ELK Syslog - iptables filtering

hassaank97 · June 11, 2019, 4:56am

Hi all,

I am working on how to configure ELK stack to forward syslog file to ELK stack server using Filebeat.

Everything looks fine. The logs are coming to Logstash in following format:

input.type:
    log
ecs.version:
    1.0.0
message:
    Jun 11 09:52:37 elk-VirtualBox kernel: [ 7608.472526] IN=eth0 OUT= MAC=08:00:27:ad:13:1c:08:00:27:02:ca:e0:08:00 SRC=192.168.11.111 DST=192.168.11.173 LEN=58 TOS=0x00 PREC=0x00 TTL=64 ID=59421 DF PROTO=TCP SPT=5044 DPT=47872 WINDOW=4054 RES=0x00 ACK PSH URGP=0 
agent.type:
    filebeat
agent.ephemeral_id:
    f6d14bb5-0476-47e6-9b19-65980cff7dc6
agent.hostname:
    elk-VirtualBox
agent.version:
    7.1.1
agent.id:
    89356dc0-5fdd-4cca-a9d4-3b1621b3efd0
log.offset:
    7,501,428

I want to filter the "message" field so that I can see the relevant fields like SRC, DST, PROTO, etc.
I will look forward to the response.

Regards,
Hassaan

system · July 9, 2019, 4:56am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash, filebeat, syslog rfc5424 not working Logstash beats-module	1	938	January 16, 2020
Configuration difference in elk5 and elk6 Logstash	1	338	June 1, 2018
Filtering rules in Logstash Logstash	2	432	June 17, 2017
Logstash reading syslog from filebeat Logstash	2	226	June 4, 2021
Syslog messages into logstash Logstash	6	580	May 25, 2018

ELK Syslog - iptables filtering

Related topics