我要搜集防火墙日志信息,但是搜集到的数据如下,貌似不正确,配置如下:
input{
udp {
port => 9903
codec => netflow
}
}
output{
stdout{
codec => rubydebug
}
}
数据如下:
16:48:33.656 [<udp.0] WARN logstash.codecs.netflow - Ignoring Netflow version v513
16:48:33.656 [<udp.1] WARN logstash.codecs.netflow - Ignoring Netflow version v513
16:48:33.656 [<udp.0] WARN logstash.codecs.netflow - Ignoring Netflow version v513
16:48:33.656 [<udp.1] WARN logstash.codecs.netflow - Ignoring Netflow version v513
16:48:33.656 [<udp.0] WARN logstash.codecs.netflow - Ignoring Netflow version v513
16:48:33.656 [<udp.1] WARN logstash.codecs.netflow - Ignoring Netflow version v513
16:48:33.656 [<udp.0] WARN logstash.codecs.netflow - Ignoring Netflow version v513
16:48:33.656 [<udp.1] WARN logstash.codecs.netflow - Ignoring Netflow version v513
16:48:33.656 [<udp.0] WARN logstash.codecs.netflow - Ignoring Netflow version v513
16:48:33.656 [<udp.1] WARN logstash.codecs.netflow - Ignoring Netflow version v513
input{
udp {
port => 9903
codec => netflow
}
}
output{
stdout{
codec => rubydebug
}
}
数据如下:
16:48:33.656 [<udp.0] WARN logstash.codecs.netflow - Ignoring Netflow version v513
16:48:33.656 [<udp.1] WARN logstash.codecs.netflow - Ignoring Netflow version v513
16:48:33.656 [<udp.0] WARN logstash.codecs.netflow - Ignoring Netflow version v513
16:48:33.656 [<udp.1] WARN logstash.codecs.netflow - Ignoring Netflow version v513
16:48:33.656 [<udp.0] WARN logstash.codecs.netflow - Ignoring Netflow version v513
16:48:33.656 [<udp.1] WARN logstash.codecs.netflow - Ignoring Netflow version v513
16:48:33.656 [<udp.0] WARN logstash.codecs.netflow - Ignoring Netflow version v513
16:48:33.656 [<udp.1] WARN logstash.codecs.netflow - Ignoring Netflow version v513
16:48:33.656 [<udp.0] WARN logstash.codecs.netflow - Ignoring Netflow version v513
16:48:33.656 [<udp.1] WARN logstash.codecs.netflow - Ignoring Netflow version v513
0 个回复