# HG changeset patch
# User Carl Byington <carl@five-ten-sg.com>
# Date 1363990161 25200
# Node ID 567e51f1f5e7f16bef09fdda9e44f243b20a04c7
# Parent  4899fb1b3eb3d3a9d9a382908a501864d44bf99f
better grep filter config

diff -r 4899fb1b3eb3 -r 567e51f1f5e7 logstash.conf
--- a/logstash.conf	Fri Mar 22 13:45:38 2013 -0700
+++ b/logstash.conf	Fri Mar 22 15:09:21 2013 -0700
@@ -41,12 +41,19 @@
         type            => "sendmail"
         match           => [ "program", "sendmail", "message", "^(M|m)ilter" ]
         drop            => false
-        add_tag         => "dropper"
+        add_tag         => [ "dropper" ]
     }
     grep {
         type            => "sendmail"
-        exclude_tags    => "dropper"
-        drop            => true
+        match           => [ "program", "dnsbl", "message", "." ]
+        drop            => false
+        add_tag         => [ "dropper" ]
+    }
+    grep {
+        type            => "sendmail"
+        tags            => [ "dropper" ]
+        match           => [ "message", "." ]
+        negate          => true
     }
 
     grok {