2016-11-30 06:33:33 192.168.5.116 GET /Hotel/HotelDisplay/cncqcqb230 - 80 - 192.168.9.2 Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.9;+en-US;+rv:1.9pre)+Gecko - 200 0 0 45

\s*(?<time>([0-9]{4}\-[0-9]{2}\-[0-9]{2}\s+[0-9]{2}:[0-9]{2}:[0-9]{2}))\s+%{IPORHOST:clientip}\s+%{WORD:verb}\s+%{URIPATHPARAM:request}\s+\-\s+(?<port>([0-9]{2}.*?))\s+\-\s+%{IPORHOST:sourceip}\s+(?<http_user_agent>(\S+\s+).*?).*

{

  "time": [

    [

      "2016-11-30 06:33:33"

    ]

  ],

  "clientip": [

    [

      "192.168.5.116"

    ]

  ],

  "verb": [

    [

      "GET"

    ]

  ],

  "request": [

    [

      "/Hotel/HotelDisplay/cncqcqb230"

    ]

  ],

  "port": [

    [

      "80"

    ]

  ],

  "sourceip": [

    [

      "192.168.9.2"

    ]

  ],

  "http_user_agent": [

    [

      "Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.9;+en-US;+rv:1.9pre)+Gecko "

    ]

  ]

}

logstash 配置:

input {

    stdin {

    }

}

filter {

    grok {

        match => [

             "message" ,"\s*(?<time>([0-9]{4}\-[0-9]{2}\-[0-9]{2}\s+[0-9]{2}:[0-9]{2}:[0-9]{2}))\s+%{IPORHOST:clientip}\s+%{WORD:verb}\s+%{URIPATHPARAM:request}\s+\-\s+(?<port>([0-9]{2}.*?))\s+\-\s+%{IPORHOST:sourceip}\s+(?<http_user_agent>(\S+\s+).*?).*"

                ]

       }

   #      date {

   #     match => ["time", "HH:mm:ss"]

   # }

}

output {

 stdout {

                        codec => rubydebug

                } 

}

此时输出:

[elk@Vsftp gw]$ ../../bin/logstash -f gw.conf

Settings: Default pipeline workers: 4

Pipeline main started

2016-11-30 06:33:33 192.168.5.116 GET /Hotel/HotelDisplay/cncqcqb230 - 80 - 192.168.9.2 Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.9;+en-US;+rv:1.9pre)+Gecko - 200 0 0 45

{

            "message" => "2016-11-30 06:33:33 192.168.5.116 GET /Hotel/HotelDisplay/cncqcqb230 - 80 - 192.168.9.2 Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.9;+en-US;+rv:1.9pre)+Gecko - 200 0 0 45",

           "@version" => "1",

         "@timestamp" => "2016-11-30T07:15:13.887Z",

               "host" => "Vsftp",

               "time" => "2016-11-30 06:33:33",

           "clientip" => "192.168.5.116",

               "verb" => "GET",

            "request" => "/Hotel/HotelDisplay/cncqcqb230",

               "port" => "80",

           "sourceip" => "192.168.9.2",

    "http_user_agent" => "Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.9;+en-US;+rv:1.9pre)+Gecko "

}

当前时间为 15:16

配置date插件:

[elk@Vsftp gw]$ cat gw.conf

input {

    stdin {

    }

}

filter {

    grok {

        match => [

             "message" ,"\s*(?<time>([0-9]{4}\-[0-9]{2}\-[0-9]{2}\s+[0-9]{2}:[0-9]{2}:[0-9]{2}))\s+%{IPORHOST:clientip}\s+%{WORD:verb}\s+%{URIPATHPARAM:request}\s+\-\s+(?<port>([0-9]{2}.*?))\s+\-\s+%{IPORHOST:sourceip}\s+(?<http_user_agent>(\S+\s+).*?).*"

                ]

       }

         date {

        match => ["time", "yyyy-MM-dd HH:mm:ss"]

    }

}

output {

 stdout {

                        codec => rubydebug

                } 

}

[elk@Vsftp gw]$ ../../bin/logstash -f gw.conf

Settings: Default pipeline workers: 4

Pipeline main started

2016-11-30 06:33:33 192.168.5.116 GET /Hotel/HotelDisplay/cncqcqb230 - 80 - 192.168.9.2 Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.9;+en-US;+rv:1.9pre)+Gecko - 200 0 0 45

{

            "message" => "2016-11-30 06:33:33 192.168.5.116 GET /Hotel/HotelDisplay/cncqcqb230 - 80 - 192.168.9.2 Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.9;+en-US;+rv:1.9pre)+Gecko - 200 0 0 45",

           "@version" => "1",

         "@timestamp" => "2016-11-29T22:33:33.000Z",

               "host" => "Vsftp",

               "time" => "2016-11-30 06:33:33",

           "clientip" => "192.168.5.116",

               "verb" => "GET",

            "request" => "/Hotel/HotelDisplay/cncqcqb230",

               "port" => "80",

           "sourceip" => "192.168.9.2",

    "http_user_agent" => "Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.9;+en-US;+rv:1.9pre)+Gecko "

}

{

            "message" => "2016-11-30 06:33:33 192.168.5.116 GET /Hotel/HotelDisplay/cncqcqb230 - 80 - 192.168.9.2 Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.9;+en-US;+rv:1.9pre)+Gecko - 200 0 0 45",

