有人可以在Linux中为我的auth.log提供logstash过滤器吗?

编程问答 2022-07-30

问题描述

这种日志: (我需要一个grok模式来提取IP和用户。我想检查它是否是密码错误。)

Sep 18 15:54:25 amantha-server-ubuntu sshd[4692]: Received disconnect from 192.168.3.198 port 34222:11: disconnected by user
    Sep 18 15:54:25 amantha-server-ubuntu sshd[4692]: disconnected from user amantha 192.168.3.198 port 34222
    Sep 18 15:54:25 amantha-server-ubuntu sshd[4612]: pam_unix(sshd:session): session closed for user amantha
    Sep 18 15:54:25 amantha-server-ubuntu systemd-logind[673]: Session 13 logged out. Waiting for processes to exit.
    Sep 18 15:54:25 amantha-server-ubuntu systemd-logind[673]: Removed session 13.
    Sep 18 15:54:30 amantha-server-ubuntu sshd[4726]: Accepted password for amantha from 192.168.3.198 port 34226 ssh2
    Sep 18 15:54:30 amantha-server-ubuntu sshd[4726]: pam_unix(sshd:session): session opened for user amantha by (uid=0)
    Sep 18 15:54:30 amantha-server-ubuntu systemd-logind[673]: New session 14 of user amantha.
    Sep 18 15:55:22 amantha-server-ubuntu sshd[4823]: Accepted password for amantha from 192.168.3.198 port 34232 ssh2
    Sep 18 15:55:22 amantha-server-ubuntu sshd[4823]: pam_unix(sshd:session): session opened for user amantha by (uid=0)
    Sep 18 15:55:22 amantha-server-ubuntu systemd-logind[673]: New session 15 of user amantha.
    Sep 18 15:55:31 amantha-server-ubuntu sshd[4904]: Received disconnect from 192.168.3.198 port 34232:11: disconnected by user
    Sep 18 15:55:31 amantha-server-ubuntu sshd[4904]: disconnected from user amantha 192.168.3.198 port 34232
    Sep 18 15:55:31 amantha-server-ubuntu sshd[4823]: pam_unix(sshd:session): session closed for user amantha
    Sep 18 15:55:31 amantha-server-ubuntu systemd-logind[673]: Session 15 logged out. Waiting for processes to exit.
    Sep 18 15:55:31 amantha-server-ubuntu systemd-logind[673]: Removed session 15.
    Sep 18 15:55:37 amantha-server-ubuntu sshd[4938]: Accepted password for amantha from 192.168.3.198 port 34244 ssh2
    Sep 18 15:55:37 amantha-server-ubuntu sshd[4938]: pam_unix(sshd:session): session opened for user amantha by (uid=0)
    Sep 18 15:55:37 amantha-server-ubuntu systemd-logind[673]: New session 16 of user amantha.
    Sep 18 16:04:43 amantha-server-ubuntu su: pam_unix(su-l:session): session closed for user root
    Sep 18 16:04:43 amantha-server-ubuntu sudo: pam_unix(sudo:session): session closed for user root
    Sep 18 16:05:17 amantha-server-ubuntu sudo: pam_unix(sudo:auth): Couldn't open /etc/securetty: No such file or directory
    Sep 18 16:05:19 amantha-server-ubuntu sudo: pam_unix(sudo:auth): Couldn't open /etc/securetty: No such file or directory
    Sep 18 16:05:19 amantha-server-ubuntu sudo:  amantha : TTY=pts/0 ; PWD=/home/amantha ; USER=root ; COMMAND=/usr/bin/su -
    Sep 18 16:05:19 amantha-server-ubuntu sudo: pam_unix(sudo:session): session opened for user root by amantha(uid=0)
    Sep 18 16:05:19 amantha-server-ubuntu su: (to root) amantha on pts/0
    Sep 18 16:05:19 amantha-server-ubuntu su: pam_unix(su-l:session): session opened for user root by amantha(uid=0)

解决方法

暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!

如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。

小编邮箱:dio#foxmail.com (将#修改为@)