标签 fast.log 下的文章

Logstash - Suricata DNS and fast.log

Posted on: 13 February 2022

input { file { path => [ "/mnt/logs/ids/dns.log" ] sincedb_path => "/dev/null" start_position => "beginning" #Поменять на end# tags => ["dns"] } file { path => [ "/mnt/logs/ids/fast.log" ] sincedb_path => "/dev/null" start_position => "beginning" #Поменять на end# tags => ["ids"] }

Tags: Suricata Logstash fast.log

Posted on: 20 September 2020

09/20/2020-00:18:32.710309 [**] [1:2010935:3] ET SCAN Suspicious inbound to MSSQL port 1433 [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 213.212.243.106:49614 -> 1.1.1.1:1433

Tags: Suricata Logstash fast.log 正则表达式 grok

标签 fast.log 下的文章

Logstash - Suricata DNS and fast.log

Logstash 提取SURICATA fast.log正则表达式

Latest Articles

Tags