switched logparser to tail

config/additional_config.conf

@@ -6,23 +6,21 @@
    ]
    data_format = "influx"
 
-[[inputs.logparser]]
+[[inputs.tail]]
   files = ["/var/log/pfblockerng/dnsbl.log"]
-  from_beginning=true
+  name_suffix = "_dnsbl"
-  [inputs.logparser.grok]
+  data_format = "csv"
-    measurement = "dnsbl_log"
+  csv_delimiter = ","
-    patterns = ["^%{WORD:BlockType}-%{WORD:BlockSubType},%{SYSLOGTIMESTAMP:timestamp:ts-syslog},%{IPORHOST:destination:tag},%{IPORHOST:source:tag},%{GREEDYDATA:call},%{WORD:BlockMethod},%{WORD:BlockList},%{IPORHOST:tld:tag},%{WORD:DefinedList:tag},%{GREEDYDATA:hitormiss}"]
+  csv_tag_columns = ["domain"]
-    timezone = "Local"
+  csv_column_names = ["request-type","time","domain","src-ip","random-field","filter-type","category","lookup-domain","block-list","plus-minus"]
-    [inputs.logparser.tags]
-      value = "1"
 
-[[inputs.logparser]]
+[[inputs.tail]]
   files = ["/var/log/pfblockerng/ip_block.log"]
-    from_beginning=true
+  name_suffix = "_ipblock"
-    [inputs.logparser.grok]
+  data_format = "csv"
-        measurement = "ip_block_log"
+  csv_delimiter = ","
-        patterns = ["^%{SYSLOGTIMESTAMP:timestamp:ts-syslog},%{NUMBER:TrackerID},%{GREEDYDATA:Interface},%{WORD:InterfaceName},%{WORD:action},%{NUMBER:IPVersion},%{NUMBER:ProtocolID},%{GREEDYDATA:Protocol},%{IPORHOST:SrcIP:tag},%{IPORHOST:DstIP:tag},%{NUMBER:SrcPort},%{NUMBER:DstPort},%{WORD:Dir},%{WORD:GeoIP:tag},%{GREEDYDATA:AliasName},%{GREEDYDATA:IPEvaluated},%{GREEDYDATA:FeedName:tag},%{HOSTNAME:ResolvedHostname},%{HOSTNAME:ClientHostname},%{GREEDYDATA:ASN},%{GREEDYDATA:DuplicateEventStatus}"]
+  csv_tag_columns = ["country-code","block-list"]
-        timezone = "Local"
+  csv_column_names = ["when","id","interface","network","action","code","sub-code","protocol","src-ip","dest-ip","src-port","dest-port","direction","country-code","block-list","subnet","block-list-again","dest-domain","src-domain","uhhh","plus-minus"]
 
 #[[inputs.unbound]]
 #  server = "127.0.0.1:953"