input {
  syslog {
    host => "0.0.0.0"
    port => 7515
    type => "syslog"
  }
}

filter{
}

output {

  #output method 1: es
  elasticsearch {
    hosts => ["127.0.0.1:9200"]
    index => "syslog-%{+YYYY.MM.dd}-net"
    #document_type => "syslog" 
  }


   #output method 2: email
  if ([severity_label] == "Error" or [severity_label] == "Warning" or [severity_label] == "Alert")
  {
     email {
            to => "guofs@os-w.com"
            from => "jszc_dsd@os-w.com"
            address => "198.218.32.152"
            port => "30025"
            username => "jszc_dsd@os-w.com"
            password => "abc_*******"
            subject => "%{severity_label}/%{timestamp}--switch %{host}"
            body => "Hello,\n\n%{message},\n\n%{timestamp}"
            htmlbody => ""
     }
  }

}