improve http-dumb/http-smart matching

3 files changed, 27 insertions, 17 deletions

diff --git a/.filebeat b/.filebeat
deleted file mode 100644
index c476ddf..0000000
--- a/.filebeat
+++ /dev/null
@@ -1 +0,0 @@
-{"/home/ben/logs/git-ap/syslog":{"source":"/home/ben/logs/git-ap/syslog","offset":0,"FileStateOS":{"inode":2650570,"device":43}},"/home/ben/logs/git-ap/syslog.1":{"source":"/home/ben/logs/git-ap/syslog.1","offset":0,"FileStateOS":{"inode":2650681,"device":43}}}
diff --git a/filebeat.yml b/filebeat.yml
index ed7d627..44050bf 100644
--- a/filebeat.yml
+++ b/filebeat.yml
@@ -23,12 +23,12 @@ filebeat:
 #       fields:
 #         hostname: snapshots.linaro.org
 
-#     - paths:
+     - paths:
 # #        - "/home/ben/logs/git-us/apache2/old/git.linaro.org-access.log-20160123"
-#         - "/home/ben/logs/git-us/apache2/git.linaro.org-access.log-20160516"
-#         - "/home/ben/logs/git-us/apache2/git.linaro.org-access.log-20160517"
+         - "/home/ben/logs/git-us/apache2/git.linaro.org-access.log-20160516"
+         - "/home/ben/logs/git-us/apache2/git.linaro.org-access.log-20160517"
 # #        - "/home/ben/logs/git-us/apache2/git.linaro.org-*access*"
-#       document_type: apache-access
+       document_type: apache-access
 #       fields:
 #         hostname: git-us
 
@@ -36,11 +36,11 @@ filebeat:
 #       - "/home/ben/logs/git-us/gitolite-logs/gitolite-2016-01.log"
 #      input_type: gitolite
       
-    - paths:
+#    - paths:
 #        - "/home/ben/logs/git-us/syslog/syslog"
-        - "/home/ben/logs/git-ap/syslog"
-        - "/home/ben/logs/git-ap/syslog.1"
+#        - "/home/ben/logs/git-ap/syslog"
+#        - "/home/ben/logs/git-ap/syslog.1"
 #        - "/home/ben/logs/git-us/syslog/syslog.1"
 #        - "/home/ben/logs/git-us/syslog/syslog.2"
 #        - "/home/ben/logs/android-git-ie/syslog"
-      document_type: syslog
+#      document_type: syslog
diff --git a/logstash/conf.d/11-apache-access.conf b/logstash/conf.d/11-apache-access.conf
index c20c398..29880de 100644
--- a/logstash/conf.d/11-apache-access.conf
+++ b/logstash/conf.d/11-apache-access.conf
@@ -6,24 +6,35 @@ filter {
            patterns_dir => ["/etc/logstash/patterns.d"]
          }
 
-    grok { 
+    grok {
            match => [ "request", '(?<git_repo_name>(.*?)\.git)' ]
-           add_tag => [ "git-upload-pack" ] 
+           add_tag => [ "git-upload-pack" ]
            break_on_match => false
          }
 
     grok { 
-           match => [ "request", '(\/(.*?)\.git\/info\/refs\?service=git-upload-pack)' ]
-           add_tag => [ "http-dumb" ] 
+           match => [ "request", '(?<http-smart>/(.*?)\.git/\git-upload-pack)']
+           add_tag => [ "http-smart" ] 
            break_on_match => false
          }
 
-    grok {
-           match => [ "request", '' ]
-           add_tag => [ "git-upload-pack" ]
-           break_on_match => false
+    grok { 
+           match => [ "request", '(?<http-dumb>/(.*?)\.git/info/refs\?service=git-upload-pack)']
+           add_tag => [ "http-dumb" ]
+	   break_on_match => false
          }
 
+    geoip {
+      source => "clientip"
+      target => "geoip"
+      database => "/etc/logstash/GeoLiteCity.dat"
+      add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ]
+      add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}"  ]
+    }
+    mutate {
+      convert => [ "[geoip][coordinates]", "float"]
+    }
+
 
   date {
          match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]