2016-11-30 06:33:33 192.168.5.116 GET /Hotel/HotelDisplay/cncqcqb230 - 80 - 192.168.9.2 Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.9;+en-US;+rv:1.9pre)+Gecko - 200 0 0 45

\s*(?<time>([0-9]{4}\-[0-9]{2}\-[0-9]{2}\s+[0-9]{2}:[0-9]{2}:[0-9]{2}))\s+%{IPORHOST:clientip}\s+%{WORD:verb}\s+%{URIPATHPARAM:request}\s+\-\s+(?<port>([0-9]{2}.*?))\s+\-\s+%{IPORHOST:sourceip}\s+(?<http_user_agent>(\S+\s+).*?).*

{

  "time": [

    [

      "2016-11-30 06:33:33"

    ]

  ],

  "clientip": [

    [

      "192.168.5.116"

    ]

  ],

  "verb": [

    [

      "GET"

    ]

  ],

  "request": [

    [

      "/Hotel/HotelDisplay/cncqcqb230"

    ]

  ],

  "port": [

    [

      "80"

    ]

  ],

  "sourceip": [

    [

      "192.168.9.2"

    ]

  ],

  "http_user_agent": [

    [

      "Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.9;+en-US;+rv:1.9pre)+Gecko "

    ]

  ]

}

logstash 配置:

input {

    stdin {

    }

}

filter {

    grok {

        match => [

             "message" ,"\s*(?<time>([0-9]{4}\-[0-9]{2}\-[0-9]{2}\s+[0-9]{2}:[0-9]{2}:[0-9]{2}))\s+%{IPORHOST:clientip}\s+%{WORD:verb}\s+%{URIPATHPARAM:request}\s+\-\s+(?<port>([0-9]{2}.*?))\s+\-\s+%{IPORHOST:sourceip}\s+(?<http_user_agent>(\S+\s+).*?).*"

                ]

       }

   #      date {

   #     match => ["time", "HH:mm:ss"]

   # }

}

output {

 stdout {

                        codec => rubydebug

                } 

}

此时输出:

[elk@Vsftp gw]$ ../../bin/logstash -f gw.conf

Settings: Default pipeline workers: 4

Pipeline main started

2016-11-30 06:33:33 192.168.5.116 GET /Hotel/HotelDisplay/cncqcqb230 - 80 - 192.168.9.2 Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.9;+en-US;+rv:1.9pre)+Gecko - 200 0 0 45

{

            "message" => "2016-11-30 06:33:33 192.168.5.116 GET /Hotel/HotelDisplay/cncqcqb230 - 80 - 192.168.9.2 Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.9;+en-US;+rv:1.9pre)+Gecko - 200 0 0 45",

           "@version" => "1",

         "@timestamp" => "2016-11-30T07:15:13.887Z",

               "host" => "Vsftp",

               "time" => "2016-11-30 06:33:33",

           "clientip" => "192.168.5.116",

               "verb" => "GET",

            "request" => "/Hotel/HotelDisplay/cncqcqb230",

               "port" => "80",

           "sourceip" => "192.168.9.2",

    "http_user_agent" => "Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.9;+en-US;+rv:1.9pre)+Gecko "

}

当前时间为 15:16

配置date插件:

[elk@Vsftp gw]$ cat gw.conf

input {

    stdin {

    }

}

filter {

    grok {

        match => [

             "message" ,"\s*(?<time>([0-9]{4}\-[0-9]{2}\-[0-9]{2}\s+[0-9]{2}:[0-9]{2}:[0-9]{2}))\s+%{IPORHOST:clientip}\s+%{WORD:verb}\s+%{URIPATHPARAM:request}\s+\-\s+(?<port>([0-9]{2}.*?))\s+\-\s+%{IPORHOST:sourceip}\s+(?<http_user_agent>(\S+\s+).*?).*"

                ]

       }

         date {

        match => ["time", "yyyy-MM-dd HH:mm:ss"]

    }

}

output {

 stdout {

                        codec => rubydebug

                } 

}

[elk@Vsftp gw]$ ../../bin/logstash -f gw.conf

Settings: Default pipeline workers: 4

Pipeline main started

2016-11-30 06:33:33 192.168.5.116 GET /Hotel/HotelDisplay/cncqcqb230 - 80 - 192.168.9.2 Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.9;+en-US;+rv:1.9pre)+Gecko - 200 0 0 45

{

            "message" => "2016-11-30 06:33:33 192.168.5.116 GET /Hotel/HotelDisplay/cncqcqb230 - 80 - 192.168.9.2 Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.9;+en-US;+rv:1.9pre)+Gecko - 200 0 0 45",

           "@version" => "1",

         "@timestamp" => "2016-11-29T22:33:33.000Z",

               "host" => "Vsftp",

               "time" => "2016-11-30 06:33:33",

           "clientip" => "192.168.5.116",

               "verb" => "GET",

            "request" => "/Hotel/HotelDisplay/cncqcqb230",

               "port" => "80",

           "sourceip" => "192.168.9.2",

    "http_user_agent" => "Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.9;+en-US;+rv:1.9pre)+Gecko "

}

{

            "message" => "2016-11-30 06:33:33 192.168.5.116 GET /Hotel/HotelDisplay/cncqcqb230 - 80 - 192.168.9.2 Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.9;+en-US;+rv:1.9pre)+Gecko - 200 0 0 45",

