diff --git a/logstash/conf.d/20-dns-syslog.conf b/logstash/conf.d/20-dns-syslog.conf index 372e64c538693c7d9fbbe51e398fbe3e17161284..7158a4704124610a0181dc635f2dacf4f6df7774 100644 --- a/logstash/conf.d/20-dns-syslog.conf +++ b/logstash/conf.d/20-dns-syslog.conf @@ -129,12 +129,7 @@ filter { } } -# geoip { -# source => "ip_request" target => "ip_response" -# } -# dns { -# add_field => { "source_host" => "source_fqdn" } nameserver => [ "localhost" ] reverse => [ "source_fqdn" ] action => "replace" add_tag => [ "dns_lookup" ] -# } + reverse => [ "source_fqdn" ] action => "replace" add_tag => [ "dns_lookup" ] mutate { add_field => { @@ -156,20 +151,11 @@ filter { } } -# else if "_grokparsefailure" in [tags] { -# drop { } -# } - output { -# stdout { codec => rubydebug } if "pihole" in [tags]{ -#stdout { codec => rubydebug } -# if [host] == "192.168.254.241" or [host] == "192.168.254.240" { elasticsearch { - hosts => ["192.168.254.248:9200"] - user => "elastic" - password => "Service.1" + hosts => ["127.0.0.1:9200"] manage_template => false index => "logstash-syslog-dns-%{+YYYY.MM}" }