Versioner sammenlignet

Gammel version 4

changes.mady.by.user Normann P. Nielsen

Gemt på

sammenlignet med

Ny version 5

changes.mady.by.user Normann P. Nielsen

Gemt på

Nøgle

  • Linjen blev tilføjet.
  • Denne linje blev fjernet.
  • Formatering blev ændret.

...

Kodeblok
  if [type] == "syslog" {
    kv
    {
      include_keys => ["OUT","IN","SRC","SPT","DST","DPT","PROTO","ACTION"]
      trim => "<>\[\],"
      trimkey => "<>\[\],"
    }

    # This will drop Google DNS Requests
    #if [DST] == "8.8.8.8"
    #{
    #  drop {}
    #}

    if [SRC] == "10.0.0.100185" {
      mutate
      {
        add_field => { "IPOwner" => "DeviceChristopher" "Device" => "MOSNASGalaxy" "Interface" => "CableWifi" }
      }
    }
    if [SRC] == "10.0.0.101190" {
      mutate
      {
         add_field => { "IPOwner" => "Device" "Device" => "KHVG145-TSkur Cam" "Interface" => "Cable" }

      }
    }
...
...

 

the problem her, is that the data is persistent in Elasticsearch, and Changes to IP's and Devices are not reflected. In Splunk I solved this with a lookup, but now we can do it in Kibana with scripted fields in the new "Painless" language that also states:

...