I hereby claim:
- I am thorrsson on github.
- I am thorrsson (https://keybase.io/thorrsson) on keybase.
- I have a public key whose fingerprint is 2825 46C0 AFBB 0E0B 30E1 82E3 C386 8ED6 4E4A B449
To claim this, I am signing this object:
I hereby claim:
To claim this, I am signing this object:
if [type] == "ufw" { | |
grok { | |
match => { "message" => "%{SYSLOGTIMESTAMP:ufw_timestamp} %{SYSLOGHOST:ufw_hostname} %{DATA:ufw_program}(?:\[%{POSINT:ufw_pid}\])?: %{GREEDYDATA:ufw_message}" } | |
} | |
grok { | |
match => { "ufw_message" => "\[%{DATA}\] \[UFW %{WORD:ufw_action}\] IN=%{DATA:ufw_interface} OUT= MAC=%{DATA:ufw_mac} SRC=%{IP:ufw_src_ip} DST=%{IP:ufw_dest_ip} %{GREEDYDATA:ufw_tcp_opts} PROTO=%{ | |
WORD:ufw_protocol} SPT=%{INT:ufw_src_port} DPT=%{INT:ufw_dst_port} %{GREEDYDATA:ufw_tcp_opts}" | |
} | |
} | |
geoip { source => "ufw_src_ip" } |