From f2c2177274546acb3b77723d860783c0580fc5cb Mon Sep 17 00:00:00 2001 From: nin9s <strrrn@gmail.com> Date: Wed, 25 Sep 2019 00:06:02 +0200 Subject: [PATCH] Update 20-dns-syslog.conf --- logstash/conf.d/20-dns-syslog.conf | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/logstash/conf.d/20-dns-syslog.conf b/logstash/conf.d/20-dns-syslog.conf index 1451662..e45a65e 100644 --- a/logstash/conf.d/20-dns-syslog.conf +++ b/logstash/conf.d/20-dns-syslog.conf @@ -131,18 +131,20 @@ filter { } } - else if [domain_request] and [message] =~ "cached" { + + + else if [message] =~ "cached" and [message] =~ "CNAME" { mutate { - add_tag => [ "cached domain to ip" ] - } - geoip { - source => "ip_response" + add_tag => [ "cached domain to ip cname" ] } } - else if [message] =~ "cached" and [message] =~ "CNAME" { + else if [domain_request] and [message] =~ "cached" { mutate { - add_tag => [ "cached domain to ip cname" ] + add_tag => [ "cached domain to ip" ] + } + geoip { + source => "ip_response" } } -- GitLab