Nagios Support Forum

Posted: **Mon Feb 29, 2016 10:38 am**

Wanted to pass on a reminder for everyone to update your Logstash patterns.

I was having issues with Logstash not parsing the Cisco ASA-6-302016 messages correctly, leading to a grokparsefailure. Found this GitHub thread: https://github.com/elastic/logstash/issues/1369 that addressed it.

Since Logstash v1.5, Logstash maintains their built-in patterns separately from their app code. You can update your built-in patterns by:

Code: Select all

cd /usr/local/nagioslogserver/logstash/bin
./plugin update logstash-patterns-core

Which should give you an output like:

Code: Select all

Updating logstash-patterns-core
Updated logstash-patterns-core 0.1.10 to 0.4.0

Keep calm and parse on.

-Andrew

Posted: **Mon Feb 29, 2016 11:07 am**

Thanks for the heads up!

wKsXocIps.jpg

Posted: **Mon Feb 29, 2016 11:13 am**

Should also note that you'll need to update the grok filters that call those patterns as well. Check for definitions here: https://github.com/logstash-plugins/log ... r/patterns

Posted: **Mon Feb 29, 2016 3:58 pm**

Thank you for posting that, I'm sure future visitors will find it helpful. Are we okay to close this thread or is there anything else related that we can help with?

Posted: **Mon Feb 29, 2016 4:00 pm**

Lock it up!

Nagios Support Forum

Update your Logstash patterns!

Update your Logstash patterns!

Re: Update your Logstash patterns!

Re: Update your Logstash patterns!

Re: Update your Logstash patterns!

Re: Update your Logstash patterns!