- Failing logline:
- May 30 08:37:29 tv3 sshd[31894]: Accepted publickey for magnus from 10.0.1.164 port 51858 ssh2
- Result:
- {
- "_index": "logstash-2014.05.30",
- "_type": "auth_log",
- "_id": "4omQzJTbRcCwFnrYqcWzMg",
- "_score": null,
- "_source": {
- "message": "May 30 08:37:29 tv3 sshd[31894]: Accepted publickey for magnus from 10.0.1.164 port 51858 ssh2",
- "@version": "1",
- "@timestamp": "2014-05-30T06:37:29.000Z",
- "type": "auth_log",
- "host": "tv3.local",
- "path": "/var/log/auth.log",
- "timestamp": "May 30 08:37:29",
- "logsource": "tv3",
- "program": "sshd",
- "pid": "31894",
- "username": "magnus",
- "src_ip": "10.0.1.164",
- "syslog_raw": "May 30 08:37:29 tv3 sshd[31894]: Accepted publickey for magnus from 10.0.1.164 port 51858 ssh2",
- "received_at": "2014-05-30 06:41:03 UTC"
- },
- "sort": [
- 1401431849000,
- 1401431849000
- ]
- }
- Working log line:
- May 30 08:37:23 tv3 sshd[31756]: Received disconnect from 10.0.1.164: 11: disconnected by user
- Result:
- {
- "_index": "logstash-2014.05.30",
- "_type": "auth_log",
- "_id": "gQuwrJdaTJKHQif2qwpxTQ",
- "_score": null,
- "_source": {
- "message": "Received disconnect from 10.0.1.164: 11: disconnected by user",
- "@version": "1",
- "@timestamp": "2014-05-30T06:37:23.000Z",
- "type": "auth_log",
- "host": "tv3.local",
- "path": "/var/log/auth.log",
- "timestamp": "May 30 08:37:23",
- "logsource": "tv3",
- "program": "sshd",
- "pid": "31756",
- "syslog_raw": "Received disconnect from 10.0.1.164: 11: disconnected by user",
- "received_at": "2014-05-30 06:37:24 UTC"
- },
- "sort": [
- 1401431843000,
- 1401431843000
- ]
- }
SHARE
TWEET
Untitled
a guest
May 30th, 2014
223
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.