Nagios Support Forum

Posted: **Wed Jul 20, 2016 12:48 pm**

Hi!

I am trying to add some patterns to match /var/log/maillog fields, following the ideas in the logstash Book (https://logstashbook.com/)

So the author suggest to add the following code to te file /etc/logstash/patterns:

Code: Select all

COMP ([\w._\/%-]+)
COMPPID postfix\/%{COMP:component}(?:\[%{POSINT:pid}\])?
QUEUEID ([A-F0-9]{5,15}{1})
EMAILADDRESSPART [a-zA-Z0-9_.+-=:]+
EMAILADDRESS %{EMAILADDRESSPART:local}@%{EMAILADDRESSPART:remote}
POSTFIX %{SYSLOGTIMESTAMP:timestamp} %{SYSLOGHOST:hostname} %{COMPPID}: %{QUEUEID:queueid}
POSTFIXQMGR %{POSTFIX}: (?:removed|from=<(?:%{EMAILADDRESS:from})?>(?:, size=%{POSINT:size}, nrcpt=%{POSINT:nrcpt} \(%{GREEDYDATA:queuestatus}\))?)

However the file doesn't exist, not even the folder /etc/logstash. So in Nagios Log Server install, where should I put this file, or how can I add new patterns?

Posted: **Wed Jul 20, 2016 1:17 pm**

Check /usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-0.1.10/patterns/grok-patterns out.

Posted: **Fri Jul 29, 2016 4:45 pm**

That's exactly what I needed. Thanks.

Posted: **Mon Aug 01, 2016 9:09 am**

Is it alright if we lock this thread and mark the issue as resolved?

Posted: **Mon Aug 01, 2016 9:10 am**

FYI - we got tired of remembering that, and just make a link: /usr/local/patterns -> /usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-0.1.10/patterns/grok-patterns

Posted: **Mon Aug 01, 2016 10:22 am**

That works too

@vmesquita - let us know if you have any further questions.

Posted: **Thu Aug 04, 2016 9:52 am**

Thanks! It's all working, you can close the thread.

Nagios Support Forum

Add new patterns

Add new patterns

Re: Add new patterns

Re: Add new patterns

Re: Add new patterns

Re: Add new patterns

Re: Add new patterns

Re: Add new patterns