Skip to content

Instantly share code, notes, and snippets.

@pinscript
Created September 24, 2021 07:01
Show Gist options
  • Save pinscript/0f0c1f453e5cf9f9b0010015f6a75738 to your computer and use it in GitHub Desktop.
Save pinscript/0f0c1f453e5cf9f9b0010015f6a75738 to your computer and use it in GitHub Desktop.
logstash.conf for HAProxy with custom captured request/response headers
input {
beats {
port => 5044
}
tcp {
port => 5000
}
}
## Add your filters / logstash plugins configuration here
filter {
grok {
pattern_definitions => {
"HOST" => "%{HOSTNAME}"
"HAPROXYCAPTUREDREQUESTHEADERS" => "%{IP:connecting_ip}\|%{HOST:target_host}\|%{DATA:user_agent}"
"HAPROXYCAPTUREDRESPONSEHEADERS" => "%{DATA:route_name}\|%{DATA:device_type}"
}
match => {
"message" => "%{HAPROXYHTTP}"
}
}
date {
match => ["syslog_timestamp", "MMM dd HH:mm:ss", "yyyy-MM-dd HH:mm:ss,SSS", "yyyy-MM-dd HH:mm:ss", "yyyy-MM-dd HH:mm:ss.SSS", "ISO8601"]
target => "@timestamp"
timezone => "Europe/Stockholm"
}
}
output {
elasticsearch {
hosts => "..."
user => "..."
password => "..."
ecs_compatibility => disabled
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment