tsudot/gist:9401904

## gistfile1.txt
input {
  udp {
    port => 5666
    type => "syslog"
  }
}

filter {
if [type] == "syslog" {
    grok {
      match => [ "message", "%{TIMESTAMP_ISO8601:timestamp} %{WORD:auth_id} %{SYSLOGPROG:prog} - %{LOGLEVEL:log_level}: %{GREEDYDATA:message}" ]
    }
}
}

output {
  elasticsearch_http {
      host => "184.173.XX.XX"
      port => "9300"
  }
}
	input {
	udp {
	port => 5666
	type => "syslog"
	}
	}

	filter {
	if [type] == "syslog" {
	grok {
	match => [ "message", "%{TIMESTAMP_ISO8601:timestamp} %{WORD:auth_id} %{SYSLOGPROG:prog} - %{LOGLEVEL:log_level}: %{GREEDYDATA:message}" ]
	}
	}
	}

	output {
	elasticsearch_http {
	host => "184.173.XX.XX"
	port => "9300"
	}
	}