Update 20-dns-syslog.conf

6b8ca3ee · nin9s · f2c21772 · 6b8ca3ee
Commit 6b8ca3ee authored 5 years ago by nin9s
--- a/logstash/conf.d/20-dns-syslog.conf
+++ b/logstash/conf.d/20-dns-syslog.conf
@@ -73,6 +73,17 @@ filter {
 # to do cached and cached reverse
+      else if [NODATA-IPv4] {
+        mutate {
+          add_tag => [ "NODATA" ]
+        }
+      }
+      else if [NODATA-IPv6] {
+        mutate {
+          add_tag => [ "NODATA" ]
+        }
+      }
      if [request_from] and [message] =~ "query" {
        mutate {
@@ -131,9 +142,7 @@ filter {
        }
      }
+      else if [domain_request] and [message] =~ "cached" and [message] =~ "CNAME" {
-      else if [message] =~ "cached" and [message] =~ "CNAME" {
        mutate {
          add_tag => [ "cached domain to ip cname" ]
        }
@@ -154,17 +163,6 @@ filter {
        }
      }
-      else if [NODATA-IPv4] {
-        mutate {
-          add_tag => [ "NODATA" ]
-        }
-      }
-      else if [NODATA-IPv6] {
-        mutate {
-          add_tag => [ "NODATA" ]
-        }
-      }
  mutate {
@@ -189,15 +187,3 @@ filter {
  }
 }
-output {
-  if "pihole" in [tags]{
-      elasticsearch {
-            hosts => [""<ELASTICSEARCHHOST:PORT>""]
-#            manage_template => false
-            index => "logstash-syslog-dns-%{+YYYY.MM}"
-  }
- }
-}
\ No newline at end of file