2018-12-15 03:04:55

AttackFilter-logstash-filter-attackfilter

AttackFilter

  • logstash-filter-attackfilter-1.0.6
  • 此插件为 ElasticSearch 导入工具 Logstash 扩展安全分析插件

AttackFilter插件安装

  • 下载插件

    git clone http://github.com/attackfilter
  • logstash-X.X.X/Gemfile 加入插件路径信息

    mv attackfilter logstash-X.X.X/vendor/bundle/jruby/1.9/gems/
    vim logstash-X.X.X/Gemfile
    gem "logstash-filter-attackfilter", :path => "./vendor/bundle/jruby/1.9/gems/logstash-filter-attackfilter-1.0.6" 

AttackFilter使用

  • 配置 Logstash 导入配置文件 test.conf

    input {
      file {
        path => "/web-log-2018-01-01.log" start_position => "beginning" }
    } filter {
        grok {
          match => { "message" => "%{日志拆分规则}" }
        } attackfilter {
          source => message }
    } output {
      elasticsearch {
        hosts => ["192.168.1.2:9200"]
        index => "test" } stdout {
        codec => rubydebug
      }
    }

问题反馈

发表回复