kris/graylog_demo
1
0
Fork 0
mirror of https://github.com/krislamo/graylog_demo synced 2024-11-09 21:50:35 +00:00
Code Issues Releases Wiki Activity

defer the parsing of httpd messages until after the message is stored (this allows the whole message to appear in graylog, as well as being parsed)

Browse Source
This commit is contained in:
Bob Belnap 2020-03-20 10:44:38 -04:00
parent 550aaafa4f
commit e509d3bad6
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
td-agent.conf
View File

@ -15,10 +15,20 @@
pos_file /var/log/td-agent/access_log.pos pos_file /var/log/td-agent/access_log.pos
tag httpd.access tag httpd.access
<parse> <parse>
@type apache2 @type none
</parse> </parse>
</source> </source>
<filter httpd.access>
@type parser
key_name message
reserve_data true
<parse>
@type apache2
</parse>
</filter>
<match devel.*> <match devel.*>
@type copy @type copy
<store> <store>