From 06fb30696f69813d5403e6fda126d3b40af4de64 Mon Sep 17 00:00:00 2001
From: Andrew <a@3ilson.com>
Date: Sun, 29 Sep 2019 15:36:21 -0400
Subject: [PATCH] Create 15-others.conf

---
 conf.d/15-others.conf | 55 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 55 insertions(+)
 create mode 100644 conf.d/15-others.conf

diff --git a/conf.d/15-others.conf b/conf.d/15-others.conf
new file mode 100644
index 0000000..406f7ab
--- /dev/null
+++ b/conf.d/15-others.conf
@@ -0,0 +1,55 @@
+# 15-others.conf
+filter {
+  if "pf" in [tags] {
+    if [application] =~ /^dhcpd$/ {
+      mutate {
+        add_tag => [ "dhcpd" ]
+      }
+      grok {
+        patterns_dir => ["/etc/logstash/conf.d/patterns"]
+        match => [ "message", "%{DHCPD}"]
+      }
+    } 
+    if [application] =~ /^charon$/ {
+      mutate {
+        add_tag => [ "ipsec" ]
+      }
+    }
+    if [application] =~ /^barnyard2/ {
+      mutate {
+        add_tag => [ "barnyard2" ]
+      }
+    }
+    if [application] =~ /^openvpn/ {
+      mutate {
+        add_tag => [ "openvpn" ]
+      }
+      grok {
+        patterns_dir => ["/etc/logstash/conf.d/patterns"]
+        match => [ "message", "%{OPENVPN}"]
+      }
+    }
+    if [application] =~ /^ntpd/ {
+      mutate {
+        add_tag => [ "ntpd" ]
+      }
+    }
+    if [application] =~ /^php-fpm/ {
+      mutate {
+        add_tag => [ "web_portal" ]
+      }
+      grok {
+        patterns_dir => ["/etc/logstash/conf.d/patterns"]
+        match => [ "message", "%{PF_APP}%{PF_APP_DATA}"]
+      }
+      mutate {
+        lowercase => [ 'pf_ACTION' ]
+      }
+    }
+    if [application] =~ /^apinger/ {
+      mutate {
+        add_tag => [ "apinger" ]
+      }
+    }
+  }
+}
-- 
GitLab