Search::ESsearcher::Templates::syslog - Provides syslog support for essearcher.
Version 1.1.0
This uses a logstash configuration below.
input { syslog { host => "10.10.10.10" port => 11514 type => "syslog" } } filter { } output { if [type] == "syslog" { elasticsearch { hosts => [ "127.0.0.1:9200" ] } } }
The important bit is "type" being set to "syslog". If that is not used, use the command line options field and fieldv.
The syslog server.
The search is done with .keyword appended to the field name.
Does not run the it through aonHost.
The source server sending to the syslog server.
The name of the daemon/program in question.
The number of items to return.
The syslog facility.
The severity level of the message.
The PID that sent the message.
Date greater than.
Date greater than or equal to.
Date less than.
Date less than or equal to.
Messages to match.
The term field to use for matching them all.
The value of the term field to matching them all.
, OR + AND ! NOT
A list seperated by any of those will be transformed
These may be used with program, facility, pid, or host.
example: --program postfix,spamd results: postfix OR spamd
A list of hosts seperated by any of those will be transformed. A host name should always end in a period unless it is a FQDN.
These may be used with host and src.
example: --src foo.,mail.bar.
results: /foo./ OR /mail.bar./
date
/^-/ appends "now" to it. So "-5m" becomes "now-5m".
/^u\:/ takes what is after ":" and uses Time::ParseDate to convert it to a unix time value.
Any thing not matching maching any of the above will just be passed on.
To install Search::ESsearcher, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Search::ESsearcher
CPAN shell
perl -MCPAN -e shell install Search::ESsearcher
For more information on module installation, please visit the detailed CPAN module installation guide.