Skip to content

J
joohanhong
Commit b29a52db authored by JooHan Hong's avatar JooHan Hong
Browse files
Options

elk systemlog disk error add

parent be8a8042
Pipeline #5285 passed with stages
      in 44 seconds
      Show whitespace changes
      Inline Side-by-side
      Showing with 10 additions and 0 deletions
      LOG/SYSTEM/README.md
      View file @ b29a52db
      ...@@ -147,6 +147,16 @@ filter { ...@@ -147,6 +147,16 @@ filter {
      match => { "message" => "%{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: Accepted password for %{USERNAME:sshd_invalid_user} from %{IPORHOST:sshd_client_ip} port %{NUMBER:sshd_port} %{GREEDYDATA:sshd_protocol}" } match => { "message" => "%{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: Accepted password for %{USERNAME:sshd_invalid_user} from %{IPORHOST:sshd_client_ip} port %{NUMBER:sshd_port} %{GREEDYDATA:sshd_protocol}" }
      } }
      grok {
      match => ["message", "Error updating SMART data: Error sending ATA command CHECK"]
      add_tag => "HDD_SMART_CHECK_ERROR"
      }
      grok {
      match => ["message", "Buffer I/O error"]
      add_tag => "DISK_ERROR"
      }
      mutate { mutate {
      convert => {"geoip.city_name" => "string"} convert => {"geoip.city_name" => "string"}
      } }
      ......
      Markdown is supported
      0% or
      You are about to add 0 people to the discussion. Proceed with caution.
      Finish editing this message first!
      Please register or to comment