2016-11-30 06:33:33 192.168.5.116 GET /Hotel/HotelDisplay/cncqcqb230 - 80 - 192.168.9.2 Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.9;+en-US;+rv:1.9pre)+Gecko - 200 0 0 45

\s*(?<time>([0-9]{4}\-[0-9]{2}\-[0-9]{2}\s+[0-9]{2}:[0-9]{2}:[0-9]{2}))\s+%{IPORHOST:clientip}\s+%{WORD:verb}\s+%{URIPATHPARAM:request}\s+\-\s+(?<port>([0-9]{2}.*?))\s+\-\s+%{IPORHOST:sourceip}\s+(?<http_user_agent>(\S+\s+).*?).*

{

  "time": [

    [

      "2016-11-30 06:33:33"

    ]

  ],

  "clientip": [

    [

      "192.168.5.116"

    ]

  ],

  "verb": [

    [

      "GET"

    ]

  ],

  "request": [

    [

      "/Hotel/HotelDisplay/cncqcqb230"

    ]

  ],

  "port": [

    [

      "80"

    ]

  ],

  "sourceip": [

    [

      "192.168.9.2"

    ]

  ],

  "http_user_agent": [

    [

      "Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.9;+en-US;+rv:1.9pre)+Gecko "

    ]

  ]

}

logstash 配置:

input {

    stdin {

    }

}

filter {

    grok {

        match => [

             "message" ,"\s*(?<time>([0-9]{4}\-[0-9]{2}\-[0-9]{2}\s+[0-9]{2}:[0-9]{2}:[0-9]{2}))\s+%{IPORHOST:clientip}\s+%{WORD:verb}\s+%{URIPATHPARAM:request}\s+\-\s+(?<port>([0-9]{2}.*?))\s+\-\s+%{IPORHOST:sourceip}\s+(?<http_user_agent>(\S+\s+).*?).*"

                ]

       }

   #      date {

   #     match => ["time", "HH:mm:ss"]

   # }

}

output {

 stdout {

                        codec => rubydebug

                } 

}

此时输出:

[elk@Vsftp gw]$ ../../bin/logstash -f gw.conf

Settings: Default pipeline workers: 4

Pipeline main started

2016-11-30 06:33:33 192.168.5.116 GET /Hotel/HotelDisplay/cncqcqb230 - 80 - 192.168.9.2 Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.9;+en-US;+rv:1.9pre)+Gecko - 200 0 0 45

{

            "message" => "2016-11-30 06:33:33 192.168.5.116 GET /Hotel/HotelDisplay/cncqcqb230 - 80 - 192.168.9.2 Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.9;+en-US;+rv:1.9pre)+Gecko - 200 0 0 45",

           "@version" => "1",

         "@timestamp" => "2016-11-30T07:15:13.887Z",

               "host" => "Vsftp",

               "time" => "2016-11-30 06:33:33",

           "clientip" => "192.168.5.116",

               "verb" => "GET",

            "request" => "/Hotel/HotelDisplay/cncqcqb230",

               "port" => "80",

           "sourceip" => "192.168.9.2",

    "http_user_agent" => "Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.9;+en-US;+rv:1.9pre)+Gecko "

}

当前时间为 15:16

配置date插件:

[elk@Vsftp gw]$ cat gw.conf

input {

    stdin {

    }

}

filter {

    grok {

        match => [

             "message" ,"\s*(?<time>([0-9]{4}\-[0-9]{2}\-[0-9]{2}\s+[0-9]{2}:[0-9]{2}:[0-9]{2}))\s+%{IPORHOST:clientip}\s+%{WORD:verb}\s+%{URIPATHPARAM:request}\s+\-\s+(?<port>([0-9]{2}.*?))\s+\-\s+%{IPORHOST:sourceip}\s+(?<http_user_agent>(\S+\s+).*?).*"

                ]

       }

         date {

        match => ["time", "yyyy-MM-dd HH:mm:ss"]

    }

}

output {

 stdout {

                        codec => rubydebug

                } 

}

[elk@Vsftp gw]$ ../../bin/logstash -f gw.conf

Settings: Default pipeline workers: 4

Pipeline main started

2016-11-30 06:33:33 192.168.5.116 GET /Hotel/HotelDisplay/cncqcqb230 - 80 - 192.168.9.2 Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.9;+en-US;+rv:1.9pre)+Gecko - 200 0 0 45

{

            "message" => "2016-11-30 06:33:33 192.168.5.116 GET /Hotel/HotelDisplay/cncqcqb230 - 80 - 192.168.9.2 Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.9;+en-US;+rv:1.9pre)+Gecko - 200 0 0 45",

           "@version" => "1",

         "@timestamp" => "2016-11-29T22:33:33.000Z",

               "host" => "Vsftp",

               "time" => "2016-11-30 06:33:33",

           "clientip" => "192.168.5.116",

               "verb" => "GET",

            "request" => "/Hotel/HotelDisplay/cncqcqb230",

               "port" => "80",

           "sourceip" => "192.168.9.2",

    "http_user_agent" => "Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.9;+en-US;+rv:1.9pre)+Gecko "

}

{

            "message" => "2016-11-30 06:33:33 192.168.5.116 GET /Hotel/HotelDisplay/cncqcqb230 - 80 - 192.168.9.2 Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.9;+en-US;+rv:1.9pre)+Gecko - 200 0 0 45",

           "@version" => "1",

         "@timestamp" => "2016-11-30T07:15:13.887Z",

               "host" => "Vsftp",

               "time" => "2016-11-30 06:33:33",

{

            "message" => "2016-11-30 06:33:33 192.168.5.116 GET /Hotel/HotelDisplay/cncqcqb230 - 80 - 192.168.9.2 Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.9;+en-US;+rv:1.9pre)+Gecko - 200 0 0 45",

           "@version" => "1",

         "@timestamp" => "2016-11-29T22:33:33.000Z",

               "host" => "Vsftp",

               "time" => "2016-11-30 06:33:33",

坑爹 nxlog 收到的日志里记录的时间本来就是 UTC时间,在转换一次 -8个小时

正常时间  06:33 表示 14:33  

这时候06:33 在减去8  22:33:33

logstahs 匹配isslog的更多相关文章

  1. javascript匹配各种括号书写是否正确

    今天在codewars上做了一道题,如下 看上去就是验证三种括号各种嵌套是否正确书写,本来一头雾水,一种括号很容易判断, 但是三种怎么判断! 本人只是个前端菜鸟,,不会什么高深的正则之类的. 于是,在 ...

  2. scanf类型不匹配造成死循环

        int i = 0; while (flag) { printf("please input a number >>> "); scanf("% ...

  3. 使用注解匹配Spring Aop切点表达式

    Spring中的类基本都会标注解,所以使用注解匹配切点可以满足绝大部分需求 主要使用@within()/@target @annotaton() @args()等... 匹配@Service类中的所有 ...

  4. .net使用正则表达式校验、匹配字符工具类

    开发程序离不开数据的校验,这里整理了一些数据的校验.匹配的方法: /// <summary> /// 字符(串)验证.匹配工具类 /// </summary> public c ...

  5. webpack配置别名alias出现的错误匹配

    @(webpack) webpack是一款功能强大的前端构建工具,不仅仅是针对js,它也可通过各种loader来构建相关的less,html,image等各种资源,将webpack配合流程制定工具gu ...

  6. perl 如何匹配ASCII码以及ASCII码转换

    匹配ASCII码:   /[:ascii:]/ ASCII码转换为数字: ord() 数字转换为ASCII码: chr()

  7. SQL连接操作符介绍(循环嵌套, 哈希匹配和合并连接)

    今天我将介绍在SQLServer 中的三种连接操作符类型,分别是:循环嵌套.哈希匹配和合并连接.主要对这三种连接的不同.复杂度用范例的形式一一介绍. 本文中使用了示例数据库AdventureWorks ...

  8. [LeetCode] Wildcard Matching 外卡匹配

    Implement wildcard pattern matching with support for '?' and '*'. '?' Matches any single character. ...

  9. [LeetCode] Regular Expression Matching 正则表达式匹配

    Implement regular expression matching with support for '.' and '*'. '.' Matches any single character ...

随机推荐

  1. 快速预览:C# 3.0的新东西

    Lambda 表达式: Func<string, string> doubleAppend= x => x + x; Console.WriteLine (doubleAppend( ...

  2. 近期专案PM相关收获

    1, 厚黑学讲的有道理, 坏人? 为什么占便宜., 好人为什么当不了坏人是有一定道理的.     -- 作为PM,能力大小居然都能胜任,从这一点上对组员不负责,如下种种都算有则改之无则加勉.      ...

  3. 不同浏览器下css 透明度的写法

    filter:alpha(opacity=90); /* IE transparent */ -moz-opacity:0.9; /* Moz + FF transparent */ opacity: ...

  4. Javascript中数组方法汇总

    Array.prototype中定义了很多操作数组的方法,下面介绍ECMAScript3中的一些方法: 1.Array.join()方法 该方法将数组中的元素都转化为字符串并按照指定符号连接到一起,返 ...

  5. scrapy shell 中文网站输出报错.记录.

    UnicodeDecodeError: 'gbk' codec can't decode bytes in position 381-382: illegal multibyte sequence 上 ...

  6. 还在在专业的blog记录生活吧!

    本来觉得自己写文章水平很烂,技术贴也不能保证分析清晰透彻,就决定在百度hi上记录生活随笔.的. 但是,在百度,随便写点啥,都要审核.申诉. 还是在博客园安家吧. 从新手做起.

  7. 关于C++对汉字拼音的处理

    直到目前我没有找到比较合适的输入汉字输出拼音的函数,那么根据网上流传的几个源码进行了改编,写成了输入汉字输出拼音的函数.对于此函数不能说强大,但是至少稳定可用,输出结果还没有发现什么错误. 那么下面我 ...

  8. 九度OJ 1453 Greedy Tino -- 动态规划

    题目地址:http://ac.jobdu.com/problem.php?pid=1453 题目描述: Tino wrote a long long story. BUT! in Chinese... ...

  9. ubuntu tengine 安装

    参考文章:http://wangyan.org/blog/install-openssl-from-source.html http://www1.site90.com/Linux/405.html ...

  10. ASP.NET MVC5 easyui 之 treegrid 初用记录

    菜鸟初次使用,参考论坛中介绍的方法仍走了一些弯路,把自己遇到的问题记录下来. 1.必须定义根节点: 2.根节点一个或多个均可: 4.根节点的父节点属性不必定义,或者定义为0: 5.各级子节点的父节点属 ...