elk systemlog disk error add

b29a52db · JooHan Hong · be8a8042 · b29a52db
Commit b29a52db authored Mar 23, 2021 by JooHan Hong
Hide whitespace changes
Inline Side-by-side

Showing with 10 additions and 0 deletions

README.md LOG/SYSTEM/README.md +10 -0

No files found.
--- a/LOG/SYSTEM/README.md
+++ b/LOG/SYSTEM/README.md
@@ -147,6 +147,16 @@ filter {
      match => { "message" => "%{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: Accepted password for %{USERNAME:sshd_invalid_user} from %{IPORHOST:sshd_client_ip} port %{NUMBER:sshd_port} %{GREEDYDATA:sshd_protocol}" }
    }

+    grok {
+      match => ["message", "Error updating SMART data: Error sending ATA command CHECK"]
+      add_tag => "HDD_SMART_CHECK_ERROR"
+    }
+
+    grok {
+      match => ["message", "Buffer I/O error"]
+      add_tag => "DISK_ERROR"
+    }
+
    mutate {
      convert => {"geoip.city_name" => "string"}
    }