Strange Brew

Following on to my previous posting , here is a logstash configuration that collects logs from both OpenAM and OpenIDM, and feeds them into elastic search: input { file { type => idmRecon start_position => beginning path => "/opt/openidm/audit/recon.csv" } file { type => idmActivity start_position => beginning path => "/opt/openidm/audit/activity.csv" } file { type => amAccess # start_position => beginning path => "/opt/openam/openam-config/openam/log/amAuthentication.*" } } filter { if [type] == "idmRecon" { csv { columns => [ "idX","action","actionId","ambiguousTargetObjectIds","entryType","message","reconciling","reconId", "rootActionId","situation","so

Logstash is a general purpose log collector that can read, transform and collect various logs. The following logstash configuration will collect OpenAM Access logs. The default target here is Elastic Search - which is document oriented no-sql database optimized for text search (perfect for log files). In a future blog I will show you how you can use Kibana to makes some sexy charts of your access data. file { type => amAccess start_position => beginning path => "/path_to_your_install/openam/openam/log/amAuthentication.access" } } filter { if [type] == "amAccess" { csv { columns => [time,Data,LoginID,ContextID, IPAddr, LogLevel, Domain, LoggedBy, MessageID, ModuleName, NameID, HostName] separator => " " } date { match => ["dateTime", "yyyy-MM-dd HH:mm:ss"] } geoip { datab