Ping a Specific Port

Question

Ray Rodriguez

Asked: 2012-04-14 12:27:13 +0800 CST2012-04-14 12:27:13 +0800 CST 2012-04-14 12:27:13 +0800 CST

How to maintain the log source host using logstash

772

I am following the steps in this blog to set up rsyslog + logstash + graylog2 and I can't figure out how to replace the @source_host attribute in logstash using the mutate -> replace filter.

In the exmaple the author replaces his @source_host with a string value but I'd like to use the actual value that is parsed from in this case a syslog.

mutate {
  type => loc1
  replace => ["@source_host", "loc1"]
}
mutate {
  type => loc2
 replace => ["@source_host", "loc2"]
}

How do I actually maintain the original source host in my logs?

1 Answers

Voted

Tom · Answer 1 · 2012-05-14T18:12:16+08:00

Tom

2012-05-14T18:12:16+08:002012-05-14T18:12:16+08:00

if the field has already been matched to the record, and is available then you might be able to do this;

mutate {
    type => loc2
    replace => [ "@source_host","%{this_field}" ]
}

(though I have not tried replacing out the @source_host field before, but give it a try and let us know how it went... ;-)

the blog?

1

How to maintain the log source host using logstash

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?