Create 15-others.conf

06fb3069 · Andrew · GitHub · 09baee99 · 06fb3069
Unverified Commit 06fb3069 authored Sep 29, 2019 by Andrew Committed by GitHub Sep 29, 2019
--- a/conf.d/15-others.conf
+++ b/conf.d/15-others.conf
+# 15-others.conf
+filter {
+  if "pf" in [tags] {
+    if [application] =~ /^dhcpd$/ {
+      mutate {
+        add_tag => [ "dhcpd" ]
+      }
+      grok {
+        patterns_dir => ["/etc/logstash/conf.d/patterns"]
+        match => [ "message", "%{DHCPD}"]
+      }
+    } 
+    if [application] =~ /^charon$/ {
+      mutate {
+        add_tag => [ "ipsec" ]
+      }
+    }
+    if [application] =~ /^barnyard2/ {
+      mutate {
+        add_tag => [ "barnyard2" ]
+      }
+    }
+    if [application] =~ /^openvpn/ {
+      mutate {
+        add_tag => [ "openvpn" ]
+      }
+      grok {
+        patterns_dir => ["/etc/logstash/conf.d/patterns"]
+        match => [ "message", "%{OPENVPN}"]
+      }
+    }
+    if [application] =~ /^ntpd/ {
+      mutate {
+        add_tag => [ "ntpd" ]
+      }
+    }
+    if [application] =~ /^php-fpm/ {
+      mutate {
+        add_tag => [ "web_portal" ]
+      }
+      grok {
+        patterns_dir => ["/etc/logstash/conf.d/patterns"]
+        match => [ "message", "%{PF_APP}%{PF_APP_DATA}"]
+      }
+      mutate {
+        lowercase => [ 'pf_ACTION' ]
+      }
+    }
+    if [application] =~ /^apinger/ {
+      mutate {
+        add_tag => [ "apinger" ]
+      }
+    }
+  }
+}