Skip to content

Instantly share code, notes, and snippets.

@mamori017

mamori017/LogstashGrok4YamahaRouterSyslog

Last active February 20, 2018 02:49
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save mamori017/14b3ea1b809a797042bb0232214e4a52 to your computer and use it in GitHub Desktop.
Save mamori017/14b3ea1b809a797042bb0232214e4a52 to your computer and use it in GitHub Desktop.
Download ZIP
A Logstash grok filter for yamaha router syslog.
Raw
LogstashGrok4YamahaRouterSyslog
# URL FILTER
filter{
grok {
match => ["message", "%{YEAR:year}/%{MONTHNUM:month}/%{MONTHDAY:day} %{HOUR:hour}:%{MINUTE:min}:%{SECOND:sec}:\s\[NAT\(%{INT:natvalue}\):PP%{INT:pp}\]\s%{WORD:status}\s%{WORD:tcpudp}\s%{IP:global_ip}.%{INT:global_port}\s<->\s%{IP:from_ip}.%{INT:from_port}\s==>\s%{IP:conn_ip}.%{INT:conn_port}",
"message", "%{YEAR:year}/%{MONTHNUM:month}/%{MONTHDAY:day} %{HOUR:hour}:%{MINUTE:min}:%{SECOND:sec}:\s\[%{WORD:status}\]\sPP\[%{INT:pp}\]\[%{WORD:inout}\]\[%{INT:filter}\]\s%{WORD:tcpudp}\s%{IP:from_ip}:%{INT:from_port}\s>\s%{IP:conn_ip}:%{INT:conn_port}\s\(%{YEAR:conn_year}/%{MONTHNUM:conn_month}/%{MONTHDAY:conn_day} %{HOUR:conn_hour}:%{MINUTE:conn_min}:%{SECOND:conn_sec}\)",
"message", "%{YEAR:year}/%{MONTHNUM:month}/%{MONTHDAY:day} %{HOUR:hour}:%{MINUTE:min}:%{SECOND:sec}:\sPP\[%{INT:pp}\]\s%{WORD:status}\sat\s%{WORD:inout}\(%{WORD:filter}\)\sfilter:\s%{WORD:tcpudp}\s%{IP:from_ip}:%{INT:from_port}\s>\s%{IP:conn_ip}:%{INT:conn_port}"
]
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment