I am trying to parse modsecurity audit logs which are natively being logged in JSON format. However when I am using logstash to ingest in elastic stack those appears like below and actual needed fields are not being parsed in their respective fields. I am not sure if any further config needed in logstash?
Here is my logstash config
input { file { type => "json" path => "/var/log/modsec_audit.log" start_position => "beginning" sincedb_path => "/dev/null" } } filter { json { source => "message" skip_on_invalid_json => "true" tag_on_failure => ["_jsonparsefailure"] } } However in Kibana those are not getting parsed correctly. Kibana Images for Logs Parsed
https://stackoverflow.com/questions/67428119/nested-json-messages-are-not-getting-parsed-correctly-through-logstash May 07, 2021 at 10:05AM
没有评论:
发表评论