ma logging: init server

author: makefu <github@syntax-fehler.de> 2019-09-25 14:01:32 +0200
committer: makefu <github@syntax-fehler.de> 2019-09-25 14:01:32 +0200
commit: 784e6760453658a30db8e68eb5246a5507d31696 (patch)
tree: d3739179f54c394c18d5c365db43c3fa5e9619ce /2configs/logging/filter/dnsmasq.conf
parent: 571bb276317d50af5c68c5adbd0f3e4afe889c11 (diff)
1 files changed, 19 insertions, 0 deletions
diff --git a/2configs/logging/filter/dnsmasq.conf b/2configs/logging/filter/dnsmasq.conf
new file mode 100644
index 000000000..1570b1c60
--- /dev/null
+++ b/2configs/logging/filter/dnsmasq.conf
@@ -0,0 +1,19 @@
+
+if ( [program] == "dnsmasq") {
+    grok {
+        patterns_dir => ["${./patterns}"]
+        match => {
+          "message" => [
+              "^%{logdate:LOGDATE} dnsmasq\[[\d]+\]\: query\[[\w]+\] %{domain:DOMAIN} from %{clientip:CLIENTIP}"
+            , "^%{logdate:LOGDATE} dnsmasq\[[\d]+\]\: reply %{domain:DOMAIN} is %{ip:IP}"
+            , "^%{logdate:LOGDATE} dnsmasq\[[\d]+\]\: %{blocklist:BLOCKLIST} %{domain:DOMAIN} is %{ip:IP}"
+          ]
+        }
+    }
+    date {
+      match => [ "LOGDATE", "MMM dd HH:mm:ss", "MMM  d HH:mm:ss", "ISO8601" ]
+    }
+    geoip {
+      source => "IP"
+    }
+}
author	makefu <github@syntax-fehler.de>	2019-09-25 14:01:32 +0200
committer	makefu <github@syntax-fehler.de>	2019-09-25 14:01:32 +0200
commit	784e6760453658a30db8e68eb5246a5507d31696 (patch)
tree	d3739179f54c394c18d5c365db43c3fa5e9619ce /2configs/logging/filter/dnsmasq.conf
parent	571bb276317d50af5c68c5adbd0f3e4afe889c11 (diff)