jamtur01 · September 9, 2014 15:38
diff --git a/hekad.toml b/hekad.toml
 [syslog]
 type = "LogstreamerInput"
 log_directory = "/var/log"
 file_match = 'auth\.log'
 decoder = "RsyslogDecoder"

 [RsyslogDecoder]
 type = "SandboxDecoder"
 filename = "lua_decoders/rsyslog.lua"

 [RsyslogDecoder.config]
 type = "RSYSLOG_TraditionalFileFormat"
 template = '%TIMESTAMP% %HOSTNAME% %syslogtag%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n'
 tz = "America/New_York"

 [stdout]
 type = "LogOutput"
 message_matcher = "Type == 'LogstreamerInput'"
 encoder = "AlertEncoder"

 [AlertEncoder]
 type = "SandboxEncoder"
 filename = "lua_encoders/alert.lua"
	[syslog]
	type = "LogstreamerInput"
	log_directory = "/var/log"
	file_match = 'auth\.log'
	decoder = "RsyslogDecoder"

	[RsyslogDecoder]
	type = "SandboxDecoder"
	filename = "lua_decoders/rsyslog.lua"

	[RsyslogDecoder.config]
	type = "RSYSLOG_TraditionalFileFormat"
	template = '%TIMESTAMP% %HOSTNAME% %syslogtag%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n'
	tz = "America/New_York"

	[stdout]
	type = "LogOutput"
	message_matcher = "Type == 'LogstreamerInput'"
	encoder = "AlertEncoder"

	[AlertEncoder]
	type = "SandboxEncoder"
	filename = "lua_encoders/alert.lua"