1. Added type => mod_security to input and filter sections as this was throwing away logs from existing inputs.\

2. Removed debug from stdout in output section as this is deprecated in logstash 1.4.2 \
3. Removed embedded elasticsearch from output section as this seemed to conflict with existing output for redis.

Author: equick

logstash-modsecurity.conf

@@ -44,6 +44,7 @@ input {
     # that your server writes these log files in
     charset => "US-ASCII"
     path => "/path/to/your/modsec/audit/logs/*.log"
+    type => "mod_security"
   }
 }
 
@@ -59,6 +60,7 @@ filter {
     pattern => "^--[a-fA-F0-9]{8}-A--$"
     negate => true
     what => previous
+    type => "mod_security"
   }
 
 
@@ -431,14 +433,6 @@ output {
   # turn this off when ready to run in a 
   # real prod environment and get rid of the 
   # "-v" flag when starting logstash
-  stdout {
-    debug => true
-  }
+  stdout { }
 
-  # ideally you do NOT want to be running an 
-  # embedded elasticsearch in your logstash 
-  # process, you should be writing to a remote
-  # elasticsearch instance (i.e. at least another
-  # separate process from the logstash engine)
-  elasticsearch { embedded => true }
 }