Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- s3 {
- bucket => "XXXX"
- access_key_id => "XXXX"
- secret_access_key => "XXXX"
- prefix => "waf/"
- region => "XXX"
- sincedb_path => "/tmp/s3.sincedb"
- add_field => [ "lso_name", "NULL", "lsi_type", "s3", "lsi_name", "waf" ]
- codec => "json"
- }
- {
- "httpSourceName"=>"CF",
- "httpRequest"=> {
- "clientIp"=>"XX.XX.XX.XX",
- "httpMethod"=>"GET",
- "requestId"=>"XXXX",
- "uri"=>"XXX",
- "headers"=>
- [
- {"name"=>"Host", "value"=>"test.exmaple.com"},
- {"name"=>"user-agent", "value"=>"Mozilla/5.0"},
- {"name"=>"accept", "value"=>"*/*"}
- ]
- }
- }
- "httpRequest.headers.Host" => "test.example.com"
- "httpRequest.headers.user-agent" => "Mozilla/5.0"
- ruby {
- init => "
- def process_headers obj, event
- if obj.is_a? Array
- obj.each {|a|
- event.set("[httpRequest][headers]["+a['name']+"]")=a['value']
- }
- end
- end
- "
- code => "
- process_headers(event.get["httpRequest][headers]",event)
- "
- }
Add Comment
Please, Sign In to add comment