-
-
Save alexfernandez803/3162af2781f04c8ebdf84c4d660f7c17 to your computer and use it in GitHub Desktop.
Example log4j logstash configuration
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # one way w/o web interface: | |
| # java -jar lib/playbooks/servers/files/logstash-1.1.1-monolithic.jar agent -f lib/playbooks/servers/files/logstash.conf | |
| # another with a web interface(http://localhost:9292) : | |
| # java -jar lib/playbooks/servers/files/logstash-1.1.1-monolithic.jar agent -f lib/playbooks/servers/files/logstash.conf -- web --backend 'elasticsearch:///?local' | |
| # nc localhost 3333 < logfile | |
| # | |
| # When you are all done, you can delete the 'data' folder to delete the database. | |
| input { | |
| tcp { | |
| type => "log4j" | |
| port => 3333 | |
| } | |
| stdin { | |
| type => "log4j" | |
| } | |
| } | |
| filter { | |
| grok { | |
| type => "log4j" | |
| pattern => "%{LOGLEVEL:severity}\s+%{WORD:category} *-* *%{GNDATE:timestamp} \[\w+\[%{GREEDYDATA:thread},.*\]\] %{GREEDYDATA:message}" | |
| patterns_dir => "lib/playbooks/servers/files/patterns" | |
| add_tag => "log4j" | |
| } | |
| date { | |
| type => "log4j" | |
| timestamp => "MM-dd-yyyy hh:mm:ss.SSS a Z" | |
| exclude_tags => "_grokparsefailure" | |
| } | |
| # Catches normal space indented type things, probably could be removed b/c the other multiline should do everythign we need | |
| multiline { | |
| type => "log4j" | |
| tags => ["_grokparsefailure"] # exclude anything we already handled | |
| pattern => ".*" | |
| what => "previous" | |
| add_tag => "notgrok" | |
| } | |
| } | |
| output { | |
| elasticsearch { embedded => true } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment