From 47bdc407b968bdbbc26d6cf6d0cf38ad97881e74 Mon Sep 17 00:00:00 2001
From: Adrien Waksberg <git@yae.im>
Date: Tue, 24 Aug 2021 16:55:01 +0200
Subject: [PATCH] feat: add logstash patterns for grok

---
 CHANGELOG.md      |  4 ++++
 README.md         | 10 ++++++++++
 defaults/main.yml |  1 +
 tasks/main.yml    | 21 +++++++++++++++++++++
 4 files changed, 36 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0012273..17cb7ed 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,10 @@ Which is based on [Keep A Changelog](http://keepachangelog.com/)
 
 ## [Unreleased]
 
+### Added
+
+- feat: add logstash patterns for grok
+
 ### Changed
 
 - change logstash_inputs variable: dict to array
diff --git a/README.md b/README.md
index e913e0e..53caa7a 100644
--- a/README.md
+++ b/README.md
@@ -55,6 +55,16 @@ Install and configure logstash
     }
 ```
 
+- `logstash_pattern` hash with grok patterns
+
+```
+  postfix: |
+    # Syslog stuff
+    PROCESS ([\w._\/%-]+)
+    COMPID postfix\/%{PROCESS:process}(?:\[%{NUMBER:pid}\])?
+    POSTFIX (?:%{SYSLOGTIMESTAMP:timestamp}|%{TIMESTAMP_ISO8601:timestamp8601}) (?:%{SYSLOGFACILITY} )?%{SYSLOGHOST:logsource} %{COMPID}:
+```
+
 ## How to use
 
 ```
diff --git a/defaults/main.yml b/defaults/main.yml
index 2c65f7c..27df17f 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -9,3 +9,4 @@ logstash_full_config: '{{ logstash_default_config|combine(logstash_config, recur
 logstash_inputs: []
 logstash_outputs: []
 logstash_filters: []
+logstash_patterns: {}
diff --git a/tasks/main.yml b/tasks/main.yml
index 23d130f..5f3fdcc 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -42,6 +42,27 @@
   notify: restart logstash
   tags: logstash
 
+- name: create patterns directory
+  file:
+    path: /etc/logstash/patterns
+    owner: root
+    group: root
+    mode: 0755
+    state: directory
+  tags: logstash
+
+- name: copy patterns files
+  copy:
+    content: '{{ item.value }}'
+    dest: '/etc/logstash/patterns/{{ item.key }}.conf'
+    owner: root
+    group: root
+    mode: 0644
+  loop: '{{ logstash_patterns|dict2items }}'
+  loop_control:
+    label: '{{ item.key }}'
+  tags: logstash
+
 - name: copy input, output and filter files
   template:
     src: '{{ item }}.conf.j2'