You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2070 lines
54 KiB
2070 lines
54 KiB
{
|
|
"v": 1,
|
|
"id": "349bde6e-bc66-427a-8cec-67c717f0c8a0",
|
|
"rev": 1,
|
|
"name": "Liwo",
|
|
"summary": "Liwo",
|
|
"description": "",
|
|
"vendor": "Liwo",
|
|
"url": "",
|
|
"parameters": [],
|
|
"entities": [
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "sidecar_collector",
|
|
"version": "1"
|
|
},
|
|
"id": "66ff4ca8-cd50-460e-91dc-9123f678dd43",
|
|
"data": {
|
|
"name": {
|
|
"@type": "string",
|
|
"@value": "filebeat"
|
|
},
|
|
"service_type": {
|
|
"@type": "string",
|
|
"@value": "exec"
|
|
},
|
|
"node_operating_system": {
|
|
"@type": "string",
|
|
"@value": "linux"
|
|
},
|
|
"executable_path": {
|
|
"@type": "string",
|
|
"@value": "/usr/share/filebeat/bin/filebeat"
|
|
},
|
|
"execute_parameters": {
|
|
"@type": "string",
|
|
"@value": "-c %s"
|
|
},
|
|
"validation_parameters": {
|
|
"@type": "string",
|
|
"@value": "test config -c %s"
|
|
},
|
|
"default_template": {
|
|
"@type": "string",
|
|
"@value": "# Needed for Graylog\nfields_under_root: true\nfields.collector_node_id: ${sidecar.nodeName}\nfields.gl2_source_collector: ${sidecar.nodeId}\n\nfilebeat.inputs:\n- input_type: log\n paths:\n - /var/log/*.log\n type: log\noutput.logstash:\n hosts: [\"192.168.1.1:5044\"]\npath:\n data: /var/lib/graylog-sidecar/collectors/filebeat/data\n logs: /var/lib/graylog-sidecar/collectors/filebeat/log"
|
|
}
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "92f767af-fb4f-40cb-90ba-c2f05d8a74ee",
|
|
"data": {
|
|
"name": "SYSLOGTIMESTAMP",
|
|
"pattern": "%{MONTH} +%{MONTHDAY} %{TIME}"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "dashboard",
|
|
"version": "2"
|
|
},
|
|
"id": "14132da6-1cc2-4ffe-a735-e5c0a174f11e",
|
|
"data": {
|
|
"summary": {
|
|
"@type": "string",
|
|
"@value": "This is a list of all sources that sent in messages to Graylog."
|
|
},
|
|
"search": {
|
|
"queries": [
|
|
{
|
|
"id": "a1647eb6-a064-4fe6-b459-1e4267d3f659",
|
|
"timerange": {
|
|
"type": "relative",
|
|
"range": 300
|
|
},
|
|
"query": {
|
|
"type": "elasticsearch",
|
|
"query_string": ""
|
|
},
|
|
"search_types": [
|
|
{
|
|
"query": null,
|
|
"name": "chart",
|
|
"timerange": {
|
|
"type": "relative",
|
|
"range": 300
|
|
},
|
|
"streams": [],
|
|
"series": [
|
|
{
|
|
"type": "count",
|
|
"id": "Message count",
|
|
"field": null
|
|
}
|
|
],
|
|
"filter": null,
|
|
"rollup": true,
|
|
"row_groups": [
|
|
{
|
|
"type": "time",
|
|
"field": "timestamp",
|
|
"interval": {
|
|
"type": "auto",
|
|
"scaling": 1
|
|
}
|
|
}
|
|
],
|
|
"type": "pivot",
|
|
"id": "481de18f-938e-40d5-8ab2-6eaf6a28f091",
|
|
"column_groups": [],
|
|
"sort": []
|
|
},
|
|
{
|
|
"query": null,
|
|
"name": "chart",
|
|
"timerange": {
|
|
"type": "relative",
|
|
"range": 300
|
|
},
|
|
"streams": [],
|
|
"series": [
|
|
{
|
|
"type": "count",
|
|
"id": "Message count",
|
|
"field": null
|
|
}
|
|
],
|
|
"filter": null,
|
|
"rollup": true,
|
|
"row_groups": [
|
|
{
|
|
"type": "values",
|
|
"field": "source",
|
|
"limit": 10
|
|
}
|
|
],
|
|
"type": "pivot",
|
|
"id": "a964f1c5-e108-4b5e-a907-ffe0b0f0683c",
|
|
"column_groups": [],
|
|
"sort": [
|
|
{
|
|
"type": "series",
|
|
"field": "count()",
|
|
"direction": "Descending"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"query": null,
|
|
"name": "chart",
|
|
"timerange": {
|
|
"type": "relative",
|
|
"range": 300
|
|
},
|
|
"streams": [],
|
|
"series": [
|
|
{
|
|
"type": "count",
|
|
"id": "Message count",
|
|
"field": null
|
|
}
|
|
],
|
|
"filter": null,
|
|
"rollup": true,
|
|
"row_groups": [
|
|
{
|
|
"type": "values",
|
|
"field": "source",
|
|
"limit": 15
|
|
}
|
|
],
|
|
"type": "pivot",
|
|
"id": "011b2894-49e5-44d8-aab6-8c4d4457a886",
|
|
"column_groups": [],
|
|
"sort": [
|
|
{
|
|
"type": "series",
|
|
"field": "count()",
|
|
"direction": "Descending"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"parameters": [],
|
|
"requires": {},
|
|
"owner": "admin",
|
|
"created_at": "2019-11-22T10:58:47.255Z"
|
|
},
|
|
"created_at": "2019-11-22T10:54:50.950Z",
|
|
"requires": {},
|
|
