# filters sshd messages
{
  resource."graylog_pipeline_rule" = {

    routeToSshdMessage = {

      description = "route sshd messages to sshd stream (TF)";
      source = ''
        rule "route sshd message"
        when
          to_string($message.facility) == "sshd"
        then
          route_to_stream(id:"''${ graylog_stream.sshd.id }", remove_from_default: true);
        end
      '';
    };

  };

  graylog.all_messages.rules = [ "route sshd message" ];

  graylog.stream.sshd = {
    index_set_id = "\${data.graylog_index_set.default.id}";
    #pipelines = [ "\${graylog_pipeline.processSshdMessage.id}" ];
  };

  #graylog.pipeline.processSshdMessage = {
  #  source = ''
  #    stage 0 match all
  #      rule "mark and route sshd junk";
  #  '';
  #  description = "process messages of the sshd stream(TF)";
  #};

}