Mercurial > logstash
diff logstash.conf @ 1:59fe08a2fcbe
switch to flatjar.jar; fix sendmail patterns
author | Carl Byington <carl@five-ten-sg.com> |
---|---|
date | Fri, 01 Mar 2013 18:40:11 -0800 |
parents | df4952a2fb06 |
children | 796ac0b50dbf |
line wrap: on
line diff
--- a/logstash.conf Fri Mar 01 14:58:09 2013 -0800 +++ b/logstash.conf Fri Mar 01 18:40:11 2013 -0800 @@ -16,14 +16,14 @@ type => "linux-syslog" path => "/var/log/messages" } -# file { -# type => "apache-access" -# path => "/var/log/httpd/*access*_log" -# } -# file { -# type => "apache-error" -# path => "/var/log/httpd/*error*_log" -# } + file { + type => "apache-access" + path => "/var/log/httpd/*access*_log" + } + file { + type => "apache-error" + path => "/var/log/httpd/*error*_log" + } } filter { @@ -37,12 +37,11 @@ type => "linux-syslog" pattern => "%{SYSLOGBASE}" } -# date { -# # do we need this? the above picks up SYSLOGTIMESTAMP %{MONTH} +%{MONTHDAY} %{TIME} -# type => "linux-syslog" -# timestamp => ["MMM dd HH:mm:ss","MMM d HH:mm:ss"] -# } - + date { + # do we need this? the above picks up SYSLOGTIMESTAMP %{MONTH} +%{MONTHDAY} %{TIME} + type => "linux-syslog" + timestamp => ["MMM dd HH:mm:ss","MMM d HH:mm:ss"] + } grok { type => "apache-access" pattern => "%{COMBINEDAPACHELOG}" @@ -52,8 +51,7 @@ # Try to pull the timestamp from the 'timestamp' field (parsed above with # grok). The apache time format looks like: "18/Aug/2011:05:44:34 -0700" timestamp => "dd/MMM/yyyy:HH:mm:ss Z" - } - + } grok { type => "apache-error" patterns_dir => "/var/lib/logstash/data/patterns"