changeset 12:567e51f1f5e7

better grep filter config
author Carl Byington <carl@five-ten-sg.com>
date Fri, 22 Mar 2013 15:09:21 -0700
parents 4899fb1b3eb3
children c0150404962d
files logstash.conf
diffstat 1 files changed, 10 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/logstash.conf	Fri Mar 22 13:45:38 2013 -0700
+++ b/logstash.conf	Fri Mar 22 15:09:21 2013 -0700
@@ -41,12 +41,19 @@
         type            => "sendmail"
         match           => [ "program", "sendmail", "message", "^(M|m)ilter" ]
         drop            => false
-        add_tag         => "dropper"
+        add_tag         => [ "dropper" ]
     }
     grep {
         type            => "sendmail"
-        exclude_tags    => "dropper"
-        drop            => true
+        match           => [ "program", "dnsbl", "message", "." ]
+        drop            => false
+        add_tag         => [ "dropper" ]
+    }
+    grep {
+        type            => "sendmail"
+        tags            => [ "dropper" ]
+        match           => [ "message", "." ]
+        negate          => true
     }
 
     grok {