"state": {
|
|
"a1647eb6-a064-4fe6-b459-1e4267d3f659": {
|
|
"selected_fields": null,
|
|
"static_message_list_id": null,
|
|
"titles": {
|
|
"tab": {
|
|
"title": "Sources Overview"
|
|
},
|
|
"widget": {
|
|
"6c127c5d-be75-4157-b43f-ac0194ac0586": "Selected sources",
|
|
"92d63811-e4dd-47db-bd3b-db03c8a9bd53": "Messages per Source",
|
|
"00637e63-d728-4b3e-932b-7c8696b4855d": "Messages over time"
|
|
}
|
|
},
|
|
"widgets": [
|
|
{
|
|
"id": "92d63811-e4dd-47db-bd3b-db03c8a9bd53",
|
|
"type": "aggregation",
|
|
"filter": null,
|
|
"timerange": {
|
|
"type": "relative",
|
|
"range": 300
|
|
},
|
|
"query": null,
|
|
"streams": [],
|
|
"config": {
|
|
"visualization": "pie",
|
|
"event_annotation": false,
|
|
"row_pivots": [
|
|
{
|
|
"field": "source",
|
|
"type": "values",
|
|
"config": {
|
|
"limit": 10
|
|
}
|
|
}
|
|
],
|
|
"series": [
|
|
{
|
|
"config": {
|
|
"name": "Message count"
|
|
},
|
|
"function": "count()"
|
|
}
|
|
],
|
|
"rollup": true,
|
|
"column_pivots": [],
|
|
"visualization_config": null,
|
|
"formatting_settings": null,
|
|
"sort": [
|
|
{
|
|
"type": "series",
|
|
"field": "count()",
|
|
"direction": "Descending"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"id": "00637e63-d728-4b3e-932b-7c8696b4855d",
|
|
"type": "aggregation",
|
|
"filter": null,
|
|
"timerange": {
|
|
"type": "relative",
|
|
"range": 300
|
|
},
|
|
"query": null,
|
|
"streams": [],
|
|
"config": {
|
|
"visualization": "line",
|
|
"event_annotation": false,
|
|
"row_pivots": [
|
|
{
|
|
"field": "timestamp",
|
|
"type": "time",
|
|
"config": {
|
|
"interval": {
|
|
"type": "auto",
|
|
"scaling": null
|
|
}
|
|
}
|
|
}
|
|
],
|
|
"series": [
|
|
{
|
|
"config": {
|
|
"name": "Message count"
|
|
},
|
|
"function": "count()"
|
|
}
|
|
],
|
|
"rollup": true,
|
|
"column_pivots": [],
|
|
"visualization_config": null,
|
|
"formatting_settings": null,
|
|
"sort": []
|
|
}
|
|
},
|
|
{
|
|
"id": "6c127c5d-be75-4157-b43f-ac0194ac0586",
|
|
"type": "aggregation",
|
|
"filter": null,
|
|
"timerange": {
|
|
"type": "relative",
|
|
"range": 300
|
|
},
|
|
"query": null,
|
|
"streams": [],
|
|
"config": {
|
|
"visualization": "table",
|
|
"event_annotation": false,
|
|
"row_pivots": [
|
|
{
|
|
"field": "source",
|
|
"type": "values",
|
|
"config": {
|
|
"limit": 15
|
|
}
|
|
}
|
|
],
|
|
"series": [
|
|
{
|
|
"config": {
|
|
"name": "Message count"
|
|
},
|
|
"function": "count()"
|
|
}
|
|
],
|
|
"rollup": true,
|
|
"column_pivots": [],
|
|
"visualization_config": null,
|
|
"formatting_settings": null,
|
|
"sort": [
|
|
{
|
|
"type": "series",
|
|
"field": "count()",
|
|
"direction": "Descending"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
],
|
|
"widget_mapping": {
|
|
"6c127c5d-be75-4157-b43f-ac0194ac0586": [
|
|
"011b2894-49e5-44d8-aab6-8c4d4457a886"
|
|
],
|
|
"92d63811-e4dd-47db-bd3b-db03c8a9bd53": [
|
|
"a964f1c5-e108-4b5e-a907-ffe0b0f0683c"
|
|
],
|
|
"00637e63-d728-4b3e-932b-7c8696b4855d": [
|
|
"481de18f-938e-40d5-8ab2-6eaf6a28f091"
|
|
]
|
|
},
|
|
"positions": {
|
|
"6c127c5d-be75-4157-b43f-ac0194ac0586": {
|
|
"col": 1,
|
|
"row": 5,
|
|
"height": 4,
|
|
"width": 6
|
|
},
|
|
"92d63811-e4dd-47db-bd3b-db03c8a9bd53": {
|
|
"col": 7,
|
|
"row": 5,
|
|
"height": 4,
|
|
"width": 6
|
|
},
|
|
"00637e63-d728-4b3e-932b-7c8696b4855d": {
|
|
"col": 1,
|
|
"row": 1,
|
|
"height": 4,
|
|
"width": "Infinity"
|
|
}
|
|
},
|
|
"formatting": {
|
|
"highlighting": []
|
|
},
|
|
"display_mode_settings": {
|
|
"positions": {}
|
|
}
|
|
}
|
|
},
|
|
"properties": [],
|
|
"owner": "admin",
|
|
"title": {
|
|
"@type": "string",
|
|
"@value": "Sources"
|
|
},
|
|
"type": "DASHBOARD",
|
|
"description": {
|
|
"@type": "string",
|
|
"@value": "This is a list of all sources that sent in messages to Graylog. You can narrow the timerange by zooming in on the message histogram, or you can increase the time range by specifying a broader one in the controls at the top. You can also specify filters to limit the results you are seeing. You can also add additional widgets to this dashboard, or adapt the appearance of existing widgets to suit your needs."
|
|
}
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "00bace8f-a5e8-42e1-88a3-afc34c5887a6",
|
|
"data": {
|
|
"name": "IPORHOST",
|
|
"pattern": "(?:%{IP}|%{HOSTNAME})"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "03c56f23-5a73-4fc9-818c-dc4d6c5422e2",
|
|
"data": {
|
|
"name": "QUOTEDSTRING",
|
|
"pattern": "(?>(?<!\\\\)(?>\"(?>\\\\.|[^\\\\\"]+)+\"|\"\"|(?>'(?>\\\\.|[^\\\\']+)+')|''|(?>`(?>\\\\.|[^\\\\`]+)+`)|``))"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "sidecar_collector",
|
|
"version": "1"
|
|
},
|
|
"id": "954fdaf3-c6ef-4012-b730-a0fa89645b40",
|
|
"data": {
|
|
"name": {
|
|
"@type": "string",
|
|
"@value": "nxlog"
|
|
},
|
|
"service_type": {
|
|
"@type": "string",
|
|
"@value": "svc"
|
|
},
|
|
"node_operating_system": {
|
|
"@type": "string",
|
|
"@value": "windows"
|
|
},
|
|
"executable_path": {
|
|
"@type": "string",
|
|
"@value": "C:\\Program Files (x86)\\nxlog\\nxlog.exe"
|
|
},
|
|
"execute_parameters": {
|
|
"@type": "string",
|
|
"@value": "-c \"%s\""
|
|
},
|
|
"validation_parameters": {
|
|
"@type": "string",
|
|
"@value": "-v -f -c \"%s\""
|
|
},
|
|
"default_template": {
|
|
"@type": "string",
|
|
"@value": "define ROOT C:\\Program Files (x86)\\nxlog\n\nModuledir %ROOT%\\modules\nCacheDir %ROOT%\\data\nPidfile %ROOT%\\data\\nxlog.pid\nSpoolDir %ROOT%\\data\nLogFile %ROOT%\\data\\nxlog.log\nLogLevel INFO\n\n<Extension logrotate>\n Module xm_fileop\n <Schedule>\n When @daily\n Exec file_cycle('%ROOT%\\data\\nxlog.log', 7);\n </Schedule>\n</Extension>\n\n\n<Extension gelfExt>\n Module xm_gelf\n # Avoid truncation of the short_message field to 64 characters.\n ShortMessageLength 65536\n</Extension>\n\n<Input eventlog>\n Module im_msvistalog\n PollInterval 1\n SavePos True\n ReadFromLast True\n \n #Channel System\n #<QueryXML>\n # <QueryList>\n # <Query Id='1'>\n # <Select Path='Security'>*[System/Level=4]</Select>\n # </Query>\n # </QueryList>\n #</QueryXML>\n</Input>\n\n\n<Input file>\n\tModule im_file\n\tFile 'C:\\Windows\\MyLogDir\\\\*.log'\n\tPollInterval 1\n\tSavePos\tTrue\n\tReadFromLast True\n\tRecursive False\n\tRenameCheck False\n\tExec $FileName = file_name(); # Send file name with each message\n</Input>\n\n\n<Output gelf>\n\tModule om_tcp\n\tHost 192.168.1.1\n\tPort 12201\n\tOutputType GELF_TCP\n\t<Exec>\n\t # These fields are needed for Graylog\n\t $gl2_source_collector = '${sidecar.nodeId}';\n\t $collector_node_id = '${sidecar.nodeName}';\n\t</Exec>\n</Output>\n\n\n<Route route-1>\n Path eventlog => gelf\n</Route>\n<Route route-2>\n Path file => gelf\n</Route>\n\n"
|
|
}
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "2e477fbe-615c-4cf9-a48e-48ace38d1591",
|
|
"data": {
|
|
"name": "DAY",
|
|
"pattern": "(?:Mon(?:day)?|Tue(?:sday)?|Wed(?:nesday)?|Thu(?:rsday)?|Fri(?:day)?|Sat(?:urday)?|Sun(?:day)?)"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "53f544b2-0323-4d77-8df0-29461b916318",
|
|
"data": {
|
|
"name": "DATESTAMP_OTHER",
|
|
"pattern": "%{DAY} %{MONTH} %{MONTHDAY} %{TIME} %{TZ} %{YEAR}"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "8caea7c6-e2ea-461b-81d4-04c2e17fb490",
|
|
"data": {
|
|
"name": "CISCOMAC",
|
|
"pattern": "(?:(?:[A-Fa-f0-9]{4}\\.){2}[A-Fa-f0-9]{4})"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "b15ec78c-5fed-497b-8bac-b85d74c6052b",
|
|
"data": {
|
|
"name": "SECOND",
|
|
"pattern": "(?:(?:[0-5]?[0-9]|60)(?:[:.,][0-9]+)?)"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "5929b910-f97b-4131-92e9-c4a2031518fc",
|
|
"data": {
|
|
"name": "BASE16NUM",
|
|
"pattern": "(?<![0-9A-Fa-f])(?:[+-]?(?:0x)?(?:[0-9A-Fa-f]+))"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "c989eb86-1aba-4d2a-9639-85a117472496",
|
|
"data": {
|
|
"name": "DATE",
|
|
"pattern": "%{DATE_US}|%{DATE_EU}"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "bab21710-64f1-4c56-b4b6-7bb9c876e924",
|
|
"data": {
|
|
"name": "URIPATHPARAM",
|
|
