# 하단에 다음 추가
-Djava.net.preferIPv4Stack=true

- pipeline.id: syslog
  path.config: "/etc/logstash/conf.syslog/*.conf"

input {
  syslog {
    port => "10514"
  }
}

filter {
  mutate {
    copy => { "host" => "ip" }
  }

  dns {
    nameserver => {
         address => ["172.16.0.1"]
       }
     reverse => [ "host" ]
     action => "replace"
  }

  mutate {
    # IPMI를 위한 DHCP 서버의 도메인이 kisti.kr 인 경우
    gsub => ["host", ".kisti.kr", ""]
  }

  ruby {
    code => "event.set('[localtime]', event.timestamp.time.localtime.strftime('%Y-%m-%d %H:%M:%S %z'))"
  }

  mutate {
    remove_field => [ "facility_label", "severity_label", "facility", "priority", "severity", "@version", "tags" ]
  }

  mutate {
    remove_tag => [ "tag", "_grokparsefailure_sysloginput"]
  }
}

output {
  file {
    path => "/var/log/logstash/syslog/%{host}.log"
  }
}