ini 用于Syslog输入的Logstash Conf Filter

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了ini 用于Syslog输入的Logstash Conf Filter相关的知识,希望对你有一定的参考价值。

## https://github.com/minyk/morphline-mr/wiki/DictionariesOfGrok
## https://serverfault.com/questions/735230/why-cant-the-logstash-syslog-pri-filter-see-the-priority-in-syslog-messages

filter {
  if [type] == "syslog" {
    grok {
      match => {
      "message" => [ "%{SYSLOG5424PRI}%{SYSLOGBASE2}", "%{SYSLOGBASE2}", "%{SYSLOGPAMSESSION}", "%{CRONLOG}", "%{SYSLOGLINE}" ]
      }
      tag_on_failure => [ "failedPattern_syslog" ]
      add_field    => [ "received_at", "%{@timestamp}" ]
### kafka plugin tak bawa host ###    add_field    => [ "received_from", "%{host}" ]
      add_tag => [ "syslog" ]
    }

### sso ### 2018-05-02T01:00:17+08:00

    date {
      locale => "en"
      timezone => "Asia/Kuala_Lumpur"
      match => ["timestamp", "MMM  d HH:mm:ss", "MMM dd HH:mm:ss", "ISO8601"]
      remove_field => ["timestamp"]
    }

    date {
      locale => "en"
      timezone => "Asia/Kuala_Lumpur"
      match => ["timestamp8601", "ISO8601"]
      remove_field => ["timestamp8601"]
    }

    syslog_pri { 
   syslog_pri_field_name => "syslog5424_pri"
   }

  }
}

以上是关于ini 用于Syslog输入的Logstash Conf Filter的主要内容,如果未能解决你的问题,请参考以下文章

Logstash + Syslog 输入插件 VS Logstash + 文件输入插件 + Syslog 服务器

Logstash input输入 beats插件 和 syslog插件

logstash配置--syslog

Logstash:实用 Logstash 收集 Syslog 日志指南

Logstash:实用 Logstash 收集 Syslog 日志指南

logstash实战input插件syslog