diff options
author | Ben Copeland <ben.copeland@linaro.org> | 2016-06-08 12:28:09 +0100 |
---|---|---|
committer | Ben Copeland <ben.copeland@linaro.org> | 2016-06-08 15:56:49 +0100 |
commit | 7cc3a82490fae031679d18907d76810be9a48d82 (patch) | |
tree | c59dbbbf4ae5db218a42c01bc8e7bacafbb06059 | |
parent | 3bcc8cdcd577f4bff33cb65086ed96495515e431 (diff) |
improve http-dumb/http-smart matching
-rw-r--r-- | .filebeat | 1 | ||||
-rw-r--r-- | filebeat.yml | 16 | ||||
-rw-r--r-- | logstash/conf.d/11-apache-access.conf | 27 |
3 files changed, 27 insertions, 17 deletions
diff --git a/.filebeat b/.filebeat deleted file mode 100644 index c476ddf..0000000 --- a/.filebeat +++ /dev/null @@ -1 +0,0 @@ -{"/home/ben/logs/git-ap/syslog":{"source":"/home/ben/logs/git-ap/syslog","offset":0,"FileStateOS":{"inode":2650570,"device":43}},"/home/ben/logs/git-ap/syslog.1":{"source":"/home/ben/logs/git-ap/syslog.1","offset":0,"FileStateOS":{"inode":2650681,"device":43}}} diff --git a/filebeat.yml b/filebeat.yml index ed7d627..44050bf 100644 --- a/filebeat.yml +++ b/filebeat.yml @@ -23,12 +23,12 @@ filebeat: # fields: # hostname: snapshots.linaro.org -# - paths: + - paths: # # - "/home/ben/logs/git-us/apache2/old/git.linaro.org-access.log-20160123" -# - "/home/ben/logs/git-us/apache2/git.linaro.org-access.log-20160516" -# - "/home/ben/logs/git-us/apache2/git.linaro.org-access.log-20160517" + - "/home/ben/logs/git-us/apache2/git.linaro.org-access.log-20160516" + - "/home/ben/logs/git-us/apache2/git.linaro.org-access.log-20160517" # # - "/home/ben/logs/git-us/apache2/git.linaro.org-*access*" -# document_type: apache-access + document_type: apache-access # fields: # hostname: git-us @@ -36,11 +36,11 @@ filebeat: # - "/home/ben/logs/git-us/gitolite-logs/gitolite-2016-01.log" # input_type: gitolite - - paths: +# - paths: # - "/home/ben/logs/git-us/syslog/syslog" - - "/home/ben/logs/git-ap/syslog" - - "/home/ben/logs/git-ap/syslog.1" +# - "/home/ben/logs/git-ap/syslog" +# - "/home/ben/logs/git-ap/syslog.1" # - "/home/ben/logs/git-us/syslog/syslog.1" # - "/home/ben/logs/git-us/syslog/syslog.2" # - "/home/ben/logs/android-git-ie/syslog" - document_type: syslog +# document_type: syslog diff --git a/logstash/conf.d/11-apache-access.conf b/logstash/conf.d/11-apache-access.conf index c20c398..29880de 100644 --- a/logstash/conf.d/11-apache-access.conf +++ b/logstash/conf.d/11-apache-access.conf @@ -6,24 +6,35 @@ filter { patterns_dir => ["/etc/logstash/patterns.d"] } - grok { + grok { match => [ "request", '(?<git_repo_name>(.*?)\.git)' ] - add_tag => [ "git-upload-pack" ] + add_tag => [ "git-upload-pack" ] break_on_match => false } grok { - match => [ "request", '(\/(.*?)\.git\/info\/refs\?service=git-upload-pack)' ] - add_tag => [ "http-dumb" ] + match => [ "request", '(?<http-smart>/(.*?)\.git/\git-upload-pack)'] + add_tag => [ "http-smart" ] break_on_match => false } - grok { - match => [ "request", '' ] - add_tag => [ "git-upload-pack" ] - break_on_match => false + grok { + match => [ "request", '(?<http-dumb>/(.*?)\.git/info/refs\?service=git-upload-pack)'] + add_tag => [ "http-dumb" ] + break_on_match => false } + geoip { + source => "clientip" + target => "geoip" + database => "/etc/logstash/GeoLiteCity.dat" + add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ] + add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}" ] + } + mutate { + convert => [ "[geoip][coordinates]", "float"] + } + date { match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ] |