Skip to content

Instantly share code, notes, and snippets.

@jamtur01

jamtur01/central.conf

Created August 28, 2013 04:41
Show Gist options
  • Save jamtur01/6362201 to your computer and use it in GitHub Desktop.
Save jamtur01/6362201 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
central.conf
input {
file {
type => "postfix"
path => ["/var/log/mail.*"]
}
file {
type => "syslog"
path => [ "/var/log/auth.log" ]
}
file {
path => [ "/var/log/messages" ]
type => "syslog"
}
file {
type => "tomcat"
path => [ "/var/log/tomcat7/catalina.out" ]
codec => multiline {
pattern => "(^\d+\serror)|(^.+Exception: .+)|(^\s+at .+)|(^\s+... \d+ more)|(^\s*Caused by:.+)"
what => "previous"
}
}
file {
type => "apache"
path => ["/var/log/apache2/logstash_access_log"]
codec => "json"
}
}
#filter {
# grok {
# pattern => "%{SYSLOGLINE}"
# type => syslog
# }
# if [type] == "tomcat" and [message] !~ "/(.+)/" {
# drop { }
# }
# if [type] == "postfix" {
# grok {
# patterns_dir => ["/etc/logstash/patterns"]
# match => [ "message", "%{POSTFIX}" ]
# add_tag => [ "postfix", "grokked", "%{component}" ]
# }
# grok {
# tags => "qmgr"
# patterns_dir => ["/etc/logstash/patterns"]
# match => [ "message", "%{POSTFIXQMGR}" ]
# }
# date {
# match => [ "timestamp", "MMM dd HH:mm:ss" ]
# add_tag => [ "dated" ]
# }
# }
#}
output {
stdout { debug => true }
elasticsearch {
cluster => "logstash"
}
}
@jamtur01
Copy link
Author

Three problems.

  1. I get nothing from the first two file plugins. Nada. They seem to register fine but nothing is collected. I see the file watching working and the size change is detected but not events.
  2. If I specify any filter then stdout does not output.
  3. debug => true outputs the message as plain codec not ruby.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment