-
配置华为控制器,启用 SysLog
配置华为SysLog 使用 Logstash 实现日志收集
input {
syslog {
port => "514"
codec => plain { charset => "UTF-8" }
}
}
filter {
grok {
match => [
"message", ".*?The user log was created\. user=%{QS:user} ip=%{QS:ip} radiusclientip=%{QS:client} msgtype=%{QS:msgtype} time=%{QS:time} mac=%{QS:mac}"
]
}
if "_grokparsefailure" in [tags] {
drop { }
}
}
output {
elasticsearch {
hosts => [ "elastic:9200" ]
index => "agile"
}
}
-
使用 Elastic 进行日志分析
上下线消息日志.png
