Skip to content

Commit b03984d

Browse files
afeefghannam89afeefghannam89
committed
move process condition to syslog pipeline
1 parent ba9cc7d commit b03984d

File tree

1 file changed

+0
-2
lines changed

1 file changed

+0
-2
lines changed

filter-50-secure-ssh.conf

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,4 @@
11
filter {
2-
if [process][name] == "sshd" or [journald][process][name] == "sshd" {
32
if [message] =~ /^(Accepted|Failed)/ {
43
grok {
54
match => ["message", "%{WORD:[ssh][auth][result]} %{WORD:[ssh][auth][method]} for (invalid user )?%{USERNAME:[user][name]} from %{IPORHOST:[client][address]} port %{NUMBER:[client][port]} %{WORD:[ssh][protocol]}(: %{GREEDYDATA:[ssh][signature]})?"]
@@ -45,5 +44,4 @@ filter {
4544
}
4645
}
4746
}
48-
}
4947
}

0 commit comments

Comments
 (0)