Please, is there any body who has an example of filter grok or fils .conf that can be use with logs that came from firwalls, I want him to separate all the fields.
Hi @asalma,
Can you more elaborate what is the format of your logs its CSV or JSON and so on. ?
Thanks & Regards,
Krunal.
Hi @Krunal_kalaria
If you could post into a CSV format will be great onto my files they are seppareted with Spaces
Thanks
MrNerd
thanks for your soon reply @asalma , but I was guessing if you could send me some real example like in this format of log how would you configure your CSV
Pablo msg_id="3000-3001" 07-05-2018 192.168.3.105
Thanks MrNerd
Syslog can contain a lot of different formats, so you will need to be more specific and show examples. See this post for some additional details.
Please I need a filter that can do this :
"timestamp" => May 3 11:39:58
"host" => fwghcadmin
"ciscotag" => Type d'équipement : %ASA
Critisité : 6
ID :302015
"connection_id" => 2356737924
"operation" => Built
"protoco" => UDP
"src_interface" => int-850-IntercoEXTCorporate1
"src_ip" => x.x.x.x
"src_port" => 161
"src_mapped_ip" => x.x.x.x
"src_mapped_port" => 161
"dst_interface" => int-148-GHCTechnicalInfra
"dst_ip" => x.x.x.x
"dst_port" => 34300
"dst_mapped_ip" => x.x.x.x
"dst_mapped_port" => 34300
@asalma follow this guide is so usefull:
https://qbox.io/blog/import-csv-elasticsearch-logstash-sincedb
MrNerd
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.