From 1846f50a5dbd3df5f80b6abed641e59953026747 Mon Sep 17 00:00:00 2001 From: nin9s <strrrn@gmail.com> Date: Thu, 28 Mar 2019 23:32:38 +0100 Subject: [PATCH] Update 20-dns-syslog.conf --- logstash/conf.d/20-dns-syslog.conf | 18 ++---------------- 1 file changed, 2 insertions(+), 16 deletions(-) diff --git a/logstash/conf.d/20-dns-syslog.conf b/logstash/conf.d/20-dns-syslog.conf index 372e64c..7158a47 100644 --- a/logstash/conf.d/20-dns-syslog.conf +++ b/logstash/conf.d/20-dns-syslog.conf @@ -129,12 +129,7 @@ filter { } } -# geoip { -# source => "ip_request" target => "ip_response" -# } -# dns { -# add_field => { "source_host" => "source_fqdn" } nameserver => [ "localhost" ] reverse => [ "source_fqdn" ] action => "replace" add_tag => [ "dns_lookup" ] -# } + reverse => [ "source_fqdn" ] action => "replace" add_tag => [ "dns_lookup" ] mutate { add_field => { @@ -156,20 +151,11 @@ filter { } } -# else if "_grokparsefailure" in [tags] { -# drop { } -# } - output { -# stdout { codec => rubydebug } if "pihole" in [tags]{ -#stdout { codec => rubydebug } -# if [host] == "192.168.254.241" or [host] == "192.168.254.240" { elasticsearch { - hosts => ["192.168.254.248:9200"] - user => "elastic" - password => "Service.1" + hosts => ["127.0.0.1:9200"] manage_template => false index => "logstash-syslog-dns-%{+YYYY.MM}" } -- GitLab