MachinesTalks/logstash
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
main
logstash/conf.d/101-intake-simfony-network.conf
mt 9be65e379b added final changes to repo
2025-02-18 16:02:34 +03:00

90 lines
3.7 KiB
Plaintext
Raw Permalink Blame History

# intake.conf
input { pipeline { address => "Simfony_Mobility_Logs" } }
filter {
if "ocs" in [tags] {
clone {
clones => ["notification-ocs"]
add_tag => [ "notification-ocs" ]
}
grok {
match => { "message" => "%{TIMESTAMP_ISO8601:timestamp}%{SPACE}%{LOGLEVEL:log-level}%{SPACE}%{DATA:issuer}%{SPACE}\(%{DATA:pool}\)%{SPACE}%{GREEDYDATA:log-message}" }
}
if "notification-ocs" in [tags] {
# ruby {
# code => 'puts "Input rule matched: contains ocs-notification-v1"'
# }
if [message] =~ /\[OCS-NOTIFICATION\]/ {
# Keep only lines containing "notification-v1"
if [message] =~ /v2_simfony|v2_advancedtracking|v2_zariot|v2_v2_alwaysconnected|v2_ulink|v2_ipvisie|v2_ip3labs|v2_aec_skyline|v2_mondicon|v2_peoplefone_deu/ {
# simfony
mutate {
add_tag => ["notification_simfony"]
}
} else if [message] =~ /v2_ibasis_ibasis|v2_ibasis_sales_demo|v2_combonet|v2_global_operator|v2_imatrixsys|v2_v2_business_iot|v2_infisim|v2_thinglabs|v2_athalos|v2_pkcloud|v2_fidenty/ {
# ibasis
mutate {
add_tag => ["notification_ibasis"]
}
}
} else {
drop {} # Drop all other lines
}
}
} else if "diameter" in [tags] {
grok {
match => { "message" => "%{TIMESTAMP_ISO8601:timestamp}%{SPACE}%{LOGLEVEL:log-level}%{SPACE}%{DATA:issuer}%{SPACE}\(%{DATA:pool}\)%{SPACE}%{GREEDYDATA:log-message}" }
}
} else if "hlr" in [tags] {
grok {
match => { "message" => "%{TIMESTAMP_ISO8601:timestamp}%{SPACE}%{LOGLEVEL:log-level}%{SPACE}%{DATA:issuer}%{SPACE}\(%{DATA:pool}\)%{SPACE}%{GREEDYDATA:log-message}" }
}
} else if "dra" in [tags] {
grok {
match => { "message" => "%{TIMESTAMP_ISO8601:timestamp}%{SPACE}%{LOGLEVEL:log-level}%{SPACE}%{DATA:issuer}%{SPACE}\(%{DATA:pool}\)%{SPACE}%{GREEDYDATA:log-message}" }
}
} else if "hss" in [tags] {
grok {
match => { "message" => "%{TIMESTAMP_ISO8601:timestamp}%{SPACE}%{LOGLEVEL:log-level}%{SPACE}%{DATA:issuer}%{SPACE}\(%{DATA:pool}\)%{SPACE}%{GREEDYDATA:log-message}" }
}
} else if "aaa" in [tags] {
clone {
clones => ["notification-aaa"]
add_tag => [ "notification-aaa" ]
}
grok {
patterns_dir => ["/etc/logstash/patterns"]
match => {
"message" => [
"%{FREERADIUS_DATE:timestamp}%{SPACE}:%{SPACE}%{FREERADIUS_LOGTYPE:log-level}:%{SPACE}%{FREERADIUS_LOGTYPE:log-plugin}:%{SPACE}%{GREEDYDATA:log-message}",
"%{FREERADIUS_DATE:timestamp}%{SPACE}:%{SPACE}%{FREERADIUS_LOGTYPE:log-level}:%{SPACE}%{GREEDYDATA:log-message}"
]
}
}
if "notification-aaa" in [tags] {
if [message] =~ /notification-v1/ {
# Keep only lines containing "notification-v1"
if [message] =~ /v2_simfony|v2_advancedtracking|v2_zariot|v2_v2_alwaysconnected|v2_ulink|v2_ipvisie|v2_ip3labs|v2_aec_skyline|v2_mondicon|v2_peoplefone_deu/ {
# simfony
mutate {
add_tag => ["notification_simfony"]
}
} else if [message] =~ /v2_ibasis_ibasis|v2_ibasis_sales_demo|v2_combonet|v2_global_operator|v2_imatrixsys|v2_v2_business_iot|v2_infisim|v2_thinglabs|v2_athalos|v2_pkcloud|v2_fidenty/ {
# ibasis
mutate {
add_tag => ["notification_ibasis"]
}
}
} else {
drop {} # Drop all other lines
}
}
} else if "meveo" in [tags] {
grok {
match => { "message" => "%{TIME:timestamp}%{SPACE}%{LOGLEVEL:log-level}%{SPACE}\[%{DATA:issuer}\]%{SPACE}\(%{DATA:pool}\)%{SPACE}%{GREEDYDATA:log-message}" }
}
}
}
Reference in New Issue View Git Blame Copy Permalink