From f2c2177274546acb3b77723d860783c0580fc5cb Mon Sep 17 00:00:00 2001
From: nin9s <strrrn@gmail.com>
Date: Wed, 25 Sep 2019 00:06:02 +0200
Subject: [PATCH] Update 20-dns-syslog.conf

---
 logstash/conf.d/20-dns-syslog.conf | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/logstash/conf.d/20-dns-syslog.conf b/logstash/conf.d/20-dns-syslog.conf
index 1451662..e45a65e 100644
--- a/logstash/conf.d/20-dns-syslog.conf
+++ b/logstash/conf.d/20-dns-syslog.conf
@@ -131,18 +131,20 @@ filter {
         }
       }
 
-      else if [domain_request] and [message] =~ "cached" {
+     
+
+      else if [message] =~ "cached" and [message] =~ "CNAME" {
         mutate {
-          add_tag => [ "cached domain to ip" ]
-        }
-        geoip {
-          source => "ip_response"
+          add_tag => [ "cached domain to ip cname" ]
         }
       }
 
-      else if [message] =~ "cached" and [message] =~ "CNAME" {
+	  else if [domain_request] and [message] =~ "cached" {
         mutate {
-          add_tag => [ "cached domain to ip cname" ]
+          add_tag => [ "cached domain to ip" ]
+        }
+        geoip {
+          source => "ip_response"
         }
       }
 
-- 
GitLab