forked from elastic/logstash
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathagent.lgtm.conf
67 lines (59 loc) · 1.24 KB
/
agent.lgtm.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
input {
file {
path => [ "/var/log/messages", "/var/log/kern.log" ]
type => "linux-syslog"
}
file {
path => "/var/log/apache2/access.log"
type => "apache-access"
}
file {
path => "/var/log/apache2/error.log"
type => "apache-error"
}
}
output {
# This will be your durable shipping mechanism
rabbitmq {
host => "myrabbitmqserver"
exchange_type => "fanout"
exchange => "rawlogs"
}
# This is an optional non-durable shipping mechanism
# With this, you can sniff logs from your own code
rabbitmq {
host => "127.0.0.1"
exchange_type => "topic"
exchange => "logsniff"
durable => false
persistent => false
# The following is optional
# but allows you to consume based on sender
key => "logstash.%{host}"
}
stdout { }
}
# Filters are applied in the order the appear.
filter {
multiline {
type => "supervisorlogs"
pattern => "^\s"
what => previous
}
multiline {
type => "testing"
pattern => "^\s"
what => previous
}
grok {
type => "linux-syslog"
pattern => ["%{SYSLOG_SUDO}", "%{SYSLOG_KERNEL}", "%{SYSLOGLINE}" ]
}
grok {
type => "nagios"
pattern => "%{NAGIOSLOGLINE}"
}
#date {
#" testing" => fizzle
#}
}