forked from elastic/examples
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsecrepo_logstash.conf
More file actions
42 lines (36 loc) · 847 Bytes
/
secrepo_logstash.conf
File metadata and controls
42 lines (36 loc) · 847 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
input {
stdin { }
}
filter {
grok {
match => {
"message" => '%{IP:src} - - \[%{HTTPDATE:timestamp}\] "%{HTTP_METHOD:http_method} (http://www.secrepo.com)?%{URL_PARTS} %{DATA:http_version}" %{INT:response_code} %{INT:bytes} "(%{DATA:referer}|-|)" "%{GREEDYDATA:agent}"'
}
"patterns_dir" => ["./patterns"]
}
date {
match => [ "timestamp", "MMM dd HH:mm:ss","dd/MMM/YYYY:HH:mm:ss Z"]
}
useragent {
source => "agent"
}
geoip {
source => "src"
}
mutate {
remove_field => ["timestamp","host","agent"]
}
}
output {
#stdout { codec => rubydebug { metadata => true } }
stdout { codec => dots }
elasticsearch {
#hosts => [""]
user => "elastic"
password => "changeme"
index => "secrepo"
template => "secrepo.json"
template_name => "secrepo"
template_overwrite => true
}
}