網(wǎng)絡(luò)設(shè)備syslog推送配置

  • cisco交換機(jī)
logging host 10.100.18.18 transport udp port 5002
  • h3c交換機(jī)
info-center enable
info-center source default channel 2 trap state off
info-center loghost 10.100.18.18 port 5003
  • 華為交換機(jī)(默認(rèn)端口udp514)
info-center enable
info-center loghost 10.100.18.18
info-center timestamp log short-date
info-center timestamp trap short-date

elk配置

Logstash 的配置

  • /opt/elk/logstash-6.2.4/config/network.conf
input{
    tcp {port => 5002 type => "Cisco"}
    udp {port => 514 type => "HUAWEI"}
    udp {port => 5002 type => "Cisco"}
    udp {port => 5003 type => "H3C"}
}
filter {
    if [type] == "Cisco"{
    grok{
    match => { "message" => "<%{BASE10NUM:syslog_pri}>%{NUMBER:log_sequence}: .%{SYSLOGTIMESTAMP:timestamp}: %%{DATA:facility}-%{POSINT:severity}-%{CISCO_REASON:mnemonic}: %{GREEDYDATA:message}" }
    match => { "message" => "<%{BASE10NUM:syslog_pri}>%{NUMBER:log_sequence}: %{SYSLOGTIMESTAMP:timestamp}: %%{DATA:facility}-%{POSINT:severity}-%{CISCO_REASON:mnemonic}: %{GREEDYDATA:message}" }
    add_field => {"severity_code" => "%{severity}"}
    overwrite => ["message"]
    }    
}
    else if [type] == "H3C"{
    grok {
    match => { "message" => "<%{BASE10NUM:syslog_pri}>%{SYSLOGTIMESTAMP:timestamp} %{YEAR:year} %{DATA:hostname} %%%{DATA:vvmodule}/%{POSINT:severity}/%{DATA:digest}: %{GREEDYDATA:message}" }
    remove_field => [ "year" ]
    add_field => {"severity_code" => "%{severity}"}
    overwrite => ["message"]
    }
}

      else if [type] == "HUAWEI"{
    grok {
    match => { "message" => "<%{BASE10NUM:syslog_pri}>%{SYSLOGTIMESTAMP:timestamp} %{DATA:hostname} %%%{DATA:ddModuleName}/%{POSINT:severity}/%{DATA:Brief}:%{GREEDYDATA:message}"}
    match => { "message" => "<%{BASE10NUM:syslog_pri}>%{SYSLOGTIMESTAMP:timestamp} %{DATA:hostname} %{DATA:ddModuleName}/%{POSINT:severity}/%{DATA:Brief}:%{GREEDYDATA:message}"}
    remove_field => [ "timestamp" ]
    add_field => {"severity_code" => "%{severity}"}
    overwrite => ["message"]
    }
}
 

mutate {
        gsub => [
        "severity", "0", "Emergency",
        "severity", "1", "Alert",
        "severity", "2", "Critical",
        "severity", "3", "Error",
        "severity", "4", "Warning",
        "severity", "5", "Notice",
        "severity", "6", "Informational",
        "severity", "7", "Debug"
            
        ]
    }
}
output{
#  stdout {  }
    elasticsearch {
        index => "syslog-%{+YYYY.MM.dd}"
        hosts => ["your_ipaddress:9200"]
    }
}
  • /opt/elk/logstash-6.2.4/start-network.sh
nohup bin/logstash -f config/network-device.conf  -l logs/networklog --path.data data/network > /dev/null 2>&1 &
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時(shí)請結(jié)合常識(shí)與多方信息審慎甄別。
平臺(tái)聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點(diǎn),簡書系信息發(fā)布平臺(tái),僅提供信息存儲(chǔ)服務(wù)。

相關(guān)閱讀更多精彩內(nèi)容

友情鏈接更多精彩內(nèi)容