From e737ec0f44c23da586ddb5ad45583c66271a7374 Mon Sep 17 00:00:00 2001
From: nin9s <strrrn@gmail.com>
Date: Sun, 12 May 2019 20:36:52 +0200
Subject: [PATCH] Update 20-dns-syslog.conf

added SERVFAIL grok
---
 logstash/conf.d/20-dns-syslog.conf | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/logstash/conf.d/20-dns-syslog.conf b/logstash/conf.d/20-dns-syslog.conf
index fe06c07..1e31c43 100644
--- a/logstash/conf.d/20-dns-syslog.conf
+++ b/logstash/conf.d/20-dns-syslog.conf
@@ -57,7 +57,9 @@ filter {
  # SRV
  "^%{DNSMASQPREFIX} query\[%{WORD:query_type}\] %{HOSTNAMEPTR:request} from %{IP:request_from}$",
  # SRV forwarded
- "^%{DNSMASQPREFIX} forwarded %{HOSTNAMEPTR:request} to %{IP:dns_forward_to}$" 
+ "^%{DNSMASQPREFIX} forwarded %{HOSTNAMEPTR:request} to %{IP:dns_forward_to}$",
+ # SERVFAIL
+ "^%{DNSMASQPREFIX} reply error is SERVFAIL" 
 
                   ]
       }
-- 
GitLab