Merge pull request #28 from Crited/feature/httpserverconnection_27

add rules for httpserverconnection logs

filter-50-httpserverconnection.conf

@@ -0,0 +1,25 @@
+filter {
+  if [icinga][facility] == "HttpServerConnection" {
+    if [message] =~ /^HTTP client disconnected .+from/ {
+      grok {
+        match => ["message","HTTP client disconnected \(from \[%{IP:[icinga][httpclientip]}\]:%{NUMBER:[icinga][httpclientport]}\)"]
+        id => "icinga_httpclientdisconnected"
+        add_tag => "icinga_httpclientdisconnected"
+        tag_on_failure => ["_grokparsefailure","icinga_httpclientdisconnected_failed"]
+        add_field => {
+          "[icinga][eventtype]" => "http_client_disconnected"
+        }
+      }
+    } else if [message] =~ /^Request: GET .+, user: .+, agent: .+/ {
+      grok {
+        match => ["message","Request: %{WORD:[icinga][tbd]} %{DATA:[icinga][path]} \(from \[%{IP:[icinga][httpclientip]}\]:%{NUMBER:[icinga][httpclientport]}\), user: %{USERNAME:[icinga][user]}, agent: %{DATA:[icinga][agent]} \(%{DATA:[icinga][agent]}\) %{DATA:[icinga][agent]}\)"]
+        id => "icinga_requestget"
+        add_tag => "icinga_requestget"
+        tag_on_failure => ["_grokparsefailure","icinga_requestget_failed"]
+        add_field => {
+          "[icinga][eventtype]" => "request_get"
+        }
+      }
+    }
+  }
+}