From 6b8ca3ee5b250a957b614f3b25b1dfac473c3a0e Mon Sep 17 00:00:00 2001
From: nin9s <strrrn@gmail.com>
Date: Wed, 25 Sep 2019 00:24:26 +0200
Subject: [PATCH] Update 20-dns-syslog.conf
---
logstash/conf.d/20-dns-syslog.conf | 42 ++++++++++--------------------
1 file changed, 14 insertions(+), 28 deletions(-)
diff --git a/logstash/conf.d/20-dns-syslog.conf b/logstash/conf.d/20-dns-syslog.conf
index e45a65e..3d92af0 100644
--- a/logstash/conf.d/20-dns-syslog.conf
+++ b/logstash/conf.d/20-dns-syslog.conf
@@ -73,6 +73,17 @@ filter {
# to do cached and cached reverse
+ else if [NODATA-IPv4] {
+ mutate {
+ add_tag => [ "NODATA" ]
+ }
+ }
+
+ else if [NODATA-IPv6] {
+ mutate {
+ add_tag => [ "NODATA" ]
+ }
+ }
if [request_from] and [message] =~ "query" {
mutate {
@@ -131,15 +142,13 @@ filter {
}
}
-
-
- else if [message] =~ "cached" and [message] =~ "CNAME" {
+ else if [domain_request] and [message] =~ "cached" and [message] =~ "CNAME" {
mutate {
add_tag => [ "cached domain to ip cname" ]
}
}
- else if [domain_request] and [message] =~ "cached" {
+ else if [domain_request] and [message] =~ "cached" {
mutate {
add_tag => [ "cached domain to ip" ]
}
@@ -154,17 +163,6 @@ filter {
}
}
- else if [NODATA-IPv4] {
- mutate {
- add_tag => [ "NODATA" ]
- }
- }
-
- else if [NODATA-IPv6] {
- mutate {
- add_tag => [ "NODATA" ]
- }
- }
mutate {
@@ -175,7 +173,7 @@ filter {
dns {
reverse => ["source_fqdn"]
- action => "replace"
+ action => "replace"
hit_cache_size => 4096
hit_cache_ttl => 900
failed_cache_size => 512
@@ -189,15 +187,3 @@ filter {
}
}
-
-
-output {
-
- if "pihole" in [tags]{
- elasticsearch {
- hosts => [""<ELASTICSEARCHHOST:PORT>""]
-# manage_template => false
- index => "logstash-syslog-dns-%{+YYYY.MM}"
- }
- }
-}
\ No newline at end of file
--
GitLab