Skip to content

Commit a616a18

Browse files
afeefghannam89afeefghannam89
authored
Merge pull request #15 from afeefghannam89/rebuild-#14
Rebuild #14
2 parents ba9cc7d + b3b34d7 commit a616a18

File tree

4 files changed

+2
-34
lines changed

4 files changed

+2
-34
lines changed

README.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
# secure-logstash-pipeline
1+
# ssh-logstash-pipeline
22

33
## Input and Output ##
44

@@ -10,7 +10,7 @@ Here are examples how your files could look if you want to use a local Redis ins
1010
input {
1111
redis {
1212
host => localhost
13-
key => "secure"
13+
key => "ssh"
1414
data_type => list
1515
}
1616
}

filter-50-secure-sudo.conf

Lines changed: 0 additions & 11 deletions
This file was deleted.

filter-50-secure-user-group.conf

Lines changed: 0 additions & 19 deletions
This file was deleted.

filter-50-secure-ssh.conf renamed to filter-ssh.conf

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,4 @@
11
filter {
2-
if [process][name] == "sshd" or [journald][process][name] == "sshd" {
32
if [message] =~ /^(Accepted|Failed)/ {
43
grok {
54
match => ["message", "%{WORD:[ssh][auth][result]} %{WORD:[ssh][auth][method]} for (invalid user )?%{USERNAME:[user][name]} from %{IPORHOST:[client][address]} port %{NUMBER:[client][port]} %{WORD:[ssh][protocol]}(: %{GREEDYDATA:[ssh][signature]})?"]
@@ -45,5 +44,4 @@ filter {
4544
}
4645
}
4746
}
48-
}
4947
}

0 commit comments

Comments
 (0)