mirror of
https://github.com/elastic/logstash.git
synced 2025-04-23 06:08:19 -04:00
67 lines
1.2 KiB
Text
67 lines
1.2 KiB
Text
input {
|
|
file {
|
|
path => [ "/var/log/messages", "/var/log/kern.log" ]
|
|
type => "linux-syslog"
|
|
}
|
|
|
|
file {
|
|
path => "/var/log/apache2/access.log"
|
|
type => "apache-access"
|
|
}
|
|
|
|
file {
|
|
path => "/var/log/apache2/error.log"
|
|
type => "apache-error"
|
|
}
|
|
}
|
|
|
|
output {
|
|
# This will be your durable shipping mechanism
|
|
rabbitmq {
|
|
host => "myrabbitmqserver"
|
|
exchange_type => "fanout"
|
|
exchange => "rawlogs"
|
|
}
|
|
# This is an optional non-durable shipping mechanism
|
|
# With this, you can sniff logs from your own code
|
|
rabbitmq {
|
|
host => "127.0.0.1"
|
|
exchange_type => "topic"
|
|
exchange => "logsniff"
|
|
durable => false
|
|
persistent => false
|
|
# The following is optional
|
|
# but allows you to consume based on sender
|
|
key => "logstash.%{host}"
|
|
}
|
|
stdout { }
|
|
}
|
|
|
|
# Filters are applied in the order the appear.
|
|
filter {
|
|
multiline {
|
|
type => "supervisorlogs"
|
|
pattern => "^\s"
|
|
what => previous
|
|
}
|
|
|
|
multiline {
|
|
type => "testing"
|
|
pattern => "^\s"
|
|
what => previous
|
|
}
|
|
|
|
grok {
|
|
type => "linux-syslog"
|
|
pattern => ["%{SYSLOG_SUDO}", "%{SYSLOG_KERNEL}", "%{SYSLOGLINE}" ]
|
|
}
|
|
|
|
grok {
|
|
type => "nagios"
|
|
pattern => "%{NAGIOSLOGLINE}"
|
|
}
|
|
|
|
#date {
|
|
#" testing" => fizzle
|
|
#}
|
|
}
|