"pattern": "%{URIPATH}(?:%{URIPARAM})?"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "35a6765b-4635-4b2e-b7a9-02e829316d8d",
|
|
"data": {
|
|
"name": "LOGLEVEL",
|
|
"pattern": "([Aa]lert|ALERT|[Tt]race|TRACE|[Dd]ebug|DEBUG|[Nn]otice|NOTICE|[Ii]nfo|INFO|[Ww]arn?(?:ing)?|WARN?(?:ING)?|[Ee]rr?(?:or)?|ERR?(?:OR)?|[Cc]rit?(?:ical)?|CRIT?(?:ICAL)?|[Ff]atal|FATAL|[Ss]evere|SEVERE|EMERG(?:ENCY)?|[Ee]merg(?:ency)?)"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "c03e91d3-a36a-4e2a-9c05-b4cabd93f39e",
|
|
"data": {
|
|
"name": "INT",
|
|
"pattern": "(?:[+-]?(?:[0-9]+))"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "4f2a8bb0-da94-4d11-a9d2-c3807b8f7445",
|
|
"data": {
|
|
"name": "COMMONMAC",
|
|
"pattern": "(?:(?:[A-Fa-f0-9]{2}:){5}[A-Fa-f0-9]{2})"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "55b315e3-d7e6-41f2-a6ba-090b67b1ae5a",
|
|
"data": {
|
|
"name": "PATH",
|
|
"pattern": "(?:%{UNIXPATH}|%{WINPATH})"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "input",
|
|
"version": "1"
|
|
},
|
|
"id": "95a5657f-0ed4-419c-b4cf-8c4357683d69",
|
|
"data": {
|
|
"title": {
|
|
"@type": "string",
|
|
"@value": "MySQL"
|
|
},
|
|
"configuration": {
|
|
"tls_key_file": {
|
|
"@type": "string",
|
|
"@value": ""
|
|
},
|
|
"port": {
|
|
"@type": "integer",
|
|
"@value": 5044
|
|
},
|
|
"tls_enable": {
|
|
"@type": "boolean",
|
|
"@value": false
|
|
},
|
|
"recv_buffer_size": {
|
|
"@type": "integer",
|
|
"@value": 1048576
|
|
},
|
|
"tcp_keepalive": {
|
|
"@type": "boolean",
|
|
"@value": false
|
|
},
|
|
"tls_client_auth_cert_file": {
|
|
"@type": "string",
|
|
"@value": ""
|
|
},
|
|
"bind_address": {
|
|
"@type": "string",
|
|
"@value": "0.0.0.0"
|
|
},
|
|
"no_beats_prefix": {
|
|
"@type": "boolean",
|
|
"@value": false
|
|
},
|
|
"tls_cert_file": {
|
|
"@type": "string",
|
|
"@value": ""
|
|
},
|
|
"tls_client_auth": {
|
|
"@type": "string",
|
|
"@value": "disabled"
|
|
},
|
|
"number_worker_threads": {
|
|
"@type": "integer",
|
|
"@value": 4
|
|
},
|
|
"tls_key_password": {
|
|
"@type": "string",
|
|
"@value": ""
|
|
}
|
|
},
|
|
"static_fields": {},
|
|
"type": {
|
|
"@type": "string",
|
|
"@value": "org.graylog.plugins.beats.Beats2Input"
|
|
},
|
|
"global": {
|
|
"@type": "boolean",
|
|
"@value": true
|
|
},
|
|
"extractors": []
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "089c28a7-a3e6-455e-9224-ec34212726d1",
|
|
"data": {
|
|
"name": "ISO8601_SECOND",
|
|
"pattern": "(?:%{SECOND}|60)"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "37b422ec-e226-4f3c-8461-929df9e3b570",
|
|
"data": {
|
|
"name": "GREEDYDATA",
|
|
"pattern": ".*"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "b4d59466-6610-40f6-bc86-d0ad835e3e59",
|
|
"data": {
|
|
"name": "MONTHDAY",
|
|
"pattern": "(?:(?:0[1-9])|(?:[12][0-9])|(?:3[01])|[1-9])"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "075b3e85-593e-471d-ab8c-82ac71542728",
|
|
"data": {
|
|
"name": "TIME",
|
|
"pattern": "(?!<[0-9])%{HOUR}:%{MINUTE}(?::%{SECOND})(?![0-9])"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "0f2c231d-6a0c-46bb-8ae8-a7c53bca776e",
|
|
"data": {
|
|
"name": "TZ",
|
|
"pattern": "(?:[PMCE][SD]T|UTC)"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "d18cdb90-fe4c-4b26-904b-9ba148fccc37",
|
|
"data": {
|
|
"name": "HTTPDERROR_DATE",
|
|
"pattern": "%{DAY} %{MONTH} %{MONTHDAY} %{TIME} %{YEAR}"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "926552e4-c6e6-42d2-a2af-177a6e5ca3c3",
|
|
"data": {
|
|
"name": "NUMBER",
|
|
"pattern": "(?:%{BASE10NUM})"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "2a77197a-385e-41fe-a8b5-70c9c376466f",
|
|
"data": {
|
|
"name": "QS",
|
|
"pattern": "%{QUOTEDSTRING}"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "f9169aaa-825b-4e85-86f6-da5e057c388f",
|
|
"data": {
|
|
"name": "DATA",
|
|
"pattern": ".*?"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "247a2f23-3bb6-4dc4-beb1-57234162f0e5",
|
|
"data": {
|
|
"name": "DATESTAMP",
|
|
"pattern": "%{DATE}[- ]%{TIME}"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "f821d762-92a8-4fc2-8d77-4b25a2a173d1",
|
|
"data": {
|
|
"name": "MONTHNUM",
|
|
"pattern": "(?:0?[1-9]|1[0-2])"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "33b8be09-37f2-4d14-9edf-6881bf54743d",
|
|
"data": {
|
|
"name": "WORD",
|
|
"pattern": "\\b\\w+\\b"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "89af4964-6026-44fb-81ea-d6a390ca8903",
|
|
"data": {
|
|
"name": "IP",
|
|
"pattern": "(?:%{IPV6}|%{IPV4})"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "492d4c0f-ee79-4129-bf4b-ab8d7a933a3b",
|
|
"data": {
|
|
"name": "WINPATH",
|
|
"pattern": "(?>[A-Za-z]+:|\\\\)(?:\\\\[^\\\\?*]*)+"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "input",
|
|
"version": "1"
|
|
},
|
|
"id": "2399a894-fd4a-4c3b-8e2f-30970a7aa8d3",
|
|
"data": {
|
|
"title": {
|
|
"@type": "string",
|
|
"@value": "Laravel"
|
|
},
|
|
"configuration": {
|
|
"recv_buffer_size": {
|
|
"@type": "integer",
|
|
"@value": 262144
|
|
},
|
|
"port": {
|
|
"@type": "integer",
|
|
"@value": 12201
|
|
},
|
|
"number_worker_threads": {
|
|
"@type": "integer",
|
|
"@value": 4
|
|
},
|
|
"bind_address": {
|
|
"@type": "string",
|
|
"@value": "0.0.0.0"
|
|
},
|
|
"decompress_size_limit": {
|
|
"@type": "integer",
|
|
"@value": 8388608
|
|
}
|
|
},
|
|
"static_fields": {},
|
|
"type": {
|
|
"@type": "string",
|
|
"@value": "org.graylog2.inputs.gelf.udp.GELFUDPInput"
|
|
},
|
|
"global": {
|
|
"@type": "boolean",
|
|
"@value": true
|
|
},
|
|
"extractors": []
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "ba6885ed-9583-4898-a4ff-ee231e5b3fba",
|
|
"data": {
|
|
"name": "IPV4",
|
|
"pattern": "(?<![0-9])(?:(?:[0-1]?[0-9]{1,2}|2[0-4][0-9]|25[0-5])[.](?:[0-1]?[0-9]{1,2}|2[0-4][0-9]|25[0-5])[.](?:[0-1]?[0-9]{1,2}|2[0-4][0-9]|25[0-5])[.](?:[0-1]?[0-9]{1,2}|2[0-4][0-9]|25[0-5]))(?![0-9])"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "4c016236-66b5-4633-b961-08e9f1d1a4ec",
|
|
"data": {
|
|
"name": "NOTSPACE",
|
|
"pattern": "\\S+"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "22f9f174-793a-45d7-9444-519d6a4b99c0",
|
|
"data": {
|
|
"name": "COMMONAPACHELOG",
|
|
"pattern": "%{IPORHOST:clientip} %{HTTPDUSER:ident} %{USER:auth} \\[%{HTTPDATE:timestamp;date;dd/MMM/yyyy:HH:mm:ss Z}\\] \"(?:%{WORD:verb} %{NOTSPACE:request}(?: HTTP/%{NUMBER:httpversion})?|%{DATA:rawrequest})\" %{NUMBER:response} (?:%{NUMBER:bytes}|-)"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "b2a8b7c7-bbb7-4904-b5cc-920c69019ad3",
|
|
"data": {
|
|
"name": "MAC",
|
|
"pattern": "(?:%{CISCOMAC}|%{WINDOWSMAC}|%{COMMONMAC})"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "993b5faa-64bf-4e8a-8998-54a980ddb4a4",
|
|
"data": {
|
|
"name": "NONNEGINT",
|
|
"pattern": "\\b(?:[0-9]+)\\b"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "7ec306ac-bfe2-4dd1-9e86-6876382216de",
|
|
"data": {
|
|
"name": "PROG",
|
|
"pattern": "[\\x21-\\x5a\\x5c\\x5e-\\x7e]+"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "ca3ccb18-4220-41c1-8d8a-82833a13bd4d",
|
|
"data": {
|
|
"name": "USER",
|
|
"pattern": "%{USERNAME}"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "sidecar_collector",
|
|
"version": "1"
|
|
},
|
|
"id": "abc9f978-f01e-470e-9687-3977ba243011",
|
|
"data": {
|
|
"name": {
|
|
"@type": "string",
|
|
"@value": "winlogbeat"
|
|
},
|
|
"service_type": {
|
|
"@type": "string",
|
|
"@value": "svc"
|
|
},
|
|
"node_operating_system": {
|
|
"@type": "string",
|
|
"@value": "windows"
|
|
},
|
|
"executable_path": {
|
|
"@type": "string",
|
|
"@value": "C:\\Program Files\\Graylog\\sidecar\\winlogbeat.exe"
|
|
},
|
|
"execute_parameters": {
|
|
"@type": "string",
|
|
"@value": "-c \"%s\""
|
|
},
|
|
"validation_parameters": {
|
|
"@type": "string",
|
|
"@value": "test config -c \"%s\""
|
|
},
|
|
"default_template": {
|
|
"@type": "string",
|
|
