24 Apr
2017
24 Apr
'17
10:41 p.m.
Hi, On Mon, Apr 24, 2017 at 01:42:43PM +0000, C. L. Martinez wrote:
The most important point here is to test all configured logstash filters inside syslog-ng: GeoIP patterns, some substitution params, etc. Any tips or tricks to accomplish this type of change?
If you have a lot of grok patterns, you might want to look at the grok parser in syslog-ng-incubator, which will let you use your existing rules out of the box. In the long term you will probably want to convert them to patterndb rules, the documentation of which is very complete. Cheers