我想在logstash中过滤以下行(这是从fail2ban输出的,到目前为止我找到的模式并没有真正起作用)
2016-05-02 10:40:18,051 fail2ban.filter [1122]: INFO [bruteforce4] Found 192.168.1.3
2016-05-02 10:40:22,155 fail2ban.filter [1122]: INFO [symfony-token-request-ban]Found 192.168.1.2
2016-05-02 10:40:27,756 fail2ban.actions [1122]: NOTICE [symfony-token-request-ban] Unban 192.168.1.1
任何帮助?
match => [ "message", "%{F2B_DATE:date} %{F2B_ACTION} %{WORD:level} %{F2B_JAIL} %{WORD:action} %{IP:ip}" ]
match => [ "message", "^%{DATE} %{TIME}" ]
match => [ "message", "%{F2B_DATE:date} %{F2B_ACTION} [%{INT}] %{WORD:level} %{F2B_JAIL} %{WORD:action} %{IP:ip}" ]
match => [ "message", "%{F2B_DATE:date} %{F2B_ACTION} %{F2B_LEVEL} %{GREEDYDATA:msg}?" ]
match => [ "message", "%{FAIL2BAN_BAN}" ]