"@value": "# Needed for Graylog\nfields_under_root: true\nfields.collector_node_id: ${sidecar.nodeName}\nfields.gl2_source_collector: ${sidecar.nodeId}\n\noutput.logstash:\n hosts: [\"192.168.1.1:5044\"]\npath:\n data: C:\\Program Files\\Graylog\\sidecar\\cache\\winlogbeat\\data\n logs: C:\\Program Files\\Graylog\\sidecar\\logs\ntags:\n - windows\nwinlogbeat:\n event_logs:\n - name: Application\n - name: System\n - name: Security"
|
|
}
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "00148b53-1876-414e-81e8-875ba243a028",
|
|
"data": {
|
|
"name": "HOSTNAME",
|
|
"pattern": "\\b(?:[0-9A-Za-z][0-9A-Za-z-]{0,62})(?:\\.(?:[0-9A-Za-z][0-9A-Za-z-]{0,62}))*(\\.?|\\b)"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "4d5a33f8-83f7-4a4e-9be9-0bf62c2bc533",
|
|
"data": {
|
|
"name": "DATE_US",
|
|
"pattern": "%{MONTHNUM}[/-]%{MONTHDAY}[/-]%{YEAR}"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "5cb8080d-ef7c-48f7-bc8b-e284a114a5ec",
|
|
"data": {
|
|
"name": "HOUR",
|
|
"pattern": "(?:2[0123]|[01]?[0-9])"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "e54f322e-ac39-49bf-b7c5-b53c70a561a0",
|
|
"data": {
|
|
"name": "HTTPD24_ERRORLOG",
|
|
"pattern": "\\[%{HTTPDERROR_DATE:timestamp}\\] \\[%{WORD:module}:%{LOGLEVEL:loglevel}\\] \\[pid %{POSINT:pid}:tid %{NUMBER:tid}\\]( \\(%{POSINT:proxy_errorcode}\\)%{DATA:proxy_errormessage}:)?( \\[client %{IPORHOST:client}:%{POSINT:clientport}\\])? %{DATA:errorcode}: %{GREEDYDATA:message}"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "73ed17b1-3992-4783-aee0-47f31e506a00",
|
|
"data": {
|
|
"name": "POSINT",
|
|
"pattern": "\\b(?:[1-9][0-9]*)\\b"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "1ba2d36b-bbff-4337-9e13-acd9e1674285",
|
|
"data": {
|
|
"name": "URIPARAM",
|
|
"pattern": "\\?[A-Za-z0-9$.+!*'|(){},~@#%&/=:;_?\\-\\[\\]<>]*"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "007a7e1b-b888-4d34-870c-66a3b7f91b97",
|
|
"data": {
|
|
"name": "EMAILLOCALPART",
|
|
"pattern": "[a-zA-Z][a-zA-Z0-9_.+-=:]+"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "984cce84-823c-45c9-8d53-9bbd61ff4685",
|
|
"data": {
|
|
"name": "EMAILADDRESS",
|
|
"pattern": "%{EMAILLOCALPART}@%{HOSTNAME}"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "858f1b4a-4a7b-483b-bfa2-5e0bae6ec03a",
|
|
"data": {
|
|
"name": "TTY",
|
|
"pattern": "(?:/dev/(pts|tty([pq])?)(\\w+)?/?(?:[0-9]+))"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "67be690a-928f-48cc-93d1-c9e06b09582e",
|
|
"data": {
|
|
"name": "DATESTAMP_RFC822",
|
|
"pattern": "%{DAY} %{MONTH} %{MONTHDAY} %{YEAR} %{TIME} %{TZ}"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "6faa1684-62f9-45a8-b5d1-ea4aa49d15d6",
|
|
"data": {
|
|
"name": "URIHOST",
|
|
"pattern": "%{IPORHOST}(?::%{POSINT:port})?"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "1ccb050a-8430-48dc-8ec9-d2fc754c483b",
|
|
"data": {
|
|
"name": "HTTPDATE",
|
|
"pattern": "%{MONTHDAY}/%{MONTH}/%{YEAR}:%{TIME} %{INT}"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "35f9f5a9-6b44-4dc1-853c-f3ffa2504c03",
|
|
"data": {
|
|
"name": "SYSLOGPROG",
|
|
"pattern": "%{PROG:program}(?:\\[%{POSINT:pid}\\])?"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "22ccfac1-ba47-4c9c-9349-04f6fdca1748",
|
|
"data": {
|
|
"name": "WINDOWSMAC",
|
|
"pattern": "(?:(?:[A-Fa-f0-9]{2}-){5}[A-Fa-f0-9]{2})"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "fdb9dee3-a9bf-4132-aa21-7c8d987481b9",
|
|
"data": {
|
|
"name": "TIMESTAMP_ISO8601",
|
|
"pattern": "%{YEAR}-%{MONTHNUM}-%{MONTHDAY}[T ]%{HOUR}:?%{MINUTE}(?::?%{SECOND})?%{ISO8601_TIMEZONE}?"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "sidecar_collector",
|
|
"version": "1"
|
|
},
|
|
"id": "f30d09f1-90c2-4375-9ecb-89ce13e20915",
|
|
"data": {
|
|
"name": {
|
|
"@type": "string",
|
|
"@value": "filebeat"
|
|
},
|
|
"service_type": {
|
|
"@type": "string",
|
|
"@value": "svc"
|
|
},
|
|
"node_operating_system": {
|
|
"@type": "string",
|
|
"@value": "windows"
|
|
},
|
|
"executable_path": {
|
|
"@type": "string",
|
|
"@value": "C:\\Program Files\\Graylog\\sidecar\\filebeat.exe"
