doc/schemas/logstash/log-courier.conf

   1 # Example log-courier configuration file for RADIUS detail files.
   2 #
   3 {
   4         "general": {
   5                 "persist directory": "/var/lib/log-courier",
   6                 "log syslog": true,
   7                 "log stdout": false,
   8                 "admin listen address": "unix:/var/run/log-courier/admin.socket"
   9         },
  10
  11         "network": {
  12                 "transport": "tcp",
  13                 "reconnect": 10,
  14
  15                 # Servers to connect to.
  16                 #
  17                 "servers": [
  18                         "logstash1.example:5140",
  19                         "logstash2.example:5140"
  20                 ]
  21         },
  22
  23         "files": [
  24                 {
  25                         # Match RADIUS detail files, but not anything that has
  26                         # been gzipped.
  27                         #
  28                         "paths": [ "/var/log/radius/radacct/*/detail-????????" ],
  29
  30                         # Add a type:"radiusdetail" field to the data so that
  31                         # logstash can tell what type of data this is (in case
  32                         # log-courier is being used for other data as well).
  33                         #
  34                         "fields": {
  35                                 "type": "radiusdetail"
  36                         },
  37
  38                         # Stop watching a file if nothing has been written in 12h.
  39                         #
  40                         "dead time": "12h",
  41
  42                         # Process multilines. If this is being used then the
  43                         # "multiline" section should be commented out from the
  44                         # logstash configuration. Logstash can then also be run
  45                         # with multiple workers (using -w).
  46                         #
  47                         "codec": {
  48                                 "name": "multiline",
  49                                 "pattern": "^[A-Z\t]",
  50                                 "negate": false,
  51                                 "what": "next"
  52                         }
  53                 }
  54         ]
  55 }
  56