Added logstash configs

byomkesh99 · Nov 13, 2018 · e188c33 · e188c33
1 parent 478d7ce
commit e188c33
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 0 deletions.
diff --git a/logstash/01-logstash-input.conf b/logstash/01-logstash-input.conf
@@ -0,0 +1,8 @@
+input {
+  beats {
+    port => 5044
+    ssl => true
+    ssl_certificate => "/etc/pki/tls/certs/logstash.crt"
+    ssl_key => "/etc/pki/tls/private/logstash.key"
+  }
+}
diff --git a/logstash/02-logstash-syslog-filter.conf b/logstash/02-logstash-syslog-filter.conf
@@ -0,0 +1,16 @@
+filter {
+  if [type] == "syslog" {
+    grok {
+      match => {
+         "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}"
+      }
+      add_field => [ "received_at", "%{@timestamp}" ]
+      add_field => [ "received_from", "%{host}" ]
+    }
+    syslog_pri { }
+    date {
+      match => [ "syslog_timestamp", "MMM  d HH:mm:ss", "MMM dd HH:mm:ss" ]
+     }
+  }
+}
+
diff --git a/logstash/03-logstash-output.conf b/logstash/03-logstash-output.conf
@@ -0,0 +1,5 @@
+output {
+   elasticsearch {
+     hosts => "localhost:9200"
+   }
+}