mirror of
https://git.lapiole.org/dani/ansible-roles.git
synced 2025-08-02 23:05:41 +02:00
26 lines
979 B
YAML
26 lines
979 B
YAML
---
|
|
|
|
sources:
|
|
in_logs_squid:
|
|
type: file
|
|
include:
|
|
- /var/log/squid/access.log
|
|
- /var/log/squid/cache.log
|
|
- /var/log/squid/ufdbgclient.log
|
|
- /var/log/ufdbguard/ufdbguardd.log
|
|
|
|
transforms:
|
|
format_logs_squid:
|
|
type: remap
|
|
inputs: ["in_logs_squid"]
|
|
source: |
|
|
.group = "proxy"
|
|
if (.file == "/var/log/squid/access.log"){
|
|
.squid = parse_grok!(
|
|
.message,
|
|
"%{HTTPDATE:timestamp}\\s+%{NUMBER:response_time} %{IPORHOST:src_ip} %{NOTSPACE:squid_request_status}/%{NUMBER:http_status_code} %{NUMBER:transfer_size} %{NOTSPACE:http_method} (%{URIPROTO:url_scheme}://)?(?<url_host>\\S+?)(:%{INT:url_port})?(/%{NOTSPACE:url_path})?\\s+%{NOTSPACE:client_identity}\\s+%{NOTSPACE:peer_code}/%{NOTSPACE:peerhost}\\s+%{NOTSPACE:content_type}"
|
|
)
|
|
.timestamp = parse_timestamp(del(.squid.timestamp), format: "%d/%h/%Y:%H:%M:%S %z") ?? now()
|
|
.service = "squid"
|
|
}
|