Private GIT

Skip to content
Snippets Groups Projects
Unverified Commit 393a0595 authored by Andrew's avatar Andrew Committed by GitHub
Browse files

Update 10-pf.conf

parent 9ff06bb1
Branches
Tags
Loading
# 10-pf.conf # 10-pf.conf
filter { filter {
if "pf" in [tags] { if "pf" in [tags] {
date {
match => [ "timestamp", " MMM dd HH:mm:ss" ]
target => "@timestamp"
}
grok { grok {
patterns_dir => ["/etc/logstash/conf.d/patterns"] match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
match => [ "message", "%{PFSENSE}", "message", "%{OPNSENSE}" ] add_field => [ "received_at", "%{@timestamp}" ]
add_field => [ "received_from", "%{host}" ]
}
date {
match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
locale => "en"
} }
mutate { mutate {
replace => [ "message", "%{msg}" ] replace => [ "message", "%{msg}" ]
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment