deepblue/pfSense-Dashboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

switched logparser to tail

Browse Source
This commit is contained in:
tiny6996 2020-05-18 22:03:50 -05:00 committed by GitHub
parent 312be1f6e8
commit 7e60839f2e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 13 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
config/additional_config.conf
View File

@ -6,23 +6,21 @@
]
data_format = "influx"
[[inputs.logparser]]
[[inputs.tail]]
files = ["/var/log/pfblockerng/dnsbl.log"]
from_beginning=true
[inputs.logparser.grok]
measurement = "dnsbl_log"
patterns = ["^%{WORD:BlockType}-%{WORD:BlockSubType},%{SYSLOGTIMESTAMP:timestamp:ts-syslog},%{IPORHOST:destination:tag},%{IPORHOST:source:tag},%{GREEDYDATA:call},%{WORD:BlockMethod},%{WORD:BlockList},%{IPORHOST:tld:tag},%{WORD:DefinedList:tag},%{GREEDYDATA:hitormiss}"]
timezone = "Local"
[inputs.logparser.tags]
value = "1"
name_suffix = "_dnsbl"
data_format = "csv"
csv_delimiter = ","
csv_tag_columns = ["domain"]
csv_column_names = ["request-type","time","domain","src-ip","random-field","filter-type","category","lookup-domain","block-list","plus-minus"]
[[inputs.logparser]]
files = ["/var/log/pfblockerng/ip_block.log"]
from_beginning=true
[inputs.logparser.grok]
measurement = "ip_block_log"
patterns = ["^%{SYSLOGTIMESTAMP:timestamp:ts-syslog},%{NUMBER:TrackerID},%{GREEDYDATA:Interface},%{WORD:InterfaceName},%{WORD:action},%{NUMBER:IPVersion},%{NUMBER:ProtocolID},%{GREEDYDATA:Protocol},%{IPORHOST:SrcIP:tag},%{IPORHOST:DstIP:tag},%{NUMBER:SrcPort},%{NUMBER:DstPort},%{WORD:Dir},%{WORD:GeoIP:tag},%{GREEDYDATA:AliasName},%{GREEDYDATA:IPEvaluated},%{GREEDYDATA:FeedName:tag},%{HOSTNAME:ResolvedHostname},%{HOSTNAME:ClientHostname},%{GREEDYDATA:ASN},%{GREEDYDATA:DuplicateEventStatus}"]
timezone = "Local"
[[inputs.tail]]
files = ["/var/log/pfblockerng/ip_block.log"]
name_suffix = "_ipblock"
data_format = "csv"
csv_delimiter = ","
csv_tag_columns = ["country-code","block-list"]
csv_column_names = ["when","id","interface","network","action","code","sub-code","protocol","src-ip","dest-ip","src-port","dest-port","direction","country-code","block-list","subnet","block-list-again","dest-domain","src-domain","uhhh","plus-minus"]
#[[inputs.unbound]]
# server = "127.0.0.1:953"