Feature: add rsyslog multiline logs

2026-03-04 22:35:36 +00:00 · 2017-05-24 14:59:12 +02:00
parent 104cecde72
commit 84dbfe7dba
6 changed files with 68 additions and 0 deletions
--- a/logstash/shipper/pipeline/beat_kafka.conf
+++ b/logstash/shipper/pipeline/beat_kafka.conf
@@ -2,12 +2,33 @@ input {
  beats {
    port => 5044
  }
+  udp {
+    port => 10514
+    type => "syslog"
+  }
  lumberjack {
 	port => 5043
 	ssl_key => "/ssl/selfsigned.key"
 	ssl_certificate => "/ssl/selfsigned.crt"
  }
 }
+
+filter {
+  if [type] == "syslog" {
+    mutate {
+	  gsub => [ "message", "\t", "\\t" ]
+    }
+	if ![programname] {
+	  json {
+	  	source => "message"
+	  }
+	}
+	mutate {
+      replace => [ "type", "%{programname}" ]
+    }
+  }
+}
+
 output {
  kafka {
    codec => json