coolacid/gist:158eee28112cfad787c1

## gistfile1.txt
NOTE:: The IPs were taken from the CIF DB for testing. Not actual events.

Logstash startup completed
{
            "message" => "2015-04-19 05:46:59,798 fail2ban.actions: WARNING [asterisk-iptables] Ban 141.101.113.108",
           "@version" => "1",
         "@timestamp" => "2015-04-19T09:46:59.798Z",
               "type" => "fail2ban",
               "host" => "homer",
               "path" => "/srv/Logs/f2b/fail2ban",
      "fail2ban.type" => "actions",
      "message.level" => "WARNING",
       "fail2ban.app" => "asterisk-iptables",
    "fail2ban.action" => "Ban",
         "Net.IP.SRC" => "141.101.113.108",
     "Net.IP.SRC.GEO" => {
                    "ip" => "141.101.113.108",
         "country_code2" => "EU",
         "country_code3" => "EU",
          "country_name" => "Europe",
        "continent_code" => "EU",
              "latitude" => 47.0,
             "longitude" => 8.0,
              "location" => [
            [0] 8.0,
            [1] 47.0
        ]
    },
           "CIF.Tags" => [
        [0] "whitelist",
        [1] "rdata"
    ],
            "CIF.Tlp" => "green",
     "CIF.Confidence" => 12.949
}
{
            "message" => "2015-04-19 05:46:59,798 fail2ban.actions: WARNING [asterisk-iptables] Ban 193.189.117.215",
           "@version" => "1",
         "@timestamp" => "2015-04-19T09:46:59.798Z",
               "type" => "fail2ban",
               "host" => "homer",
               "path" => "/srv/Logs/f2b/fail2ban",
      "fail2ban.type" => "actions",
      "message.level" => "WARNING",
       "fail2ban.app" => "asterisk-iptables",
    "fail2ban.action" => "Ban",
         "Net.IP.SRC" => "193.189.117.215",
       "Net.Host.SRC" => "193.189.117.215.host.e-ring.pl",
     "Net.IP.SRC.GEO" => {
                    "ip" => "193.189.117.215",
         "country_code2" => "PL",
         "country_code3" => "POL",
          "country_name" => "Poland",
        "continent_code" => "EU",
              "latitude" => 52.0,
             "longitude" => 20.0,
              "timezone" => "Europe/Warsaw",
              "location" => [
            [0] 20.0,
            [1] 52.0
        ]
    },
           "CIF.Tags" => [
        [0] "botnet"
    ],
            "CIF.Tlp" => "amber",
     "CIF.Confidence" => 65
}
	NOTE:: The IPs were taken from the CIF DB for testing. Not actual events.

	Logstash startup completed
	{
	"message" => "2015-04-19 05:46:59,798 fail2ban.actions: WARNING [asterisk-iptables] Ban 141.101.113.108",
	"@version" => "1",
	"@timestamp" => "2015-04-19T09:46:59.798Z",
	"type" => "fail2ban",
	"host" => "homer",
	"path" => "/srv/Logs/f2b/fail2ban",
	"fail2ban.type" => "actions",
	"message.level" => "WARNING",
	"fail2ban.app" => "asterisk-iptables",
	"fail2ban.action" => "Ban",
	"Net.IP.SRC" => "141.101.113.108",
	"Net.IP.SRC.GEO" => {
	"ip" => "141.101.113.108",
	"country_code2" => "EU",
	"country_code3" => "EU",
	"country_name" => "Europe",
	"continent_code" => "EU",
	"latitude" => 47.0,
	"longitude" => 8.0,
	"location" => [
	[0] 8.0,
	[1] 47.0
	]
	},
	"CIF.Tags" => [
	[0] "whitelist",
	[1] "rdata"
	],
	"CIF.Tlp" => "green",
	"CIF.Confidence" => 12.949
	}
	{
	"message" => "2015-04-19 05:46:59,798 fail2ban.actions: WARNING [asterisk-iptables] Ban 193.189.117.215",
	"@version" => "1",
	"@timestamp" => "2015-04-19T09:46:59.798Z",
	"type" => "fail2ban",
	"host" => "homer",
	"path" => "/srv/Logs/f2b/fail2ban",
	"fail2ban.type" => "actions",
	"message.level" => "WARNING",
	"fail2ban.app" => "asterisk-iptables",
	"fail2ban.action" => "Ban",
	"Net.IP.SRC" => "193.189.117.215",
	"Net.Host.SRC" => "193.189.117.215.host.e-ring.pl",
	"Net.IP.SRC.GEO" => {
	"ip" => "193.189.117.215",
	"country_code2" => "PL",
	"country_code3" => "POL",
	"country_name" => "Poland",
	"continent_code" => "EU",
	"latitude" => 52.0,
	"longitude" => 20.0,
	"timezone" => "Europe/Warsaw",
	"location" => [
	[0] 20.0,
	[1] 52.0
	]
	},
	"CIF.Tags" => [
	[0] "botnet"
	],
	"CIF.Tlp" => "amber",
	"CIF.Confidence" => 65
	}