-
Notifications
You must be signed in to change notification settings - Fork 48
/
pillar.example
50 lines (43 loc) · 1.18 KB
/
pillar.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
filebeat:
lookup:
config_path: /etc/mycustom/filebeat/filebeat.yml
config_source: salt://mycustom/filebeat/filebeat.jinja
runlevels_install: True
# if no log_paths specified, generic syslogs are default
log_paths:
-
paths:
- '/var/log/auth.log'
- '/var/log/syslog'
-
paths:
- '/var/log/apache2/access.log'
input_type: 'log'
document_type: 'syslog'
ignore_older: '24h'
close_older: '2h'
multiline:
pattern: ^[[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2}
negate: 'true'
match: 'after'
include_lines:
- '^[[:digit:]]{4}-'
exclude_lines:
- '^DBG'
- '^WARN'
fields_under_root: 'true'
fields:
- env: my_environment
- server_role: webserver
elasticsearch:
enabled: False
server: 127.0.0.1:9200
logstash:
enabled: True
server: 127.0.0.1:5044
tls:
enabled: True
# this is the public key from your ELK server
# default path is salt://filebeat/files/ca.pem
ssl_cert: salt://mycustom/filebeat/logstash-forwarder.crt
ssl_cert_path: /etc/pki/tls/certs/logstash-forwarder.crt