2019-10-24 02:20:38 +02:00
|
|
|
# filters tinc messages
|
|
|
|
{
|
|
|
|
resource."graylog_pipeline_rule" = {
|
|
|
|
|
|
|
|
routeToTincMessage = {
|
|
|
|
|
|
|
|
description = "route tinc messages to tinc stream (TF)";
|
|
|
|
source = ''
|
|
|
|
rule "route tinc message"
|
|
|
|
when
|
|
|
|
to_string($message.facility) == "tincd"
|
|
|
|
then
|
|
|
|
route_to_stream(id:"''${ graylog_stream.tinc.id }", remove_from_default: true);
|
|
|
|
end
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
tincJunk = {
|
|
|
|
source = ''
|
|
|
|
rule "mark and route tinc junk"
|
|
|
|
when
|
|
|
|
starts_with(to_string($message.message), "Received short packet")
|
|
|
|
then
|
|
|
|
drop_message();
|
|
|
|
//set_field("is_junk", true);
|
|
|
|
//route_to_stream(id:"''${graylog_stream.junk.id}", remove_from_default: true);
|
|
|
|
end
|
|
|
|
'';
|
|
|
|
description = "mark tinc noise as junk (TF)";
|
|
|
|
};
|
|
|
|
|
|
|
|
};
|
|
|
|
|
2019-12-20 05:54:26 +01:00
|
|
|
graylog.all_messages.rules = [ "route tinc message" ];
|
2019-10-24 02:20:38 +02:00
|
|
|
|
|
|
|
graylog.stream.tinc = {
|
|
|
|
index_set_id = "\${data.graylog_index_set.default.id}";
|
|
|
|
pipelines = [ "\${graylog_pipeline.processTincMessage.id}" ];
|
|
|
|
};
|
|
|
|
|
|
|
|
graylog.pipeline.processTincMessage = {
|
|
|
|
source = ''
|
|
|
|
stage 0 match all
|
|
|
|
rule "mark and route tinc junk";
|
|
|
|
'';
|
|
|
|
description = "process messages of the tinc stream(TF)";
|
|
|
|
};
|
|
|
|
|
|
|
|
}
|