container
/
docker-filebeat
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fix docker pattern to add geoip asn extraction

This commit is contained in:
RouxAntoine 2022-12-11 10:29:43 +01:00
parent c2063ef4d7
commit f322afc927
Signed by: antoine
GPG Key ID: 098FB66FC0475E70
2 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Makefile
View File

@ -12,7 +12,8 @@ VERBOSITY=debug
## build
build:
$(shell docker-multi-arch-builder build -n filebeat --platforms $(PLATFORM) -v $(VERBOSITY))
docker manifest rm docker.registry:5000/filebeat:latest
docker-multi-arch-builder build -n filebeat --platforms $(PLATFORM) -v $(VERBOSITY)
## management

4
filebeat-docker.yml
View File

@ -21,7 +21,7 @@ processors:
host: "unix:///var/run/docker.sock"
- add_host_metadata: ~
- dissect:
tokenizer: '%{nginx.remote_addr} - %{nginx.remote_user} [%{nginx.time}] %{nginx.host} "%{nginx.request}" %{nginx.status|integer} %{nginx.http_referer} "%{nginx.http_user_agent}" %{nginx.http_x_forwarded_for} %{nginx.request_id} "%{nginx.geoip_country_name}" %{nginx.geoip_country_code} %{nginx.geoip.lat|double} %{nginx.geoip.lon|double} req_header:"%{nginx.header.req}" resp_header:"%{nginx.header.resp}"'
tokenizer: '%{nginx.remote_addr} - %{nginx.remote_user} [%{nginx.time}] %{nginx.host} "%{nginx.request}" %{nginx.status|integer} %{nginx.http_referer} "%{nginx.http_user_agent}" %{nginx.http_x_forwarded_for} %{nginx.request_id} "%{nginx.geoip_country_name}" %{nginx.geoip_country_code} "%{nginx.geoip_asn_name}" %{nginx.geoip_asn_number|integer} location:"%{nginx.geoip.lat|double}" "%{nginx.geoip.lon|double}" req_header:"%{nginx.header.req}" resp_header:"%{nginx.header.resp}"'
trim_values: all
target_prefix: ""
field: "message"
@ -29,7 +29,7 @@ processors:
equals:
container.name: nginxfront
- dissect:
tokenizer: '%{php.time} [%{php.status}] %{php.info}: %{php.message}, client: %{php.client}, server: %{php.server}, request: "%{php.request}", upstream: "%{php.upstream}", host: "%{php.host}"'
tokenizer: '%{php.time} [%{php.status}] %{php.info}: %{php.message}, client: %{php.client}, server: %{php.server}, request: "%{php.request}", host: "%{php.host}"'
target_prefix: ""
field: "message"
when: