From 0c75cf81d9cc9afbcc55513e73b44878117ebd22 Mon Sep 17 00:00:00 2001
From: a3ilson <a@3ilson.com>
Date: Sat, 11 Nov 2017 10:11:18 -0500
Subject: [PATCH] Delete 10-syslog(test).conf

---
 10-syslog(test).conf | 54 --------------------------------------------
 1 file changed, 54 deletions(-)
 delete mode 100644 10-syslog(test).conf

diff --git a/10-syslog(test).conf b/10-syslog(test).conf
deleted file mode 100644
index 46f8213..0000000
--- a/10-syslog(test).conf
+++ /dev/null
@@ -1,54 +0,0 @@
-filter {  
-  if [type] == "syslog" {
-    #change to pfSense ip address
-    if [host] =~ /192\.168\.1\.1/ {
-      mutate {
-        add_tag => ["PFSense", "Ready"]
-      }
-    }
-#For Multiple pfSense's, use the following, repeat as needed    
-#    if [host] =~ /192\.168\.100\.1/ {
-#      mutate {
-#        add_tag => ["PFSense", "Ready"]
-#      }
-#    }
-    if "Ready" not in [tags] {
-      mutate {
-        add_tag => [ "syslog" ]
-      }
-    }
-  }
-}
-filter {  
-  if [type] == "syslog" {
-    mutate {
-      remove_tag => "Ready"
-    }
-  }
-}
-filter {  
-  if "syslog" in [tags] {
-    grok {
-      match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
-      add_field => [ "received_at", "%{@timestamp}" ]
-      add_field => [ "received_from", "%{host}" ]
-    }
-    syslog_pri { }
-    date {
-      match => [ "syslog_timestamp", "MMM  d HH:mm:ss", "MMM  dd HH:mm:ss" ]
-      locale => "en"
-    }
-    if !("_grokparsefailure" in [tags]) {
-      mutate {
-        replace => [ "@source_host", "%{syslog_hostname}" ]
-        replace => [ "@message", "%{syslog_message}" ]
-      }
-    }
-    mutate {
-      remove_field => [ "syslog_hostname", "syslog_message", "syslog_timestamp" ]
-    }
-#    if "_grokparsefailure" in [tags] {
-#      drop { }
-#    }
-  }
-}
-- 
GitLab