20 lines
603 B
Plaintext
20 lines
603 B
Plaintext
|
|
if ( [program] == "dnsmasq") {
|
|
grok {
|
|
patterns_dir => ["${./patterns}"]
|
|
match => {
|
|
"message" => [
|
|
"^%{logdate:LOGDATE} dnsmasq\[[\d]+\]\: query\[[\w]+\] %{domain:DOMAIN} from %{clientip:CLIENTIP}"
|
|
, "^%{logdate:LOGDATE} dnsmasq\[[\d]+\]\: reply %{domain:DOMAIN} is %{ip:IP}"
|
|
, "^%{logdate:LOGDATE} dnsmasq\[[\d]+\]\: %{blocklist:BLOCKLIST} %{domain:DOMAIN} is %{ip:IP}"
|
|
]
|
|
}
|
|
}
|
|
date {
|
|
match => [ "LOGDATE", "MMM dd HH:mm:ss", "MMM d HH:mm:ss", "ISO8601" ]
|
|
}
|
|
geoip {
|
|
source => "IP"
|
|
}
|
|
}
|