           "@version" => "1",

         "@timestamp" => "2016-11-30T07:15:13.887Z",

               "host" => "Vsftp",

               "time" => "2016-11-30 06:33:33",

{

            "message" => "2016-11-30 06:33:33 192.168.5.116 GET /Hotel/HotelDisplay/cncqcqb230 - 80 - 192.168.9.2 Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.9;+en-US;+rv:1.9pre)+Gecko - 200 0 0 45",

           "@version" => "1",

         "@timestamp" => "2016-11-29T22:33:33.000Z",

               "host" => "Vsftp",

               "time" => "2016-11-30 06:33:33",

坑爹 nxlog 收到的日志里记录的时间本来就是 UTC时间,在转换一次 -8个小时

正常时间  06:33 表示 14:33  

这时候06:33 在减去8  22:33:33

logstahs 匹配isslog的更多相关文章

  1. javascript匹配各种括号书写是否正确

    今天在codewars上做了一道题,如下 看上去就是验证三种括号各种嵌套是否正确书写,本来一头雾水,一种括号很容易判断, 但是三种怎么判断! 本人只是个前端菜鸟,,不会什么高深的正则之类的. 于是,在 ...

  2. scanf类型不匹配造成死循环

        int i = 0; while (flag) { printf("please input a number >>> "); scanf("% ...

  3. 使用注解匹配Spring Aop切点表达式

    Spring中的类基本都会标注解,所以使用注解匹配切点可以满足绝大部分需求 主要使用@within()/@target @annotaton() @args()等... 匹配@Service类中的所有 ...

  4. .net使用正则表达式校验、匹配字符工具类

    开发程序离不开数据的校验,这里整理了一些数据的校验.匹配的方法: /// <summary> /// 字符(串)验证.匹配工具类 /// </summary> public c ...

  5. webpack配置别名alias出现的错误匹配

    @(webpack) webpack是一款功能强大的前端构建工具,不仅仅是针对js,它也可通过各种loader来构建相关的less,html,image等各种资源,将webpack配合流程制定工具gu ...

  6. perl 如何匹配ASCII码以及ASCII码转换

    匹配ASCII码:   /[:ascii:]/ ASCII码转换为数字: ord() 数字转换为ASCII码: chr()

  7. SQL连接操作符介绍(循环嵌套, 哈希匹配和合并连接)

    今天我将介绍在SQLServer 中的三种连接操作符类型,分别是:循环嵌套.哈希匹配和合并连接.主要对这三种连接的不同.复杂度用范例的形式一一介绍. 本文中使用了示例数据库AdventureWorks ...

  8. [LeetCode] Wildcard Matching 外卡匹配

    Implement wildcard pattern matching with support for '?' and '*'. '?' Matches any single character. ...

  9. [LeetCode] Regular Expression Matching 正则表达式匹配

    Implement regular expression matching with support for '.' and '*'. '.' Matches any single character ...

随机推荐

  1. 移动端rem布局的适配mixin【转藏】

    /*================================================================ 以下为基于ip5 宽度320做的适配,标准html{font-si ...

  2. action方法不返回

    当被请求的action方法中还有资源没有释放时,请求方法是不会返回的,会一直停留在方法中,即使是最后一行,因为请求方法一旦返回,那方法中的资源,引用就没有位置住了,所以所请求的方法会一直不返回,直到方 ...

  3. 使用instsrv.exe+srvany.exe将应用程序安装为windows服务[转]

      转自:http://qingmu.blog.51cto.com/4571483/1248649 一.什么是instsrv.exe和srvany.exe instsrv.exe.exe和srvany ...

  4. Library cache lock 故障解决一例

    今天收到同事电话,说是数据库中一张名为acct_balance进行操作是奇慢,第一反映是不是扫行计划有问题,结果我错了,现将过程记录下来. 用pl/sql连上数据库情况:1.对acct_balance ...

  5. O-C相关06:self和super关键字介绍——self关键字

    self关键字介绍 1.self和super OC 版权声明:本文为博主原创文章,未经博主允许不得转载. posted @ 2015-08-04 12:46 王刚韧(wanghy_iOS) 阅读(.. ...

  6. DBHelper 数据库帮助类

    /// <summary> /// 数据库帮助类 /// <author>vito</author> /// </summary> public cla ...

  7. js 无刷新分页代码

    /** * 分页事件处理 */function paging(){ $("#firstPage").click(function(){ //首页 var pageNo = getP ...

  8. 第3章 Struts2框架--1、Struts2环境搭建

    第3章 Struts2框架--1.Struts2环境搭建 搭建步骤: 1.从下载http://struts.apache.org 没找到Struts2.3.16版,就下载了2.3.29 2.拷贝后解压 ...

  9. 使用SqlBulkCopy批量插入多条数据进入表中

    由于工作中项目需求结算一次生成一批相同批次号的数据插入一个表中,然后再通过另一页面展示出来,所以需要用到一次性插入一批数据,所以就采用了SqlBulkCopy插入一批数据 1 public stati ...

  10. ceph入门学习链接

    https://tobegit3hub1.gitbooks.io/ceph_from_scratch/content/introduction/component.html