如何解决有人可以在Linux中为我的auth.log提供logstash过滤器吗?
这种日志: (我需要一个grok模式来提取IP和用户。我想检查它是否是密码错误。)
Sep 18 15:54:25 amantha-server-ubuntu sshd[4692]: Received disconnect from 192.168.3.198 port 34222:11: disconnected by user
Sep 18 15:54:25 amantha-server-ubuntu sshd[4692]: Disconnected from user amantha 192.168.3.198 port 34222
Sep 18 15:54:25 amantha-server-ubuntu sshd[4612]: pam_unix(sshd:session): session closed for user amantha
Sep 18 15:54:25 amantha-server-ubuntu systemd-logind[673]: Session 13 logged out. Waiting for processes to exit.
Sep 18 15:54:25 amantha-server-ubuntu systemd-logind[673]: Removed session 13.
Sep 18 15:54:30 amantha-server-ubuntu sshd[4726]: Accepted password for amantha from 192.168.3.198 port 34226 ssh2
Sep 18 15:54:30 amantha-server-ubuntu sshd[4726]: pam_unix(sshd:session): session opened for user amantha by (uid=0)
Sep 18 15:54:30 amantha-server-ubuntu systemd-logind[673]: New session 14 of user amantha.
Sep 18 15:55:22 amantha-server-ubuntu sshd[4823]: Accepted password for amantha from 192.168.3.198 port 34232 ssh2
Sep 18 15:55:22 amantha-server-ubuntu sshd[4823]: pam_unix(sshd:session): session opened for user amantha by (uid=0)
Sep 18 15:55:22 amantha-server-ubuntu systemd-logind[673]: New session 15 of user amantha.
Sep 18 15:55:31 amantha-server-ubuntu sshd[4904]: Received disconnect from 192.168.3.198 port 34232:11: disconnected by user
Sep 18 15:55:31 amantha-server-ubuntu sshd[4904]: Disconnected from user amantha 192.168.3.198 port 34232
Sep 18 15:55:31 amantha-server-ubuntu sshd[4823]: pam_unix(sshd:session): session closed for user amantha
Sep 18 15:55:31 amantha-server-ubuntu systemd-logind[673]: Session 15 logged out. Waiting for processes to exit.
Sep 18 15:55:31 amantha-server-ubuntu systemd-logind[673]: Removed session 15.
Sep 18 15:55:37 amantha-server-ubuntu sshd[4938]: Accepted password for amantha from 192.168.3.198 port 34244 ssh2
Sep 18 15:55:37 amantha-server-ubuntu sshd[4938]: pam_unix(sshd:session): session opened for user amantha by (uid=0)
Sep 18 15:55:37 amantha-server-ubuntu systemd-logind[673]: New session 16 of user amantha.
Sep 18 16:04:43 amantha-server-ubuntu su: pam_unix(su-l:session): session closed for user root
Sep 18 16:04:43 amantha-server-ubuntu sudo: pam_unix(sudo:session): session closed for user root
Sep 18 16:05:17 amantha-server-ubuntu sudo: pam_unix(sudo:auth): Couldn't open /etc/securetty: No such file or directory
Sep 18 16:05:19 amantha-server-ubuntu sudo: pam_unix(sudo:auth): Couldn't open /etc/securetty: No such file or directory
Sep 18 16:05:19 amantha-server-ubuntu sudo: amantha : TTY=pts/0 ; PWD=/home/amantha ; USER=root ; COMMAND=/usr/bin/su -
Sep 18 16:05:19 amantha-server-ubuntu sudo: pam_unix(sudo:session): session opened for user root by amantha(uid=0)
Sep 18 16:05:19 amantha-server-ubuntu su: (to root) amantha on pts/0
Sep 18 16:05:19 amantha-server-ubuntu su: pam_unix(su-l:session): session opened for user root by amantha(uid=0)
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。