Mercurial > logstash
comparison logstash.conf @ 5:6b7beb807d14
add dnsbl patterns
| author | Carl Byington <carl@five-ten-sg.com> |
|---|---|
| date | Fri, 22 Mar 2013 10:31:48 -0700 |
| parents | 796ac0b50dbf |
| children | 97712c48f7fe |
comparison
equal
deleted
inserted
replaced
| 4:29ffaf4e0a7f | 5:6b7beb807d14 |
|---|---|
| 27 } | 27 } |
| 28 | 28 |
| 29 filter { | 29 filter { |
| 30 grok { | 30 grok { |
| 31 type => "sendmail" | 31 type => "sendmail" |
| 32 pattern => "%{SENDMAIL}" | 32 pattern => [ "%{DNSBL}", "%{SENDMAIL}" ] |
| 33 patterns_dir => "/var/lib/logstash/data/patterns" | 33 patterns_dir => "/var/lib/logstash/data/patterns" |
| 34 } | 34 } |
| 35 grep { | 35 grep { |
| 36 type => "sendmail" | 36 type => "sendmail" |
| 37 match => [ "program", "sendmail" ] | 37 match => [ "program", "sendmail|dnsbl" ] |
| 38 } | 38 } |
| 39 grep { | 39 grep { |
| 40 type => "sendmail" | 40 type => "sendmail" |
| 41 negate => true | 41 negate => true |
| 42 match => [ "message", "^(M|m)ilter" ] | 42 match => [ "program", "sendmail", "message", "^(M|m)ilter" ] |
| 43 } | 43 } |
| 44 | 44 |
| 45 grok { | 45 grok { |
| 46 type => "linux-syslog" | 46 type => "linux-syslog" |
| 47 pattern => "%{SYSLOGBASE}" | 47 pattern => "%{SYSLOGBASE}" |