Hello,
I have the following config:
input {
udp {
host => "0.0.0.0"
port => 5544
type => "f5-logs"
}
udp {
host => "0.0.0.0"
port => 514
type => "firewall-logs"
}
}
I want to be able to add firewall IP that sends the messages to message body
Here is the json
{
"message" => "<188>May 06 2016 15:34:30: %ASA-4-106023: Deny tcp src Outside:xxxxxxxx/20126 dst DMZ:xxxxxxxx.183/80 by access-group "110" [0xe28ed867, 0xad5a89d]\n",
"@version" => "1",
"@timestamp" => "2016-05-06T22:34:30.894Z",
"type" => "firewall-logs",
"host" => "10.1.x.x"
}
How should filter look like