Mercurial > logstash
comparison logstash.conf @ 12:567e51f1f5e7
better grep filter config
author | Carl Byington <carl@five-ten-sg.com> |
---|---|
date | Fri, 22 Mar 2013 15:09:21 -0700 |
parents | 97712c48f7fe |
children | 1d50b19beda0 |
comparison
equal
deleted
inserted
replaced
11:4899fb1b3eb3 | 12:567e51f1f5e7 |
---|---|
39 } | 39 } |
40 grep { | 40 grep { |
41 type => "sendmail" | 41 type => "sendmail" |
42 match => [ "program", "sendmail", "message", "^(M|m)ilter" ] | 42 match => [ "program", "sendmail", "message", "^(M|m)ilter" ] |
43 drop => false | 43 drop => false |
44 add_tag => "dropper" | 44 add_tag => [ "dropper" ] |
45 } | 45 } |
46 grep { | 46 grep { |
47 type => "sendmail" | 47 type => "sendmail" |
48 exclude_tags => "dropper" | 48 match => [ "program", "dnsbl", "message", "." ] |
49 drop => true | 49 drop => false |
50 add_tag => [ "dropper" ] | |
51 } | |
52 grep { | |
53 type => "sendmail" | |
54 tags => [ "dropper" ] | |
55 match => [ "message", "." ] | |
56 negate => true | |
50 } | 57 } |
51 | 58 |
52 grok { | 59 grok { |
53 type => "linux-syslog" | 60 type => "linux-syslog" |
54 pattern => "%{SYSLOGBASE}" | 61 pattern => "%{SYSLOGBASE}" |