|
|
},
|
|
"execute_parameters": {
|
|
"@type": "string",
|
|
"@value": "-c \"%s\""
|
|
},
|
|
"validation_parameters": {
|
|
"@type": "string",
|
|
"@value": "test config -c \"%s\""
|
|
},
|
|
"default_template": {
|
|
"@type": "string",
|
|
"@value": "# Needed for Graylog\nfields_under_root: true\nfields.collector_node_id: ${sidecar.nodeName}\nfields.gl2_source_collector: ${sidecar.nodeId}\n\noutput.logstash:\n hosts: [\"192.168.1.1:5044\"]\npath:\n data: C:\\Program Files\\Graylog\\sidecar\\cache\\filebeat\\data\n logs: C:\\Program Files\\Graylog\\sidecar\\logs\ntags:\n - windows\nfilebeat.inputs:\n- type: log\n enabled: true\n paths:\n - C:\\logs\\log.log\n"
|
|
}
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "320c2c19-1e1a-4c27-bc8b-547896b56e7e",
|
|
"data": {
|
|
"name": "BASE10NUM",
|
|
"pattern": "(?<![0-9.+-])(?>[+-]?(?:(?:[0-9]+(?:\\.[0-9]+)?)|(?:\\.[0-9]+)))"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "d008f6e1-1c14-447e-bacc-8e86accde5f7",
|
|
"data": {
|
|
"name": "HTTPD20_ERRORLOG",
|
|
"pattern": "\\[%{HTTPDERROR_DATE:timestamp}\\] \\[%{LOGLEVEL:loglevel}\\] (?:\\[client %{IPORHOST:clientip}\\] ){0,1}%{GREEDYDATA:errormsg}"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "dceff2d8-677f-406e-bf4f-1973aee060a5",
|
|
"data": {
|
|
"name": "COMBINEDAPACHELOG",
|
|
"pattern": "%{COMMONAPACHELOG} %{QS:referrer} %{QS:agent}"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "ec726ca4-ac9d-4917-8c2a-da8e2499e85a",
|
|
"data": {
|
|
"name": "DATESTAMP_RFC2822",
|
|
"pattern": "%{DAY}, %{MONTHDAY} %{MONTH} %{YEAR} %{TIME} %{ISO8601_TIMEZONE}"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "9bdc4061-bee8-4902-bde2-5eb17759c36c",
|
|
"data": {
|
|
"name": "ISO8601_TIMEZONE",
|
|
"pattern": "(?:Z|[+-]%{HOUR}(?::?%{MINUTE}))"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "0be7b9d1-f719-4ef7-a8aa-32906922122f",
|
|
"data": {
|
|
"name": "UNIXPATH",
|
|
"pattern": "(/([\\w_%!$@:.,~-]+|\\\\.)*)+"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "22dc7fae-412c-4026-adad-0b71bfa2cba5",
|
|
"data": {
|
|
"name": "UUID",
|
|
"pattern": "[A-Fa-f0-9]{8}-(?:[A-Fa-f0-9]{4}-){3}[A-Fa-f0-9]{12}"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "14bb404e-afae-4119-9b18-96e0e1df3355",
|
|
"data": {
|
|
"name": "SPACE",
|
|
"pattern": "\\s*"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "3d93cd19-e88b-4487-b542-e1bdf9075473",
|
|
"data": {
|
|
"name": "USERNAME",
|
|
"pattern": "[a-zA-Z0-9._-]+"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "53b67c38-ba8a-4844-8e16-ec73be53e53f",
|
|
"data": {
|
|
"name": "BASE16FLOAT",
|
|
"pattern": "\\b(?<![0-9A-Fa-f.])(?:[+-]?(?:0x)?(?:(?:[0-9A-Fa-f]+(?:\\.[0-9A-Fa-f]*)?)|(?:\\.[0-9A-Fa-f]+)))\\b"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "1c35883d-79f1-4ac5-bfbd-4de46b93b038",
|
|
"data": {
|
|
"name": "URI",
|
|
"pattern": "%{URIPROTO}://(?:%{USER}(?::[^@]*)?@)?(?:%{URIHOST})?(?:%{URIPATHPARAM})?"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "037050ff-4fc7-4ab6-ae28-5992be37be17",
|
|
"data": {
|
|
"name": "URIPATH",
|
|
"pattern": "(?:/[A-Za-z0-9$.+!*'(){},~:;=@#%_\\-]*)+"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "da9d35c7-6045-4f24-9ed6-db09aac6499a",
|
|
"data": {
|
|
"name": "DATESTAMP_EVENTLOG",
|
|
"pattern": "%{YEAR}%{MONTHNUM2}%{MONTHDAY}%{HOUR}%{MINUTE}%{SECOND}"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "438cd268-259b-48f1-b65d-62febe312acd",
|
|
"data": {
|
|
"name": "HTTPD_ERRORLOG",
|
|
"pattern": "%{HTTPD20_ERRORLOG}|%{HTTPD24_ERRORLOG}"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "0de2450e-258b-48bc-8256-5d86fa63e96d",
|
|
"data": {
|
|
"name": "SYSLOGBASE",
|
|
"pattern": "%{SYSLOGTIMESTAMP:timestamp} (?:%{SYSLOGFACILITY} )?%{SYSLOGHOST:logsource} %{SYSLOGPROG}:"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "fe10b676-42be-422a-a7cf-6cd5d3710316",
|
|
"data": {
|
|
"name": "HTTPDUSER",
|
|
