API tools faq
paste
Advertisement
Guest User

5 Untangle syslog messages for one event with info

a guest
Apr 21st, 2015
365
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 12.74 KB | None | 0 0
raw download clone embed print report diff
  1. Event 1 (node.firewall.FirewallEvent):
  2. Useful information - ruleId, blocked, flagged, Protocol & sessionId
  3.  
  4. {
  5. "_index": "logstash-2015.04.21",
  6. "_type": "modify_this",
  7. "_id": "AUzbirgQl3tTMJhXjRTL",
  8. "_score": null,
  9. "_source": {
  10. "message": "<142>Apr 21 11:34:01 localhost node-17: [SyslogManagerImpl] <TCP_93650930808539> INFO uvm[0]: {\"timeStamp\":\"2015-04-21 11:34:01.384\",\"sessionId\":93650930808539,\"tag\":\"uvm[0]: \",\"ruleId\":100001,\"flagged\":true,\"class\":\"class com.untangle.node.firewall.FirewallEvent\",\"blocked\":false}",
  11. "@version": "1",
  12. "@timestamp": "2015-04-21T10:34:01.384Z",
  13. "host": "10.0.0.1",
  14. "type": "modify_this",
  15. "priority": "142",
  16. "syslogtimestamp": "Apr 21 11:34:01",
  17. "Protocol": "TCP_93650930808539",
  18. "Severity": "INFO",
  19. "jsonmessage": "{\"timeStamp\":\"2015-04-21 11:34:01.384\",\"sessionId\":93650930808539,\"tag\":\"uvm[0]: \",\"ruleId\":100001,\"flagged\":true,\"class\":\"class com.untangle.node.firewall.FirewallEvent\",\"blocked\":false}",
  20. "tags": [
  21. "untangle-syslog"
  22. ],
  23. "timeStamp": "2015-04-21 11:34:01.384",
  24. "sessionId": 93650930808539,
  25. "tag": "uvm[0]: ",
  26. "ruleId": 100001,
  27. "flagged": true,
  28. "class": "node.firewall.FirewallEvent",
  29. "blocked": false
  30. },
  31. "fields": {
  32. "@timestamp": [
  33. 1429612441384
  34. ]
  35. },
  36. "highlight": {
  37. "message": [
  38. "<142>Apr 21 11:34:01 localhost node-17: [SyslogManagerImpl] <@kibana-highlighted-field@TCP_93650930808539@/kibana-highlighted-field@> INFO uvm[0"
  39. ],
  40. "Protocol": [
  41. "@kibana-highlighted-field@TCP_93650930808539@/kibana-highlighted-field@"
  42. ]
  43. },
  44. "sort": [
  45. 1429612441384
  46. ]
  47. }
  48.  
  49. Event 2 (node.http.HttpRequestEvent):
  50. Useful information: Requested URI, websiteHost, sessionId, Protocol, username & hostname
  51.  
  52. {
  53. "_index": "logstash-2015.04.21",
  54. "_type": "modify_this",
  55. "_id": "AUzbirt8l3tTMJhXjRTZ",
  56. "_score": null,
  57. "_source": {
  58. "message": "<142>Apr 21 11:34:01 localhost node-17: [SyslogManagerImpl] <TCP93650930808539> INFO uvm[0]: {\"requestUri\":\"/complete/search?output=firefox&client=firefox&hl=en-GB&q=New+Look+head+office+\",\"host\":\"suggestqueries.google.com\",\"timeStamp\":\"2015-04-21 11:34:01.401\",\"requestId\":93650930717290,\"sessionId\":93650930808539,\"tag\":\"uvm[0]: \",\"class\":\"class com.untangle.node.http.HttpRequestEvent\",\"method\":\"GET\",\"sessionEvent\":{\"protocol\":6,\"timeStamp\":\"2015-04-21 11:34:01.384\",\"SClientAddr\":\"/192.168.1.11\",\"tag\":\"uvm[0]: \",\"CServerAddr\":\"/216.58.210.46\",\"protocolName\":\"TCP\",\"CClientAddr\":\"/10.0.9.30\",\"class\":\"class com.untangle.uvm.node.SessionEvent\",\"hostname\":\"SQ-G-F4\",\"SClientPort\":14150,\"serverIntf\":1,\"CServerPort\":80,\"username\":\"dpassey\",\"clientIntf\":2,\"policyId\":18,\"sessionId\":93650930808539,\"SServerPort\":80,\"SServerAddr\":\"/216.58.210.46\",\"CClientPort\":2548},\"contentLength\":0}",
  59. "@version": "1",
  60. "@timestamp": "2015-04-21T10:34:01.401Z",
  61. "host": "10.0.0.1",
  62. "type": "modify_this",
  63. "priority": "142",
  64. "syslogtimestamp": "Apr 21 11:34:01",
  65. "Protocol": "TCP93650930808539",
  66. "Severity": "INFO",
  67. "jsonmessage": "{\"requestUri\":\"/complete/search?output=firefox&client=firefox&hl=en-GB&q=New+Look+head+office+\",\"websiteHost\":\"suggestqueries.google.com\",\"timeStamp\":\"2015-04-21 11:34:01.401\",\"requestId\":93650930717290,\"sessionId\":93650930808539,\"tag\":\"uvm[0]: \",\"class\":\"class com.untangle.node.http.HttpRequestEvent\",\"method\":\"GET\",\"sessionEvent\":{\"protocol\":6,\"timeStamp\":\"2015-04-21 11:34:01.384\",\"SClientAddr\":\"/192.168.1.11\",\"tag\":\"uvm[0]: \",\"CServerAddr\":\"/216.58.210.46\",\"protocolName\":\"TCP\",\"CClientAddr\":\"/10.0.9.30\",\"class\":\"class com.untangle.uvm.node.SessionEvent\",\"hostname\":\"SQ-G-F4\",\"SClientPort\":14150,\"serverIntf\":1,\"CServerPort\":80,\"username\":\"dpassey\",\"clientIntf\":2,\"policyId\":18,\"sessionId\":93650930808539,\"SServerPort\":80,\"SServerAddr\":\"/216.58.210.46\",\"CClientPort\":2548},\"contentLength\":0}",
  68. "tags": [
  69. "untangle-syslog"
  70. ],
  71. "requestUri": "/complete/search?output=firefox&client=firefox&hl=en-GB&q=New+Look+head+office+",
  72. "websiteHost": "suggestqueries.google.com",
  73. "timeStamp": "2015-04-21 11:34:01.401",
  74. "requestId": 93650930717290,
  75. "sessionId": 93650930808539,
  76. "tag": "uvm[0]: ",
  77. "class": "node.http.HttpRequestEvent",
  78. "method": "GET",
  79. "sessionEvent": {
  80. "protocol": 6,
  81. "timeStamp": "2015-04-21 11:34:01.384",
  82. "SClientAddr": "/192.168.1.11",
  83. "tag": "uvm[0]: ",
  84. "CServerAddr": "/216.58.210.46",
  85. "protocolName": "TCP",
  86. "CClientAddr": "/10.0.9.30",
  87. "class": "class com.untangle.uvm.node.SessionEvent",
  88. "hostname": "SQ-G-F4",
  89. "SClientPort": 14150,
  90. "serverIntf": 1,
  91. "CServerPort": 80,
  92. "username": "dpassey",
  93. "clientIntf": 2,
  94. "policyId": 18,
  95. "sessionId": 93650930808539,
  96. "SServerPort": 80,
  97. "SServerAddr": "/216.58.210.46",
  98. "CClientPort": 2548
  99. },
  100. "contentLength": 0
  101. },
  102. "fields": {
  103. "@timestamp": [
  104. 1429612441401
  105. ]
  106. },
  107. "highlight": {
  108. "message": [
  109. "<142>Apr 21 11:34:01 localhost node-17: [SyslogManagerImpl] <@kibana-highlighted-field@TCP93650930808539@/kibana-highlighted-field@> INFO uvm[0"
  110. ],
  111. "Protocol": [
  112. "@kibana-highlighted-field@TCP93650930808539@/kibana-highlighted-field@"
  113. ]
  114. },
  115. "sort": [
  116. 1429612441401
  117. ]
  118. }
  119.  
  120. Event 3 (node.webfilter.WebFilterEvent):
  121. Useful information: blocked, flagged, category, Protocol
  122.  
