logstahs 匹配isslog
2016-11-30 06:33:33 192.168.5.116 GET /Hotel/HotelDisplay/cncqcqb230 - 80 - 192.168.9.2 Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.9;+en-US;+rv:1.9pre)+Gecko - 200 0 0 45 \s*(?<time>([0-9]{4}\-[0-9]{2}\-[0-9]{2}\s+[0-9]{2}:[0-9]{2}:[0-9]{2}))\s+%{IPORHOST:clientip}\s+%{WORD:verb}\s+%{URIPATHPARAM:request}\s+\-\s+(?<port>([0-9]{2}.*?))\s+\-\s+%{IPORHOST:sourceip}\s+(?<http_user_agent>(\S+\s+).*?).* {
"time": [
[
"2016-11-30 06:33:33"
]
],
"clientip": [
[
"192.168.5.116"
]
],
"verb": [
[
"GET"
]
],
"request": [
[
"/Hotel/HotelDisplay/cncqcqb230"
]
],
"port": [
[
"80"
]
],
"sourceip": [
[
"192.168.9.2"
]
],
"http_user_agent": [
[
"Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.9;+en-US;+rv:1.9pre)+Gecko "
]
]
} logstash 配置:
input {
stdin {
}
}
filter {
grok {
match => [
"message" ,"\s*(?<time>([0-9]{4}\-[0-9]{2}\-[0-9]{2}\s+[0-9]{2}:[0-9]{2}:[0-9]{2}))\s+%{IPORHOST:clientip}\s+%{WORD:verb}\s+%{URIPATHPARAM:request}\s+\-\s+(?<port>([0-9]{2}.*?))\s+\-\s+%{IPORHOST:sourceip}\s+(?<http_user_agent>(\S+\s+).*?).*"
]
}
# date {
# match => ["time", "HH:mm:ss"]
# }
}
output {
stdout {
codec => rubydebug
} } 此时输出: [elk@Vsftp gw]$ ../../bin/logstash -f gw.conf
Settings: Default pipeline workers: 4
Pipeline main started
2016-11-30 06:33:33 192.168.5.116 GET /Hotel/HotelDisplay/cncqcqb230 - 80 - 192.168.9.2 Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.9;+en-US;+rv:1.9pre)+Gecko - 200 0 0 45
{
"message" => "2016-11-30 06:33:33 192.168.5.116 GET /Hotel/HotelDisplay/cncqcqb230 - 80 - 192.168.9.2 Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.9;+en-US;+rv:1.9pre)+Gecko - 200 0 0 45",
"@version" => "1",
"@timestamp" => "2016-11-30T07:15:13.887Z",
"host" => "Vsftp",
"time" => "2016-11-30 06:33:33",
"clientip" => "192.168.5.116",
"verb" => "GET",
"request" => "/Hotel/HotelDisplay/cncqcqb230",
"port" => "80",
"sourceip" => "192.168.9.2",
"http_user_agent" => "Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.9;+en-US;+rv:1.9pre)+Gecko "
} 当前时间为 15:16 配置date插件: [elk@Vsftp gw]$ cat gw.conf
input {
stdin {
}
}
filter {
grok {
match => [
"message" ,"\s*(?<time>([0-9]{4}\-[0-9]{2}\-[0-9]{2}\s+[0-9]{2}:[0-9]{2}:[0-9]{2}))\s+%{IPORHOST:clientip}\s+%{WORD:verb}\s+%{URIPATHPARAM:request}\s+\-\s+(?<port>([0-9]{2}.*?))\s+\-\s+%{IPORHOST:sourceip}\s+(?<http_user_agent>(\S+\s+).*?).*"
]
}
date {
match => ["time", "yyyy-MM-dd HH:mm:ss"]
}
}
output {
stdout {
codec => rubydebug
} }
[elk@Vsftp gw]$ ../../bin/logstash -f gw.conf
Settings: Default pipeline workers: 4
Pipeline main started
2016-11-30 06:33:33 192.168.5.116 GET /Hotel/HotelDisplay/cncqcqb230 - 80 - 192.168.9.2 Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.9;+en-US;+rv:1.9pre)+Gecko - 200 0 0 45
{
"message" => "2016-11-30 06:33:33 192.168.5.116 GET /Hotel/HotelDisplay/cncqcqb230 - 80 - 192.168.9.2 Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.9;+en-US;+rv:1.9pre)+Gecko - 200 0 0 45",
"@version" => "1",
"@timestamp" => "2016-11-29T22:33:33.000Z",
"host" => "Vsftp",
"time" => "2016-11-30 06:33:33",
"clientip" => "192.168.5.116",
"verb" => "GET",
"request" => "/Hotel/HotelDisplay/cncqcqb230",
"port" => "80",
"sourceip" => "192.168.9.2",
"http_user_agent" => "Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.9;+en-US;+rv:1.9pre)+Gecko "
} {
"message" => "2016-11-30 06:33:33 192.168.5.116 GET /Hotel/HotelDisplay/cncqcqb230 - 80 - 192.168.9.2 Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.9;+en-US;+rv:1.9pre)+Gecko - 200 0 0 45",
"@version" => "1",
"@timestamp" => "2016-11-30T07:15:13.887Z",
"host" => "Vsftp",
"time" => "2016-11-30 06:33:33", {
"message" => "2016-11-30 06:33:33 192.168.5.116 GET /Hotel/HotelDisplay/cncqcqb230 - 80 - 192.168.9.2 Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.9;+en-US;+rv:1.9pre)+Gecko - 200 0 0 45",
"@version" => "1",
"@timestamp" => "2016-11-29T22:33:33.000Z",
"host" => "Vsftp",
"time" => "2016-11-30 06:33:33", 坑爹 nxlog 收到的日志里记录的时间本来就是 UTC时间,在转换一次 -8个小时 正常时间 06:33 表示 14:33 这时候06:33 在减去8 22:33:33
logstahs 匹配isslog的更多相关文章
- javascript匹配各种括号书写是否正确
今天在codewars上做了一道题,如下 看上去就是验证三种括号各种嵌套是否正确书写,本来一头雾水,一种括号很容易判断, 但是三种怎么判断! 本人只是个前端菜鸟,,不会什么高深的正则之类的. 于是,在 ...
