graylog新建extractor grok

 

Message:

May  6 14:32:50 localhost.localdomain haproxy[4198]: 192.168.15.11 7706 10.10.20.16 443 123.103.90.196 443 GET /ews/exchange.asmx 401 ee 1 0 0 0 HTTP/1.1 TLSv1.3 TLS_AES_256_GCM_SHA384

Extractor configuration grok pattern:

(?<date_time>(%{MONTH}\s*%{MONTHDAY}\s*%{TIME}))\s*(?<hostname>(\S+))\s*(?<process>(haproxy\[\d+\]:))\s*%{IPV4:c_ip}\s*%{BASE10NUM:c_port}\s*%{IPV4:fe_ip}\s*%{BASE10NUM:fe_port}\s*%{IPV4:be_ip}\s*%{BASE10NUM:be_port}\s*%{WORD:cs_method}\s*%{URIPATHPARAM:cs_uri}\s*%{BASE10NUM:cs_status}\s*(?<uname>([.\S+]*))\s*%{BASE10NUM:fc}\s*%{BASE10NUM:bc}\s*%{BASE10NUM:bq}\s*%{BASE10NUM:sc}\s*

 

posted on 2024-05-06 14:50  momingliu11  阅读(32)  评论(0编辑  收藏  举报

Powered by: 博客园 Copyright © 2024 momingliu11
Powered by .NET 9.0 on Kubernetes