Mercurial > logstash

diff logstash.conf @ 1:59fe08a2fcbe

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
switch to flatjar.jar; fix sendmail patterns
author Carl Byington <carl@five-ten-sg.com>
date Fri, 01 Mar 2013 18:40:11 -0800
parents df4952a2fb06
children 796ac0b50dbf
line wrap: on
line diff
--- a/logstash.conf	Fri Mar 01 14:58:09 2013 -0800
+++ b/logstash.conf	Fri Mar 01 18:40:11 2013 -0800
@@ -16,14 +16,14 @@
         type => "linux-syslog"
         path => "/var/log/messages"
     }
-#    file {
-#        type => "apache-access"
-#        path => "/var/log/httpd/*access*_log"
-#    }
-#    file {
-#        type => "apache-error"
-#        path => "/var/log/httpd/*error*_log"
-#    }
+    file {
+        type => "apache-access"
+        path => "/var/log/httpd/*access*_log"
+    }
+    file {
+        type => "apache-error"
+        path => "/var/log/httpd/*error*_log"
+    }
 }
 
 filter {
@@ -37,12 +37,11 @@
         type => "linux-syslog"
         pattern => "%{SYSLOGBASE}"
     }
-#    date {
-#        # do we need this? the above picks up SYSLOGTIMESTAMP %{MONTH} +%{MONTHDAY} %{TIME}
-#        type => "linux-syslog"
-#        timestamp => ["MMM dd HH:mm:ss","MMM d HH:mm:ss"]
-#    }
-
+    date {
+        # do we need this? the above picks up SYSLOGTIMESTAMP %{MONTH} +%{MONTHDAY} %{TIME}
+        type => "linux-syslog"
+        timestamp => ["MMM dd HH:mm:ss","MMM d HH:mm:ss"]
+    }
     grok {
         type => "apache-access"
         pattern => "%{COMBINEDAPACHELOG}"
@@ -52,8 +51,7 @@
         # Try to pull the timestamp from the 'timestamp' field (parsed above with
         # grok). The apache time format looks like: "18/Aug/2011:05:44:34 -0700"
         timestamp => "dd/MMM/yyyy:HH:mm:ss Z"
-     }
-
+    }
     grok {
         type => "apache-error"
         patterns_dir => "/var/lib/logstash/data/patterns"