21 lines
679 B
JSON
21 lines
679 B
JSON
{
|
|
"processors": [
|
|
{
|
|
"grok" : {
|
|
"field" : "message",
|
|
"patterns" : [
|
|
"%{LOGDATE:f2b.log_datetime} %{F2BSERVICE} (\\s.*)\\[%{POSINT:f2b.pid}\\]: %{SEVERITY:f2b.severity} (\\s.*)\\[%{DATA:f2b.iptables_chain}\\] %{F2BMESSAGE}"
|
|
],
|
|
"pattern_definitions" : {
|
|
"REASON" : "(?:.+)",
|
|
"SEVERITY" : "(?:.+)",
|
|
"F2BSERVICE" : "%{WORD}.%{WORD:f2b.service}",
|
|
"F2BACTION" : "%{GREEDYDATA:f2b.action}",
|
|
"F2BMESSAGE" : "(%{F2BACTION} %{IP:f2b.remote_ip})|(%{IP:f2b.remote_ip} %{F2BACTION})",
|
|
"LOGDATE" : "20%{YEAR}-%{MONTHNUM}-%{MONTHDAY} %{TIME}"
|
|
},
|
|
"ignore_failure" : true
|
|
}
|
|
}
|
|
]
|
|
} |