├── .gitmodules ├── LICENSE ├── README.md ├── conf.d ├── 10-import.conf ├── 10-input.conf ├── 30-filter-apache.conf ├── 30-filter-auth.conf ├── 30-filter-mail.conf ├── 50-filter-dovecot.conf ├── 50-filter-postfix.conf ├── 50-filter-postgrey.conf ├── 51-filter-postfix-postproc.conf ├── 65-filter-spamd.conf └── 90-output.conf ├── docker-elk ├── docker-compose-elk-oss.yml ├── docker-compose-elk-with-x-pack.yml ├── logstash-oss.Dockerfile ├── logstash-oss.yml ├── logstash-with-x-pack.Dockerfile └── logstash-x-pack.yml ├── images ├── Dashboard-Authentication.png ├── Dashboard-Failed_Logins.png ├── Dashboard-Mail.png └── Dashboard-Web.png ├── kibana ├── dashboards.json ├── searches.json └── visualizations.json ├── log-dropzone ├── apache-import │ └── .gitignore ├── apache │ └── .gitignore ├── auth-import │ └── .gitignore ├── auth │ └── .gitignore ├── mail-import │ └── .gitignore └── mail │ └── .gitignore └── patterns.d ├── dovecot.grok ├── pam.grok ├── postfix.grok ├── postgrey.grok ├── spamd.grok ├── sshd.grok ├── sudo.grok ├── systemd.grok └── user-management.grok /.gitmodules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thomaspatzke/logstash-linux/HEAD/.gitmodules -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thomaspatzke/logstash-linux/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thomaspatzke/logstash-linux/HEAD/README.md -------------------------------------------------------------------------------- /conf.d/10-import.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thomaspatzke/logstash-linux/HEAD/conf.d/10-import.conf -------------------------------------------------------------------------------- /conf.d/10-input.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thomaspatzke/logstash-linux/HEAD/conf.d/10-input.conf -------------------------------------------------------------------------------- /conf.d/30-filter-apache.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thomaspatzke/logstash-linux/HEAD/conf.d/30-filter-apache.conf -------------------------------------------------------------------------------- /conf.d/30-filter-auth.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thomaspatzke/logstash-linux/HEAD/conf.d/30-filter-auth.conf -------------------------------------------------------------------------------- /conf.d/30-filter-mail.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thomaspatzke/logstash-linux/HEAD/conf.d/30-filter-mail.conf -------------------------------------------------------------------------------- /conf.d/50-filter-dovecot.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thomaspatzke/logstash-linux/HEAD/conf.d/50-filter-dovecot.conf -------------------------------------------------------------------------------- /conf.d/50-filter-postfix.conf: -------------------------------------------------------------------------------- 1 | ../ext/postfix-grok-patterns/50-filter-postfix.conf -------------------------------------------------------------------------------- /conf.d/50-filter-postgrey.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thomaspatzke/logstash-linux/HEAD/conf.d/50-filter-postgrey.conf -------------------------------------------------------------------------------- /conf.d/51-filter-postfix-postproc.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thomaspatzke/logstash-linux/HEAD/conf.d/51-filter-postfix-postproc.conf -------------------------------------------------------------------------------- /conf.d/65-filter-spamd.conf: -------------------------------------------------------------------------------- 1 | ../ext/logstash-mail-log/conf.d/65-filter-spamd.conf -------------------------------------------------------------------------------- /conf.d/90-output.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thomaspatzke/logstash-linux/HEAD/conf.d/90-output.conf -------------------------------------------------------------------------------- /docker-elk/docker-compose-elk-oss.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thomaspatzke/logstash-linux/HEAD/docker-elk/docker-compose-elk-oss.yml -------------------------------------------------------------------------------- /docker-elk/docker-compose-elk-with-x-pack.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thomaspatzke/logstash-linux/HEAD/docker-elk/docker-compose-elk-with-x-pack.yml -------------------------------------------------------------------------------- /docker-elk/logstash-oss.Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thomaspatzke/logstash-linux/HEAD/docker-elk/logstash-oss.Dockerfile -------------------------------------------------------------------------------- /docker-elk/logstash-oss.yml: -------------------------------------------------------------------------------- 1 | log.level: warn 2 | -------------------------------------------------------------------------------- /docker-elk/logstash-with-x-pack.Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thomaspatzke/logstash-linux/HEAD/docker-elk/logstash-with-x-pack.Dockerfile -------------------------------------------------------------------------------- /docker-elk/logstash-x-pack.