           "@version" => "1",

         "@timestamp" => "2016-11-30T07:15:13.887Z",

               "host" => "Vsftp",

               "time" => "2016-11-30 06:33:33",

{

            "message" => "2016-11-30 06:33:33 192.168.5.116 GET /Hotel/HotelDisplay/cncqcqb230 - 80 - 192.168.9.2 Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.9;+en-US;+rv:1.9pre)+Gecko - 200 0 0 45",

           "@version" => "1",

         "@timestamp" => "2016-11-29T22:33:33.000Z",

               "host" => "Vsftp",

               "time" => "2016-11-30 06:33:33",

坑爹 nxlog 收到的日志里记录的时间本来就是 UTC时间,在转换一次 -8个小时

正常时间  06:33 表示 14:33  

这时候06:33 在减去8  22:33:33

logstahs 匹配isslog的更多相关文章

  1. javascript匹配各种括号书写是否正确

    今天在codewars上做了一道题,如下 看上去就是验证三种括号各种嵌套是否正确书写,本来一头雾水,一种括号很容易判断, 但是三种怎么判断! 本人只是个前端菜鸟,,不会什么高深的正则之类的. 于是,在 ...

  2. scanf类型不匹配造成死循环

        int i = 0; while (flag) { printf("please input a number >>> "); scanf("% ...

  3. 使用注解匹配Spring Aop切点表达式

    Spring中的类基本都会标注解,所以使用注解匹配切点可以满足绝大部分需求 主要使用@within()/@target @annotaton() @args()等... 匹配@Service类中的所有 ...

  4. .net使用正则表达式校验、匹配字符工具类

    开发程序离不开数据的校验,这里整理了一些数据的校验.匹配的方法: /// <summary> /// 字符(串)验证.匹配工具类 /// </summary> public c ...

  5. webpack配置别名alias出现的错误匹配

    @(webpack) webpack是一款功能强大的前端构建工具,不仅仅是针对js,它也可通过各种loader来构建相关的less,html,image等各种资源,将webpack配合流程制定工具gu ...

  6. perl 如何匹配ASCII码以及ASCII码转换

    匹配ASCII码:   /[:ascii:]/ ASCII码转换为数字: ord() 数字转换为ASCII码: chr()

  7. SQL连接操作符介绍(循环嵌套, 哈希匹配和合并连接)

    今天我将介绍在SQLServer 中的三种连接操作符类型,分别是:循环嵌套.哈希匹配和合并连接.主要对这三种连接的不同.复杂度用范例的形式一一介绍. 本文中使用了示例数据库AdventureWorks ...

  8. [LeetCode] Wildcard Matching 外卡匹配

    Implement wildcard pattern matching with support for '?' and '*'. '?' Matches any single character. ...

  9. [LeetCode] Regular Expression Matching 正则表达式匹配

    Implement regular expression matching with support for '.' and '*'. '.' Matches any single character ...

随机推荐

  1. File类最基础知识

    package File; /** * 创建一个文件: * 判断是否存在,若存在,则创建,若不存在,则删除,最后输出文件是否存在. */ import java.io.File; import jav ...

  2. 20151225jquery学习笔记---折叠菜单UI

    折叠菜单(accordion),和选项卡一样也是一种在同一个页面上切换不同内容的功能UI.它和选项卡的使用几乎没有什么太大区别,只是显示的效果有所差异罢了.一. 使用 accordion使用 acco ...

  3. WebSocket使用教程 - 带完整实例

    http://my.oschina.net/u/1266171/blog/357488 什么是WebSocket?看过html5的同学都知道,WebSocket protocol 是HTML5一种新的 ...

  4. 浅析ASP.NET的状态保持

    ASP.NET的状态保持:1.viewstate:隐藏域,记录服务器端控件的状态,适用于页面不关闭的情况下多次与服务器交互,页面自己给自己传值:文本框的改变事件.IspostBack也依赖viewst ...

  5. 命令精解之DOS批处理

    前言 最近对于批处理技术的探讨比较热,也有不少好的批处理程序发布,但是如果没有一定的相关知识恐怕不容易看懂和理解这些批处理文件,也就更谈不上自己动手编写了,古语云:“授人以鱼,不如授人以渔.”因为网上 ...

  6. linux修改主机名(hostname)转载

    Linux修改主机名的方法 用hostname命令可以临时修改机器名,但机器重新启动之后就会恢复原来的值. #hostname   //查看机器名#hostname -i  //查看本机器名对应的ip ...

  7. ios毛玻璃效果

    方法一:支持所有ios系统版本: - (void)setupBlurView { UIImageView *darkView = [[UIImageView alloc] init]; darkVie ...

  8. 享元模式(咖啡屋)【java与模式】

    package com.javapatterns.flyweight.coffeeshop; public class Flavor extends Order { private String fl ...

  9. 04_过滤器Filter_03_多个Filter的执行顺序

    [Filter链] *在一个web应用中,可以开发编写多个Filter,这些Filter组合起来称为一个Filter链. *web服务器根据Filter在web.xml中的注册顺序,决定先调用哪个Fi ...

  10. 九度OJ 1085 求root(N, k) -- 二分求幂及快速幂取模

    题目地址:http://ac.jobdu.com/problem.php?pid=1085 题目描述: N<k时,root(N,k) = N,否则,root(N,k) = root(N',k). ...