLQ8KdBt_NjAedMA", | |
"_score": null, | |
"_source": { | |
"message": "<190>Jun 14 20:25:27 acedrew acedrew.com nginx: 198.254.82.244 - - [14/Jun/2014:20:25:27 +0000] acedrew.com - \"GET /wp-content/themes/h5bp-acedrew-v1/js/script.js?ver=3.6 HTTP/1.1\" 200 984 \"http://acedrew.com/\" \"Mozilla/5.0 (X11; CrOS x86_64 5841.38.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36\"\n", | |
"@version": "1", | |
"@timestamp": "2014-06-14T20:25:27.000Z", | |
"type": "syslog", | |
"host": "50.116.43.246", | |
"tags": [ | |
"_grokparsefailure" | |
], | |
"priority": 13, | |
"severity": 5, | |
"facility": 1, | |
"facility_label": "user-level", | |
"severity_label": "Notice", | |
"syslog_pri": "190", | |
"timestamp": "Jun 14 20:25:27", | |
"logsource_host": "acedrew", | |
"logsource": "acedrew.com", | |
"program": "nginx", | |
"syslog_message": "198.254.82.244 - - [14/Jun/2014:20:25:27 +0000] acedrew.com - \"GET /wp-content/themes/h5bp-acedrew-v1/js/script.js?ver=3.6 HTTP/1.1\" 200 984 \"http://acedrew.com/\" \"Mozilla/5.0 (X11; CrOS x86_64 5841.38.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36\"", | |
"syslog_severity_code": 6, | |
"syslog_facility_code": 23, | |
"syslog_facility": "local7", | |
"syslog_severity": "informational" | |
}, | |
"sort": [ | |
1402777527000, | |
1402777527000 | |
] | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment