I hereby claim:
- I am thorrsson on github.
- I am thorrsson (https://keybase.io/thorrsson) on keybase.
- I have a public key whose fingerprint is 2825 46C0 AFBB 0E0B 30E1 82E3 C386 8ED6 4E4A B449
To claim this, I am signing this object:
Tim Hunter thorrsson
thorrsson
/ keybase.md
Created
July 26, 2015 02:07
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| if [type] == "ufw" { | |
| grok { | |
| match => { "message" => "%{SYSLOGTIMESTAMP:ufw_timestamp} %{SYSLOGHOST:ufw_hostname} %{DATA:ufw_program}(?:\[%{POSINT:ufw_pid}\])?: %{GREEDYDATA:ufw_message}" } | |
| } | |
| grok { | |
| match => { "ufw_message" => "\[%{DATA}\] \[UFW %{WORD:ufw_action}\] IN=%{DATA:ufw_interface} OUT= MAC=%{DATA:ufw_mac} SRC=%{IP:ufw_src_ip} DST=%{IP:ufw_dest_ip} %{GREEDYDATA:ufw_tcp_opts} PROTO=%{ | |
| WORD:ufw_protocol} SPT=%{INT:ufw_src_port} DPT=%{INT:ufw_dst_port} %{GREEDYDATA:ufw_tcp_opts}" | |
| } | |
| } | |
| geoip { source => "ufw_src_ip" } |