- scanf类型不匹配造成死循环
int i = 0; while (flag) { printf("please input a number >>> "); scanf("% ...
- 使用注解匹配Spring Aop切点表达式
Spring中的类基本都会标注解,所以使用注解匹配切点可以满足绝大部分需求 主要使用@within()/@target @annotaton() @args()等... 匹配@Service类中的所有 ...
- .net使用正则表达式校验、匹配字符工具类
开发程序离不开数据的校验,这里整理了一些数据的校验.匹配的方法: /// <summary> /// 字符(串)验证.匹配工具类 /// </summary> public c ...
- webpack配置别名alias出现的错误匹配
@(webpack) webpack是一款功能强大的前端构建工具,不仅仅是针对js,它也可通过各种loader来构建相关的less,html,image等各种资源,将webpack配合流程制定工具gu ...
- perl 如何匹配ASCII码以及ASCII码转换
匹配ASCII码: /[:ascii:]/ ASCII码转换为数字: ord() 数字转换为ASCII码: chr()
- SQL连接操作符介绍(循环嵌套, 哈希匹配和合并连接)
今天我将介绍在SQLServer 中的三种连接操作符类型,分别是:循环嵌套.哈希匹配和合并连接.主要对这三种连接的不同.复杂度用范例的形式一一介绍. 本文中使用了示例数据库AdventureWorks ...
- [LeetCode] Wildcard Matching 外卡匹配
Implement wildcard pattern matching with support for '?' and '*'. '?' Matches any single character. ...
- [LeetCode] Regular Expression Matching 正则表达式匹配
Implement regular expression matching with support for '.' and '*'. '.' Matches any single character ...
随机推荐
- A题笔记(13)
Evaluate Reverse Polish Notation Reverse Words in a String 类似的,需要将原序列后序排列的时候,都可以用 栈 来实现 stack<int ...
- 无可匹敌的创建job(细化很多细节)
declare jobno binary_integer ; rm_days number := 15; --保留多少天的数据,单位天数 rm_hour ...
- $.extend(),与$.fn.extend() 讲解
$.extend(),与$.fn.extend() 讲解(一) (2013-07-11 10:24:31) 转载▼ 转自:http://blog.sina.com.cn/s/blog_a3bd3bd0 ...
- spring定时器用Annotation兑现
spring定时器用Annotation实现 0人收藏此文章, 我要收藏发表于3个月前 , 已有46次阅读 共0个评论 1.ApplicationContext.xml配置 a).需要在xmlns里面 ...
- 第16章 网络IPC:套接字总结
1 套接字是通信端点的抽象 创建套接字: int socket(int domain,int type,int protocol) domain:通信域 AF_INET.AF_INET6.AF_LOC ...
- SVN资料库转移-----dump和load
最近由于大批量的更换服务器,所以之前布署的SVN服务器需要重新布署,需要把原来的资源库转移到新服务器上,并且使管理的项目版本一致,在网上查了一下SVN版本库迁移,但看了一上google出来的也很少,所 ...
- 《sed的流艺术之三》-linux命令五分钟系列之二十三
本原创文章属于<Linux大棚>博客,博客地址为http://roclinux.cn.文章作者为rocrocket. 为了防止某些网站的恶性转载,特在每篇文章前加入此信息,还望读者体谅. ...
- SQLite学习第01天:参考资料
今天开始学习数据库相关的知识,由于本人从事的是嵌入式软件开发方向,所以在数据库的选择时就果断选择了SQLite,在网上搜索了一下相关的资料并且配置好了环境.首先,想要对SQLite有一个基本的了解还是 ...
- PHP文件下载方式
<?php// 不能是中文目录,其实如果是 .rar, .zip 类的这些文件,直接连接就可以下载了!function download($file_dir,$file_name)//参数说明: ...
- BinaryReader 和BinaryWriter 读写类对象
using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.I ...