Skip to content

Instantly share code, notes, and snippets.

@ardevd

ardevd/synology_syslog_grok_logstash

Created June 4, 2015 10:34
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save ardevd/1c8fcff6fffdb1656890 to your computer and use it in GitHub Desktop.
Save ardevd/1c8fcff6fffdb1656890 to your computer and use it in GitHub Desktop.
Download ZIP
Synology syslog grok filter for Logstash
Raw
synology_syslog_grok_logstash
filter {
if [type] == "syslog" and [message] =~ "sequenceId" {
grok {
match => { "message" => '<%{POSINT:syslog_pri}>%{INT:version} %{TIMESTAMP_ISO8601:timestamp} %{HOSTNAME:hostname} %{DATA:syslog_program} - - (?:\[.+sequenceId="%{POSINT:message_id}"])? %{GREEDYDATA:syslog_message}' }
}
syslog_pri { }
} else if [type] == "syslog" {
grok {
match => { "message" => "<%{POSINT:syslog_pri}>%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment