程序博客网 > 前端之巅 知乎

logstahs 匹配isslog

来源:互联网 发布:前端之巅 知乎 编辑:程序博客网 时间:2024/06/11 23:43
2016-11-30 06:33:33 192.168.5.116 GET /Hotel/HotelDisplay/cncqcqb230 - 80 - 192.168.9.2 Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.9;+en-US;+rv:1.9pre)+Gecko - 200 0 0 45\s*(?<time>([0-9]{4}\-[0-9]{2}\-[0-9]{2}\s+[0-9]{2}:[0-9]{2}:[0-9]{2}))\s+%{IPORHOST:clientip}\s+%{WORD:verb}\s+%{URIPATHPARAM:request}\s+\-\s+(?<port>([0-9]{2}.*?))\s+\-\s+%{IPORHOST:sourceip}\s+(?<http_user_agent>(\S+\s+).*?).*{  "time": [    [      "2016-11-30 06:33:33"    ]  ],  "clientip": [    [      "192.168.5.116"    ]  ],  "verb": [    [      "GET"    ]  ],  "request": [    [      "/Hotel/HotelDisplay/cncqcqb230"    ]  ],  "port": [    [      "80"    ]  ],  "sourceip": [    [      "192.168.9.2"    ]  ],  "http_user_agent": [    [      "Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.9;+en-US;+rv:1.9pre)+Gecko "    ]  ]}logstash 配置:input {    stdin {    }}filter {    grok {        match => [             "message" ,"\s*(?<time>([0-9]{4}\-[0-9]{2}\-[0-9]{2}\s+[0-9]{2}:[0-9]{2}:[0-9]{2}))\s+%{IPORHOST:clientip}\s+%{WORD:verb}\s+%{URIPATHPARAM:request}\s+\-\s+(?<port>([0-9]{2}.*?))\s+\-\s+%{IPORHOST:sourceip}\s+(?<http_user_agent>(\S+\s+).*?).*"                ]       }   #      date {   #     match => ["time", "HH:mm:ss"]   # }}output { stdout {                        codec => rubydebug                }   }此时输出:[elk@Vsftp gw]$ ../../bin/logstash -f gw.conf Settings: Default pipeline workers: 4Pipeline main started2016-11-30 06:33:33 192.168.5.116 GET /Hotel/HotelDisplay/cncqcqb230 - 80 - 192.168.9.2 Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.9;+en-US;+rv:1.9pre)+Gecko - 200 0 0 45{            "message" => "2016-11-30 06:33:33 192.168.5.116 GET /Hotel/HotelDisplay/cncqcqb230 - 80 - 192.168.9.2 Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.9;+en-US;+rv:1.9pre)+Gecko - 200 0 0 45",           "@version" => "1",         "@timestamp" => "2016-11-30T07:15:13.887Z",               "host" => "Vsftp",               "time" => "2016-11-30 06:33:33",           "clientip" => "192.168.5.116",               "verb" => "GET",            "request" => "/Hotel/HotelDisplay/cncqcqb230",               "port" => "80",           "sourceip" => "192.168.9.2",    "http_user_agent" => "Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.9;+en-US;+rv:1.9pre)+Gecko "}当前时间为 15:16配置date插件:[elk@Vsftp gw]$ cat gw.conf input {    stdin {    }}filter {    grok {        match => [             "message" ,"\s*(?<time>([0-9]{4}\-[0-9]{2}\-[0-9]{2}\s+[0-9]{2}:[0-9]{2}:[0-9]{2}))\s+%{IPORHOST:clientip}\s+%{WORD:verb}\s+%{URIPATHPARAM:request}\s+\-\s+(?<port>([0-9]{2}.*?))\s+\-\s+%{IPORHOST:sourceip}\s+(?<http_user_agent>(\S+\s+).*?).*"                ]       }         date {        match => ["time", "yyyy-MM-dd HH:mm:ss"]    }}output { stdout {                        codec => rubydebug                }   }[elk@Vsftp gw]$ ../../bin/logstash -f gw.conf Settings: Default pipeline workers: 4Pipeline main started2016-11-30 06:33:33 192.168.5.116 GET /Hotel/HotelDisplay/cncqcqb230 - 80 - 192.168.9.2 Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.9;+en-US;+rv:1.9pre)+Gecko - 200 0 0 45{            "message" => "2016-11-30 06:33:33 192.168.5.116 GET /Hotel/HotelDisplay/cncqcqb230 - 80 - 192.168.9.2 Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.9;+en-US;+rv:1.9pre)+Gecko - 200 0 0 45",           "@version" => "1",         "@timestamp" => "2016-11-29T22:33:33.000Z",               "host" => "Vsftp",               "time" => "2016-11-30 06:33:33",           "clientip" => "192.168.5.116",               "verb" => "GET",            "request" => "/Hotel/HotelDisplay/cncqcqb230",               "port" => "80",           "sourceip" => "192.168.9.2",    "http_user_agent" => "Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.9;+en-US;+rv:1.9pre)+Gecko "}{            "message" => "2016-11-30 06:33:33 192.168.5.116 GET /Hotel/HotelDisplay/cncqcqb230 - 80 - 192.168.9.2 Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.9;+en-US;+rv:1.9pre)+Gecko - 200 0 0 45",           "@version" => "1",         "@timestamp" => "2016-11-30T07:15:13.887Z",               "host" => "Vsftp",               "time" => "2016-11-30 06:33:33",{            "message" => "2016-11-30 06:33:33 192.168.5.116 GET /Hotel/HotelDisplay/cncqcqb230 - 80 - 192.168.9.2 Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.9;+en-US;+rv:1.9pre)+Gecko - 200 0 0 45",           "@version" => "1",         "@timestamp" => "2016-11-29T22:33:33.000Z",               "host" => "Vsftp",               "time" => "2016-11-30 06:33:33",坑爹 nxlog 收到的日志里记录的时间本来就是 UTC时间,在转换一次 -8个小时正常时间  06:33 表示 14:33  这时候06:33 在减去8  22:33:33

