snort suricata
gryalog 的 extractor
suricata
%{WORD:source} %{WORD:UNWANTED}\[%{DATA:UNWANTED}\]:
\[%{DATA:suricata_sig_id}\] %{DATA:suricata_msg} \[Classification\:
%{DATA:suricata_classification}\] \[Priority\:
%{DATA:suricata_priority}\] \{%{DATA:protocol}\}
%{IPV4:src_ip}\:%{DATA:srcport} \-\> %{IPV4:dst_ip}\:%{DATA:dstport}$
snort
\[%{DATA:snort_sig_id}\]
%{DATA:snort_msg} \[Classification\: %{DATA:snort_classification}\]
\[Priority\: %{DATA:snort_priority}\] \{%{DATA:protocol}\}
%{IPV4:src_ip}\:%{DATA:srcport} \-\> %{IPV4:dst_ip}\:%{DATA:dstport}$
沒有留言:
張貼留言