This repository contains my logstash config and grok patterns. It is a work in progress, I am new at this.

• The messages start out by getting their syslog prefix parsed, leaving the rest of the message in the field "syslog_message".
• If the syslog prefix parsing fails the message will be tagged with "syslog_parsefailure".
• The messages are then parsed based on the "program" field from syslog using various patterns.
• Anything left unparsed will have the tag "syslog_message_unparsed".