"pattern": "%{EMAILADDRESS}|%{USER}"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "8d4d1366-010f-47ff-b456-12acbf571fb0",
|
|
"data": {
|
|
"name": "MONTHNUM2",
|
|
"pattern": "(?:0[1-9]|1[0-2])"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "157039a0-0020-44d5-8560-409727f8843f",
|
|
"data": {
|
|
"name": "MONTH",
|
|
"pattern": "\\b(?:Jan(?:uary|uar)?|Feb(?:ruary|ruar)?|M(?:a|ä)?r(?:ch|z)?|Apr(?:il)?|Ma(?:y|i)?|Jun(?:e|i)?|Jul(?:y)?|Aug(?:ust)?|Sep(?:tember)?|O(?:c|k)?t(?:ober)?|Nov(?:ember)?|De(?:c|z)(?:ember)?)\\b"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "b63bd64b-a2f6-427d-a375-ad69c6ab4f9f",
|
|
"data": {
|
|
"name": "YEAR",
|
|
"pattern": "(?>\\d\\d){1,2}"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "cf0c76bf-4af8-4df5-9d1f-180153aac612",
|
|
"data": {
|
|
"name": "IPV6",
|
|
"pattern": "((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:)))(%.+)?"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "ce76d569-9056-4612-b066-ae4a8cd5fe10",
|
|
"data": {
|
|
"name": "SYSLOGHOST",
|
|
"pattern": "%{IPORHOST}"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "sidecar_collector",
|
|
"version": "1"
|
|
},
|
|
"id": "30a4bf82-5c63-40ee-a947-19551aabdadd",
|
|
"data": {
|
|
"name": {
|
|
"@type": "string",
|
|
"@value": "nxlog"
|
|
},
|
|
"service_type": {
|
|
"@type": "string",
|
|
"@value": "exec"
|
|
},
|
|
"node_operating_system": {
|
|
"@type": "string",
|
|
"@value": "linux"
|
|
},
|
|
"executable_path": {
|
|
"@type": "string",
|
|
"@value": "/usr/bin/nxlog"
|
|
},
|
|
"execute_parameters": {
|
|
"@type": "string",
|
|
"@value": "-f -c %s"
|
|
},
|
|
"validation_parameters": {
|
|
"@type": "string",
|
|
"@value": "-v -c %s"
|
|
},
|
|
"default_template": {
|
|
"@type": "string",
|
|
"@value": "define ROOT /usr/bin\n\n<Extension gelfExt>\n Module xm_gelf\n # Avoid truncation of the short_message field to 64 characters.\n ShortMessageLength 65536\n</Extension>\n\n<Extension syslogExt>\n Module xm_syslog\n</Extension>\n\nUser nxlog\nGroup nxlog\n\nModuledir /usr/lib/nxlog/modules\nCacheDir /var/spool/nxlog/data\nPidFile /var/run/nxlog/nxlog.pid\nLogFile /var/log/nxlog/nxlog.log\nLogLevel INFO\n\n\n<Input file>\n\tModule im_file\n\tFile '/var/log/*.log'\n\tPollInterval 1\n\tSavePos\tTrue\n\tReadFromLast True\n\tRecursive False\n\tRenameCheck False\n\tExec $FileName = file_name(); # Send file name with each message\n</Input>\n\n#<Input syslog-udp>\n#\tModule im_udp\n#\tHost 127.0.0.1\n#\tPort 514\n#\tExec parse_syslog_bsd();\n#</Input>\n\n<Output gelf>\n\tModule om_tcp\n\tHost 192.168.1.1\n\tPort 12201\n\tOutputType GELF_TCP\n\t<Exec>\n\t # These fields are needed for Graylog\n\t $gl2_source_collector = '${sidecar.nodeId}';\n\t $collector_node_id = '${sidecar.nodeName}';\n\t</Exec>\n</Output>\n\n\n<Route route-1>\n Path file => gelf\n</Route>\n#<Route route-2>\n# Path syslog-udp => gelf\n#</Route>\n\n\n"
|
|
}
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "9084046b-5fdb-492b-ae8c-194dc2600739",
|
|
"data": {
|
|
"name": "DATE_EU",
|
|
"pattern": "%{MONTHDAY}[./-]%{MONTHNUM}[./-]%{YEAR}"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "68ab0925-f0bb-4620-8982-7cb93c544e84",
|
|
"data": {
|
|
"name": "HOSTPORT",
|
|
"pattern": "%{IPORHOST}:%{POSINT}"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "a142e740-27a9-49a0-906b-764b6807734c",
|
|
"data": {
|
|
"name": "MINUTE",
|
|
"pattern": "(?:[0-5][0-9])"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "f3b69a79-7052-4aa5-83d6-64b855997034",
|
|
"data": {
|
|
"name": "SYSLOGFACILITY",
|
|
"pattern": "<%{NONNEGINT:facility}.%{NONNEGINT:priority}>"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "grok_pattern",
|
|
"version": "1"
|
|
},
|
|
"id": "7f128254-bc48-4047-baca-c034e257cd94",
|
|
"data": {
|
|
"name": "URIPROTO",
|
|
"pattern": "[A-Za-z]+(\\+[A-Za-z+]+)?"
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=4.0.5+d95b909"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|