  123. {
  124. "_index": "logstash-2015.04.21",
  125. "_type": "modify_this",
  126. "_id": "AUzbirt8l3tTMJhXjRTa",
  127. "_score": null,
  128. "_source": {
  129. "message": "<142>Apr 21 11:34:01 localhost node-17: [SyslogManagerImpl] <TCP93650930808539> INFO uvm[0]: {\"category\":\"Search Engines\",\"timeStamp\":\"2015-04-21 11:34:01.402\",\"reason\":\"BLOCK_CATEGORY\",\"tag\":\"uvm[0]: \",\"flagged\":true,\"nodeName\":\"sitefilter\",\"class\":\"class com.untangle.node.webfilter.WebFilterEvent\",\"blocked\":false}",
  130. "@version": "1",
  131. "@timestamp": "2015-04-21T10:34:01.402Z",
  132. "host": "10.0.0.1",
  133. "type": "modify_this",
  134. "priority": "142",
  135. "syslogtimestamp": "Apr 21 11:34:01",
  136. "Protocol": "TCP93650930808539",
  137. "Severity": "INFO",
  138. "jsonmessage": "{\"category\":\"Search Engines\",\"timeStamp\":\"2015-04-21 11:34:01.402\",\"reason\":\"BLOCK_CATEGORY\",\"tag\":\"uvm[0]: \",\"flagged\":true,\"nodeName\":\"sitefilter\",\"class\":\"class com.untangle.node.webfilter.WebFilterEvent\",\"blocked\":false}",
  139. "tags": [
  140. "untangle-syslog"
  141. ],
  142. "category": "Search Engines",
  143. "timeStamp": "2015-04-21 11:34:01.402",
  144. "reason": "BLOCK_CATEGORY",
  145. "tag": "uvm[0]: ",
  146. "flagged": true,
  147. "nodeName": "sitefilter",
  148. "class": "node.webfilter.WebFilterEvent",
  149. "blocked": false
  150. },
  151. "fields": {
  152. "@timestamp": [
  153. 1429612441402
  154. ]
  155. },
  156. "highlight": {
  157. "message": [
  158. "<142>Apr 21 11:34:01 localhost node-17: [SyslogManagerImpl] <@kibana-highlighted-field@TCP93650930808539@/kibana-highlighted-field@> INFO uvm[0"
  159. ],
  160. "Protocol": [
  161. "@kibana-highlighted-field@TCP93650930808539@/kibana-highlighted-field@"
  162. ]
  163. },
  164. "sort": [
  165. 1429612441402
  166. ]
  167. }
  168.  
  169. Event 4 (node.http.HttpResponseEvent):
  170. Useful information: Protocol
  171.  
  172. {
  173. "_index": "logstash-2015.04.21",
  174. "_type": "modify_this",
  175. "_id": "AUzbiriIl3tTMJhXjRTO",
  176. "_score": null,
  177. "_source": {
  178. "message": "<142>Apr 21 11:34:01 localhost node-17: [SyslogManagerImpl] <TCP93650930808539> INFO uvm[0]: {\"requestLine\":\"RequestLine length: 91 (com.untangle.node.http.RequestLine@2f4bc4e6)\",\"timeStamp\":\"2015-04-21 11:34:01.44\",\"tag\":\"uvm[0]: \",\"class\":\"class com.untangle.node.http.HttpResponseEvent\",\"contentType\":\"text/javascript\",\"contentLength\":133}",
  179. "@version": "1",
  180. "@timestamp": "2015-04-21T10:34:01.440Z",
  181. "host": "10.0.0.1",
  182. "type": "modify_this",
  183. "priority": "142",
  184. "syslogtimestamp": "Apr 21 11:34:01",
  185. "Protocol": "TCP93650930808539",
  186. "Severity": "INFO",
  187. "jsonmessage": "{\"requestLine\":\"RequestLine length: 91 (com.untangle.node.http.RequestLine@2f4bc4e6)\",\"timeStamp\":\"2015-04-21 11:34:01.44\",\"tag\":\"uvm[0]: \",\"class\":\"class com.untangle.node.http.HttpResponseEvent\",\"contentType\":\"text/javascript\",\"contentLength\":133}",
  188. "tags": [
  189. "untangle-syslog"
  190. ],
  191. "requestLine": "RequestLine length: 91 (com.untangle.node.http.RequestLine@2f4bc4e6)",
  192. "timeStamp": "2015-04-21 11:34:01.44",
  193. "tag": "uvm[0]: ",
  194. "class": "node.http.HttpResponseEvent",
  195. "contentType": "text/javascript",
  196. "contentLength": 133
  197. },
  198. "fields": {
  199. "@timestamp": [
  200. 1429612441440
  201. ]
  202. },
  203. "highlight": {
  204. "message": [
  205. "<142>Apr 21 11:34:01 localhost node-17: [SyslogManagerImpl] <@kibana-highlighted-field@TCP93650930808539@/kibana-highlighted-field@> INFO uvm[0"
  206. ],
  207. "Protocol": [
  208. "@kibana-highlighted-field@TCP93650930808539@/kibana-highlighted-field@"
  209. ]
  210. },
  211. "sort": [
  212. 1429612441440
  213. ]
  214. }
  215.  
