MagnetoDB/Logging configs

Configs for Logstash

syslog.conf

input {
    syslog {
        type => "syslog"
        port => "5544"
    }
}

filter {
    if [type] == "syslog" {
        grok {
            match => { "message" => "%{POSINT}>%{SYSLOGTIMESTAMP} %{SYSLOGHOST} %{TIMESTAMP_ISO8601:time} %{NUMBER:pid} %{LOGLEVEL:loglevel} %{PACKAGE:package} %{DASH} %{GREEDYDATA:logmessage}" }
        }
        if ![loglevel] {
            drop { }
        }
        mutate {
            replace => [ "message", "%{logmessage}" ]
            remove_field => ["logmessage"]
            remove_tag => ["_grokparsefailure"]
        }
    }
    mutate {
        add_field => ["apikey", "ffffffff-ffff-ffff-ffff-ffffffffffff"]
        add_field => ["tenant_id", "ffffffffffffffffffffffffffffffff"]
    }
    if [loglevel] == "INFO" or [loglevel] == "DEBUG"  {
        drop { }
    }
}

output {
    stdout {
        codec => rubydebug
    }
    udp {
        host => "123.123.123.123"
        port => "12345"
    }
}

magneto_cassandra.conf

input {
    file {
        type => "magnetodb"
        start_position => "beginning"
        path => "/var/log/magnetodb/magnetodb.log"
    }
    file {
        type => "cassandra"
        start_position => "beginning"
        path => "/var/log/cassandra/system.log"
    }
}

filter {
    if [type] == "magnetodb" {
        multiline {
            pattern => "(^%{TIMESTAMP_ISO8601})"
            what => "previous"
            negate => true
        }
                if ([message] == "") {
                    drop{}
                }
        grok {
            match => { "message" => "(?m)%{TIMESTAMP_ISO8601:time} %{NUMBER:pid} %{LOGLEVEL:loglevel} %{PACKAGE:package} %{DASH} %{GREEDYDATA:logmessage}" }
        }
                mutate {
                    replace => [ "message", "%{logmessage}" ]
                    remove_field => ["logmessage"]
                }
    }
    if [type] == "cassandra" {
        multiline {
            pattern => "(^ %{LOGLEVEL})"
            what => "previous"
            negate => true
        }
        grok {
            match => { "message" => "%{LOGLEVEL:loglevel} %{THREAD:thread} %{TIMESTAMP_ISO8601:time} %{GREEDYDATA:logmessage}" }
        }
                mutate {
                    replace => [ "message", "%{logmessage}" ]
                    remove_field => ["logmessage"]
                }
    }
    mutate {
        add_field => ["apikey", "ffffffff-ffff-ffff-ffff-ffffffffffff"]
        add_field => ["tenant_id", "ffffffffffffffffffffffffffffffff"]
    }
    if [loglevel] == "INFO" or [loglevel] == "DEBUG"  {
        drop { }
    }
}

output {
    stdout {
        codec => rubydebug
    }
    udp {
        host => "123.123.123.123"
        port => "12345"
    }
}