Created
May 14, 2014 01:06
-
-
Save mrlesmithjr/b734ea2825331d1bb837 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
RAW Log | |
<135> 05/13/2014:21:17:55 GMT nsvpx-esx-2 0-PPE-0 : SSLLOG SSL_HANDSHAKE_SUCCESS 6103955 0 : SPCBId 59218 - ClientIP 142.28.165.235 - ClientPort 56308 - VserverServiceIP 192.168.1.200 - VserverServicePort 443 - ClientVersion TLSv1.0 - CipherSuite "RC4-MD5 TLSv1 Non-Export 128-bit" - Session Reuse | |
filter { | |
if "Netscaler" in [tags] { | |
grok { | |
break_on_match => false | |
match => [ | |
"message", '%{SYSLOG5424PRI} %{DATE}:%{HAPROXYTIME} GMT %{SYSLOGHOST:syslog_hostname} %{PROG:netscaler_process} : %{DATA:netscaler_feature} %{DATA:netscaler_message} %{DATA} : %{DATA} %{INT:netscaler_spcbid} - %{DATA} %{IP:client_ip} - %{DATA} %{INT:client_port} - %{DATA} %{IP:vserver_ip} - %{DATA} %{INT:vserver_port} - %{DATA} %{DATA:client_version} - %{DATA} "%{DATA:cipher_suite}" - %{DATA} %{WORD:session_method}' | |
] | |
} | |
mutate { | |
replace => [ "@source_host", "%{host}" ] | |
} | |
mutate { | |
replace => [ "@message", "%{netscaler_message}" ] | |
} | |
} | |
Getting _grokparsefailure |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment