ls

## ls
input {
  lumberjack {
    port => "7286"
    ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt"
    ssl_key => "/etc/pki/tls/private/logstash-forwarder.key"
  }
}

filter {
  if [type] == "nginx" {
    grok {
      match => { "message" => "%{COMBINEDAPACHELOG}" }
    }

    geoip {
      source => "clientip"
      fields => [ "latitude","longitude" ]
      target => "geoip"
      add_field =>[ "[geoip][coordinates]", "%{[geoip][longitude]}" ]
      add_field =>[ "[geoip][coordinates]", "%{[geoip][latitude]}" ]
    }
    mutate { convert => [ "[geoip][coordinates]", "float" ] }

  }

  if [type] == "app_events" {
    json { "source" => "message" }
    date { match => [ "timestamp", "ISO8601" ] }
  }
}

output {
  stdout {}
  elasticsearch {
    host => "<ES_NODE_IP>"
		protocol => "http"
  }
}

## lsf
{
  "network": {
    "servers": ["<ELB_DNS_NAME>:443"],
    "ssl key": "/etc/pki/tls/private/logstash-forwarder.key",
    "ssl certificate": "/etc/pki/tls/certs/logstash-forwarder.crt",
    "ssl ca": "/etc/pki/tls/certs/server.crt",
    "timeout": 60
  },

  "files": [
    {
      "paths": [
        "/var/log/messages",
        "/var/log/auth.log"
      ],
      "fields": {"type": "syslog" }
    }, {
      "paths": [
        "/var/log/faillog",
        "/var/log/fail2ban.log"
      ],
      "fields": {"type": "fail2ban" }
    }, {
      "paths": [ "/var/log/postgresql/pg_log/*.log" ],
      "fields": { "type": "postgresql" }
    }, {
      "paths": [ "-" ],
      "fields": { "type": "stdin" }
    }, {
      "paths": [ "/var/log/nginx/access.log" ],
      "fields": { "type": "nginx-access" }
    }, {
      "paths": [ "/var/log/nginx/error.log" ],
      "fields": { "type": "nginx-error" }
    }, {
      "paths": [ "/var/www/*/log/logstash_production.log" ],
      "fields": { "type": "rails" }
    }
  ]
}