logstash - 有人可以在linux中为我提供一个用于auth.log的logstash过滤器吗?
问题描述
这种日志:( 我需要一个 grok 模式来提取 IP 和用户......我想检查它是否是密码失败。)
Sep 18 15:54:25 amantha-server-ubuntu sshd[4692]: Received disconnect from 192.168.3.198 port 34222:11: disconnected by user
Sep 18 15:54:25 amantha-server-ubuntu sshd[4692]: Disconnected from user amantha 192.168.3.198 port 34222
Sep 18 15:54:25 amantha-server-ubuntu sshd[4612]: pam_unix(sshd:session): session closed for user amantha
Sep 18 15:54:25 amantha-server-ubuntu systemd-logind[673]: Session 13 logged out. Waiting for processes to exit.
Sep 18 15:54:25 amantha-server-ubuntu systemd-logind[673]: Removed session 13.
Sep 18 15:54:30 amantha-server-ubuntu sshd[4726]: Accepted password for amantha from 192.168.3.198 port 34226 ssh2
Sep 18 15:54:30 amantha-server-ubuntu sshd[4726]: pam_unix(sshd:session): session opened for user amantha by (uid=0)
Sep 18 15:54:30 amantha-server-ubuntu systemd-logind[673]: New session 14 of user amantha.
Sep 18 15:55:22 amantha-server-ubuntu sshd[4823]: Accepted password for amantha from 192.168.3.198 port 34232 ssh2
Sep 18 15:55:22 amantha-server-ubuntu sshd[4823]: pam_unix(sshd:session): session opened for user amantha by (uid=0)
Sep 18 15:55:22 amantha-server-ubuntu systemd-logind[673]: New session 15 of user amantha.
Sep 18 15:55:31 amantha-server-ubuntu sshd[4904]: Received disconnect from 192.168.3.198 port 34232:11: disconnected by user
Sep 18 15:55:31 amantha-server-ubuntu sshd[4904]: Disconnected from user amantha 192.168.3.198 port 34232
Sep 18 15:55:31 amantha-server-ubuntu sshd[4823]: pam_unix(sshd:session): session closed for user amantha
Sep 18 15:55:31 amantha-server-ubuntu systemd-logind[673]: Session 15 logged out. Waiting for processes to exit.
Sep 18 15:55:31 amantha-server-ubuntu systemd-logind[673]: Removed session 15.
Sep 18 15:55:37 amantha-server-ubuntu sshd[4938]: Accepted password for amantha from 192.168.3.198 port 34244 ssh2
Sep 18 15:55:37 amantha-server-ubuntu sshd[4938]: pam_unix(sshd:session): session opened for user amantha by (uid=0)
Sep 18 15:55:37 amantha-server-ubuntu systemd-logind[673]: New session 16 of user amantha.
Sep 18 16:04:43 amantha-server-ubuntu su: pam_unix(su-l:session): session closed for user root
Sep 18 16:04:43 amantha-server-ubuntu sudo: pam_unix(sudo:session): session closed for user root
Sep 18 16:05:17 amantha-server-ubuntu sudo: pam_unix(sudo:auth): Couldn't open /etc/securetty: No such file or directory
Sep 18 16:05:19 amantha-server-ubuntu sudo: pam_unix(sudo:auth): Couldn't open /etc/securetty: No such file or directory
Sep 18 16:05:19 amantha-server-ubuntu sudo: amantha : TTY=pts/0 ; PWD=/home/amantha ; USER=root ; COMMAND=/usr/bin/su -
Sep 18 16:05:19 amantha-server-ubuntu sudo: pam_unix(sudo:session): session opened for user root by amantha(uid=0)
Sep 18 16:05:19 amantha-server-ubuntu su: (to root) amantha on pts/0
Sep 18 16:05:19 amantha-server-ubuntu su: pam_unix(su-l:session): session opened for user root by amantha(uid=0)
解决方案
推荐阅读
- javascript - 如何在 JS 中导出组件/函数数组
- symfony - 使用 where 子句进行子选择
- mongodb - 如何在字符串字段中使用日期条件删除 mongodb 中的文档?
- javascript - 如何一次调用ajax请求在多个组件实例中加载数据
- report - 如何创建表格的自定义“摘要/总计”
- google-chrome - 无法在 Mozilla 中使用 JMETER 记录网络流量在将端口更改为 8080 时出错
- google-chrome - Chrome SVG 渲染工件
- c++ - 泛化我的可变参数模板函数时出错
- python - 由 PyQt4 创建并在 python 中执行的 GUI 没有打开
- azure - 了解 Azure CDN