From e737ec0f44c23da586ddb5ad45583c66271a7374 Mon Sep 17 00:00:00 2001 From: nin9s <strrrn@gmail.com> Date: Sun, 12 May 2019 20:36:52 +0200 Subject: [PATCH] Update 20-dns-syslog.conf added SERVFAIL grok --- logstash/conf.d/20-dns-syslog.conf | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/logstash/conf.d/20-dns-syslog.conf b/logstash/conf.d/20-dns-syslog.conf index fe06c07..1e31c43 100644 --- a/logstash/conf.d/20-dns-syslog.conf +++ b/logstash/conf.d/20-dns-syslog.conf @@ -57,7 +57,9 @@ filter { # SRV "^%{DNSMASQPREFIX} query\[%{WORD:query_type}\] %{HOSTNAMEPTR:request} from %{IP:request_from}$", # SRV forwarded - "^%{DNSMASQPREFIX} forwarded %{HOSTNAMEPTR:request} to %{IP:dns_forward_to}$" + "^%{DNSMASQPREFIX} forwarded %{HOSTNAMEPTR:request} to %{IP:dns_forward_to}$", + # SERVFAIL + "^%{DNSMASQPREFIX} reply error is SERVFAIL" ] } -- GitLab