ma logging: init server

author: makefu <github@syntax-fehler.de> 2019-09-25 14:01:32 +0200
committer: makefu <github@syntax-fehler.de> 2019-09-25 14:01:32 +0200
commit: c11c3544abd9ec2702c61b7ae114270791a57371 (patch)
tree: 0c2408a644e1270777ffc3cb29c0b6e6dca4ec67 /makefu/2configs/logging/filter/dnsmasq.conf
parent: 0fbd5ff5631abf062d9cb318035a794a6d47260d (diff)
1 files changed, 19 insertions, 0 deletions
diff --git a/makefu/2configs/logging/filter/dnsmasq.conf b/makefu/2configs/logging/filter/dnsmasq.conf
new file mode 100644
index 00000000..1570b1c6
--- /dev/null
+++ b/makefu/2configs/logging/filter/dnsmasq.conf
@@ -0,0 +1,19 @@
+
+if ( [program] == "dnsmasq") {
+    grok {
+        patterns_dir => ["${./patterns}"]
+        match => {
+          "message" => [
+              "^%{logdate:LOGDATE} dnsmasq\[[\d]+\]\: query\[[\w]+\] %{domain:DOMAIN} from %{clientip:CLIENTIP}"
+            , "^%{logdate:LOGDATE} dnsmasq\[[\d]+\]\: reply %{domain:DOMAIN} is %{ip:IP}"
+            , "^%{logdate:LOGDATE} dnsmasq\[[\d]+\]\: %{blocklist:BLOCKLIST} %{domain:DOMAIN} is %{ip:IP}"
+          ]
+        }
+    }
+    date {
+      match => [ "LOGDATE", "MMM dd HH:mm:ss", "MMM  d HH:mm:ss", "ISO8601" ]
+    }
+    geoip {
+      source => "IP"
+    }
+}
author	makefu <github@syntax-fehler.de>	2019-09-25 14:01:32 +0200
committer	makefu <github@syntax-fehler.de>	2019-09-25 14:01:32 +0200
commit	c11c3544abd9ec2702c61b7ae114270791a57371 (patch)
tree	0c2408a644e1270777ffc3cb29c0b6e6dca4ec67 /makefu/2configs/logging/filter/dnsmasq.conf
parent	0fbd5ff5631abf062d9cb318035a794a6d47260d (diff)