{"id":20504101,"url":"https://github.com/icinga/icinga-logstash-pipeline","last_synced_at":"2025-03-05T20:45:58.327Z","repository":{"id":41812830,"uuid":"176736515","full_name":"Icinga/icinga-logstash-pipeline","owner":"Icinga","description":"Logstash rules for Icinga logs","archived":false,"fork":false,"pushed_at":"2023-10-01T19:20:00.000Z","size":92,"stargazers_count":5,"open_issues_count":25,"forks_count":0,"subscribers_count":6,"default_branch":"master","last_synced_at":"2025-01-16T07:37:42.913Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Icinga.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":"AUTHORS","dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-03-20T13:10:43.000Z","updated_at":"2023-11-16T07:01:18.000Z","dependencies_parsed_at":"2023-10-01T21:34:59.158Z","dependency_job_id":null,"html_url":"https://github.com/Icinga/icinga-logstash-pipeline","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Icinga%2Ficinga-logstash-pipeline","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Icinga%2Ficinga-logstash-pipeline/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Icinga%2Ficinga-logstash-pipeline/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Icinga%2Ficinga-logstash-pipeline/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Icinga","download_url":"https://codeload.github.com/Icinga/icinga-logstash-pipeline/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":242100931,"owners_count":20071823,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-15T19:36:24.451Z","updated_at":"2025-03-05T20:45:58.305Z","avatar_url":"https://github.com/Icinga.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# logstash-icinga\n\n[![CI](https://github.com/Icinga/icinga-logstash-pipeline/workflows/Logstash%20Syntax/badge.svg?event=push)](https://github.com/Icinga/icinga-logstash-pipeline/actions?query=workflow%3A%22Logstash+Syntax%22)\n\nLogstash rules for Icinga logs\n\n## Usage ##\n\nThese filters are intended to be used within their own pipeline in Logstash. They include input and output configuration to a local Redis instance with hard coded names for keys in which you should write and read all your Icinga logs. (More details below)\n\nIf you are not familiar with multi-pipeline setups, please refer to the [Logstash documentation](https://www.elastic.co/guide/en/logstash/current/multiple-pipelines.html).\n\nFor ease of use this pipeline will read from a Redis instance listening on localhost. It expects the Icinga logs to be found just as they were on disk in the key `icinga`.\n\nAfter processing the pipeline places the parsed logs into the same Redis instance but in key `forwarder`. If you don't like this behaviour feel free to change the files `input.conf` and `output.conf`.\n\nIf you need a jumpstart, this docs show you a simple configuration for [Filebeat](doc/20-filebeat.md) and [Logstash](doc/10-logstash.md).\n\n## Capabilities ##\n\nThe logs will be parsed and split into fields where we see a possible use. Field names are set according to Elastic Common Schema (ECS) wehere fit and stick to a nomenclature which should not interfere with your other field names. For details see the [docs](doc/30-namingscheme.md). Short version: All fields which are not covered by ECS are subfields of the `icinga` field.\n\nIn the `dashboards` directory there are some sample dashboards you can use with this ruleset.\n\nEvery rule adds a tag and a field you can use to identify every known logevent. There is a global rule for adding the version of the ruleset, too.\n\n## Status / Constributing ##\n\nIcinga 2 is always changing and so are its logs. So we try to keep the rules as close to the set of possible logentries as possible but we might always be a bit behind the current version.\n\nIn fact, the first version is not complete but it should be a good starting point.\n\nIf you need more rules, feel free to change the files but please do send us a pull request so we can incorporate them so every use can benefit.\n\n## Inputs and Outputs ##\n\nIf you use files called `input.conf` and `output.conf` they will not collide with this rules, even when you want to pull new versions.\n\n### Examples ###\n\nHere's an example for an `input.conf`\n\n```\ninput {\n  redis {\n    data_type =\u003e list\n    key =\u003e icinga\n  }\n}\n```\n\nAnd an example for `output.conf`\n\n```\noutput {\n  redis {\n    data_type =\u003e list\n    key =\u003e forwarder\n  }\n}\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ficinga%2Ficinga-logstash-pipeline","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ficinga%2Ficinga-logstash-pipeline","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ficinga%2Ficinga-logstash-pipeline/lists"}