33 lines
748 B
Plaintext
33 lines
748 B
Plaintext
input {
|
|
# tcp {
|
|
# port => 5000
|
|
# type => syslog
|
|
# }
|
|
# udp {
|
|
# port => 5000
|
|
# type => syslog
|
|
# }
|
|
file{
|
|
type => as_csv
|
|
path => "/tmp/logfile"
|
|
# path => "/data/*"
|
|
start_position => "beginning"
|
|
}
|
|
}
|
|
filter {
|
|
csv{
|
|
columns => ["endTime","Name","requestUrl","sourceAddress","destinationAddress","priority","Device Vendor","Device Product","Non-CEF Raw Message"]
|
|
}
|
|
grok { match => { "message" => ["%{DATESTAMP:datum}"] } }
|
|
date { match => [ "datum","yy/MM/dd HH:mm:ss" ] timezone => "CET" }
|
|
|
|
}
|
|
output {
|
|
elasticsearch {
|
|
hosts => ["elasticsearch:9200"]
|
|
index => "arcsight"
|
|
# index => "arcsight-%{+YYYY.MM.dd}"
|
|
}
|
|
# stdout { codec => rubydebug }
|
|
}
|