Skip to content

Instantly share code, notes, and snippets.

@Ebaneck

Ebaneck/logstash.conf

Last active December 31, 2018 16:11
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save Ebaneck/d4afcd74096cb24ed9d213c3eeb01d69 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save Ebaneck/d4afcd74096cb24ed9d213c3eeb01d69 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
logstash.conf
input {
tcp {
host => "149.202.191.163"
port => 10514
codec => "plain"
type => "syslog"
ssl_enable => true
ssl_cert => "/etc/ssl/certs/server-cert.pem"
ssl_key => "/etc/ssl/certs/server-key.pem"
#ssl_extra_chain_certs => ["/etc/ssl/certs/ca-cert.pem"]
ssl_verify => false
#ssl_key_passphrase => "mention123@"
}
}
filter {
if [type] == "syslog" {
grok {
match => { "message" => "%{SYSLOGTIMESTAMP:TIME} %{SYSLOGHOST:hostname} %{DATA:dont_know} %{DATA:client} %{DATA:app_name}: %{GREEDYDATA:payload_message}"}
}
json { source => "payload_message" }
}
}
output {
elasticsearch {
hosts => [ "149.202.191.163:9200" ]
index => "elk_mention-%{+YYYY.MM.dd}"
}
file{
codec => line { format => "%{syslog_timestamp} %{hostname} %{app_name} %{payload_message}" }
path => "/var/log/logstash/%{hostname}-%{+YYYY-MM-dd}.log"
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment