diff --git a/logstash/conf.d/20-dns-syslog.conf b/logstash/conf.d/20-dns-syslog.conf index fe06c07c4177c399f4b42f325d03cc64660b0902..1e31c43227e62bfdfbd313da038a0d063b8d10ce 100644 --- a/logstash/conf.d/20-dns-syslog.conf +++ b/logstash/conf.d/20-dns-syslog.conf @@ -57,7 +57,9 @@ filter { # SRV "^%{DNSMASQPREFIX} query\[%{WORD:query_type}\] %{HOSTNAMEPTR:request} from %{IP:request_from}$", # SRV forwarded - "^%{DNSMASQPREFIX} forwarded %{HOSTNAMEPTR:request} to %{IP:dns_forward_to}$" + "^%{DNSMASQPREFIX} forwarded %{HOSTNAMEPTR:request} to %{IP:dns_forward_to}$", + # SERVFAIL + "^%{DNSMASQPREFIX} reply error is SERVFAIL" ] }