Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
RAW Log
<135> 05/13/2014:21:17:55 GMT nsvpx-esx-2 0-PPE-0 : SSLLOG SSL_HANDSHAKE_SUCCESS 6103955 0 : SPCBId 59218 - ClientIP 142.28.165.235 - ClientPort 56308 - VserverServiceIP 192.168.1.200 - VserverServicePort 443 - ClientVersion TLSv1.0 - CipherSuite "RC4-MD5 TLSv1 Non-Export 128-bit" - Session Reuse
filter {
if "Netscaler" in [tags] {
grok {
break_on_match => false
match => [
"message", '%{SYSLOG5424PRI} %{DATE}:%{HAPROXYTIME} GMT %{SYSLOGHOST:syslog_hostname} %{PROG:netscaler_process} : %{DATA:netscaler_feature} %{DATA:netscaler_message} %{DATA} : %{DATA} %{INT:netscaler_spcbid} - %{DATA} %{IP:client_ip} - %{DATA} %{INT:client_port} - %{DATA} %{IP:vserver_ip} - %{DATA} %{INT:vserver_port} - %{DATA} %{DATA:client_version} - %{DATA} "%{DATA:cipher_suite}" - %{DATA} %{WORD:session_method}'
]
}
mutate {
replace => [ "@source_host", "%{host}" ]
}
mutate {
replace => [ "@message", "%{netscaler_message}" ]
}
}
Getting _grokparsefailure
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment