Support for Nagios products and services
https://support.nagios.com/forum/
Code: Select all
\b(?:[_0-9A-Za-z][_0-9A-Za-z-]{0,62})(?:\.(?:[_0-9A-Za-z][_0-9A-Za-z-]{0,62}))*(\.?|\b)Code: Select all
HOSTNAME \b(?:[_0-9A-Za-z][0-9A-Za-z-]{0,62})(?:\.(?:[_0-9A-Za-z][0-9A-Za-z-]{0,62}))*(\.?|\b)Code: Select all
HOSTNAME \b(?:[_0-9A-Za-z][_0-9A-Za-z-]{0,62})(?:\.(?:[_0-9A-Za-z][_0-9A-Za-z-]{0,62}))*(\.?|\b)
If it is helpful, you can also add the following tag to each Grok to not add any tag on failure.Append values to the ‘tags’ field when there has been no successful match
Code: Select all
tag_on_failure => []Code: Select all
<188>mrt 18 15:59:14 10.54.22.160 raslogd: 2015/03/18-14:59:14, [TS-1001], 442, WWN 10:00:00:05:1e:8f:54:8c | FID 128, WARNING, DGSG_FSENC02_SANSWB01, NTP Query failed: 256.Code: Select all
<190>mrt 18 10:14:38 10.41.37.172 raslogd: 2015/03/18-09:14:38, [SNMP-1005], 116, WWN 10:00:00:05:1e:8f:54:8a | FID 128, INFO, CPF_FSENC02_SANSWB01, SNMP configuration attribute, SNMPv3 Trap Recipient Port 1, has changed from 1162 to 162.Code: Select all
if [type] == "syslog-brocade" {
grok {
match => { "message" => "<[\d]+>[a-z]+ [\d]+ [\d\:]+ %{IPV4:logsource}%{GREEDYDATA:program}: %{YEAR}\/%{MONTHNUM}\/%{MONTHDAY}-%{TIME}%{GREEDYDATA}WWN %{IPV6:wwn}%{GREEDYDATA}%{LOGLEVEL}\, %{HOSTNAME:hostname}" }
add_tag => "grokked"
}
}
Code: Select all
<[\d]+>[a-z]+ [\d]+ [\d\:]+ %{IPV4:logsource}%{GREEDYDATA:program}: %{YEAR}\/%{MONTHNUM}\/%{MONTHDAY}-%{TIME}%{GREEDYDATA}WWN %{IPV6:wwn}%{GREEDYDATA}%{LOGLEVEL}\, %{HOSTNAME:hostname}.+Code: Select all
<[\d]+>[a-z]+ [\d]+ [\d\:]+ %{IPV4:logsource}%{GREEDYDATA:program}: %{YEAR}\/%{MONTHNUM}\/%{MONTHDAY}-%{TIME}%{GREEDYDATA}WWN %{IPV6:wwn}%{GREEDYDATA}%{LOGLEVEL}\, %{HOSTNAME:hostname}\, %{GREEDYDATA:info}Code: Select all
<[\d]+>[a-z]+ [\d]+ [\d\:]+ %{IPV4:logsource}%{GREEDYDATA:program}: %{YEAR:year}\/%{MONTHNUM:month}\/%{MONTHDAY:day}-%{TIME:time}%{GREEDYDATA:data1}WWN %{IPV6:wwn}%{GREEDYDATA:data2}%{LOGLEVEL:loglevel}\, %{HOSTNAME:hostname}\, %{GREEDYDATA:info}Code: Select all
if [type] == "syslog-brocade" {
grok {
match => { "message" => "<[\d]+>[a-z]+ [\d]+ [\d\:]+ %{IPV4:logsource}%{GREEDYDATA:program}: %{YEAR:year}\/%{MONTHNUM:month}\/%{MONTHDAY:day}-%{TIME:time}%{GREEDYDATA:data1}WWN %{IPV6:wwn}%{GREEDYDATA:data2}%{LOGLEVEL:loglevel}\, %{HOSTNAME:hostname}\, %{GREEDYDATA:info}" }
add_tag => "grokked"
}
}
Code: Select all
if [type] == "syslog-brocade" {
grok {
match => [ "message", "<[\d]+>[a-z]+ [\d]+ [\d\:]+ %{IPV4:logsource}%{GREEDYDATA:program}: %{YEAR:year}\/%{MONTHNUM:month}\/%{MONTHDAY:day}-%{TIME:time}%{GREEDYDATA:data1}WWN %{IPV6:wwn}%{GREEDYDATA:data2}%{LOGLEVEL:loglevel}\, %{HOSTNAME:hostname}\, %{GREEDYDATA:info}" ]
add_tag => "grokked"
}
}Code: Select all
tag_on_failure => []Code: Select all
if [type] == "syslog-brocade" {
grok {
match => [ "message", "<[\d]+>[a-z]+ [\d]+ [\d\:]+ %{IPV4:logsource}%{GREEDYDATA:program}: %{YEAR:year}\/%{MONTHNUM:month}\/%{MONTHDAY:day}-%{TIME:time}%{GREEDYDATA:data1}WWN %{IPV6:wwn}%{GREEDYDATA:data2}%{LOGLEVEL:loglevel}\, %{HOSTNAME:hostname}\, %{GREEDYDATA:info}" ]
tag_on_failure => []
add_tag => "grokked"
}
}
Code: Select all
cat /usr/local/nagioslogserver/logstash/etc/conf.d/500_filters.conf