Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/haf/grok-patterns
A repository where you can develop grok patterns for logstash and other services
https://github.com/haf/grok-patterns
Last synced: 2 months ago
JSON representation
A repository where you can develop grok patterns for logstash and other services
- Host: GitHub
- URL: https://github.com/haf/grok-patterns
- Owner: haf
- Created: 2014-11-11T08:03:59.000Z (about 10 years ago)
- Default Branch: master
- Last Pushed: 2014-11-12T18:32:50.000Z (about 10 years ago)
- Last Synced: 2024-10-06T10:01:21.625Z (3 months ago)
- Language: Ruby
- Homepage:
- Size: 203 KB
- Stars: 8
- Watchers: 5
- Forks: 5
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
## Getting Started
```
git clone git://github.com/haf/grok-patterns.git
cd grok-patterns
git submodule update --init
./run
```
When you're in the box (through the script 'run'), edit the file
`confs/logstash/logstash.conf` to change the logstash config.
You can then do
```
cd /opt/logstash
bin/logstash --configtest -f /etc/logstash/conf.d
=> Configuration OK
```
To add patterns, add them in `/etc/logstash/patterns`
### Testing Locally
```
./test groks/audit-EXECVE
```
## References:
- http://blog.jasonantman.com/2012/09/rvm-and-ruby-1-9-to-test-logstash-grok-patterns-on-fedoracentos/
## About the Patterns
### Audit
[auditd man page](http://linux.die.net/man/8/auditctl)
#### groks/auditd-EXECVE
Needs [mutate filter](https://groups.google.com/forum/#!topic/logstash-users/qmEWB780Cas) to extract parameters