Mercurial > logstash
comparison logstash.conf @ 12:567e51f1f5e7
better grep filter config
| author | Carl Byington <carl@five-ten-sg.com> |
|---|---|
| date | Fri, 22 Mar 2013 15:09:21 -0700 |
| parents | 97712c48f7fe |
| children | 1d50b19beda0 |
comparison
equal
deleted
inserted
replaced
| 11:4899fb1b3eb3 | 12:567e51f1f5e7 |
|---|---|
| 39 } | 39 } |
| 40 grep { | 40 grep { |
| 41 type => "sendmail" | 41 type => "sendmail" |
| 42 match => [ "program", "sendmail", "message", "^(M|m)ilter" ] | 42 match => [ "program", "sendmail", "message", "^(M|m)ilter" ] |
| 43 drop => false | 43 drop => false |
| 44 add_tag => "dropper" | 44 add_tag => [ "dropper" ] |
| 45 } | 45 } |
| 46 grep { | 46 grep { |
| 47 type => "sendmail" | 47 type => "sendmail" |
| 48 exclude_tags => "dropper" | 48 match => [ "program", "dnsbl", "message", "." ] |
| 49 drop => true | 49 drop => false |
| 50 add_tag => [ "dropper" ] | |
| 51 } | |
| 52 grep { | |
| 53 type => "sendmail" | |
| 54 tags => [ "dropper" ] | |
| 55 match => [ "message", "." ] | |
| 56 negate => true | |
| 50 } | 57 } |
| 51 | 58 |
| 52 grok { | 59 grok { |
| 53 type => "linux-syslog" | 60 type => "linux-syslog" |
| 54 pattern => "%{SYSLOGBASE}" | 61 pattern => "%{SYSLOGBASE}" |