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thomaspatzke/logstash-linux/HEAD/docker-elk/logstash-x-pack.yml -------------------------------------------------------------------------------- /images/Dashboard-Authentication.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thomaspatzke/logstash-linux/HEAD/images/Dashboard-Authentication.png -------------------------------------------------------------------------------- /images/Dashboard-Failed_Logins.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thomaspatzke/logstash-linux/HEAD/images/Dashboard-Failed_Logins.png -------------------------------------------------------------------------------- /images/Dashboard-Mail.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thomaspatzke/logstash-linux/HEAD/images/Dashboard-Mail.png -------------------------------------------------------------------------------- /images/Dashboard-Web.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thomaspatzke/logstash-linux/HEAD/images/Dashboard-Web.png -------------------------------------------------------------------------------- /kibana/dashboards.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thomaspatzke/logstash-linux/HEAD/kibana/dashboards.json -------------------------------------------------------------------------------- /kibana/searches.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thomaspatzke/logstash-linux/HEAD/kibana/searches.json -------------------------------------------------------------------------------- /kibana/visualizations.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thomaspatzke/logstash-linux/HEAD/kibana/visualizations.json -------------------------------------------------------------------------------- /log-dropzone/apache-import/.gitignore: -------------------------------------------------------------------------------- 1 | * 2 | !.gitignore 3 | -------------------------------------------------------------------------------- /log-dropzone/apache/.gitignore: -------------------------------------------------------------------------------- 1 | * 2 | !.gitignore 3 | -------------------------------------------------------------------------------- /log-dropzone/auth-import/.gitignore: -------------------------------------------------------------------------------- 1 | * 2 | !.gitignore 3 | -------------------------------------------------------------------------------- /log-dropzone/auth/.gitignore: -------------------------------------------------------------------------------- 1 | * 2 | !.gitignore 3 | -------------------------------------------------------------------------------- /log-dropzone/mail-import/.gitignore: -------------------------------------------------------------------------------- 1 | * 2 | !.gitignore 3 | -------------------------------------------------------------------------------- /log-dropzone/mail/.gitignore: -------------------------------------------------------------------------------- 1 | * 2 | !.gitignore 3 | -------------------------------------------------------------------------------- /patterns.d/dovecot.grok: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thomaspatzke/logstash-linux/HEAD/patterns.d/dovecot.grok -------------------------------------------------------------------------------- /patterns.d/pam.grok: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thomaspatzke/logstash-linux/HEAD/patterns.d/pam.grok -------------------------------------------------------------------------------- /patterns.d/postfix.grok: -------------------------------------------------------------------------------- 1 | ../ext/postfix-grok-patterns/postfix.grok -------------------------------------------------------------------------------- /patterns.d/postgrey.grok: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thomaspatzke/logstash-linux/HEAD/patterns.d/postgrey.grok -------------------------------------------------------------------------------- /patterns.d/spamd.grok: -------------------------------------------------------------------------------- 1 | ../ext/logstash-mail-log/patterns.d/spamd.grok -------------------------------------------------------------------------------- /patterns.d/sshd.grok: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thomaspatzke/logstash-linux/HEAD/patterns.d/sshd.grok -------------------------------------------------------------------------------- /patterns.d/sudo.grok: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thomaspatzke/logstash-linux/HEAD/patterns.d/sudo.grok -------------------------------------------------------------------------------- /patterns.d/systemd.grok: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thomaspatzke/logstash-linux/HEAD/patterns.d/systemd.grok -------------------------------------------------------------------------------- /patterns.d/user-management.grok: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thomaspatzke/logstash-linux/HEAD/patterns.d/user-management.grok --------------------------------------------------------------------------------