使用Logstash接收Netflow日志并发送到syslog服务器
接受90端口的netflow日志,解析netflow中的源IP、端口、目的IP、端口,并输出syslog到任意端口
netflow日志格式:
{ "netflow" => { "last_switched" => "2020-05-28T02:39:13.781Z", "dst_as" => 0, "in_bytes" => 183, "ipv4_src_addr" => "120.92.11.28", #源IP "protocol" => 6, "ipv4_next_hop" => "172.16.10.10", "input_snmp" => 1, "version" => 9, "flowset_id" => 265, "src_as" => 0, "tcp_flags" => 24, "first_switched" => "2020-05-28T02:39:13.781Z", "flow_seq_num" => 2488, "l4_src_port" => 7823, # 源端口 "output_snmp" => 2, "direction" => 0, "in_pkts" => 1, "ipv4_dst_addr" => "192.168.80.15", #目的IP "src_mask" => 0, "dst_mask" => 16, "flow_sampler_id" => 0, "src_tos" => 0, "l4_dst_port" => 53367 #目的端口 }, "host" => "88.88.88.88", "@timestamp" => 2020-05-28T02:39:37.000Z, "@version" => "1" } 详细字段说明: https://www.ibm.com/support/knowledgecenter/en/SSCVHB_1.2.2/collector/cnpi_collector_v9_fiels_types.html 安装syslog输出插件 bin/logstash-plugin install logstash-output-syslog
input {
udp {
port => 90
codec => netflow
}
}
filter{
mutate {
rename => { "[netflow][ipv4_src_addr]" => "src_ip"
"[netflow][l4_src_port]"=> "src_port"
"[netflow][ipv4_dst_addr]"=>"dst_ip"
"[netflow][l4_dst_port]"=>"dst_port"
}
remove_field => ["netflow"]
}
}
output {
# stdout{
# codec => rubydebug
# }
syslog {
host => "192.168.100.123"
port => 16060
}
}
- JavaScript 教程
- JavaScript 编辑工具
- JavaScript 与HTML
- JavaScript 与Java
- JavaScript 数据结构
- JavaScript 基本数据类型
- JavaScript 特殊数据类型
- JavaScript 运算符
- JavaScript typeof 运算符
- JavaScript 表达式
- JavaScript 类型转换
- JavaScript 基本语法
- JavaScript 注释
- Javascript 基本处理流程
- Javascript 选择结构
- Javascript if 语句
- Javascript if 语句的嵌套
- Javascript switch 语句
- Javascript 循环结构
- Javascript 循环结构实例
- Javascript 跳转语句
- Javascript 控制语句总结
- Javascript 函数介绍
- Javascript 函数的定义
- Javascript 函数调用
- Javascript 几种特殊的函数
- JavaScript 内置函数简介
- Javascript eval() 函数
- Javascript isFinite() 函数
- Javascript isNaN() 函数
- parseInt() 与 parseFloat()
- escape() 与 unescape()
- Javascript 字符串介绍
- Javascript length属性
- javascript 字符串函数
- Javascript 日期对象简介
- Javascript 日期对象用途
- Date 对象属性和方法
- Javascript 数组是什么
- Javascript 创建数组
- Javascript 数组赋值与取值
- Javascript 数组属性和方法