From 7e60839f2e5d97c506eafffe1fcfb00adf05f4b9 Mon Sep 17 00:00:00 2001 From: tiny6996 Date: Mon, 18 May 2020 22:03:50 -0500 Subject: [PATCH] switched logparser to tail --- config/additional_config.conf | 28 +++++++++++++--------------- 1 file changed, 13 insertions(+), 15 deletions(-) diff --git a/config/additional_config.conf b/config/additional_config.conf index 966afbe..6436118 100644 --- a/config/additional_config.conf +++ b/config/additional_config.conf @@ -6,23 +6,21 @@ ] data_format = "influx" -[[inputs.logparser]] +[[inputs.tail]] files = ["/var/log/pfblockerng/dnsbl.log"] - from_beginning=true - [inputs.logparser.grok] - measurement = "dnsbl_log" - patterns = ["^%{WORD:BlockType}-%{WORD:BlockSubType},%{SYSLOGTIMESTAMP:timestamp:ts-syslog},%{IPORHOST:destination:tag},%{IPORHOST:source:tag},%{GREEDYDATA:call},%{WORD:BlockMethod},%{WORD:BlockList},%{IPORHOST:tld:tag},%{WORD:DefinedList:tag},%{GREEDYDATA:hitormiss}"] - timezone = "Local" - [inputs.logparser.tags] - value = "1" + name_suffix = "_dnsbl" + data_format = "csv" + csv_delimiter = "," + csv_tag_columns = ["domain"] + csv_column_names = ["request-type","time","domain","src-ip","random-field","filter-type","category","lookup-domain","block-list","plus-minus"] -[[inputs.logparser]] - files = ["/var/log/pfblockerng/ip_block.log"] - from_beginning=true - [inputs.logparser.grok] - measurement = "ip_block_log" - patterns = ["^%{SYSLOGTIMESTAMP:timestamp:ts-syslog},%{NUMBER:TrackerID},%{GREEDYDATA:Interface},%{WORD:InterfaceName},%{WORD:action},%{NUMBER:IPVersion},%{NUMBER:ProtocolID},%{GREEDYDATA:Protocol},%{IPORHOST:SrcIP:tag},%{IPORHOST:DstIP:tag},%{NUMBER:SrcPort},%{NUMBER:DstPort},%{WORD:Dir},%{WORD:GeoIP:tag},%{GREEDYDATA:AliasName},%{GREEDYDATA:IPEvaluated},%{GREEDYDATA:FeedName:tag},%{HOSTNAME:ResolvedHostname},%{HOSTNAME:ClientHostname},%{GREEDYDATA:ASN},%{GREEDYDATA:DuplicateEventStatus}"] - timezone = "Local" +[[inputs.tail]] + files = ["/var/log/pfblockerng/ip_block.log"] + name_suffix = "_ipblock" + data_format = "csv" + csv_delimiter = "," + csv_tag_columns = ["country-code","block-list"] + csv_column_names = ["when","id","interface","network","action","code","sub-code","protocol","src-ip","dest-ip","src-port","dest-port","direction","country-code","block-list","subnet","block-list-again","dest-domain","src-domain","uhhh","plus-minus"] #[[inputs.unbound]] # server = "127.0.0.1:953"