input {
tcp {
port => 514
type => syslog
}
udp {
port => 514
type => syslog
}
}
output {
kafka {
bootstrap_servers => "localhost:9092"
topic_id => "mysql_log"
}
}
input {
kafka{
bootstrap_servers => "localhost:9092"
group_id => "logstash"
topics => ["mysql_audit"]
codec => "json"
}
}
output {
elasticsearch{
hosts => "localhost"
index => "db_alert-%{+YYYY.MM.dd}"
user => ""
password => ""
}
}