averez-doc: fix heka-syslog snippet and add heka-apache snippet

examples/heka-apache/README.md

@@ -0,0 +1,10 @@
+# heka-apache
+
+This configuration for [heka](http://hekad.readthedocs.org/en/latest/) ships apache logs stored in `/var/log/syslog/systems/web` to mozdef.
+
+To run it:
+
+```
+rm -rf /var/cache/hekad/*
+hekad -config=heka.toml
+```

examples/heka-apache/heka.toml

@@ -0,0 +1,36 @@
+[syslog]
+type="LogstreamerInput"
+log_directory="/var/log/syslog/systems/web/"
+file_match='(?P<Year>\d+)-(?P<Month>\d+)-(?P<Day>\d+).log'
+priority = ["Year", "Month", "Day"]
+oldest_duration="2h"
+
+[apache_transform_decoder]
+type = "PayloadRegexDecoder"
+match_regex = '^.*?[(?P<Timestamp>[^\]]+)\] "(?P<Method>[A-Z]+) (?P<Url>[^\s]+)[^"]*" (?P<StatusCode>\d+) (?P<RequestSize>\d+) "(?P<Referer>[^"]*)" "(?P<Browser>[^"]*)"'
+timestamp_layout = "02/Jan/2006:15:04:05 -0700"
+
+[apache_transform_decoder.message_fields]
+Type = "ApacheLogfile"
+Logger = "apache"
+Url|uri = "%Url%"
+Method = "%Method%"
+Status = "%StatusCode%"
+RequestSize|B = "%RequestSize%"
+Referer = "%Referer%"
+Browser = "%Browser%"
+
+[stdout]
+type = "LogOutput"
+message_matcher = "TRUE"
+payload_only = true
+
+[ElasticSearchOutput]
+message_matcher = "Type!='heka.all-report'"
+cluster = "mozdefqa"
+index = "events"
+type_name = "event"
+server = "http://mozdef.example.com:8080"
+format = "clean"
+flush_interval = 1000
+flush_count = 10

examples/heka-syslogng/README.md

@@ -1,4 +1,4 @@
-# beaver-syslog
+# heka-syslogng
 
 This configuration for [heka](http://hekad.readthedocs.org/en/latest/) ships syslog-ng logs stored in `/var/log/syslog/systems` to mozdef.