]> git.openstreetmap.org Git - chef.git/blob - cookbooks/logstash/templates/default/logstash.conf.erb
Add basic tests for shorewall
[chef.git] / cookbooks / logstash / templates / default / logstash.conf.erb
1 input {
2   lumberjack {
3     port => 5043
4     ssl_certificate => "/var/lib/logstash/lumberjack.crt"
5     ssl_key => "/var/lib/logstash/lumberjack.key"
6   }
7 }
8
9 filter {
10   if [type] == "apache" {
11     grok {
12       match => [ "message", "%{COMBINEDAPACHELOG} %{NUMBER:duration:int}us %{NOTSPACE:request_id} %{NOTSPACE:ssl_protocol} %{NOTSPACE:ssl_cipher}" ]
13     }
14     date {
15       match => [ "timestamp", "dd/MMM/yyyy:HH:mm:ss Z" ]
16     }
17     if [agent] == "-" {
18       mutate {
19         remove_field => [ "agent" ]
20       }
21     } else {
22       useragent {
23         source => "agent"
24         target => "useragent"
25       }
26       grok {
27         match => { "agent" => "%{JOSM:[useragent][name]=JOSM}/%{POSINT:[useragent][major]}\.%{POSINT:[useragent][minor]} \(%{POSINT:[useragent][patch]} \w+\) " }
28         overwrite => [ "[useragent][name]", "[useragent][major]", "[useragent][minor]", "[useragent][patch]" ]
29         tag_on_failure => []
30       }
31       mutate {
32         rename => { "agent" => "[useragent][raw]" }
33       }
34     }
35   } else if [type] == "rails" {
36     json {
37       source => "message"
38       remove_field => [
39         "message",
40         "[parameters][authenticity_token]",
41         "[parameters][pass_crypt]",
42         "[parameters][pass_crypt_confirmation]",
43         "[parameters][utf8]"
44       ]
45     }
46     if [duration] {
47       ruby {
48         code => "event['duration'] = Integer(event['duration'] * 1000000)"
49       }
50     }
51     if [db] {
52       ruby {
53         code => "event['db'] = Integer(event['db'] * 1000000)"
54       }
55     }
56     if [view] {
57       ruby {
58         code => "event['view'] = Integer(event['view'] * 1000000)"
59       }
60     }
61   }
62
63   if [host] =~ /^spike-/ {
64     mutate {
65       add_tag => [ "frontend" ]
66     }
67   } else if [host] =~ /^thorn-/ {
68     mutate {
69       add_tag => [ "backend" ]
70     }
71   }
72 }
73
74 output {
75   elasticsearch {
76     hosts => [ "127.0.0.1" ]
77   }
78 }