зеркало из https://github.com/mozilla/MozDef.git
34 строки
938 B
TOML
34 строки
938 B
TOML
[syslog]
|
|
type="LogstreamerInput"
|
|
log_directory="/var/log/syslog/systems/web"
|
|
file_match='(?P<Year>\d+)-(?P<Month>\d+)-(?P<Day>\d+).log'
|
|
priority = ["Year", "Month", "Day"]
|
|
oldest_duration="2h"
|
|
|
|
[apache_transform_decoder]
|
|
type = "SandboxDecoder"
|
|
script_type = "lua"
|
|
filename = "lua_decoders/apache_access.lua"
|
|
|
|
[apache_transform_decoder.config]
|
|
log_format = '%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"'
|
|
# type = "ApacheLogfile" # this should be something more specific incase multiple services are being aggregated upstream
|
|
user_agent_transform = true
|
|
|
|
# Start commenting here if you don't want any stdout
|
|
[stdout]
|
|
type = "LogOutput"
|
|
message_matcher = "TRUE"
|
|
payload_only = true
|
|
# Finish commenting here
|
|
|
|
[ElasticSearchOutput]
|
|
message_matcher = 'Type !~ /^heka\./'
|
|
cluster = "mozdefqa"
|
|
index = "events"
|
|
type_name = "event"
|
|
server = "http://mozdef.example.com:8080"
|
|
format = "clean"
|
|
flush_interval = 1000
|
|
flush_count = 10
|