DNS, POSTFIX,RADIUS Filter for logstash on my elk stack.

February 2, 2017 1.4k views
Elasticsearch Ubuntu

What i want is to add the geoip feature to my elk stack but with dns, postix, dovecot, radius, included apart from apache and nginx
Also Cisco devices as well.
Hi Mitchell ... i saw you add filter for apache and nginx in this link
https://www.digitalocean.com/community/tutorials/how-to-map-user-location-with-geoip-and-elk-elasticsearch-logstash-and-kibana
Can you do the same for DNS server.

1 Answer

Sorry to see that your question hasn't received an answer yet. Unfortunately, after this much time, it is unlikely an answer for this specific question will be provided without more information. For people still landing here via search, check out this tutorial. It's a great introduction to writing Logstash filters utilizing Grok:

One way to increase the effectiveness of your Logstash setup is to collect important application logs and structure the log data by employing filters. In this guide, we will focus primarily on how to add filters for various common application logs.
Have another answer? Share your knowledge.