diff --git a/logstash/patterns/dns b/logstash/patterns/dns new file mode 100644 index 0000000000000000000000000000000000000000..f668c0c1894d558097e454f05dc9346db81249a2 --- /dev/null +++ b/logstash/patterns/dns @@ -0,0 +1,5 @@ +HOSTNAMEPTR \b(?:[\._0-9A-Za-z][0-9A-Za-z-]{0,62})(?:\.(?:[\._0-9A-Za-z][0-9A-Za-z-]{0,62}))*(\.?|\b) +NODATA NODATA-[[:word:]]+ +SRV _+.+\S +FQDN \b(?:[\w-][\w-]{0,62})(?:\.(?:[\w-][\w-]{0,62}))*(\.?|\b) +DNSMASQPREFIX %{SYSLOGTIMESTAMP:date} %{SYSLOGPROG}: %{INT:logrow} %{IP:source_host}\/%{POSINT:source_port} \ No newline at end of file