mirror of
https://github.com/elastic/logstash.git
synced 2025-04-24 22:57:16 -04:00
- Fix syslog input (LOGSTASH-1271)
This commit is contained in:
Jordan Sissel
parent
f25090772c
commit
24068b9063
1 changed files with 6 additions and 8 deletions
|
|
@ -51,15 +51,13 @@ class LogStash::Inputs::Syslog < LogStash::Inputs::Base
|
||||||
|
|
||||||
public
|
public
|
||||||
def register
|
def register
|
||||||
@grok_filter = LogStash::Filters::Grok.new({
|
@grok_filter = LogStash::Filters::Grok.new(
|
||||||
"type" => [@config["type"]],
|
"match" => { "message" => "<%{POSINT:priority}>%{SYSLOGLINE}" },
|
||||||
"pattern" => ["<%{POSINT:priority}>%{SYSLOGLINE}"],
|
)
|
||||||
})
|
|
||||||
|
|
||||||
@date_filter = LogStash::Filters::Date.new({
|
@date_filter = LogStash::Filters::Date.new(
|
||||||
"type" => [@config["type"]],
|
|
||||||
"match" => [ "timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss", "ISO8601"]
|
"match" => [ "timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss", "ISO8601"]
|
||||||
})
|
)
|
||||||
|
|
||||||
@grok_filter.register
|
@grok_filter.register
|
||||||
@date_filter.register
|
@date_filter.register
|
||||||
|
|
@ -201,7 +199,7 @@ class LogStash::Inputs::Syslog < LogStash::Inputs::Base
|
||||||
def syslog_relay(event)
|
def syslog_relay(event)
|
||||||
@grok_filter.filter(event)
|
@grok_filter.filter(event)
|
||||||
|
|
||||||
if !event["tags"].include?("_grokparsefailure")
|
if event["tags"].nil? || !event["tags"].include?("_grokparsefailure")
|
||||||
# Per RFC3164, priority = (facility * 8) + severity
|
# Per RFC3164, priority = (facility * 8) + severity
|
||||||
# = (facility << 3) & (severity)
|
# = (facility << 3) & (severity)
|
||||||
priority = event["priority"].first.to_i rescue 13
|
priority = event["priority"].first.to_i rescue 13
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue