标签 Logstash 下的文章

winlogbeat之windows日志微信报警

Posted on: 3 April 2022

现有的收集AD日志架构是通过winlogbeat 发送日志到elasticsearch 我的思路是通过winlogbeat 在发送一份日志到logstash中，通过logstash中output的exec执行Python脚本发送锁定日志给用户，并引导解锁。

Tags: Logstash winlogbeat windows日志

Logstash - Suricata DNS and fast.log

Posted on: 13 February 2022

input { file { path => [ "/mnt/logs/ids/dns.log" ] sincedb_path => "/dev/null" start_position => "beginning" #Поменять на end# tags => ["dns"] } file { path => [ "/mnt/logs/ids/fast.log" ] sincedb_path => "/dev/null" start_position => "beginning" #Поменять на end# tags => ["ids"] }

Tags: Suricata Logstash fast.log

Logstash 提取SURICATA fast.log正则表达式

Posted on: 20 September 2020

09/20/2020-00:18:32.710309 [**] [1:2010935:3] ET SCAN Suspicious inbound to MSSQL port 1433 [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 213.212.243.106:49614 -> 1.1.1.1:1433

Tags: Suricata Logstash fast.log 正则表达式 grok

通过 Logstash 将日志存入 Mysql

Posted on: 12 September 2020

driver_jar_path => "/opt/mysql-connector-java-8.0.21.jar" driver_class => "com.mysql.jdbc.Driver" connection_string => "jdbc:mysql://127.0.0.1:3306/库名?user=USERNAME&password=PASSWORD&useUnicode=true&characterEncoding=UTF8"

Tags: centos Logstash jdbc:mysql logstash-output-jdbc mysql-connector-java