I'm very new in this field, I would like to filter this log from raspberry pi syslog firewall: Nov 25 22:21:22 raspberrypi kernel: [26172.577441] DROP UNMATCHED IN-world:IN=eth0 OUT= MAC=01:00:5e:00:00:fb:aa:e7:68:57:d7:dc:08:00 SRC=192.168.100.9 DST=224.0.0.251 LEN=89 TOS=0x00 PREC=0x00 TTL=2 ID=31930 PROTO=UDP SPT=5353 DPT=5353 LEN=69
With gork. Unfortunately I don't know how to.
But I would like to get this kind of json:
{
timestamp: xxxx.xx.xx
source_ip: x.x.x.x
destination_ip: x.x.x.x
source_port: xx
destination_port: xx
action: DROP
}
I also would like to create a reverse DNS lookup for source_ip .
Please help!
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.