Update syslog.conf

jordansissel · jordansissel · commit 5b20614c271d · 2013-12-16T11:45:52.000-08:00
diff --git a/recipes/syslog-pri/syslog.conf b/recipes/syslog-pri/syslog.conf
@@ -14,11 +14,11 @@ filter {
     grok {
       match => { "message" => "<%{POSINT:syslog_pri}>%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
       add_field => [ "received_at", "%{@timestamp}" ]
-      add_field => [ "received_from", "%{@source_host}" ]
+      add_field => [ "received_from", "%{host}" ]
     }
     syslog_pri { }
     date {
-      match => { "syslog_timestamp" => [ "MMM  d HH:mm:ss", "MMM dd HH:mm:ss" ] }
+      match => [ "syslog_timestamp", "MMM  d HH:mm:ss", "MMM dd HH:mm:ss" ]
     }
     if !("_grokparsefailure" in [tags]) {
       mutate {

Original file line number	Diff line number	Diff line change
`@@ -14,11 +14,11 @@ filter {`
`14`	`14`	`grok {`
`15`	`15`	`match => { "message" => "<%{POSINT:syslog_pri}>%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }`
`16`	`16`	`add_field => [ "received_at", "%{@timestamp}" ]`
`17`		`- add_field => [ "received_from", "%{@source_host}" ]`
	`17`	`+ add_field => [ "received_from", "%{host}" ]`
`18`	`18`	`}`
`19`	`19`	`syslog_pri { }`
`20`	`20`	`date {`
`21`		`- match => { "syslog_timestamp" => [ "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ] }`
	`21`	`+ match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]`
`22`	`22`	`}`
`23`	`23`	`if !("_grokparsefailure" in [tags]) {`
`24`	`24`	`mutate {`