I am using an email output within logstash to send me a copy of an xml file that has been generated by an NMAP scan. The issue is Logstash is repeatedly sending me a copy of the same file every minute. Is there a way to only send a copy of the file once every 24 hours?
file is as follows:
input{
file{
path => "/usr/share/vuln/vuln.xml"
start_position => "beginning"
sincedb_path => "/dev/null"
exclude => "*.gz"
type => "xml"
}
}
filter{
xml{
source => "message"
store_xml => false
target => "stations"
xpath => [
"/stations/station/id/text()", "station_id",
"/stations/station/name/text()", "station_name"
]
}
}
output {
email {
to => 'info@.com'
from => 'alerts@.com'
subject => 'Vulnerability Detected'
body => "Tags: %{tags}\n\Content:\n%{message}"
domain => 'mail..com'
port => 25
}
}