Private GIT

Skip to content
Snippets Groups Projects
Commit c5dda61a authored by nin9s's avatar nin9s
Browse files

Update 20-dns-syslog.conf 

fixed incorrect matching of request and query type and response domain to ip
parent e319d349
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
logstash/conf.d/20-dns-syslog.conf
+ 7
8
View file @ c5dda61a
...@@ -74,13 +74,13 @@ filter { ...@@ -74,13 +74,13 @@ filter {
# to do cached and cached reverse # to do cached and cached reverse
if [request_from] { if [request_from] and [message] =~ "query" {
mutate { mutate {
add_tag => [ "request and query type" ] add_tag => [ "request and query type" ]
} }
} }
else if [ip_response] { else if [ip_response] and [message] =~ "reply" {
geoip { geoip {
source => "ip_response" source => "ip_response"
} }
...@@ -174,7 +174,6 @@ filter { ...@@ -174,7 +174,6 @@ filter {
dns { dns {
reverse => ["source_fqdn"] reverse => ["source_fqdn"]
action => "replace" action => "replace"
# nameserver => ["localhost"]
hit_cache_size => 4096 hit_cache_size => 4096
hit_cache_ttl => 900 hit_cache_ttl => 900
failed_cache_size => 512 failed_cache_size => 512
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment

Another place to be (or not)