-
-
Save reyjrar/9b01e599332718332566 to your computer and use it in GitHub Desktop.
Sample log entry with decoded content
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| brad@guillotine $ perl -Ilib/ bin/contextualize.pl | |
| Jul 26 15:50:16 ether sshd[4291]: Failed password for root from 43.229.53.60 port 57806 ssh2 {"tags":["ssh","login","fail"]} | |
| decoding with json .. | |
| + decoded successfully with json .. | |
| decoding with syslog .. | |
| + decoded successfully with syslog .. | |
| eris::log { | |
| Parents Moose::Object | |
| public methods (9) : add_context, complete, context, decoded, DESTROY, meta, new, raw, set_decoded | |
| private methods (0) | |
| internals: { | |
| complete { | |
| decoder::json { | |
| content "{"tags":["ssh","login","fail"]}", | |
| tags [ | |
| [0] "ssh", | |
| [1] "login", | |
| [2] "fail" | |
| ] | |
| }, | |
| decoder::syslog { | |
| epoch 1437918616, | |
| hostname "ether", | |
| message "sshd[4291]: Failed password for root from 43.229.53.60 port 57806 ssh2 {"tags":["ssh","login","fail"]}", | |
| pid 4291, | |
| program "sshd", | |
| timestamp "2015-07-26 15:50:16" | |
| } | |
| }, | |
| decoded { | |
| content "{"tags":["ssh","login","fail"]}", | |
| epoch 1437918616, | |
| hostname "ether", | |
| message "sshd[4291]: Failed password for root from 43.229.53.60 port 57806 ssh2 {"tags":["ssh","login","fail"]}", | |
| pid 4291, | |
| program "sshd", | |
| tags var{complete}{decoder::json}{tags}, | |
| timestamp "2015-07-26 15:50:16" | |
| }, | |
| raw "Jul 26 15:50:16 ether sshd[4291]: Failed password for root from 43.229.53.60 port 57806 ssh2 {"tags":["ssh","login","fail"]}" | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| eris::log { | |
| Parents Moose::Object | |
| public methods (11) : add_context, complete, context, decoded, DESTROY, meta, new, raw, set_decoded, tags, timing | |
| private methods (0) | |
| internals: { | |
| complete { | |
| decoder::json { | |
| type "authentication_successful" | |
| }, | |
| decoder::syslog { | |
| epoch 1469573252, | |
| hostname "ether", | |
| message "sshd[30700]: Accepted password for canuck from 2.82.66.219 port 54085 ssh2 {"type": "authentication_successful"}", | |
| pid 30700, | |
| program "sshd", | |
| timestamp "2016-07-26 15:47:32" | |
| }, | |
| sshd { | |
| acct "canuck", | |
| driver "password", | |
| proto "ssh2", | |
| src_ip "2.82.66.219", | |
| src_port 54085, | |
| status "success" | |
| } | |
| }, | |
| context { | |
| acct "canuck", | |
| driver "password", | |
| hostname "ether", | |
| message "sshd[30700]: Accepted password for canuck from 2.82.66.219 port 54085 ssh2 {"type": "authentication_successful"}", | |
| program "sshd", | |
| src_ip "2.82.66.219", | |
| src_port 54085, | |
| status "success", | |
| timestamp "2016-07-26 15:47:32" | |
| }, | |
| decoded { | |
| epoch 1469573252, | |
| hostname "ether", | |
| message "sshd[30700]: Accepted password for canuck from 2.82.66.219 port 54085 ssh2 {"type": "authentication_successful"}", | |
| pid 30700, | |
| program "sshd", | |
| timestamp "2016-07-26 15:47:32", | |
| type "authentication_successful" | |
| }, | |
| raw "Jul 26 15:47:32 ether sshd[30700]: Accepted password for canuck from 2.82.66.219 port 54085 ssh2 {"type": "authentication_successful"}", | |
| tags [ | |
| [0] "decoder::json", | |
| [1] "decoder::syslog", | |
| [2] "sshd" | |
| ] | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment