BUYTIME

logstash nac 연동 (1)

[Logstash] NAC syslog 연동

카테고리 : IT2/elk stack buytime | 2023. 2. 1. 20:11

# NAC 5.0 버전 [INPUT] input { udp { port => 5514 } } [FILTER] filter { grok { match => { "message" => "\%{TIMESTAMP_ISO8601:_datetime} %{LOGLEVEL:_logtype} %{INT:_logid} %{DATA:_sensorname} %{DATA:_ip} %{DATA:_mac} %{DATA:detailmsg} %{GREEDYDATA:_fullmsg}" } } mutate { gsub => ["_fullmsg"," NONE",". "] gsub => ["_fullmsg","NONE ",""] } mutate { split => ["_fullmsg",". "] add_field => { "_fullmsg_..

Copyright © BUYTIME :: 시간을 산다 All Rights Reserved

Designed by JB FACTORY

티스토리툴바