Contents

#!/usr/bin/env ruby
#
# How to trigger the 'evil ip' message:
# % logger -t "pantscon" "naughty host 14.33.24.55 $RANDOM"

require "rubygems"
require "logstash/agent"

class MyAgent < LogStash::Agent
  def receive(event)
    filter(event)  # Invoke any filters

    return unless event["progname"][0] == "pantscon"
    return unless event.message =~ /naughty host/
    event["IP"].each do |ip|
      next unless ip.length > 0
      puts "Evil IP: #{ip}"
    end
  end # def receive
end # class MyAgent

# Read a local file, parse it, and react accordingly (see MyAgent#receive)
agent = MyAgent.new({
  "input" => [
    "/var/log/messages",
  ],
  "filter" => [ "grok" ],
})
agent.run

# Read messages that we expect to be parsed by another agent. Reads
# a particular AMQP topic for messages
#agent = MyAgent.new({
  #"input" => [
    #"amqp://localhost/topic/parsed",
  #]
#})
#agent.run

Version data entries

25 entries across 25 versions & 1 rubygems

Version	Path
logstash-lite-0.2.20110505142231	examples/test.rb
logstash-lite-0.2.20110422152244	examples/test.rb
logstash-lite-0.2.20110405105201	examples/test.rb
logstash-lite-0.2.20110331121236	examples/test.rb
logstash-lite-0.2.20110329105411	examples/test.rb
logstash-lite-0.2.20110206003603	examples/test.rb
logstash-lite-0.2.20110203130400	examples/test.rb
logstash-lite-0.2.20110122143801	examples/test.rb
logstash-lite-0.2.20110112115019	examples/test.rb
logstash-lite-0.2.20101222161646	examples/test.rb
logstash-lite-0.2.20101208111718	examples/test.rb
logstash-lite-0.2.20101207114354	examples/test.rb
logstash-lite-0.2.20101201111523	examples/test.rb
logstash-lite-0.2.20101129210156	examples/test.rb
logstash-lite-0.2.20101129205551	examples/test.rb
logstash-lite-0.2.20101129155412	examples/test.rb
logstash-lite-0.2.20101124030048	examples/test.rb
logstash-lite-0.2.20101124004656	examples/test.rb
logstash-lite-0.2.20101123134625	examples/test.rb
logstash-lite-0.2.20101123133737	examples/test.rb