我有两个有点类似的logstash配置。一种有效,另一种无效,我不知道如何进行。
第一个有效配置:
Time creating the model: 11 minutos 20 segundos
Academic license - for non-commercial use only
Optimize a model with 62941 rows, 175536 columns and 564324 nonzeros
Variable types: 953 continuous, 174583 integer (3733 binary)
Coefficient statistics:
Matrix range [1e+00, 1e+08]
Objective range [1e+00, 1e+00]
Bounds range [1e+00, 1e+00]
RHS range [1e+00, 5e+02]
Presolve removed 46175 rows and 104643 columns
Presolve time: 2.62s
Presolved: 16766 rows, 70893 columns, 158005 nonzeros
Variable types: 0 continuous, 70893 integer (0 binary)
Deterministic concurrent LP optimizer: primal and dual simplex
Showing first log only...
Presolve removed 636 rows and 23 columns
Presolved: 16130 rows, 70870 columns, 154117 nonzeros
Presolve removed 11677 rows and 57179 columns
Root simplex log...
Iteration Objective Primal Inf. Dual Inf. Time
0 3.8005345e+11 4.118750e+02 2.291190e+08 5s
26 5.0222580e+11 0.000000e+00 6.321933e+08 5s
Concurrent spin time: 0.00s
Solved with dual simplex
Root relaxation: objective 1.598284e+11, 7355 iterations, 2.48 seconds
Nodes | Current Node | Objective Bounds | Work
Expl Unexpl | Obj Depth IntInf | Incumbent BestBd Gap | It/Node Time
* 0 0 0 1.598284e+11 1.5983e+11 0.00% - 6s
Explored 0 nodes (7355 simplex iterations) in 6.09 seconds
Thread count was 2 (of 2 available processors)
Solution count 1: 1.59828e+11
Optimal solution found (tolerance 1.00e-04)
Best objective 1.598283725288e+11, best bound 1.598283725288e+11, gap 0.0000%
Freed default Gurobi environment
WARNING: DEPRECATION WARNING: the Model.load() method is deprecated for
loading solutions stored in SolverResults objects. By default, results
from solvers are immediately loaded into the original model instance.
Traceback (most recent call last):
File "ALNS.py", line 117, in <module>
solref = solveFO(instance)
File "ALNS.py", line 35, in solveFO
return float(results.Solution.Objective.__default_objective__['value'])
AttributeError: 'dict' object has no attribute '__default_objective__'
第二个存在解析错误的
input {
stdin {
type => "dec"
}
}
filter {
if [type] == "dec" {
if "SYN/ACK" in [message] or "ACK" in [message] {
grok {
match => { "message" => "%{SYSLOGTIMESTAMP:sys_timestamp} %{SYSLOGHOST:sys_hostname} %{DATA:program}: %{NUMBER:ts}:%{GREEDYDATA:reason}:%{IPV4:src_ip:ip}:%{IPV4:dst_ip:ip}:%{POSINT:src_port:int}:%{POSINT:dst_port:int}" }
}
} else {
grok {
match => { "message" => "%{SYSLOGTIMESTAMP:sys_timestamp} %{SYSLOGHOST:sys_hostname} %{DATA:program}: %{NUMBER:ts}:%{GREEDYDATA:reason}:%{IPV4:src_ip:ip}:%{IPV4:dst_ip:ip}" }
}
}
date {
timezone => "UTC"
match => [ "ts", "UNIX_MS" ]
target => "@timestamp"
}
mutate {
remove_field => [ "message", "sys_timestamp", "sys_hostname" ]
}
}
}
output {
if [type] == "dec" {
stdout {
codec => rubydebug
}
}
}
我一直在检查logstash syslog,并尝试在[tags]中使用“ _grokparsefailure”时获取更多重定向信息。但我没有成功。我也尝试运行logstash重定向并输出,但是无法获取足够的信息。
工作配置输入示例:
input {
stdin {
type => "lmc"
}}
filter {
if [type] == "lmc" {
# Jun 20 17:08:11 rolf-PE-860 sds_lmc: 1529539691952:1:17:::"fe80::14f0:159d:a58d:2802":"ff02::fb":5353:5353:3
# Jun 26 10:54:58 rolf-PE-860 sds_lmc: 1530035699347:0:17:192.168.10.165:239.255.255.250:::56430:1900:3
grok {
match => { "message" => "%{SYSLOGTIMESTAMP:sys_timestamp} %{SYSLOGHOST:sys_hostname} %{DATA:program}: %{NUMBER:ts}:%{NUMBER:dir}:%{NUMBER:proto}:%{IPV4:src_ip:ip}:%{IPV4:dst_ip:ip}:%{IPV6:src_ip6:ip}:%{IPV6:dst_ip6:ip}:%{POSINT:src_port:int}:%{POSINT:dst_port:int}:%{DATA:act}" }
}
date {
timezone => "UTC"
match => [ "ts", "UNIX_MS" ]
target => "@timestamp"
}
translate {
field => "dir"
destination => "direction"
dictionary => {
"0" => "Out"
"1" => "In"
}
}
translate {
field => "act"
destination => "action"
dictionary => {
"1" => "Allow"
"2" => "Block"
"3" => "Drop"
}
}
mutate {
remove_field => [ "message", "sys_timestamp", "sys_hostname", "act", "dir" ]
}
}
}
output {
if [type] == "lmc" {
stdout {
codec => rubydebug
}
}
}
,对于不工作的人:
Jun 26 10:54:57 rolf-PE-860 sds_lmc:1530035697951:0:6:192.168.10.165:74.125.195.125:::6554:5222:3
Jun 26 10:54:58 rolf-PE-860 sds_lmc:1530035699347:0:17:192.168.10.165:239.255.255.250:::56430:1900:3
这是配置失败的结果。
Jun 21 13:26:21 rolf-PE-860 ips: 1529612781461:ACK/TCP Established:192.168.10.9:192.168.10.165:23:5907
Jun 21 13:26:29 rolf-PE-860 ips: 1529612789554:ARP Response:192.168.10.127:192.168.10.140
如果有人可以帮助我解决如何进行操作的提示,我将不胜感激。
谢谢