  216. Event 5 (node.classd.ClassDLogEvent):
  217. Useful information: Protocol, flagged, blocked, hostname, username
  218. {
  219. "_index": "logstash-2015.04.21",
  220. "_type": "modify_this",
  221. "_id": "AUzbiriIl3tTMJhXjRTN",
  222. "_score": null,
  223. "_source": {
  224. "message": "<142>Apr 21 11:34:01 localhost node-17: [SyslogManagerImpl] <TCP93650930808539> INFO uvm[0]: {\"application\":\"GOOGLE\",\"detail\":\"\",\"timeStamp\":\"2015-04-21 11:34:01.44\",\"tag\":\"uvm[0]: \",\"flagged\":false,\"state\":3,\"class\":\"class com.untangle.node.classd.ClassDLogEvent\",\"blocked\":false,\"confidence\":100,\"sessionEvent\":{\"protocol\":6,\"timeStamp\":\"2015-04-21 11:34:01.384\",\"SClientAddr\":\"/192.168.1.11\",\"tag\":\"uvm[0]: \",\"CServerAddr\":\"/216.58.210.46\",\"protocolName\":\"TCP\",\"CClientAddr\":\"/10.0.9.30\",\"class\":\"class com.untangle.uvm.node.SessionEvent\",\"hostname\":\"SQ-G-F4\",\"SClientPort\":14150,\"serverIntf\":1,\"CServerPort\":80,\"username\":\"dpassey\",\"clientIntf\":2,\"policyId\":18,\"sessionId\":93650930808539,\"SServerPort\":80,\"SServerAddr\":\"/216.58.210.46\",\"CClientPort\":2548},\"protochain\":\"/TCP/HTTP/GOOGLE\"}",
  225. "@version": "1",
  226. "@timestamp": "2015-04-21T10:34:01.440Z",
  227. "host": "10.0.0.1",
  228. "type": "modify_this",
  229. "priority": "142",
  230. "syslogtimestamp": "Apr 21 11:34:01",
  231. "Protocol": "TCP93650930808539",
  232. "Severity": "INFO",
  233. "jsonmessage": "{\"application\":\"GOOGLE\",\"detail\":\"\",\"timeStamp\":\"2015-04-21 11:34:01.44\",\"tag\":\"uvm[0]: \",\"flagged\":false,\"state\":3,\"class\":\"class com.untangle.node.classd.ClassDLogEvent\",\"blocked\":false,\"confidence\":100,\"sessionEvent\":{\"protocol\":6,\"timeStamp\":\"2015-04-21 11:34:01.384\",\"SClientAddr\":\"/192.168.1.11\",\"tag\":\"uvm[0]: \",\"CServerAddr\":\"/216.58.210.46\",\"protocolName\":\"TCP\",\"CClientAddr\":\"/10.0.9.30\",\"class\":\"class com.untangle.uvm.node.SessionEvent\",\"hostname\":\"SQ-G-F4\",\"SClientPort\":14150,\"serverIntf\":1,\"CServerPort\":80,\"username\":\"dpassey\",\"clientIntf\":2,\"policyId\":18,\"sessionId\":93650930808539,\"SServerPort\":80,\"SServerAddr\":\"/216.58.210.46\",\"CClientPort\":2548},\"protochain\":\"/TCP/HTTP/GOOGLE\"}",
  234. "tags": [
  235. "untangle-syslog"
  236. ],
  237. "application": "GOOGLE",
  238. "detail": "",
  239. "timeStamp": "2015-04-21 11:34:01.44",
  240. "tag": "uvm[0]: ",
  241. "flagged": false,
  242. "state": 3,
  243. "class": "node.classd.ClassDLogEvent",
  244. "blocked": false,
  245. "confidence": 100,
  246. "sessionEvent": {
  247. "protocol": 6,
  248. "timeStamp": "2015-04-21 11:34:01.384",
  249. "SClientAddr": "/192.168.1.11",
  250. "tag": "uvm[0]: ",
  251. "CServerAddr": "/216.58.210.46",
  252. "protocolName": "TCP",
  253. "CClientAddr": "/10.0.9.30",
  254. "class": "class com.untangle.uvm.node.SessionEvent",
  255. "hostname": "SQ-G-F4",
  256. "SClientPort": 14150,
  257. "serverIntf": 1,
  258. "CServerPort": 80,
  259. "username": "dpassey",
  260. "clientIntf": 2,
  261. "policyId": 18,
  262. "sessionId": 93650930808539,
  263. "SServerPort": 80,
  264. "SServerAddr": "/216.58.210.46",
  265. "CClientPort": 2548
  266. },
  267. "protochain": "/TCP/HTTP/GOOGLE"
  268. },
  269. "fields": {
  270. "@timestamp": [
  271. 1429612441440
  272. ]
  273. },
  274. "highlight": {
  275. "message": [
  276. "<142>Apr 21 11:34:01 localhost node-17: [SyslogManagerImpl] <@kibana-highlighted-field@TCP93650930808539@/kibana-highlighted-field@> INFO uvm[0"
  277. ],
  278. "Protocol": [
  279. "@kibana-highlighted-field@TCP93650930808539@/kibana-highlighted-field@"
  280. ]
  281. },
  282. "sort": [
  283. 1429612441440
  284. ]
  285. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!