How to manipulate the msg

This is the place for you, if you got rsyslog up and running but wonder how to make it do what you want.

Moderator: rgerhards

Google Ads


How to manipulate the msg

Postby Suomi » Thu Aug 03, 2017 7:40 pm

I want to filter this kind kernel.log string do a string manipulation and store it in another log file

this is the source string
Jul 31 19:53:10 echo576 kernel: [94146.753825] SSH_brute_force IN=eth0 OUT= MAC=00:19:99:a4:46:9d:b0:c6:9a:d7:f8:41:08:00 SRC=78.22.49.29 DST=85.25.139.9 LEN=60 TOS=0x08 PREC=0x40 TTL=51 ID=21276 DF PROTO=TCP SPT=60912 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0

and it should look like this:
03.08.2017 - 20:26:40 : SSH_brute_force : 78.22.49.29


The msg should belogged in /var/log/SSH_brute_force.log and it should not be logged in /var/log/kernel.log

I think i'm less then half way done. I edit the file /etc/rsyslog.d/50-default.conf
Code: Select all
:msg,contains,"SSH_brute_force " /var/log/SSH_brute_force.log
& ~


So my message is written to /var/log/SSH_brute_force.log and not to /var/log/kernel.log exactly as i wanted.

But i have no idea how to manipulate the string the way i described. Can anyone help here?
Suomi
New
 
Posts: 1
Joined: Thu Aug 03, 2017 7:19 pm

Urgent Question?

  • Pulling out your Hair?
  • Wasting Time and Money?
  • Deadline Approaching?

Google Ads


Return to Configuration

Who is online

Users browsing this forum: No registered users and 2 guests

cron