changeset 1:59fe08a2fcbe

switch to flatjar.jar; fix sendmail patterns
author Carl Byington <carl@five-ten-sg.com>
date Fri, 01 Mar 2013 18:40:11 -0800 (2013-03-02)
parents df4952a2fb06
children 9e0cdf091b8a
files logstash.conf logstash.spec sendmail.pattern
diffstat 3 files changed, 20 insertions(+), 18 deletions(-) [+]
line wrap: on
line diff
--- a/logstash.conf	Fri Mar 01 14:58:09 2013 -0800
+++ b/logstash.conf	Fri Mar 01 18:40:11 2013 -0800
@@ -16,14 +16,14 @@
         type => "linux-syslog"
         path => "/var/log/messages"
     }
-#    file {
-#        type => "apache-access"
-#        path => "/var/log/httpd/*access*_log"
-#    }
-#    file {
-#        type => "apache-error"
-#        path => "/var/log/httpd/*error*_log"
-#    }
+    file {
+        type => "apache-access"
+        path => "/var/log/httpd/*access*_log"
+    }
+    file {
+        type => "apache-error"
+        path => "/var/log/httpd/*error*_log"
+    }
 }
 
 filter {
@@ -37,12 +37,11 @@
         type => "linux-syslog"
         pattern => "%{SYSLOGBASE}"
     }
-#    date {
-#        # do we need this? the above picks up SYSLOGTIMESTAMP %{MONTH} +%{MONTHDAY} %{TIME}
-#        type => "linux-syslog"
-#        timestamp => ["MMM dd HH:mm:ss","MMM d HH:mm:ss"]
-#    }
-
+    date {
+        # do we need this? the above picks up SYSLOGTIMESTAMP %{MONTH} +%{MONTHDAY} %{TIME}
+        type => "linux-syslog"
+        timestamp => ["MMM dd HH:mm:ss","MMM d HH:mm:ss"]
+    }
     grok {
         type => "apache-access"
         pattern => "%{COMBINEDAPACHELOG}"
@@ -52,8 +51,7 @@
         # Try to pull the timestamp from the 'timestamp' field (parsed above with
         # grok). The apache time format looks like: "18/Aug/2011:05:44:34 -0700"
         timestamp => "dd/MMM/yyyy:HH:mm:ss Z"
-     }
-
+    }
     grok {
         type => "apache-error"
         patterns_dir => "/var/lib/logstash/data/patterns"
--- a/logstash.spec	Fri Mar 01 14:58:09 2013 -0800
+++ b/logstash.spec	Fri Mar 01 18:40:11 2013 -0800
@@ -11,7 +11,8 @@
 Group:          Applications/Productivity
 URL:            http://logstash.net/
 BuildArch:      noarch
-Source0:        https://logstash.objects.dreamhost.com/release/%{name}-%{version}-monolithic.jar
+#Source0:       https://logstash.objects.dreamhost.com/release/%{name}-%{version}-monolithic.jar
+Source0:        http://logstash.objects.dreamhost.com/release/%{name}-%{version}-flatjar.jar
 Source1:        logstash.rc
 Source2:        %{name}.conf
 Source3:        apache.pattern
@@ -46,7 +47,8 @@
 install -D -m 640 apache.pattern                      $RPM_BUILD_ROOT/var/lib/%{name}/data/patterns/apache
 install -D -m 640 sendmail.pattern                    $RPM_BUILD_ROOT/var/lib/%{name}/data/patterns/sendmail
 install -D -m 755 %{name}.rc                          $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name}
-install -D -m 750 %{name}-%{version}-monolithic.jar   $RPM_BUILD_ROOT/%{_bindir}/%{name}.jar
+#nstall -D -m 750 %{name}-%{version}-monolithic.jar   $RPM_BUILD_ROOT/%{_bindir}/%{name}.jar
+install -D -m 750 %{name}-%{version}-flatjar.jar      $RPM_BUILD_ROOT/%{_bindir}/%{name}.jar
 install -D -m 640 %{name}.conf                        $RPM_BUILD_ROOT/etc/%{name}/%{name}.conf
 
 
--- a/sendmail.pattern	Fri Mar 01 14:58:09 2013 -0800
+++ b/sendmail.pattern	Fri Mar 01 18:40:11 2013 -0800
@@ -1,8 +1,10 @@
 # https://raw.github.com/augieschwer/grok-patterns/master/sendmail.grok
 #
 
+LOGIN [.a-zA-Z0-9_-]+
 EMAIL %{LOGIN}@%{IPORHOST}
 DSN [0-9][.][0-9][.][0-9]
+QID [A-za-z0-9]{14}
 
 # Match a relay that gives us a QID in the return status.
 SENDMAIL_TO_1 %{SYSLOGBASE} %{QID:qid}: to=<%{EMAIL:to}>, (%{WORD}=%{DATA},)+ relay=%{IPORHOST:relay} \[%{IP}\], dsn=%{DSN:dsn}, stat=%{DATA:status} \(%{QID:qid} %{GREEDYDATA:status_message}\)