Mercurial > logstash

diff logstash.conf @ 3:796ac0b50dbf

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
add cron.daily index cleaning
author Carl Byington <carl@five-ten-sg.com>
date Thu, 07 Mar 2013 10:41:01 -0800
parents 59fe08a2fcbe
children 6b7beb807d14
line wrap: on
line diff
--- a/logstash.conf	Fri Mar 01 18:54:53 2013 -0800
+++ b/logstash.conf	Thu Mar 07 10:41:01 2013 -0800
@@ -32,6 +32,15 @@
         pattern => "%{SENDMAIL}"
         patterns_dir => "/var/lib/logstash/data/patterns"
     }
+    grep {
+        type => "sendmail"
+        match => [ "program", "sendmail" ]
+    }
+    grep {
+        type => "sendmail"
+        negate => true
+        match => [ "message", "^(M|m)ilter" ]
+    }
 
     grok {
         type => "linux-syslog"
@@ -40,7 +49,7 @@
     date {
         # do we need this? the above picks up SYSLOGTIMESTAMP %{MONTH} +%{MONTHDAY} %{TIME}
         type => "linux-syslog"
-        timestamp => ["MMM dd HH:mm:ss","MMM d HH:mm:ss"]
+        timestamp => ["MMM dd HH:mm:ss","MMM  d HH:mm:ss"]
     }
     grok {
         type => "apache-access"