0 0
前端之巅 知乎 前端之巅 知乎
原创粉丝点击
热门IT博客
矩阵特征值的求法公式矩阵特征值的求法公式
2017年网络大电影排名2017年网络大电影排名
网络推广专家
前端书籍推荐知乎
土耳其冰淇淋 知乎
php 无法执行exec命令
matlab全局优化算法
黑客帝国 js
网易uu有mac版吗
淘宝分类图片大小
java获取当前项目路径
magic mouse 知乎
三星w2017 知乎
布施知子折纸作品集
上古天际5捏脸数据
windows update在哪
猎豹抢票软件
python spark
少年犯罪知乎
页面置换算法实验报告
热门问题 老师的惩罚 人脸识别 我在镇武司摸鱼那些年 重生之率土为王 我在大康的咸鱼生活 盘龙之生命进化 天生仙种 凡人之先天五行 春回大明朝 姑娘不必设防,我是瞎子 双立人锅具发黄怎么办 验孕棒尿淋多了怎么办 热水器没有地线怎么办 夜光棒不亮了 怎么办 铁钉弯了怎么办 双立人刀不快了怎么办 燃气热水器出e1怎么办 不锈钢锅黄了怎么办 不锈钢烧黄了怎么办 不锈钢锅烧糊了怎么办 不锈钢奶锅黑了怎么办 不锈锅烧黑了怎么办 铝锅内发黑怎么办 不秀钢锅烧黑了怎么办 不锈钢锅烧红了怎么办 不锈钢锅烧透了怎么办 过敏脸红肿怎么办 眼部周围过敏怎么办 面部红肿过敏怎么办 不锈钢锅粘锅怎么办 不粘锅变粘锅了怎么办 铸铁锅烧糊了怎么办 做班戟没有黄油怎么办 南瓜饼粘锅怎么办 泰迪吃人屎了怎么办 宠物狗吃人屎怎么办 泰迪狗吃人屎了怎么办 电磁炉锅底变形怎么办 电磁炉锅凸起怎么办 蒸水蛋水放多了怎么办 旧衣服怎么办 旧席梦思床垫怎么办 木地板旧了怎么办 篮球气门芯漏气怎么办 没有磨刀石怎么办 剪子不快了怎么办 螺丝拧滑丝了怎么办 白砂轮不平怎么办 砂轮不平怎么办 砂轮机不平衡怎么办 砂轮不平稳怎么办

程序博客网,程序员的互联网技术博客家园。csdn论坛精品 msdn技术资料都在这里