wellcomer/ibank2-ibank.log

## ibank2-ibank.log
input {
        file {
                path => [ "/opt/iBank2/logs/ibank.log" ]
                start_position => end

                codec => multiline {
                        pattern => "^\s"
                        what => "previous"
                }
        }
}
filter {
        grok {
                match => { "message" => "%{GREEDYDATA:timestamp} (WARN|ERROR) ?: %{IPV4:client_ip} - %{DATA:client_id}:%{DATA:warn} Клиент: %{GREEDYDATA:client_name}" }
                match => { "message" => "%{GREEDYDATA:timestamp} %{DATA:loglevel} : %{IPV4:client_ip} - %{DATA:client_id}:%{DATA:op}\.( %{GREEDYDATA:args}\.)?.*: %{GREEDYDATA:client_name}" }
        }
        date {
                locale => "en"
                match => [ "timestamp", "yy-MM-dd HH:mm:ss,SSS" ]
        }
}
	input {
	file {
	path => [ "/opt/iBank2/logs/ibank.log" ]
	start_position => end

	codec => multiline {
	pattern => "^\s"
	what => "previous"
	}
	}
	}
	filter {
	grok {
	match => { "message" => "%{GREEDYDATA:timestamp} (WARN\|ERROR) ?: %{IPV4:client_ip} - %{DATA:client_id}:%{DATA:warn} Клиент: %{GREEDYDATA:client_name}" }
	match => { "message" => "%{GREEDYDATA:timestamp} %{DATA:loglevel} : %{IPV4:client_ip} - %{DATA:client_id}:%{DATA:op}\.( %{GREEDYDATA:args}\.)?.*: %{GREEDYDATA:client_name}" }
	}
	date {
	locale => "en"
	match => [ "timestamp", "yy-MM-dd HH:mm:ss,SSS" ]
	}
	}