69707461626C65732D726573746F7265002D770035002D2D6E6F666C757368002D2D636F756E74657273 (converted value = iptables-restore-w5--noflush--counters )
66696C6562656174002D65002D7374726963742E7065726D733D66616C7365002D6300636F6E6669672F66696C65626561742E796D6C (converted value = filebeat-e-strict.perms=false-cconfig/filebeat.yml )
There are basically commands in linux logged by auditd in the log files that I am trying to parse.
I wrote a ruby code for conversion as well :
ruby { code => "event.set('command', event.get('command').pack('H*'))" }
But Logstash is tagging these events as _rubyexception.
Also getting below error in LS logs:
[ERROR] 2020-03-06 14:52:06.405 [[main]>worker9] ruby - Ruby exception occurred: undefined method `pack' for nil:NilClass
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.